Commit graph

2201 commits

Author SHA1 Message Date
Gilles Peskine
ca25deee12 Factor get_function_info out of gen_from_test_data
No intended behavior change. This commit is mainly to satisfy pylint, which
complains that gen_from_test_data now has too many variables. But it's a
good thing anyway to make the function a little more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:41 +02:00
Gilles Peskine
8542f5c81f Add line number to a few error messages
This is just a quick improvement, not meant to tackle the problem as a
whole.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:40 +02:00
Pengyu Lv
1d4cc917ce cert_audit: Reword the options and their descriptions
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 15:17:19 +08:00
Pengyu Lv
1381598aa3 cert_audit: Check the version of cryptography
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 14:55:38 +08:00
Manuel Pégourié-Gonnard
feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3
Check remaning dependencies on ECP in PK module
2023-04-24 13:06:09 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Pengyu Lv
c34b9ac18c cert_audit: Clarify the abstraction of Auditor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 14:57:30 +08:00
Pengyu Lv
28fe957239 cert_audit: Add simple parser of suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 13:56:25 +08:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Pengyu Lv
2d487217cd cert_audit: Improve the method to find tests folder
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 12:41:24 +08:00
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00
Pengyu Lv
7a344dde0f New implementation for generate_test_code.FileWrapper
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:03:20 +08:00
Pengyu Lv
8e6794ad56 cert_audit: Code refinement
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 17:00:47 +08:00
Pengyu Lv
f8e5e059c5 cert_audit: Improve documentation
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 16:24:02 +08:00
Valerio Setti
e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 12:03:48 +02:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Pengyu Lv
7725c1d2a9 cert_audit: Output line/argument number for *.data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:55:30 +08:00
Pengyu Lv
57240958ed cert_audit: Make FILE as positional argument
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:46:14 +08:00
Valerio Setti
0c477d32e2 test: include also test_suite_ecp for the coverage analysis
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Pengyu Lv
3179232211 cert_audit: Disable pylint error for importing cryptography
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 16:30:54 +08:00
Pengyu Lv
cb8fc3275a cert_audit: Fill validity dates in AuditData constructor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 15:05:29 +08:00
Pengyu Lv
ebf011f43e cert_audit: Introduce not-[before|after] option
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 14:07:50 +08:00
Pengyu Lv
30f2683d18 cert_audit: Parse more information from test suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-07 18:04:07 +08:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Pengyu Lv
45e32033db cert_audit: Support audit on test suite data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 14:33:41 +08:00
Pengyu Lv
7f6933a227 cert_audit: Initial script for auditing expiry date
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 13:38:56 +08:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
c6ecdad42d test: disable all RSA algs and fix tests
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 08:26:35 +02:00
Ronald Cron
32a432af95 all.sh: Fix test component name
The component_test_psa_crypto_drivers was
renamed component_test_psa_crypto_builtin_keys
in a previous commit. This was misleading as
the goal of the component is not to test
the builtin keys but to run the PSA unit
tests with the test drivers doing the
cryptographic operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
1640682a53
Merge pull request #7334 from valeriosetti/analyze_outcomes_improvement
Improve analyze_outcomes.py script
2023-03-30 09:17:39 +02:00
Valerio Setti
846118b98d test: remove old component errouneously reintroduced during rebase
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 13:46:59 +02:00
Valerio Setti
f109c66d73 Use proper log function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:44 +02:00
Valerio Setti
22992a04f1 Fix function description
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:28 +02:00
Valerio Setti
5aab43f1cd test: fix/improve comments in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:42:07 +02:00
Valerio Setti
1f1420df36 test: fix text output
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
d0c644db69 test: minor refactoring
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
ee97a1ef47 test: improve comments and code in newly added helper function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
e4758aa34b test: add a companion test for another curve (x25519) and fix issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
3ebecc9513 test: disable proper key exchanges while testing accel EC algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
5360886ad3 test: minor fixes to all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b7e9544194 test: add specific test with only accel EC curves and algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b76672dd52 test: fix wrong accelerated SHA1 symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
6d687b98cf test: simplify comment in test_psa_crypto_config_accel_all_ec_algs_use_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
c762797856 test: removing test with all accel EC algs without USE_PSA
We keep tests without USE_PSA for single accel components (i.e.
ECDH, ECDSA, ECJPAKE), but when testing for all 3 accelerated
at the same time we use USE_PSA for better test coverage.
However for this purpose there is already the:

component_test_psa_crypto_config_[reference/accel]_all_ec_algs_use_psa()

