Commit graph

6075 commits

Author SHA1 Message Date
Gilles Peskine
161d661d90
Merge pull request #5222 from paul-elliott-arm/fix_test_suite_ssl
Fix test_suite_ssl compilation errors with GCC11
2021-11-25 22:02:43 +01:00
Gilles Peskine
f303c0ddeb Fix several bugs with multiline comments
Empty the current line if it's entirely inside a comment.

Don't incorrectly end a block comment at the second line if it doesn't
contain `*/`.

Recognize `/*` to start a multiline comment even if it isn't at the start of
the line.

When stripping off comments, consistently strip off `/*` and `*/`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:52 +01:00
Gilles Peskine
b4b18c1155 Improve comment and string stripping
Make that part of the code more readable.

Add support for // line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:44 +01:00
Gilles Peskine
bc1e8f6a7c Fix terminology in comment
In computing, brackets are []. () are called parentheses.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:39 +01:00
Gilles Peskine
b9fc488559 Move comment and string literal processing to a new function
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:34 +01:00
Gilles Peskine
9b2fa72a43 Simplify some regex definitions
Use '|'.join([comma-separated list]) rather than r'...|' r'...|'. This way
there's less risk of forgetting a '|'. Pylint will yell if we forget a comma
between list elements.

Use match rather than search + mandatory start anchor for EXCLUSION_LINES.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:28 +01:00
Gilles Peskine
152de23518 Lift some code out of parse_identifiers
Make parse_identifiers less complex. Pylint was complaining that it had too
many local variables, and it had a point.

* Lift the constants identifier_regex and exclusion_lines to class
  constants (renamed to uppercase because they're constants).
* Lift the per-file loop into a new function parse_identifiers_in_file.

No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:07 +01:00
Gilles Peskine
c8794202e6 Fix comment parsing
Fix cases like
```
/*short comment*/ /*long
 comment */
int mbedtls_foo;
```
where the previous code thought that the second line started outside of a
comment and ended inside of a comment.

I believe that the new code strips comments correctly. It also strips string
literals, just in case.

Fixes #5191.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-25 20:51:01 +01:00
Paul Elliott
62dc392ef8 Stop CMake out of source tests running on 16.04
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-25 18:03:50 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module
Move constant-time functions into a separate module
2021-11-24 19:33:00 +01:00
Paul Elliott
21c8fe5c6e Fix compilation errors.
Under gcc11(+) both message and received would cause errors for
potentially being used uninitialised. We fixed many of these issues in
another PR, but this one is only seen under certain configs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-24 17:19:51 +00:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
XiaokangQian
30f556059a Reverse the cert file
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-24 01:54:50 +00:00
XiaokangQian
f9fca8a791 Add back cipher suite information in ssh-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 23:21:27 +00:00
XiaokangQian
25476a48b9 Change code based on review
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 14:01:21 +00:00
XiaokangQian
ff5f6c8bb0 Refine test code and test scripts
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:49:51 +00:00
XiaokangQian
07c554748a Change cert file to server2-sha256.crt
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:30:14 +00:00
XiaokangQian
f977e9af6d Add componet test and rsa signature options
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 07:19:23 +00:00
XiaokangQian
a27b3526bf Disable PSA_CRYPTO in tls1.3 tests
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 02:27:07 +00:00
Paul Elliott
bfa273e507 Fix missing test dependancies
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 17:50:26 +00:00
Paul Elliott
d663543004 Add PKCS12 tests
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-22 10:10:24 +00:00
XiaokangQian
bdf26de384 Fix test failure and remove useless code
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
3887ab5bcc Use O_NEXT_SRV to support ciphersuite option
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 07:14:39 +00:00
XiaokangQian
22dd68c2b5 Rebase code and run through the whole test flow
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:54:50 +00:00
XiaokangQian
d15018972c Change script to solve G_NEXT_SRV_RSA not set issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:13 +00:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
XiaokangQian
d940e641ed Add test script for RSA signature
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Gilles Peskine
8cbb7b995f Docker: Python requirements are now managed in-tree
Neither mbed-host-tests nor mock are currently used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-18 17:33:28 +01:00
Manuel Pégourié-Gonnard
146247de71
Merge pull request #5172 from bensze01/invalid_nonce_error
PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
2021-11-18 09:41:12 +01:00
Ronald Cron
ac00659480
Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test
TLS1.3 MVP: Add finialize states and simplest test
2021-11-18 09:11:53 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 18:06:04 +01:00
Bence Szépkúti
1e4423b535 Remove expected failure from test_psa_compliance
Issue #5143 was fixed in PR #5180.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-17 14:42:51 +01:00
Manuel Pégourié-Gonnard
9b9fbda912
Merge pull request #5094 from bensze01/test_psa_compliance
Run the PSA Compliance test suite in all.sh
2021-11-17 14:09:57 +01:00
Manuel Pégourié-Gonnard
5a57a51ea5
Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code
Improve PSA error return code for psa_key_derivation_output_key
2021-11-17 13:09:37 +01:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00
Jerry Yu
6d38c19582 Add http connection pass check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
Jerry Yu
e1b1e2de65 Add minimal feature sets test
Replace original negative test with work test.
Now, we can work with the simple test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
Dave Rodgman
491d849ad1 Fix derive_input test ignoring parameter
Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-16 16:05:06 +00:00
Dave Rodgman
3f86a90261 Update test to handle changed error code
Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-11-16 16:05:06 +00:00
Ronald Cron
28777db226
Merge pull request #4952 from xkqian/add_server_finished
Add server finished
2021-11-12 12:30:10 +01:00
XiaokangQian
3306284776 Change code base on comments
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 03:37:45 +00:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2
Generate test cases for PSA key generation
2021-11-10 20:55:35 +01:00
Gilles Peskine
ca144597e8 Run the dlopen test in shared library builds
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-10 19:05:20 +01:00
Max Fillinger
c60c3a0c77 Include new getters in test suites
Signed-off-by: Max Fillinger <max@max-fillinger.net>
2021-11-10 15:12:04 +01:00
Manuel Pégourié-Gonnard
087f04783d
Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
XiaokangQian
d0aa3e9307 Inprove code base on review comments
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 06:17:40 +00:00
XiaokangQian
f13c56032f Revert some changes about tls13 and macros
There is one PR #4988 to change it in the future

