Commit graph

1663 commits

Author SHA1 Message Date
Gilles Peskine
61548d1035 Only exercise Brainpool curve keys on one algorithm
There's nothing wrong with ECC keys on Brainpool curves,
but operations with them are very slow. So we only exercise them
with a single algorithm, not with all possible hashes. We do
exercise other curves with all algorithms so test coverage is
perfectly adequate like this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
564fae8328 Refactor usage flag formatting and implication
When generating storage format tests, pass usage flags around as a list, and
format them as the last thing.

In Storagekey(), simplify the addition of implicit usage flags: this no
longer requires parsing.

The output is unchanged.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7de7c1020c Storage format tests: cover algorithms for each key type
In the generated storage format test cases, cover all supported
algorithms for each key type. This is a step towards exercising
the key with all the algorithms it supports; a subsequent commit
will generate a policy that permits the specified algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Gilles Peskine
e2c342b9bf Don't test with all-but-one elliptic curves
`curves.pl` (invoked by `all.sh test_depends_curves`, and
`all.sh test_depends_curves_psa`) currently runs two series of tests:
* For each curve, test with only that curve enabled.
* For each curve, test with all curves but that one.

Originally this script was introduced to validate test dependencies, and for
that all-but-one gives better results because it handles test cases that
require multiple curves. Then we extended the script to also test with a
single curve, which matches many real-world setups and catches some product
bugs. Single-curve testing also validates test dependencies in a more
limited way.

Remove all-but-one curve testing, because it doesn't add much to the test
coverage. Mainly, this means that we now won't detect if a test case
declares two curve dependencies but actually also depends on a third. This
is an acceptable loss.

The trigger for removing all-but-one curve testing is that this will make
the job take only about half as long, and the length of the job was a bit of
a problem. Resolves #5729.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-14 12:00:17 +02:00
Manuel Pégourié-Gonnard
9473229996 Fix compat.sh invocation in basic-built-test.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-14 09:21:38 +02:00
Gilles Peskine
45e680e651 Explain why we check that a certain feature is enabled
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 23:23:21 +02:00
Gilles Peskine
5417d48044 Remove mostly-redundant test build
component_test_CID_no_debug was added specifically to be a non-regression
test for https://github.com/Mbed-TLS/mbedtls/issues/3998. Running compat.sh
in the newly introduced config-ccm-psk-dtls1_2.h is also a non-regression
test for that bug. Therefore component_test_CID_no_debug is redundant for
its primary purpose.

Of course every configuration is different, but the additional coverage from
component_test_CID_no_debug is minimal, unlike config-ccm-psk-dtls1_2.h
which is a plausible real-world configuration.

In mbedtls-2.28, component_test_CID_no_debug was never added, and running
the unit tests in that configuration does not trigger the #3998 bug, only
compat.sh does. So, rather than backport component_test_CID_no_debug to
2.28.2, I am removing it from 3.2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 22:47:17 +02:00
Manuel Pégourié-Gonnard
296787f75c Rm DES from invocations of compat.sh
It no longer makes sense, either in -e or -f: those ciphersuites have
been removed anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-04-13 10:45:10 +02:00
Gilles Peskine
7d904e7127 Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
e10df779b7 Test MBEDTLS_USER_CONFIG_FILE as such
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
f4798279c0 Remove obsolete comment
mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included
directly in many places, so we wanted to test that all of these places
allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is
only included via build_info.h, so this is not relevant anymore.

It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the
full config, but it isn't harmful either, so keep it that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:59:53 +02:00
Gilles Peskine
2003c2f455 Simplify build_mbedtls_config_file
$CONFIG_H no longer includes check_config.h since Mbed TLS 3.0.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-07 21:40:25 +02:00
Gilles Peskine
ebfee6e315 check-generated-files.sh -u: don't update file timestamps
When running check-generated-files in update mode, all generated files were
regenerated. As a consequence,
```
tests/scripts/check-generated-files.sh -u && make
```
always caused most of the code to be rebuilt. Now, if a file hasn't changed,
preserve its original modification time (and other metadata), so the command
above doesn't rebuild anything that has actually not changed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:29:38 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
d79e3b92fa In NOT_SUPPORTED test case descriptions, show what is not supported
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:56:58 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
XiaokangQian
5c252620c5 Move MAC-ALL to self._ciphs in ssl-opt.sh
Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 08:53:45 +00:00
XiaokangQian
2e17fb8c93 Change code base on comments
Add all of the group pairs for hrr cases
Re-order some parameters