so we can delete this extra component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
4fa6d0bb88 test: moving accel ECJPAKE test close to accel ECDH and ECDSA ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77bdff1963 test: improve comment in the added test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
2495cdbcc2 test: remove unused tasks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
44b178ca60 test: fix erroneous changes in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
6f820cccb8 test: fix comments in test_psa_crypto_config_accel_ecc()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1c3de61ba8 test: remove previous tests for accelerated ECDSA/ECDH/ECJPAKE coverage analysis
All these EC based algs are now tested all at once in
test_psa_crypto_config_[accel/reference]_all_ec_algs_use_psa()
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
42d5f1959f test: add a test with all EC based algs accelerated
Actually this adds both the accelerated test as well as the
reference. Both of them are used to evaluate the driver's
coverage with analyze_outcomes.py script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Manuel Pégourié-Gonnard
5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
c584c27426 Disable built-in SHA-256 in accel_hash too
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5d0d641332 Test entropy.c with driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Valerio Setti
a266332189 test: improve analyze_outcomes.py script
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:

- if the output file is already present, then only the analysis
  is performed
- if the outfile does not exists, then tests are also executed
  before doing the analysis

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-24 09:31:38 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Valerio Setti
4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
a81130f159 test: enable ECDHE key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Manuel Pégourié-Gonnard
91cc8bbc87 Enable ECDSA-det in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
d111fbdad1 Enable HMAC-DRBG in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
fbaf4e98d8 Enable PKCS7 in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
0d1921c4c2 Enable HKDF in driver-only hashes test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
7d381f517a MD: use MD_CAN in test suite and check for parity
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Valerio Setti
53a5844abc test: enable ECDH key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Manuel Pégourié-Gonnard
0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard
1b5ffc63cc Avoid double definition of MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Valerio Setti
943f8ddf81 test: remove leftovers from debug sessions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 16:47:17 +01:00
Manuel Pégourié-Gonnard
54e3c6593e Fix failures in signature accel test
The test driver library tries to only build what's necessary, but must
use the same PSA_WANT macros as the main library. So, for things that
are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines
MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the
command line, in which case it undefines it and defineds BUILTIN
instead. This negation happens in crypto_config_test_driver_extension.h
and reflects the fact that what we want accelerated in the main library
is what we want built-in in the driver library (and vice versa if we
want to minimize the size of the driver library).

So, the ACCEL symbols in inside the test driver library (while it's
being built, not those on the command line) are a bit of a white lie:
they don't actually mean "there's an accelerator for this" but instead
"I won't include a built-in for this even though the corresponding
PSA_WANT symbol is defined".

This was quite harmless until MD started making dispatch decisions based
on the ACCEL symbols: when it tries to dispatch to an accelerator that
doesn't actually exist, things tend to go badly.

The minimal fix for this is to change how we enable extra hashes in the
test driver library: by defining the ACCEL symbol on the command line,
in the build we'll end up with the BUILTIN symbol (and implementation!)
and no ACCEL symbol, which is exactly what we want.

Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Valerio Setti
fea765ba17 test: enable ec-jpake key exchanges in driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 07:45:23 +01:00
Valerio Setti
d8c2800f58 ecjpake: add ssl-opt tests for driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-15 19:09:35 +01:00
Manuel Pégourié-Gonnard
2a13cfd2b0
Merge pull request #7243 from valeriosetti/issue7148
driver-only ECDH: enable ssl-opt.sh with parity
2023-03-14 11:07:56 +01:00
Gilles Peskine
8128037017
Merge pull request #7163 from lpy4105/issue/all_sh-do-not-list-unsupported-cases
all.sh: Do not list unsupported cases
2023-03-14 10:34:04 +01:00
Manuel Pégourié-Gonnard
ca3e32aaa8
Merge pull request #7207 from valeriosetti/issue7140
Handle output consistently in analyze_outcomes.py
2023-03-14 09:43:45 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Valerio Setti
3951d1bcce analyze_outcomes: symplify log functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 18:37:34 +01:00
Valerio Setti
d0fffc56c3 analyze_outcomes: add coverage test for ecjpake
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 16:08:03 +01:00
Valerio Setti
a9c9deccb9 ecjpake: add tests for driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 16:05:49 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Manuel Pégourié-Gonnard
a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter
Driver-only ECDH starter
2023-03-07 09:14:38 +01:00
Manuel Pégourié-Gonnard
86393db84d Revert local experiment.
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 16:19:05 +01:00
Manuel Pégourié-Gonnard
07d92620d4 Fix some message strings and comments in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard
0d1f5be688 Add comment about shared config function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 13:35:21 +01:00
Valerio Setti
5d8d1a7f60 analyze_outcomes: print all output on stderr
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-06 11:08:17 +01:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt
Allow alternative names for overridable PSA headers
2023-03-03 12:37:51 +00:00
Dave Rodgman
e965c3c4bd
Merge pull request #7197 from daverodgman/armclang-sha-warning
Enable -Werror in all.sh for armclang
2023-03-03 09:01:41 +00:00
Dave Rodgman
0fddf829d5 Add more detailed comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 15:32:12 +00:00
Gilles Peskine
57897b8d6a
Merge pull request #6493 from AndrzejKurek/pymod
Use `config.py` as a module in `depends.py`
2023-03-02 15:38:47 +01:00
Dave Rodgman
1c232a8311 Enable -Werror for armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:39:04 +00:00
Dave Rodgman
2f386c55ff Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:38:33 +00:00
Pengyu Lv
c6298ad46a Use parentheses to avoid executing the output
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-01 10:31:29 +08:00
Pengyu Lv
c2b1864ceb Revert "Check if the license server is available for armcc"
This reverts commit 55c4fa4f41.