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
XiaokangQian
a763498490 Change code based on commetns
Focus on the code style, naming rule,etc.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 01:47:23 +00:00
Bence Szépkúti
b376eac5ac Track upstreaming task in an issue
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 22:13:46 +01:00
Bence Szépkúti
cb28871326 Document the values in EXPECTED_FAILURES
Including the issues where the corresponding defects are tracked.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:15 +01:00
Bence Szépkúti
e2855c32b5 Move to an updated fork of psa-arch-tests
The new fork was rebased on top of the upstream master, removing the
need for most of the downstream patches we carried.

On the other hand, the new fork includes a couple of fixes to problems
that were not addressed by the original fork, or were introduced with the
new version of psa-arch-tests.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-09 21:42:14 +01:00
Ronald Cron
260f5d9413
Merge pull request #4953 from yuhaoth/pr/add-tls13-read-certificate-verfify
TLS1.3: CertificateVerify:add tls13 read certificate verfify
2021-11-08 09:36:35 +01:00
Jerry Yu
5398c10b89 Add return value check for cerificate verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-05 13:32:38 +08:00
Gilles Peskine
4db2624bfe Fix test bug: some classification flags were not tested
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:32 +01:00
Gilles Peskine
a4256c1b2d Ensure that all flags are actually tested
At least twice, we added a classification flag but forgot to test it in the
relevant test functions. Add some protection so that this doesn't happen
again. In each classification category, put a macro xxx_FLAG_MASK_PLUS_ONE
at the end. In the corresponding test function, keep track of the flags that
are tested, and check that their mask is xxx_FLAG_MASK_PLUS_ONE - 1 which is
all the bits of the previous flags set.

Now, if we add a flag without testing it, the test
TEST_EQUAL( classification_flags_tested, xxx_FLAG_MASK_PLUS_ONE - 1 )
will fail. It will also fail if we make the set of flag numbers
non-consecutive, which is ok.