Change-Id: Id7e131d1ed4279bbd586613800df7bd87dfa4c54
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-28 03:30:05 +00:00
XiaokangQian
a1931448f0 Update hrr test cases generation code without change class
Change-Id: I38f620213bf5349d33ecad080538294633f85566
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 11:58:22 +00:00
XiaokangQian
eff93f947d Rebase code to latest and solve conflicts
Change-Id: Id89af63e5d63347f6365c87b2aed419cc31fe0d4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 10:47:55 +00:00
XiaokangQian
8031ba7fbf Update code base on comments
Change run title
Remove dedicate ciphersuite and sig alg
Update test cases

Change-Id: Ic0e9adf56062e744f7bafbc6bb562baeaafd89f0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 09:27:53 +00:00
XiaokangQian
68a87e4606 Remove the option r in generate_tls13_compat_tests.py
Integrate two options into one
Use one dedicate cipher suite TLS_AES_256_GCM_SHA384
Use on dedicate signature algorithm ecdsa_secp384r1_sha384

Change-Id: Icbe39b985e1942edc4b1e37ce3352eed4f316ab7
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
20438976f9 Change comments and styles base on review
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
af56fd3b9d Disable some reported warnings in pylint
Change-Id: Ia01e4a425f8b8d83be53d02885cf8ae4cbb20c98
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:08:01 +00:00
XiaokangQian
b9cd73f640 Fix errors from pylint
Change-Id: I6cbbf8a0b0acedf651fada6ab54fa03dc4ad9cf5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:57 +00:00
XiaokangQian
7069cbc8d5 generate all tls13 hrr test cases for compatible mode
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:06:08 +00:00
Jerry Yu
72d81e56b6 Add cert_sig_algs into offered list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 22:13:57 +08:00
Jerry Yu
7de79850c9 Add cert_sig_algs for compat generate script
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 20:09:00 +08:00
Tom Cosgrove
226aca195f Fix running of all.sh on macOS
Was getting 'dd: unknown operand status'

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:56 +00:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Manuel Pégourié-Gonnard
f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac
TLS record HMAC
2022-03-21 11:36:44 +01:00
Neil Armstrong
0ab7a232b5 Add non-PSA and PSA variant of test_XXXX_constant_flow all.sh tests
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-18 11:10:09 +01:00
Gilles Peskine
cba28a7d40 Systematically generate test cases for operation setup failure
The test suite test_suite_psa_crypto_op_fail now runs a large number
of automatically generated test cases which attempt to perform a
one-shot operation or to set up a multi-part operation with invalid
parameters. The following cases are fully covered (based on the
enumeration of valid algorithms and key types):
* An algorithm is not supported.
* The key type is not compatible with the algorithm (for operations
  that use a key).
* The algorithm is not compatible for the operation.

Some test functions allow the library to return PSA_ERROR_NOT_SUPPORTED
where the test code generator expects PSA_ERROR_INVALID_ARGUMENT or vice
versa. This may be refined in the future.

Some corner cases with algorithms combining a key agreement with a key
derivation are not handled properly. This will be fixed in follow-up
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
8b4a38176a Generate test cases for hash operation failure
Test that hash operation functions fail when given a hash algorithm
that is not supported or an algorithm that is not a hash.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
c7e1ea074a New test suite for systematically generated operation failure tests
The new test suite psa_crypto_op_fail is intended for systematically
generated test cases that ensure that cryptographic operations with
invalid parameters fail as expected. I intend invalid parameters to
cover things like an invalid algorithm, an algorithm that is
incompatible with the operation, a key type that is incompatible with
the algorithm, etc.

This commit just creates the infrastructure. Subsequent commits will
add data generation and test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
f761427fb9 Simplify key_for_usage_flags
Generate "with implication" and "without implication" usage test cases
separately.

