Commit graph

2038 commits

Author SHA1 Message Date
Tom Cosgrove
46ed3a9834 Add an all.sh build test that catches the unterminated pragmas
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-06-09 13:46:19 +01:00
Gilles Peskine
95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail
Fix armclang compile fail
2023-06-08 14:36:18 +02:00
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Manuel Pégourié-Gonnard
a14b8f0a17 Add total when printing sizes in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Dave Rodgman
b45d58b9a5 Add armclang -O0 build test
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-02 13:54:00 -04:00
Dave Rodgman
8c315f2f74 Add build tests for Thumb and Thumb2 with clang
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-02 13:53:27 -04:00
valerio
f1d29136ac test: remove debug echo in component
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-06-01 11:06:41 +02:00
Manuel Pégourié-Gonnard
0b68784053
Merge pull request #7577 from mprse/ffdh_drivers
FFDH 3b: add driver testing (no TLS 1.3)
2023-06-01 10:26:08 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Przemek Stekiel
6efa608d20 Revert setting optimization flag(use O2)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-31 09:38:21 +02:00
Gilles Peskine
3c0e4effe4
Merge pull request #7512 from lpy4105/issue/7014/cert_audit-improvement
cert_audit: Improvements of audit script
2023-05-24 20:24:48 +02:00
Dave Rodgman
99318e6138 Add build test for armclang / Cortex-M0 / -Os
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-24 12:27:42 +01:00
Valerio Setti
e50a75f6ff test: add exception in analyze_outcomes.py and fix test for montgomery curves
The exception in analyze_outcomes.py follows previous commit in which
a test in test_suite_pkparse was set with the ECP_C guard for a different
parsing of the private key between the legacy and PSA implementations.

The wrong guard in test_suite_ecp.function instead was erroneously
added in a past commit and it was setting a non-existing symbol of
mbedTLS so those tests were basically never executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Przemek Stekiel
dccb20204a Add test component for accelerated FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-11 11:31:51 +02:00
Pengyu Lv
a57f677474 cert_audit: Fix DER files missed from parsing
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
ee870a6e83 cert_audit: Remove merge_auditdata
We maintain a dict with unique AudiData objects
(AuditData with unique underlying X.509 objects).
We don't need merge_auditdata anymore.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e09d27e723 cert_audit: Use dictionary to store parsed AuditData
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
31e3d12be9 cert_audit: Output format improvement
We should print all the information for each objects
found every line. This makes it easy to analyze the
output.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
13f2ef4949 cert_audit: Calculate identifier for X.509 objects
The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fd72d9f556 cert_audit: Fix bug in check_cryptography_version
check_cryptography_version didn't provide helpful
message with Python < 3.6, because re.Match object
is not subscriptable.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
0b4832bbf5 cert_audit: Sort the outputs by not_valid_after date
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fe13bd3d0e cert_audit: Merge audit_data for identical X.509 objects
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e245c0c734 cert_audit: Support parsing file with multiple PEMs
Previously, if a file had multiple PEM objects, only
the first one would be parsed. This commit add the
support so that we could parse all the PEM objects
in the file.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Bence Szépkúti
ddfd0a27df
Merge pull request #7399 from lpy4105/issue/7014/certificate-audit-script
cert_audit: Add test certificate date audit script
2023-05-09 13:10:01 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Gilles Peskine
b70c4e07d0 Adjust code style for pointer types and casts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:59:28 +02:00
Gilles Peskine
2986accd20 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:57:50 +02:00
Gilles Peskine
8b32d20c50 Test the line number returned by parse_test_data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
6f5082bf4d Allow more signed integer types in test function arguments
Now that the C code supports the full range of intmax_t, allow any size of
signed integer type in the .data file parser.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
872948cc72 Support larger integer test arguments: C part
Change the type of signed integer arguments from int32_t to intmax_t.
This allows the C code to work with test function arguments with a range
larger than int32_t. A subsequent commit will change the .datax generator
to support larger types.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
4ea4ad082b parse_function_arguments: stricter type parsing
Use normalization the equality comparisons instead of loose regular
expressions to determine the type of an argument of a test function.

Now declarations are parsed in a stricter way: there can't be ignored junk
at the beginning or at the end. For example, `long long unsigned int x`
was accepted as a test function argument (but not `long long unsigned x`),
although this was misleading since the value was truncated to the range of
int. Now only recognized types are accepted.

The new code is slightly looser in that it accepts `char const*` as well as
`const char*`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
47e2e8817d Support (void) as an argument list of a test function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
096f0ca7e5 parse_function_arguments: extract per-argument function
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
400cde607b parse_function_arguments: make local_vars a list
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
b3c2eaf00f Support different types in the parameter store
The test framework stores size_t and int32_t values in the parameter store
by converting them all to int. This is ok in practice, since we assume int
covers int32_t and we don't have test data larger than 2GB. But it's
confusing and error-prone. So make the parameter store a union, which allows
size_t values not to be potentially truncated and makes the code a little
clearer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
5226eb5cd3 Simplify parsing of integers in .datax files
In the .datax parser, since we're calling strtol() anyway, rely on it for
verification. This makes the .datax parser very slightly more
liberal (leading spaces and '+' are now accepted), and changes the
interpretation of numbers with leading zeros to octal.

Before, an argument like :0123: was parsed as decimal, but an argument like
:0123+1: was parsed as a C expression and hence the leading zero marked an
octal representation. Now, a leading zero is always interpreted according to
C syntax, namely indicating octal. There are no nonzero integer constants
with a leading zero in a .data file, so this does not affect existing test
cases.

In the .datax generator, allow negative arguments to be 'int' (before, they
were systematically treated as 'exp' even though they didn't need to be).

In the .datax parser, validate the range of integer constants. They have to
fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for
integer constants that are out of range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
ca25deee12 Factor get_function_info out of gen_from_test_data
No intended behavior change. This commit is mainly to satisfy pylint, which
complains that gen_from_test_data now has too many variables. But it's a
good thing anyway to make the function a little more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:41 +02:00
Gilles Peskine
8542f5c81f Add line number to a few error messages
This is just a quick improvement, not meant to tackle the problem as a
whole.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:40 +02:00
Pengyu Lv
1d4cc917ce cert_audit: Reword the options and their descriptions
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 15:17:19 +08:00
Pengyu Lv
1381598aa3 cert_audit: Check the version of cryptography
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 14:55:38 +08:00
Manuel Pégourié-Gonnard
feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3
Check remaning dependencies on ECP in PK module
2023-04-24 13:06:09 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Pengyu Lv
c34b9ac18c cert_audit: Clarify the abstraction of Auditor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 14:57:30 +08:00
Pengyu Lv
28fe957239 cert_audit: Add simple parser of suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 13:56:25 +08:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Pengyu Lv
2d487217cd cert_audit: Improve the method to find tests folder
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 12:41:24 +08:00
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00