This reveals that three algorithm flags had been added but not tested (in
two separate occasions). Also, one key type flag that is no longer used by
the library was still defined but not tested, which is not a test gap but is
inconsistent. It's for DSA, which is relevant to the PSA encoding even if
Mbed TLS doesn't implement it, so keep the flag and do test it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:30 +01:00
Gilles Peskine
4977e9fe64 Add PSA_ALG_IS_HASH_AND_SIGN to the metadata tests
The status of signature wildcards with respect to PSA_ALG_IS_HASH_AND_SIGN
is unclear in the specification. A wildcard is usually instantiated with a
specific hash, making the implementation hash-and-sign, but it could also be
instantiated with a non-hash-and-sign algorithm. For the time being, go with
what's currently implemented, which is that they are considered
hash-and-sign.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:51:20 +01:00
Gilles Peskine
f7b4137e69 Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:48:15 +01:00
Gilles Peskine
c1ec49eb13 Test PSA_HASH_BLOCK_LENGTH
Only tested for algorithms for which we support HMAC, since that's all we
use PSA_HASH_BLOCK_LENGTH for at the moment.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:47:03 +01:00
Bence Szépkúti
ef0d02ed31 Explain why support_test_psa_compliance is needed
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:31 +01:00
Bence Szépkúti
b3818412bc Keep local clone around even if the test succeeds
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:17:29 +01:00
Bence Szépkúti
c63d1605ab Make directory creation code more compact
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:14:40 +01:00
Bence Szépkúti
67fb3149c0 Add licence header to script
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:37 +01:00
Bence Szépkúti
34b5f56344 Make main() suitable to being called from python
Don't call sys.exit(), and don't clobber the working directory.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-03 13:12:02 +01:00
Przemyslaw Stekiel
53de2622f3 Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 09:35:35 +01:00
Andrzej Kurek
386f5820aa Add a missing psa_crypto test suite test name
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-11-02 16:51:24 +01:00
Bence Szépkúti
449781fda7 Fix pylint errors
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
83aa604ce5 Simplify regex and use named capture groups
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
c2bac00530 Use print(end='') to silence double newline
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:53:11 +01:00
Bence Szépkúti
d2ea2c0df3 Indicate errors interleaved with test suite output
Indicate whether a success or failure is unexpected, or expected and
ignored as they happen.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-11-02 13:51:22 +01:00
Przemyslaw Stekiel
e3fcb5087a Adapt generate_key() test code to mbedTLS standards
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:52:53 +01:00
Przemyslaw Stekiel
7bc26b8c2a generate_psa_tests.py: add key generation result to test case argument list, add comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-02 10:51:49 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
Jerry Yu
834886d211 Add certificate verify check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-30 13:26:15 +08:00
Manuel Pégourié-Gonnard
4313d3ac87
Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Brett Warren
7f813d5d88 add group api tests
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Jerry Yu
daac359331 Change check condition order
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 20:01:42 +08:00
Przemyslaw Stekiel
fed825a9aa ssl_client2, ssl_server2: add check for psa memory leaks
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-29 12:32:26 +02:00
Ronald Cron
f660c7c923
Merge pull request #4993 from xffbai/add-tls13-read-certificate
TLS1.3: add tls1_3 read certificate
2021-10-29 12:25:44 +02:00
Bence Szépkúti
ca9236b0c5 Make the changes easier to backport
The code replaced in this patch was not compatible with the
development_2.x branch.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-29 11:37:27 +02:00
Manuel Pégourié-Gonnard
136819fe6e
Merge pull request #4959 from gilles-peskine-arm/psa-add-aria
Add ARIA to the PSA API
2021-10-29 09:38:06 +02:00
Manuel Pégourié-Gonnard
774b4422e2
Merge pull request #5116 from gilles-peskine-arm/remove-greentea-3.0
Remove on-target testing
2021-10-29 09:33:34 +02:00
Manuel Pégourié-Gonnard
da71054bbc
Merge pull request #5011 from gilles-peskine-arm/test_ssl_o2-3.0
Build with -O2 when running ssl-opt
2021-10-29 09:25:23 +02:00
Jerry Yu
1df3db0467 Add certificate success check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 10:18:50 +08:00
Mateusz Starzyk
10fad74a1f Extend CCM*-no-tag tests
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-28 18:00:33 +02:00
Jerry Yu
937ac673fa Disable client cert for gnutls tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 21:28:46 +08:00
Ronald Cron
cf1f376b24
Merge pull request #4937 from xkqian/add_tls13_encrypted_extension
The rebase after the two approvals was simple enough to need only one reviewer.
2021-10-28 09:34:56 +02:00
Manuel Pégourié-Gonnard
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake
Generated files cmake
2021-10-28 09:23:41 +02:00
XiaokangQian
ab7f50d638 Change macro names and add test script for extensions
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-10-28 01:54:39 +00:00
Ronald Cron
5893246066
Merge pull request #4919 from yuhaoth/pr/add-tls13-server-hello-parser
TLS1.3:ServerHello:Add parse server hello function
2021-10-27 18:27:27 +02:00
paul-elliott-arm
cbe4a056bd
Merge pull request #5090 from gilles-peskine-arm/ssl-opt-resend-retry-3.0
Retry a test case if it fails due to an unexpected resend
2021-10-27 16:24:54 +01:00
Mateusz Starzyk
f257a6e8f8 Add CCM*-no-tag tests for the cipher module.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-27 16:27:44 +02:00
Manuel Pégourié-Gonnard
475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0
range-based constant-flow base64
2021-10-27 12:18:21 +02:00
Gilles Peskine
d025422c28 Remove on-target testing
It was unmaintained and untested, and the fear of breaking it was holding us
back. Resolves #4934.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-27 11:45:57 +02:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel
bb5d483073 ssl-opt.sh: adapt paramteters of key opaque cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:55:34 +02:00
paul-elliott-arm
148d3d7de0
Merge pull request #5066 from paul-elliott-arm/ssl_opt_fixes
Ssl-opt fixes
2021-10-26 10:27:07 +01:00
Manuel Pégourié-Gonnard
c8cc1ffe97
Merge pull request #5062 from mprse/issue_4056
Use PSA_HASH_LENGTH instead hardcoded integer values
2021-10-26 10:35:38 +02:00
Gilles Peskine
93365a7f45 Rename variable to avoid a name clash
digits is also a local variable in host_test.function, leading to compilers
complaining about that shadowing the global variable in
test_suite_base64.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:19 +02:00
Gilles Peskine
ba951f5584 Move the list of Base64 digits out of the test data
This is part of the definition of the encoding, not a choice of test
parameter, so keep it with the test code.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:19 +02:00
Gilles Peskine
c1776a01d2 Move declarations of testing-only base64 functions to their own header
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:15:13 +02:00
Gilles Peskine
2729878046 Mark output as public before testing it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
a64417afe6 Add unit tests for base64 internal functions
Add unit tests for mask_of_range(), enc_char() and dec_value().