The set of generated test cases is unchanged. The order, and the description
of "with implication" test cases, changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Gilles Peskine
a266541072 test-ref-configs: clarify configuration-related traces
When doing builds with PSA enabled or with debug traces enabled, convey this
in $MBEDTLS_TEST_CONFIGURATION and in the terminal logs.

This fixes a bug that the outcome file did not distinguish entries from
test cases run in a reference configuration with or without PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
d7df877183 Simplify the logic to select configurations
User-visible changes:
* With no argument, configurations are now tested in a deterministic order.
* When given arguments, configurations are now tested in the order given.
* When given arguments, if the same configuration is passed multiple times,
  it will now be tested multiple times.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
Gilles Peskine
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
Przemek Stekiel
f25b16cadd test_psa_compliance: update tag to fix-pr-5139-3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 14:25:09 +01:00
David Horstmann
61faf665e6 Use $PWD instead of $(pwd) for consistency
Change the new baremetal all.sh tests to use $PWD rather than
calling pwd again directly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Daniel Axtens
814c8133c8 tests: add baremetal full config build
To be able to test utility programs for an absence of time.h, we need a
baremetal config that is not crypto only. Add one.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
446af202f6 tests: prevent inclusion of time.h in baremetal compiles
baremetal compiles should not include time.h, as MBEDTLS_HAVE_TIME is
undefined. To test this, provide an overriding include directory that
has a time.h which throws a meaningful error if included.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Gilles Peskine
254efe5f0c Make mypy unconditional
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-28 16:06:36 +01:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:22:25 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:11 +01:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Przemyslaw Stekiel
ab80c0cd6c test_psa_compliance.py: checkout fix-pr-5139 tag
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-22 13:35:26 +01:00
Tom Cosgrove
f3ebd90a1c SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8-a+crypto.

The MBEDTLS_SHA256_PROCESS_ALT and MBEDTLS_SHA256_ALT mechanisms
continue to work, and are mutually exclusive with A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-02-21 08:37:26 +00:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
81d5e1feca fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
da5af22015 tls13_only: add tls13_only test component
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Manuel Pégourié-Gonnard
d81e774083
Merge pull request #5463 from gilles-peskine-arm/cmake-test-suite-enumeration
CMake: generate the list of test suites automatically
2022-02-07 09:48:23 +01:00
Gilles Peskine
827dbd9d35 Remove obsolete calls to if_build_succeeded
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
c1247c0cbb Remove obsolete variable restoration or unset at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
3bc3409edf Remove obsolete cd at the end of a component
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Gilles Peskine
a300099246 Stop CMake out of source tests running on 16.04 (continued)
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory and can presumably
happen with test_cmake_as_package and test_cmake_as_package_install as well.
So skip all of these components on Ubuntu 16.04.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-04 00:32:58 +01:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:41 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Gilles Peskine
7e09105192 New option to list all test cases
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
686c292e8a Move collect_available_test_cases to check_test_cases.py
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Bence Szépkúti
bac671cd23 Fix the multipart AEAD compliance tests
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-06 15:46:17 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 00:19:47 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Ronald Cron
ae93725ae8 tests: Make compat mode optional in script generating tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:07 +01:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:54:36 +01:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
29deed4ddb Add rsa_pss_rsae_sha256 into tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Ronald Cron
3a8714d5d4 all.sh: psa: Add cipher acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
b231245ea8 all.sh: psa: Add hash acceleration test component
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
403c15cb51 all.sh: psa: Add ECDSA and RSA signature acceleration component
Add ECDSA and RSA signature acceleration testing
with signature capabilitites removed from the
Mbed TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Ronald Cron
7975fae6bd Move to separately compiled PSA test driver library
This commit removes the test_psa_crypto_config_basic
all.sh component that can no longer work without
adapting it to the separately compiled test driver
library. This component is replaced by several
components in the following commits to test various
type of acceleration independently.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-06 07:50:27 +01:00
Xiaofei Bai
8b5c3824ee Fix (d)tls1_2 into (d)tls12 in version options
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 13:22:18 +00:00
Gilles Peskine
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test
dlopen test
2021-11-25 22:03:27 +01:00
Gilles Peskine
f303c0ddeb Fix several bugs with multiline comments
Empty the current line if it's entirely inside a comment.