After discussion, We decided not to check the availability
of the license server for the impacts on CI and user usages.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-01 10:25:08 +08:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
Pengyu Lv
55c4fa4f41 Check if the license server is available for armcc
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 18:31:50 +08:00
Pengyu Lv
df07003c49 all.sh: add support function for build_armcc
With this change, "--list-components" will not list
"build_armcc" on the system which is not installed
with Arm Compilers.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 16:03:31 +08:00
Pengyu Lv
51b5f00a43 all.sh: Skip build_mingw correctly
If i686-w64-mingw32-gcc is not installed, then
build_mingw should be unsupported.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 15:38:52 +08:00
Manuel Pégourié-Gonnard
623c73b46d Remove config.py call on now-internal option
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:36:05 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Przemek Stekiel
bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:12:19 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Valerio Setti
6445912d9c test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-22 12:35:16 +01:00
Przemek Stekiel
b45b8ce474 Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
03790029a6 Add test components to test accelerated pake and fallback
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Manuel Pégourié-Gonnard
d1c001aff7 Fix some dependencies in test_suite_psa_crypto
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:37:17 +01:00
Manuel Pégourié-Gonnard
e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:07:19 +01:00
Manuel Pégourié-Gonnard
59a2b8fd57 Add component accel_ecdh_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard
e3095e7cb0 Add comments to accel_ecdh component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:19:06 +01:00
Manuel Pégourié-Gonnard
9e04b5bcfc Disable MD-light in accel_hash_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 22:30:06 +01:00
Gilles Peskine
e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction
Extract Secp192r1 fast reduction from the prototype
2023-02-15 16:22:36 +01:00
Andrzej Kurek
72082dc28e Improve tests/scripts/depends.py code
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-15 05:20:33 -05:00
Valerio Setti
5dc6867f7e test: don't skip debug and ssl suites in test parity for driver only ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Gabor Mezei
a9d82dd0a2
Keep the description in one place, just refer it
Delete the duplicated file description and refer to the original one
in generate_bignum_tests.py.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:10:23 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
Fix typos
2023-02-10 15:07:07 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-08 16:40:40 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857
driver-only ECDSA: get testing parity in PK
2023-02-08 13:33:15 +01:00
Pol Henarejos
aa426e023c
SHA3 cannot be tested alone, as ENTROPY_C needs also SHA256 enabled.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-08 12:52:10 +01:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64
all.sh: test_m32_xx is not supported on arm64 host
2023-02-07 10:26:10 +01:00
Jerry Yu
e51eddce38 disable aesce when ASM not available
Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:53 +08:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Jan Bruckner
1aabe5c4d7 Fix typos
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:53 +01:00
Andrzej Kurek
81cf5ad347
Improve tests/scripts/depends.py code
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-06 10:48:43 +01:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-01 10:50:50 +08:00
Gabor Mezei
95ecaaf56d
Add test generation support for the ecp module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
2023-01-30 09:21:58 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Gilles Peskine
47aab850da Batch cipher translations to go faster
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Valerio Setti
9cb0f7a423 test: driver-only: fix disparities in random
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:11 +01:00
Valerio Setti
3002c99247 test: extend analyze_outcomes.py in order to skip only some test in a suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:00 +01:00
Valerio Setti
7e57920511 test: driver-only: fix disparities in psa_crypto_se_driver_hal
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:46 +01:00
Valerio Setti
4682948c1e test: driver-only: fix disparities in ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:31 +01:00
David Horstmann
f0c75796be Fix a missing type hint warning
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-24 18:53:15 +00:00
Andrzej Kurek
576803faa2 depends.py: improve expected argument type
Requested config option can be either boolean or a string.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-24 07:40:42 -05:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter
Driver-only ECDSA starter
2023-01-24 13:06:17 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Andrzej Kurek
3b0215d453 depends.py: merge set/unset config option into one function
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 07:19:22 -05:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
cafda872f3 Fix documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
0e9e4422ab NotSupported is specifically about key types
Rename NotSupported to KeyTypeNotSupported, because it's only about testing
key management. For algorithms, not-supported is handled by OpFail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:17 +01:00
Andrzej Kurek
1ff7336e2c depends.py: enable key exchange tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:10 -05:00
Yanray Wang
ee97f05d35 Translate cipher suite names based on standard naming convention
With this commit, translate_ciphers.py would be based on standard
cipher suite names instead of MbedTLS naming convention.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-17 14:56:37 +08:00
Aditya Deshpande
0584df4131 Minor changes to account for CodeParser.parse_identifiers being used in list_internal_identifiers.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 16:36:31 +00:00
Dave Rodgman
461b8254d0
Merge pull request #6865 from scop/patch-1
Use `grep -E` instead of `egrep`
2023-01-16 15:21:24 +00:00
Aditya Deshpande
dd8ac67792 Update check_names.py so that identifiers in excluded files are still compared against the output of nm.
This fixes the issue where excluding a file containing identifiers from checks would cause check_symbols_in_header to fail.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 14:57:48 +00:00
Valerio Setti
41b5fb6536 test: ensure X509 has no dependency on BIGNUM when built without MBEDTLS_DEPRECATED_REMOVED
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Dave Rodgman
378ecdd859 Rename VS2010 directory to VS2013 and update Makefiles etc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Gilles Peskine
c848d226bf Switch code style check to enforcement mode
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:14 +01:00
Gilles Peskine
c55c343670
Merge pull request #6884 from gilles-peskine-arm/check-files-unicode
Reject bad characters in source code
2023-01-11 13:46:59 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Gilles Peskine
d11bb47fe0 Reject invalid UTF-8 and weird characters in text files
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).