When constant-flow testing is enabled, verify that these functions are
constant-flow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-25 22:09:12 +02:00
Gilles Peskine
4fa0725936
Merge pull request #5002 from mstarzyk-mobica/psa_output_buffer_limitation
Remove output buffer limitation for PSA with GCM.
2021-10-25 19:37:33 +02:00
David Horstmann
3ee10e841e Fix unused variable in generate_psa_tests.py
Remove the newly-unused variable that became unused in
a previous commit.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
65d8c69e80 Remove unnecessary check for ';' in filenames
The Makefiles already assume that filenames don't contain
special characters anyway, so we don't need to check this
in generate_psa_tests.py.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
3e30ad9b0d Use MBEDTLS_PYTHON_EXECUTABLE
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
f602eb19ba Add comment explaining generate_psa_code.py
Explain that the output filename is derived from the -d
argument, so that it's obvious why the CMakefile code
does what it does.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
7570d24d3d Fix issue with DEV_MODE=OFF case
When DEV_MODE=OFF, link_to_source() was being called with
a full path in the build directory, rather than just a base
name starting at "suites/" as was intended. Fix this by
generating a list of base names and using that for
link_to_source(), then deriving full paths afterwards.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
ae7bd3513c Select test data directory using generated list
Remove a hardcoded list of tests that use generated
".data" files, and instead derive this list from the existing
list of test files (created using generate_psa_tests.py).

This reduces the maintenance burden as only the list
in generate_psa_tests.py needs to be updated.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
1732b5d6ee Move test link_to_source() calls into a foreach
This removes a hardcoded list of generated test names

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
7b78ec88a4 Change variable name to lowercase
This seems more correct for variables that are only used in
a small area of the cmake file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
e12e7f47de Get generated data file list from script
Use the generate_psa_tests.py script to generate the list
of test data files used as output files by cmake.

Do this by introducing a new option --list-for-cmake
that prints a semicolon-separated list of the data files
with no terminating newline (since this is how a cmake list
is represented).

Replace the hard-coded output file list with a variable
generated by the script using this option.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
9327fb33a6 Fix test_ref_config component of all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
bfe54d703d Cleanup: rm all files generated by cmake
Again, unrelated, except I kept noticing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
389150d4db Cleanup: remove *.datax files with CMake
Unrelated to other commits in this PR, except when running manual tests
I kept noticing these files where left over.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
e90e405e15 Introduce "Dev mode" option
When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.

The intention is that users will never need to adjust this option:

- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
313bcfcde8 Stop writing to the source tree.
Due to the directory test/suites being linked, the files generated there
where actually written to the source tree, not just the binary tree.