Don't incorrectly end a block comment at the second line if it doesn't
contain `*/`.

Recognize `/*` to start a multiline comment even if it isn't at the start of
the line.

When stripping off comments, consistently strip off `/*` and `*/`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:52 +01:00
Gilles Peskine
b4b18c1155 Improve comment and string stripping
Make that part of the code more readable.

Add support for // line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:44 +01:00
Gilles Peskine
bc1e8f6a7c Fix terminology in comment
In computing, brackets are []. () are called parentheses.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:39 +01:00
Gilles Peskine
b9fc488559 Move comment and string literal processing to a new function
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:34 +01:00
Gilles Peskine
9b2fa72a43 Simplify some regex definitions
Use '|'.join([comma-separated list]) rather than r'...|' r'...|'. This way
there's less risk of forgetting a '|'. Pylint will yell if we forget a comma
between list elements.

Use match rather than search + mandatory start anchor for EXCLUSION_LINES.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:28 +01:00
Gilles Peskine
152de23518 Lift some code out of parse_identifiers
Make parse_identifiers less complex. Pylint was complaining that it had too
many local variables, and it had a point.

* Lift the constants identifier_regex and exclusion_lines to class
  constants (renamed to uppercase because they're constants).
* Lift the per-file loop into a new function parse_identifiers_in_file.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:07 +01:00
Gilles Peskine
c8794202e6 Fix comment parsing
Fix cases like
```
/*short comment*/ /*long
 comment */
int mbedtls_foo;
```
where the previous code thought that the second line started outside of a
comment and ended inside of a comment.

I believe that the new code strips comments correctly. It also strips string
literals, just in case.

Fixes #5191.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:01 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:03:50 +00:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Bence Szépkúti
1e4423b535 Remove expected failure from test_psa_compliance
Issue #5143 was fixed in PR #5180.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:42:51 +01:00
Manuel Pégourié-Gonnard
9b9fbda912
Merge pull request #5094 from bensze01/test_psa_compliance
Run the PSA Compliance test suite in all.sh
2021-11-17 14:09:57 +01:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Gilles Peskine
ca144597e8 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Bence Szépkúti
b376eac5ac Track upstreaming task in an issue
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 22:13:46 +01:00
Bence Szépkúti
cb28871326 Document the values in EXPECTED_FAILURES
Including the issues where the corresponding defects are tracked.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:15 +01:00
Bence Szépkúti
e2855c32b5 Move to an updated fork of psa-arch-tests
The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.

On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:14 +01:00
Bence Szépkúti
ef0d02ed31 Explain why support_test_psa_compliance is needed
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:31 +01:00
Bence Szépkúti
b3818412bc Keep local clone around even if the test succeeds
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:29 +01:00
Bence Szépkúti
c63d1605ab Make directory creation code more compact
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:14:40 +01:00
Bence Szépkúti
67fb3149c0 Add licence header to script
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:37 +01:00
Bence Szépkúti
34b5f56344 Make main() suitable to being called from python
Don't call sys.exit(), and don't clobber the working directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:02 +01:00
Bence Szépkúti
449781fda7 Fix pylint errors
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
83aa604ce5 Simplify regex and use named capture groups
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
c2bac00530 Use print(end='') to silence double newline
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
d2ea2c0df3 Indicate errors interleaved with test suite output
Indicate whether a success or failure is unexpected, or expected and
ignored as they happen.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:51:22 +01:00
Przemyslaw Stekiel
7bc26b8c2a generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:51:49 +01:00
Bence Szépkúti
ca9236b0c5 Make the changes easier to backport
The code replaced in this patch was not compatible with the
development_2.x branch.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-29 11:37:27 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0
Remove on-target testing
2021-10-29 09:33:34 +02:00
Manuel Pégourié-Gonnard
da71054bbc
Merge pull request #5011 from gilles-peskine-arm/test_ssl_o2-3.0
Build with -O2 when running ssl-opt
2021-10-29 09:25:23 +02:00
Gilles Peskine
d025422c28 Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
David Horstmann
3ee10e841e Fix unused variable in generate_psa_tests.py
Remove the newly-unused variable that became unused in
a previous commit.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
65d8c69e80 Remove unnecessary check for ';' in filenames
The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
e12e7f47de Get generated data file list from script
Use the generate_psa_tests.py script to generate the list
of test data files used as output files by cmake.