Also reject byte sequences that aren't valid UTF-8.

Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:31:14 +01:00
Gilles Peskine
b389743ace Pass line number to issue_with_line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:28:30 +01:00
Gilles Peskine
0ed9e78bf7 Treat more *.bin files as binary
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:27:35 +01:00
Manuel Pégourié-Gonnard
c6967d21b9 Tune output format of analyze_outcomes.py
The part "driver: skipped/failed, reference: passed" didn't add any
information, but used up space on the screen and made the output
slightly harder to parse.

OTOH, now that we have multiple analyze_vs_reference tasks, we
should print out which one we're doing, so that that output makes sense
in case of a failure on the CI (which runs all tasks).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
10e3963aa4 Add comparison of accel_ecdsa against reference
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
171c45feda Add component accel_ecdsa_use_psa
This is the basis for future work, we'll want to make sure everything
passes in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
6d7db93bbb Enable TLS 1.3 in accelerated ECDSA test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
200fd0f099 Add comments to accel_ecdsa component
Slightly re-organize (accel list at the top).

No need to disable USE_PSA or TLS 1.3 because they're already that way
in the default config.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
462e3a9931 all.sh: restore config_test_driver.h automatically
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:03 +01:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
e1655b8132 test: add test for building without BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
3322f611e6 test: verify that TLS and X509 are independent from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:42 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Ville Skyttä
66edfe45f5
Use grep -E instead of egrep
`egrep` has been deprecated in GNU grep since 2007,
and since 3.8 it emits obsolescence warnings:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1


Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2023-01-01 18:19:49 +02:00
Valerio Setti
ea8c88fcbb test: fix some descriptions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-29 11:08:35 +01:00
Valerio Setti
c963bb11c7 test: remove SHA224 from default test driver config
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-28 12:58:14 +01:00
Andrzej Kurek
3f93012bf1 Use config.py as a module in depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-12-27 06:36:24 -05:00
Manuel Pégourié-Gonnard
2fcb4c1d06
Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random
Bignum mod random
2022-12-23 10:36:22 +01:00
Valerio Setti
b6bf7dcc28 test: fix depends.py for hash tests
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:28:03 +01:00
Manuel Pégourié-Gonnard
eab43a62c3
Merge pull request #6795 from gilles-peskine-arm/check_test_cases-quiet_ci
Hide check_test_cases warnings on the CI
2022-12-21 09:42:41 +01:00
Gilles Peskine
c377f31ad9 Remove unused import
This wasn't reported by pylint due to a pylint bug (apparently):
`pylint A B` doesn't complain about an unused import in B if A happens to
import and use the same module, which happens to be the case when we run
pylint on the CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:52:42 +01:00
Manuel Pégourié-Gonnard
82dad10746
Merge pull request #6820 from gilles-peskine-arm/code-style-skip-generated-files
Don't touch the style of generated files
2022-12-19 13:06:25 +01:00
Manuel Pégourié-Gonnard
bb12621746
Merge pull request #6808 from gilles-peskine-arm/basic-build-test-lcov-format-robustness-3.3
Fix code_coverage broken by extra echo in make lcov
2022-12-19 13:03:37 +01:00
Manuel Pégourié-Gonnard
c572246fa5 Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.

This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.

The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).

So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
Gilles Peskine
3b56d29147 List all the places with instructions to generate those files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:56:44 +01:00
Gilles Peskine
9a3771e1b3 Don't touch the style of generated files
Ideally the result of the generator would conform to the code style, but
this would be difficult, especially with respect to the placement of line
breaks in long logical lines. So, to avoid surprises when checking the style
of generated files (which happens in releases and in long-time support
branches), systematically skip generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:52:39 +01:00
Gilles Peskine
546493bee9
Merge pull request #6789 from mpg/doc-docker-from-ci
Point to docker images used in the CI
2022-12-17 01:54:24 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
David Horstmann
f91090e4a3 Fix an incorrect regex in check_names.py
Allow check_names.py to detect declarations of the form:

enum some_enum_name {

This pattern has only just appeared due to code style correction, which
explains why the issue was not previously noticed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-16 13:39:04 +00:00
Gilles Peskine
98d3a67a5c Simplify the coverage statistics summary
The script was parsing the output from `make lcov` to extract numbers and
calculate percentages. But everything including the percentages is already
present in the output of `make lcov`, just with a slightly different
presentation. So replace all this by a simple extraction of the relevant
lines from the output of `make lcov`.

This is more robust than the previous code, which relied on `tail -n4` to
extract relevant lines, which broke when `make lcov` started to emit one
extra line at the end.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 12:09:17 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Gilles Peskine
031114d6ec Hide check_test_cases warnings on the CI
We aren't paying attention to the warnings. So hide them and save log size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 14:46:31 +01:00
Gilles Peskine
081369111e
Merge pull request #6594 from gilles-peskine-arm/generate_test_code-function_comments
Allow comments in test function prototypes
2022-12-15 12:32:11 +01:00
Manuel Pégourié-Gonnard
59626b6179 Point to docker images used in the CI
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-15 10:08:26 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
cd98805bd7
Merge pull request #6683 from mpg/optimize-with-asan
Optimize with asan
2022-12-12 11:58:23 +01:00
Manuel Pégourié-Gonnard
182a23b1da Adjust all.sh now that restartable is in full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a6e3d3ec10 Disable restartable in build_module_alt
Previously we did not need that as restartable was excluded from full.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a37398427b Remove check for tests disabled with USE_PSA
The previous commit declared that some tests cases in ssl-opt.sh depend
on USE_PSA being disabled, which is the right thing to do.

We had a check that forbade that - it was mainly meant to prevent
accidental re-introduction of such dependencies after we cleaned up a
number of cases where it was not warranted, but already at the time that
was controversial [1]. Now it's preventing us from doing the right
thing, so let's just remove it.

[1]: https://github.com/Mbed-TLS/mbedtls/pull/5742#discussion_r855112412

See also https://github.com/Mbed-TLS/mbedtls/pull/5907/ which also
removes this for a similar reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Dave Rodgman
1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests
Rationalize Valgrind tests
2022-12-06 18:39:32 +00:00
David Horstmann
92b5ac1a47 Add all.sh component to test with code style
Run the main test suites after running code style correction to check
that code style correction does not break these tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 17:44:30 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
dc40bbc2d7 test: pake: remove redundant test for opaque passwords
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00
Dave Rodgman
c3902ac661
Merge pull request #6698 from wernerlewis/bignum_mod_py
Bignum: Enable test generation from bignum_mod.py
2022-12-01 11:48:14 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Valerio Setti
a6b69dabc5 test: psa_pake: add a separate test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-30 16:44:49 +01:00
Gilles Peskine
18f7028a0e Preserve line breaks from continued line comments
The commit "Preserve line breaks in comments before test functions"
only handled block comments. This commit handles line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-30 16:38:49 +01:00