We no longer need this directory to be linked, that was a remnant of the
time where the .data files were read while running the tests; nowadays
they're processed when generating the test .c file.

Just create the directory, as the generating script quite reasonably
assumes that the output directory passed on the command line exists.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
ce3ba8f030 Allow CMake to run generate_psa_tests
Note: the test suites are actually generated in the source tree, due to
the use of

    link_to_source(suites)

This will be fixed in the next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
a9cb894168 Add --directory option to generate_psa_tests.py
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
42681f3bd0 Improve formatting of CMake file
- avoid very long lines
- match order of command arguments and dependencies
- group compiler flags together

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Jerry Yu
745bb616a4 Fix format issue and enhance test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:29 +08:00
Jerry Yu
42920ec5a5 tls1_3:skip handshake msg test with PSA_CRYPTO
tls1_3 hasn't implemented PSA version get transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
4ae2d62cce Improve tls13 handshake test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Przemyslaw Stekiel
ba20fc98b8 Fix issues pointed by CI
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 11:05:18 +02:00
Przemyslaw Stekiel
437da19f4f Remove unused param and duplicated test cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-22 10:08:38 +02:00
Paul Elliott
e05e126933 Remove bash specific code
Use case pattern matching instead of multiline split, given there is
only the well formatted PIDs to match on this should be safe.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-21 17:25:46 +01:00
Mateusz Starzyk
33d01ffe60 Remove redundant value assignemnt to olen.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 14:55:59 +02:00
Przemyslaw Stekiel
8132c2ff46 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-21 12:26:58 +02:00
Mateusz Starzyk
ed71e92730 Add tests for CCM*-no-tag.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-10-21 11:33:41 +02:00
Bence Szépkúti
80b31c56eb Run the PSA Compliance test suite in all.sh
This commit adds a component to all.sh which clones, builds and runs the
compliance test suite.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-10-21 10:17:34 +02:00
Gilles Peskine
788ad339b8 Move is-it-resend logic into a function
Improve the code structure in case we want to add other similar conditions
later. Document better what we're doing, and document why we're doing it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-20 16:07:07 +02:00
Gabor Mezei
22c9a6fccc
Rename internal header constant_time.h to constant_time_internal.h
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 12:15:20 +02:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Przemyslaw Stekiel
8d468e4ee8 Remove key generation when given argument is invalid from NotSupported class
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 10:04:55 +02:00
Przemyslaw Stekiel
1b0978b803 Add test class for key generation
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-20 09:05:33 +02:00
Gilles Peskine
89615eefe7 Show values when TEST_EQUAL fails
When TEST_EQUAL fails, show the two numerical values in the test log (only
with host_test). The values are printed in hexa and signed decimal.

The arguments of TEST_EQUAL must now be integers, not pointers or floats.
The current implementation requires them to fit in unsigned long long
Signed values no larger than long long will work too. The implementation
uses unsigned long long rather than uintmax_t to reduce portability
concerns. The snprintf function must support "%llx" and "%lld".

For this purpose, add room for two lines of text to the mbedtls_test_info
structure. This adds 154 bytes of global data.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 22:32:44 +02:00
Gilles Peskine
e7fc7ef38b Always set a build type for cmake when building for testing
Set the build type to Release (-O2) when running CPU-intensive tests (ssl-opt,
or unit tests with debug features). A build type of Check (-Os) would be best
when the main objective of the build is to check for build errors or warnings
and there aren't many tests to run; in this commit there are no such test
cases to change. Only use cmake with no build type (which results in not
passing a -O option, and thus missing some GCC warnings) when exercising cmake
features.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 21:33:32 +02:00
Paul Elliott
58ed8a7594 Remove use of -p with lsof
On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-19 18:23:47 +01:00
Gilles Peskine
f11d30ecda Retry if a test case fails because of an unexpected resend
Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 18:00:10 +02:00
Gilles Peskine
0e3534c67b Move retry logic into check_test_failure
This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 17:23:25 +02:00
Gilles Peskine
196d73bc1b Move the core loop of run_test into an auxiliary function
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gilles Peskine
236bf98cfd Move some code of run_test into auxiliary functions
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
2021-10-18 17:51:50 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
2021-10-18 10:39:21 +02:00
Gilles Peskine
0d4640ad90
Merge pull request #4984 from gilles-peskine-arm/check-names-files
check_names.py: more robust handling of excluded files
2021-10-15 13:33:50 +02:00
Przemyslaw Stekiel
316c4fa3ce Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-15 08:04:53 +02:00