Do this by introducing a new option --list-for-cmake
that prints a semicolon-separated list of the data files
with no terminating newline (since this is how a cmake list
is represented).

Replace the hard-coded output file list with a variable
generated by the script using this option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
9327fb33a6 Fix test_ref_config component of all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
bfe54d703d Cleanup: rm all files generated by cmake
Again, unrelated, except I kept noticing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
a9cb894168 Add --directory option to generate_psa_tests.py
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Przemyslaw Stekiel
ba20fc98b8 Fix issues pointed by CI
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 11:05:18 +02:00
Przemyslaw Stekiel
437da19f4f Remove unused param and duplicated test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 10:08:38 +02:00
Bence Szépkúti
80b31c56eb Run the PSA Compliance test suite in all.sh
This commit adds a component to all.sh which clones, builds and runs the
compliance test suite.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-21 10:17:34 +02:00
Przemyslaw Stekiel
8d468e4ee8 Remove key generation when given argument is invalid from NotSupported class
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 10:04:55 +02:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
e7fc7ef38b Always set a build type for cmake when building for testing
Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00
Przemyslaw Stekiel
1ecfdea002 all.sh: add full - MBEDTLS_CHACHAPOLY_C without PSA_WANT_ALG_GCM and PSA_WANT_ALG_CHACHA20_POLY1305
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-13 13:27:34 +02:00
Przemyslaw Stekiel
b576c7b779 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-11 10:43:17 +02:00
Przemyslaw Stekiel
25f7063533 enerate_psa_tests.py fix format
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 15:28:45 +02:00
Przemyslaw Stekiel
d9d630cdf3 Addapt psa_generate_key() tests
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-08 12:26:21 +02:00
Gilles Peskine
f4d2fd4a05 Fix cmake invocation syntax
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-08 11:45:47 +02:00
Gilles Peskine
dbf7b7eeb5 Switch cmake -O2 builds around to where we test a lot
Use Release mode (-O2) for component_test_full_cmake_clang which runs SSL
tests.

To have some coverage with Check mode (which enables more compiler warnings
but compiles with -Os), change a few other builds that only run unit tests
at most to Check mode.

Don't add any new builds, to keep the total build volume down. We don't need
extensive coverage of all combinations, just a reasonable set.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:38:32 +02:00
Gilles Peskine
77f0535a93 Clarify a comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:27:16 +02:00
Gilles Peskine
cf52222694 Correct support function name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-07 19:25:29 +02:00
Gilles Peskine
bf3ec84b1c
Merge pull request #5003 from gilles-peskine-arm/all.sh-makeflags-nproc
Limit make parallelism to the number of CPUs in all.sh
2021-10-06 19:35:12 +02:00
Gilles Peskine
ff0aee0e7b Build with -O2 when running ssl-opt
SSL testing benefits from faster executables, so use -O2 rather than -O1.
Some builds use -O1, but that's intended for jobs that only run unit tests,
where the build takes longer than the tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-05 09:36:03 +02:00
Gilles Peskine
050d2fc201 Limit make parallelism to the number of CPUs
Don't default to unbridled -j, which causes a load spike and isn't really
faster.

"Number of CPUs" is implemented here as a reasonable compromise between
portability, correctness and simplicity. This is just a default that can be
overridden by setting MAKEFLAGS in the environment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-30 18:24:21 +02:00
Gilles Peskine
6b34ac7655
Merge pull request #4955 from gilles-peskine-arm/make-tests-v-development
Facilitate reproducing unit tests from all.sh
2021-09-30 16:08:53 +02:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:52 -04:00
Gilles Peskine
8a83224072 Fix typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-28 10:12:49 +02:00
Gilles Peskine
89458d1420 More robust handling of excluded files
Don't try to enumerate excluded files. List included files, and remove names
from the list if they match an excluded-file pattern.

