When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes#4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Fix opaque key test vector dependency to PSA_CRYPTO_DRIVER_TEST
instead of MBEDTLS_PSA_CRYPTO_DRIVERS while validating with
test drivers.
Signed-off-by: Archana <archana.madhavan@silabs.com>
A minimal test driver extension is added to support
copy of opaque keys within the same location.
Test vector support is extended to cover opaque keys.
Signed-off-by: Archana <archana.madhavan@silabs.com>
The validation against key width and max key bits is extended to
all key types from the existing validation for only symmetric keys.
Signed-off-by: Archana <archana.madhavan@silabs.com>
-Add test driver support to import/export while wrapping keys
meant to be stored in the PSA core as opaque( emulating an
SE without storage ).
-Export validate_unstructured_key_bit_size as
psa_validate_unstructured_key_bit_size, thereby changing its scope.
-Improve the import/export test cases in test_suite_psa_crypto to also
cover opaque keys, thereby avoiding duplication.
Signed-off-by: Archana <archana.madhavan@silabs.com>
Add tests for passing incomplete input data in
the first call and too much data in the second call.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
The list was trimmed previously according to code coverage, however
this did not really evalute all test cases, e.g in the case of re.sub
or m_cipher.replace. These lines are executed no matter what, so code
coverage is not suitable.
I have gone through each step in the translate functions and made sure
there is at least one ciphersuite per step
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Having a list of every ciphersuite suggests that it should be maintained with
any new ciphersuites that are added in the future. This in turn almost defeats
the purpose of having translation functions to begin with
Instead, the unit test now only test a much smaller subset of ciphersuite names
that exercise each stage in the OpenSSL and GnuTLS translate functions.
In the future, if a new cipersuite is added that requires an extra stage in
translation, then that cipher can be added to the test suite, otherwise it
should not be necessary.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Instead add TLS-RSA-WITH-NULL-SHA256 to list of common ciphersuites.
It therefore has to be removed from GnuTLS as it could then duplicate.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
As test_translate_ciphers_format.sh was made as a testing ground before
utilising translate_ciphers.py in compat.sh, once it was translated to
python code - as a unit test, it became redundant.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Rather than having the tests seperated into different files, they were integrated
into translate_ciphers.py and can be run from root using:
`python -m unittest tests/scripts/translate_ciphers.py`
test_translate_ciphers_format.sh was originally made as a testing ground before
having the translation tool being implmented into compat.sh. Translating it to
python code makes it redundant and therefore it will be removed.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
test_translate_ciphers_names.py
- Combined m, o and g ciphers all into one a single list of tuples to
avoid needing to rely on indexes
test_translate_ciphers_format.sh
- Removed redundant test
- Added return errors
compat.sh
- Improved how translate_ciphers.py is called
translate_ciphers.py
- Improve regex and translation to be more intutive and efficient
- change how arguments are taken and handelled to be more reliable
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
If translate_ciphers.py is used incorrectly in compat.sh, an error
check function - check_translation - is called to evaluate and inform
the user of the error that has occured.
Added an output that informs the users an error has taken place in
translate_ciphers.py incase the error response is an empty string.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
If a call to translate_ciphers.py from compat.sh returns an exit 1
status, the error message will be echod and the program will exit
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
To run test_translate_ciphers_names.py and _format.sh in the CI, include
it in all.sh component_check_generate_test_code.
Rename check_generate_test_code to check_test_helpers
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
After improving coding style, pylint suggeted using enumerate but
zip is more appropriate to avoid indexing
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
As per check-python-files.sh, added string documentation for
files and functions.
Modified for loops to use enumerate rather than range(len(
although as the same iteration index is used for multiple
lists it does not seem quite appropriate
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
When making a modified function I commented out the previous code
in case I needed to use some of it, and forgot to remove it. This
has now been resolved
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
Modify the comments to include the use of the translate function
and retire the explanation of maintaining 2 seperate lists
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
- Replace uses of mbed and gnu with mbedtls and gnutls respectivley.
- Uses sys.exit() rather than exit()
- Rename format() as it is an inbuilt python function
- Add error information if incorrect arguments are passsed to
translate_ciphers.py
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
After every edge case to append which ciphers were being used
a call to translate_ciphers.py was being made.
Now a call to translate_ciphers are made at the end of every
function where ciphersuite names are being added. This occurs
3 times. 1 for MBedTLS, GNUTLS and OpenSSL. 1 for MBedTLS and
OpenSSL and another 1 for MBedTLS and GNUTLS.
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
In translate_ciphers.py there were 2 format functions that were
virtually identical and a check was made beforehand to decide
which one to call. Now the check is made inside a single function
to reduce duplicate code
Signed-off-by: Joe Subbiani <joe.subbiani@arm.com>
