The original pattern would catch any extension, which could include
things like editor backup files etc, that we'd rather ignore.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Extra features that depend on CIPHER_C are disabled also in the
reference component in order to get test parity.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
For time being, pre_check_tools check armcc and armclang together.
Therefore, we can resue support_build_armcc even if the test only
needs armclang.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
It used to be the case that when an algorithm that uses a hash inside was
accelerated through a PSA driver, it might end up calling a hash algorithm
that is not available from the driver. Since we introduced MBEDTLS_MD_LIGHT,
this no longer happens: PSA accelerated hashes are available to callers of
the MD module, so the test driver can use all available hash algorithms.
Hence the workaround to skip testing certain accelerated cases is no longer
needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
RSA will auto-enable MD_LIGHT, we don't need to list MD_C as a
dependency here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Some are about raw or AES keys where PK seems really unrelated.
The others are about RSA where PK may be relevant, but the necessary
bits of PK are auto-enabled when RSA key types are requested, so we
shouldn't need to list them as dependencies in tests.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Since _DERIVE can't be accelerated now, in
config_adjust_legacy_from_psa.h we will notice and auto-enable ECP_LIGHT
as well as the built-in version of each curve that's supported in this
build. So, we don't need to list those as dependencies here - and they
would cause issues when we add support for _DERIVE drivers.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
There's no reason the tests would depend specifically on our built-in
implementation and not work with drivers, so replace the RSA_C
dependency with the correct PSA_WANT dependencies.
Those 6 cases use two different test functions, but both of those
functions only do `psa_import()`, so all that's needed is PUBLIC_KEY or
KEYPAIR_IMPORT (which implies KEYPAIR_BASIC) depending on the kind of
key being tested.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Most of them were removed in 7162, not sure how these ones slipped in.
There's no reason deterministic ECDSA verification would need PK parse
more than the other tests. The following finds no match:
grep -i pk_parse library/ecdsa.c library/psa_crypto_ecp.c
Even if PK parse was actually needed for this, the right way would be to
auto-enable it based on PSA_WANT symbols, and then only depend on
PSA_WANT symbols here.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Run metatests in some components, covering both GCC and Clang, with ASan,
MSan or neither.
Note that this commit does not cover constant-flow testing builds or Valgrind.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Enforce a specific copyright statement and a specific SPDX license
identifier where they are present.
Binary files, third-party modules and a few other exceptions are not
checked.
There is currently no check that copyright statements and license
identifiers are present.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT, we can't test decrypt for
AES-ECB, so adding this dependency for some test cases
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
tls13 server now does not parse pre-shared key extension unless
there are some psk key exchange modes really available.
For `ephemeral_all/psk_or_ephemeral` configuration pairs, there
wouldn't be any psk key exchange mode available, so the check
of "Pre shared key found" should be inverse.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Some test cases are using encrypted key file, thus have
dependency on low-level block cipher modules (e.g. AES).
This commit adds unencrypted key file so that we could
get rid of those dependencies.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
A new internal function is added to get cipher's info (mode, key bits and
iv len) without relying on CIPHER_C. This function is basically a lookup
table used only for test purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The previous check also warned when on tests that were already skipped
in the reference config, which are not really a problem. The purpose of
this "uselessly ignored" check is to make sure that the ignore list
(together with the config common to driver and reference in all.sh)
always correct reflects what works or doesn't in driver-only builds. For
this it's enough to warn when a test is ignored but passing.
The previous, stricter check, was causing issues like:
Error: uselessly ignored: test_suite_pkcs12;PBE Encrypt, pad = 8 (PKCS7 padding disabled)
Error: uselessly ignored: test_suite_pkcs12;PBE Decrypt, (Invalid padding & PKCS7 padding disabled)
Error: uselessly ignored: test_suite_pkcs5;PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)
These are skipped in the reference config because is has PKCS7 padding
enabled, and that's OK.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
* Make an iteration comment generic to every file it may affect
instead of making it specific a particular file.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Ignore the test suite name as file from opt-testcases cannot
actually be called separately.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
The -l option mentioned in previous commits for both ssl-opt.sh and
compat.sh scripts should only be a --list-test-cases option.
Remove -l option from the help list.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
One of the jobs of check_test_cases is to check for duplicate test
descriptions and to have them ordered:
* Stop using a set to collect the different test cases from the
test scripts.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
walk_compat_sh and walk_opt_sh are basically the same now, so:
* Merge them into one function.
* Use the --list-test-cases option for both of them.
* Rename this merged function as collect_from_script which seems
more appropriate as since it isn't iterating the script but
calling it.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
When adding the LIST_TESTS option, print_name can be called
before checking if the test case should be excluded or not.
Change this back to its previous state while still taking into
account the LIST_TESTS option.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Instead of verifying if the LIST_TESTS variable has been set in
every function to avoid using the P_QUERY variable and avoid
calling a program that has not necessarily been compiled yet:
* Define P_QUERY=":" when LIST_TESTS has been set.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
ssl-opt.sh now takes care of looking at the files in the
opt-testcases subdirectory, so use ssl-opt.sh directly
in walk_ssl_opt_sh().
* Revert commit f17a60f147.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
* Use the newly added ssl-opt.sh -l option to list all the tests
cases and their used parameters instead of having to parse the
file to discover them. This avoids having to add further parsing
complexity in the future as discussed in
https://github.com/Mbed-TLS/mbedtls/pull/8080#issuecomment-1681064743
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
* Add an option in ssl-opt test case to list all the run_test calls
and their names. This allows to show the parameters used and can
make us avoid having to parse ssl-opt to look for extra
parameters in the future.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
This may come in handy when ignoring patterns in test_suite_cipher for
example which is split in several .data files where we'll want to ignore
the same patterns.
Currently none of the entries had a '.' in the test suite name, so this
doesn't change anything for existing entries.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Change from iterating on all available tests to iterating on tests with
an outcome: initially we were iterating on available tests but
immediately ignoring those that were always skipped. That last part
played poorly with the new error (we want to know if the test ignored
due to a pattern was skipped in the reference component), but when
removing it, we were left with iterating on all available tests then
skipping those that don't have outcomes entries: this is equivalent to
iterating on tests with an outcome entry, which is more readable.
Also, give an error if the outcome file contains no passing test from
the reference component: probably means we're using the wrong outcome
file.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- remove unnecessary disabled items (most of them were already
disabled automatically once MBEDTLS_SSL_TLS_C was disabled)
- improve dependencies' comments, especially the last one which
list items depending on PSA_CRYPTO_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Conflicts:
* tests/suites/test_suite_pkparse.data: the dependencies of
"Parse EC Key #3 (SEC1 PEM encrypted)" were updated on both branches
(development: ECP curve; this branch: MD5 hash).
MBEDTLS_SSL_SOME_SUITES_USE_MAC and MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC are
dependencies of defined in an SSL header, so this header needs to be
included here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't chdir when invoking a test suite executable with an explicit .datax
file. The point of the chdir is to automatically find the .datax file (and
the relative location of the data_files directory) in typical cases. This
conflicts with the expectation that passing a relative path to a .datax file
will work.
(This is what I had originally intended, and what is documented in the
comment, but I forgot to add the argc check in the initial commit.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>