This resolves the problem that the script could get into an infinite loop
due to the use of recursive globbing. Unfortunately, Python's recursive
globs follows symbolic links to directories, which leads to an infinite loop
if a symbolic link points to an ancestor of the directory that contains it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-27 19:20:17 +02:00
Gilles Peskine
b19be6b5f3
Merge pull request #1638 from dgreen-arm/check-names-rewrite
Rewrite check-names.sh in python
2021-09-27 12:28:53 +02:00
Ronald Cron
27f84fc75c
Merge pull request #4813 from JoeSubbiani/TranslateCiphersuite_dev
Translate ciphersuite names
2021-09-27 08:57:52 +02:00
Yuto Takano
c3a6f63c99 Merge updates from upstream development branch into check-names-rewrite
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-09-24 18:02:56 +01:00
Gilles Peskine
3587dfdce8 Move long -D lists from all.sh to a header file
To facilitate maintenance and to make it easier to reproduce all.sh builds
manually, remove the long, repeated list of -D options from
component_test_psa_crypto_config_basic and component_test_psa_crypto_drivers
and put it in a header file instead.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 19:20:04 +02:00
Gilles Peskine
396853ad03 'make test': show failing test cases when cmake does
When building with make, `make test` runs `run-test-suites.pl` which has a
verbose mode that reports the failing test cases, but it didn't provide a
way to enable this verbose mode. With the present commit, you can run `make
test TEST_FLAGS=-v` to use verbose mode.

Base the default for verbose mode on the same environment variable that
`make test` uses when building with CMake: default off, but enabled if
`CTEST_OUTPUT_ON_FAILURE` is true. In particular, verbose mode will now be
on when building from `all.sh`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-20 18:57:55 +02:00
Jerry Yu
7a5ab044ca Add tls13 test with everst and ecp restartable
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-15 22:06:11 +08:00
Joe Subbiani
e5d6106071 Extend test in translate_ciphers.py
The list was trimmed previously according to code coverage, however
this did not really evalute all test cases, e.g in the case of re.sub
or m_cipher.replace. These lines are executed no matter what, so code
coverage is not suitable.

I have gone through each step in the translate functions and made sure
there is at least one ciphersuite per step

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:30:44 +01:00
Joe Subbiani
49d57bcf19 Improve indentation according to pylint
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:58 +01:00
Joe Subbiani
54110b3b6f Reduce translate_ciphers.py test list
Having a list of every ciphersuite suggests that it should be maintained with
any new ciphersuites that are added in the future. This in turn almost defeats
the purpose of having translation functions to begin with
Instead, the unit test now only test a much smaller subset of ciphersuite names
that exercise each stage in the OpenSSL and GnuTLS translate functions.
In the future, if a new cipersuite is added that requires an extra stage in
translation, then that cipher can be added to the test suite, otherwise it
should not be necessary.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
b0aba9a46e Improve comments to be more accurate
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:57 +01:00
Joe Subbiani
79f5790370 Remove test_translate_format()
As test_translate_ciphers_format.sh was made as a testing ground before
utilising translate_ciphers.py in compat.sh, once it was translated to
python code - as a unit test, it became redundant.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:56 +01:00
Joe Subbiani
a25ffab422 Integrate tests as unit tests into one file
Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`

test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:19:50 +01:00
Joe Subbiani
f2de374fc1 Remove unused import
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
a3d991c3d0 Improve python coding style
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:55 +01:00
Joe Subbiani
918ee797ce Improve consitancy and useability
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
  avoid needing to rely on indexes

test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors

compat.sh
- Improved how translate_ciphers.py is called

translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:54 +01:00
Joe Subbiani
d614c0b197 Include translate ciphers tests in all.sh
To run test_translate_ciphers_names.py and _format.sh in the CI, include
it in all.sh component_check_generate_test_code.

