Add HKDF tests where the sequence of inputs differs from the nominal
case: missing step, duplicate step, step out of order, or invalid step.
There were already similar tests for TLS 1.2 PRF. Add one with a key
agreement which has slightly different code.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- the \internal note said that calling cipher_init() first would be made
mandatory later, but the documention of the ctx parameter already said
the context had to be initialized...
- the documentation was using the word initialize for two different
meanings (calling setup() vs calling init()), making the documentation
of the ctx parameter quite confusing (you must initialize before you can
initialize...)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Improve some length parameter descriptions, aligning
them with the descriptions for the one-shot
functions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change from `body` to `input` to refer to the input data.
Add prefix total_ to the new length parameters
to ease refering to them in the documentation of
the other multi-part APIs.
Add error code documentation.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
- Removing MBEDTLS_SSL_RECORD_CHECKING has nothing to do with TLS 1.0,
TLS 1.1 and DTLS 1.0. It has been included here as a consequence of an
unfortunate typo in the description of 4286. Actually, this macro was
removed independently and we already have a ChangeLog entry about it:
ChangeLog.d/issue4361.txt
- While at it, remove the word "deprecated": these macros and functions
had not been documented as deprecated in any version of the library
before being removed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
The call to `tests/scripts/generate_psa_tests.py` added by the commit
"generate_psa_tests.py: allow generating each file independently"
assumed that the `check` function supports multiple file names, but in
fact it does not do so. When `generate_psa_tests.py` started generating
more than one file, `check-generated-files.sh` did not detect changes to
files other than the first one listed by `generate_psa_tests.py --list`.
Fix this: change `check` to support either a single directory (with
detection of added/removed files) or a list of files (which is assumed
to be static).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When generating expressions to construct test case data, there can be
duplicate values, for example if a value of the form C(A) is present
as such in test_suite_psa_crypto_metadata.data and also constructed by
enumerating the argument A for the constructor C. Eliminate such
duplicates in generate_expressions.
This commit removes many test cases that were exact duplicates (and
were near-duplicates differing only in whitespace before the
whitespace normalization).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define the dependency symbols PSA_WANT_ALG_ECDSA_ANY and
PSA_WANT_ALG_RSA_PKCS1V15_SIGN_RAW as de facto synonyms of
PSA_WANT_ALG_ECDSA and PSA_WANT_ALG_RSA_PKCS1V15_SIGN respectively: if
either one is requested, the other is set.
This makes it easier to systematically determine the dependencies of
an algorithm.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In macro_collector.py, base InputsForTest on PSAMacroEnumerator rather
than PSAMacroCollector. It didn't make much sense to use
PSAMacroCollector anymore since InputsForTest didn't use anything
other than the constructor.
psa_generate_tests now generates arguments for more macros.
In particular, it now collects macro arguments from
test_suite_psa_crypto_metadata. Algorithms with parameters are now
supported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
First build a list of all keys, then construct all the corresponding
test cases. This allows all required information to be obtained in
one go, which is a significant performance gain as the information
includes numerical values obtained by compiling a C program.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In generate_psa_tests, use InputsForTest rather than PSAMacroCollector
to gather values. This way, the enumeration of values to test includes
values used in metadata tests in addition to constructors parsed from
header files. This allows greater coverage of values built from
constructors with arguments. This doesn't make a difference yet, but
it will once algorithm constructors with arguments are supported in
generate_psa_tests.
Make the injection of numerical values optional. They are useful for
test_psa_constant_names, so keep them there. Don't use them for
not-supported tests: they might make sense, but the current code
wouldn't work since it doesn't know how to make up fake key material
or what dependencies to generate. Don't use them for storage tests:
they only make sense for supported values.
Don't inject 'PSA_SUCCESS': that's superfluous.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define CCM multi-part API along the lines of the
GCM multi-part API. The two APIs are not exactly
the same as, contrary to GCM, CCM needs the size
of the additional data and plaintext/ciphertext
from the start.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>