The previous commit declared that some tests cases in ssl-opt.sh depend
on USE_PSA being disabled, which is the right thing to do.
We had a check that forbade that - it was mainly meant to prevent
accidental re-introduction of such dependencies after we cleaned up a
number of cases where it was not warranted, but already at the time that
was controversial [1]. Now it's preventing us from doing the right
thing, so let's just remove it.
[1]: https://github.com/Mbed-TLS/mbedtls/pull/5742#discussion_r855112412
See also https://github.com/Mbed-TLS/mbedtls/pull/5907/ which also
removes this for a similar reason.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Run the main test suites after running code style correction to check
that code style correction does not break these tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The commit "Preserve line breaks in comments before test functions"
only handled block comments. This commit handles line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When testing under Valgrind for constant flow, skip test suites that don't
have any constant-flow annotations, since the testing wouldn't do anything
more that testing with ordinary Valgrind (component_test_valgrind and
component_test_valgrind_psa). This is a significant time saving since
testing with Valgrind is very slow.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
All builds using ASAN_CFLAGS were with Asan but no optimisation, making
them particularly slow. Indeed, we were overwriting CFLAGS which
defaults to -O2 and not using any -O in the replacement. (CMake already has
optimisations on with ASan.)
While at it, also remove -Wall -Wextra which are redundant as they are
already part of WARNING_CFLAGS which we are not overwriting.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
CID is now enabled in the default config (as well as full), so it's
already tested in numerous all.sh components, not need to add one for
that.
We need a component for the legacy/compat option though as it's never
enabled in existing components. So, keep that one, but adjust the name
and fix a typo in a message.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Added also extra text.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.
No changes to generated tests.
Signed-off-by: Janos Follath <janos.follath@arm.com>
The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups
Splitting these allows decoupling these two and to have further common
superclasses across targets.
No intended change in generated test cases.
Signed-off-by: Janos Follath <janos.follath@arm.com>
Add a test case that would fail if all line comments were parsed before
block comments, and a test case that would fail if all block comments were
parsed before line comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Looking for the .data file doesn't work in out-of-tree builds. Use the
.datax file instead. `make clean` removes all .datax files, so this resolves
the issue of executables not present on the current branch being left behind
after a branch change followed by a `make clean`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.
There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.
For the functions that are currently tested by the generated tests, the new
test cases pass.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This is to ensure that the MbedTLS based implementation of EC-JPAKE
is compatible with the PSA crypto one
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The PSA_CRYPTO_C is excluded from typo check for the following
false negative report:
```
> include/mbedtls/check_config.h:329: 'PSA_CRYPTO_C' looks like a typo. It
was not found in any macros or any enums. If this is not a typo, put //no-
check-names after it.
|
329 | * Note: ECJPAKE_C depends on MD_C || PSA_CRYPTO_C. */
| ^^^^^^^^^^^^
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
This macro is expected to be defined out of the library, and there
is no definition in the library. Thus it needs to be excluded from
typo check.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Typos of PSA macro and enum names are not checked by check_names.py.
This commit extend the check list to include PSA_XXX references.
The words should be macro/enum names defined as public_macros,
internal_macros, private_macros and enums. This commit alse extend
the scope of enums to include those are defined in library/*.c.
A new type of macros "private", which are defined in library/*.c was
also added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
Looking for executables causes problems with leftover compiled test
suites from other branches when we forget to run make clean before
switching branches. Using the .data files is more robust as most of them
are tracked, so will be removed when switching branches.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
For the benefit of auto-formatting tools, move from the '$placeholder'
templating syntax to a new syntax of the form:
__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER
This change allows the test code template to be almost entirely valid C.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Windows tests are failing pkcs7 verification due to differnt line
endings. Therefore, add make instuctions for building the data
files with Windows EOF instead. As a result, regenerate other data
files so that verification works.
Add these CRLF EOF files to the exception in check_files to ignore
the line endings.
Signed-off-by: Nick Child <nick.child@ibm.com>
* component_test_tls13_with_padding: just explicitly sets some options that
are identical with full.
* component_test_tls13_with_ecp_restartable: redundant since TLS 1.3 doesn't
have any support for restartable ECC.
* component_test_tls13_with_everest: not useful since TLS 1.3 doesn't call
ECDH directly, it just relies on the PSA abstraction.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Also remove compat tests from reference component as results from this run are not included in outcome file.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Use a dictionary to specify optional parameters for each task.
If the task is not specified then all tasks are executed.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.
These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface. Make a different module the example.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Many bignum tests have multiple calculated result values, so return
these as a list, rather than formatting as a string.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
Separate file is added for classes used to generate cases for tests
in bignum_core.function. Common elements of the BignumOperation class
are added to classes in a new common file, for use across files.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
The test coverage reduction introduced in
dc25cee lowered the coverage of hash tests
due to intertwining dependencies.
This commit introduces a new class for building
a domain using both the complementary
and exclusive classes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Disable exclusive jobs that run with a single
config disabled. A lot more bugs should be found by running jobs with only one config
of a family enabled.
This will also lessen the burden on the CI.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Remove old and add new dependencies.
Introduce a way to handle non-trivial problems
stemming from exclusive group testing.
Exclude SHA256 and SHA512, as these are tested
in SHA224 and SHA384 jobs, respectively.
Change config.h to mbedtls_config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Add a domain for cipher base algorithms (block permutations and stream
ciphers), a domain for block cipher chaining modes and a domain for
block cipher padding modes.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
Start each job from the full config minus some memory management
settings and the job-specific settings.
The original content of config.h no longer influences the
configurations used for the jobs (but it still influences what jobs
may run, in that the set of jobs is partly built by parsing #define
and //#define lines in config.h).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