Rename check_generate_test_code to check_test_helpers

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-03 13:18:50 +01:00
Joe Subbiani
3eac5b9c6d Use zip rather than enumerate
After improving coding style, pylint suggeted using enumerate but
zip is more appropriate to avoid indexing

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
a56e10db4c Run test_translate_ciphers_format.sh from root
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f849a93d94 Improve python coding style
As per check-python-files.sh, added string documentation for
files and functions.

Modified for loops to use enumerate rather than range(len(
although as the same iteration index is used for multiple
lists it does not seem quite appropriate

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Joe Subbiani
f3fcc29eb1 Move translate scripts to appropriate folder
"tests/scripts/*.py is executable programs used only for testing"

Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
2021-09-02 18:53:52 +01:00
Gilles Peskine
0bf740ee4f
Merge pull request #4765 from gilles-peskine-arm/all.sh-subshells-3.0
Run all.sh components in a subshell
2021-09-02 10:26:58 +02:00
Gilles Peskine
e36fe81e34 Change our code size reference job to use baremetal_size
In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal
as the configuration, i.e. exclude debugging features. This job is the only
one switching to baremetal_size because it's our primary point of reference
for code size evolution, and which is the only job where we display the code
size built with -Os so it's presumably the only job for which we really care
about a meaningful code size report.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-09-01 20:00:33 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Yuto Takano
fc1e9ffcb2 Use Abstract Base Classes to ensure Problem is not instantiated
- Problem() is a parent abstract class that should only be used for
  subclassing.
- With the help of ABC, implement abstract methods that force
  subclasses to implement quiet and verbose outputs.
- The repeated logic of "if self.quiet" is consolidated in Problem.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-23 13:54:56 +01:00
Yuto Takano
5f83171999 Fix listing line number wrongly using start char pos
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-18 18:03:24 +01:00
Yuto Takano
7143209604 Remove unused imports in list_internal_identifiers.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 12:44:16 +01:00
Yuto Takano
3590691bad Fix issues raised by Pylint 2.4.4 on CI
Locally they were unreported by Pylint 2.9.2.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 11:05:43 +01:00
Yuto Takano
4b7d23dfa6 Separate make clean and make lib in check_names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:48:22 +01:00
Yuto Takano
704b0f77e1 Use .span() for positions, and separate line_no argument in Match
This reverts a previous change where line_no was removed and put into
a triple tuple. It was discovered that re.Match.span() conveniently
returns (start, end), so separating line_no again makes the code cleaner.
The legibility of the code heavily outweighs the issues pointed out by
Pylint (hence disabled).

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:41:23 +01:00
Yuto Takano
b1417b4554 Use Enums for the enum-parsing state machine
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:30:20 +01:00
Yuto Takano
5473be2914 Use a class variable for quiet instead of passing it around
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-17 10:14:24 +01:00
Yuto Takano
6adb287960 Move duplicated behaviour in get_files to own function
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:38:34 +01:00
Yuto Takano
90bc026913 Exclusively use re.search() to avoid confusion with .match()
Also fix newline being removed when lines were concatenated

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 11:34:10 +01:00
Yuto Takano
9d9c6dc46e Align the item counts in check_names for ease of reading
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:43:45 +01:00
Yuto Takano
165700c914 Remove unnecessary try/catch in list_internal_identifiers
The try/catch was used to catch Exceptions and exit with code 1,
a legacy from check_names.py which uses the pattern to exit with
code 2. But code 1 is the default for the Python runtime anyway,
so it is redundant and can be removed.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:39:24 +01:00
Yuto Takano
8246eb8fb6 Fix English typos in comments of check_names and list-identifiers
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:37:24 +01:00
Yuto Takano
fb86ac70f5 Comment Match.__str__ and use format() to simplify calculation
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-16 10:32:40 +01:00
Manuel Pégourié-Gonnard
4512f21473
Merge pull request #3572 from mpg/add-arm-linux-build
Add arm-linux-gnueabi-gcc build
2021-08-12 13:16:02 +02:00
Hanno Becker
ae336852c5 Add ssl-opt.sh run to TLS 1.3 test in all.sh
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:28:45 +01:00
Dave Rodgman
2aec149e13
Merge pull request #4248 from hanno-arm/tls13_populate_transform
Fix and test compliance of TLS 1.3 record protection
2021-08-11 16:41:51 +01:00
Yuto Takano
d73cec1e09 Add newline at end of list-identifiers.sh
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:45:28 +01:00
Yuto Takano
ac72fac465 Put back list-identifiers.sh as a thin wrapper around the python script
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 15:09:16 +01:00
Yuto Takano
206b022ad0 Fix off-by-one error in string formatting in Python
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-10 11:30:43 +01:00
Yuto Takano
7bfac1d7fe Fix incorrect reference to NameCheck in script docstring
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:49:25 +01:00
Yuto Takano
55c6c87d95 Separate code parsing and name checking in two classes
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 15:35:19 +01:00
Janos Follath
f8f88d6b00
Merge pull request #4746 from gilles-peskine-arm/bump-version-3.0
Fix release scripts for 3.0
2021-08-09 15:28:28 +01:00
Yuto Takano
50953433a4 Bring back logging of number of files
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:54:36 +01:00
Yuto Takano
8e9a219310 Improve ease of specifying which files to look in (check_names)
- Instead of os.path.join, use glob patterns (supports Windows too)
- Instead of creating the lists beforehand (which adds messiness), pass glob
  expessions to functions and let them memoise it.
- Add support for excluding based on glob patterns, which isn't used now but
  could come in handy.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 14:48:53 +01:00
Yuto Takano
f005c3369a Change variable name argparser to parser
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 13:56:36 +01:00
Yuto Takano
d70d446d69 Improve code style consistency in check_names.py
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:45:51 +01:00
Yuto Takano
68d241211b Create list_internal_identifiers.py
This is the equivalent of `list-identifiers.sh --internal`, which is
useful for generating an exclusion file for ABI/API checking.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 12:10:31 +01:00
Yuto Takano
977e07f5c8 Use glob in get_files(), call setup_logger on init
glob is more flexible and simplifies the function arguments drastically.
It is also much more intuitive to extend in the future when the filepaths
need to be extended or changed.

setup_logger had to be called as the first thing after instantiation, so
this commit simplify makes it automatic.

Several clarification comments are added too.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:56:15 +01:00
Yuto Takano
51efcb143d Rename check-names.py to check_names.py
This is necessary to import check_names from other scripts, which
will inevitably happen in the next few commits to implement the equivalent
of `list-identifiers.sh --internal`.

Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-09 11:54:12 +01:00
Yuto Takano
6fececf192 Comment why is used
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 17:28:23 +01:00
Yuto Takano
fc54dfb0d6 Move check_repo_path into NameCheck as staticmethod
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 17:18:28 +01:00
Yuto Takano
55614b51f1 Use --quiet to hide explanations and show only minimal necessary info
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 01:00:18 +01:00
Yuto Takano
b47b504418 Improve comments in parse_mbed_words()
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:42:54 +01:00
Yuto Takano
12a7ecda5a Fix further pylint issues picked up by Travis CI
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:40:29 +01:00
Yuto Takano
a083d15edd Specify file open encoding as utf-8 in check-names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-07 00:25:59 +01:00
Yuto Takano
381fda8550 Print line number next to problem in check-names
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:37:20 +01:00
Yuto Takano
bcc3d99cc1 Fix compatibiliy with Python 3.5 on the CI
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:14:58 +01:00
Yuto Takano
d93fa37aa6 Address all pylint issues to follow style
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 23:05:55 +01:00
Yuto Takano
9e0e0e9980 Fix Pylint-detected function argument syntax error
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 22:01:37 +01:00
Yuto Takano
25eeb7b935 Output subprocess stdout if it errored
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:27:59 +01:00
Yuto Takano
cfc9e4a275 Change identifier regex to better support multiline declarations
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
8f457cf222 Use enumerate() to get line numbers
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
a4e751257a Output line number, line, and position of error
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
159255ab7b Document dependency on nm
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00
Yuto Takano
13ecd996fc Improve regex to adapt to flexible spaces
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
2021-08-06 21:07:39 +01:00