Commit graph

1145 commits

Author SHA1 Message Date
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Janos Follath
f352c67bc3 Bignum tests: use default dataset in mod_raw
While at it, flatten class hierarchy as well.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:15 +00:00
Janos Follath
f45797652f Bignum tests: set unique combinations off by default
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.

No changes to generated tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
76c21bd242 Bignum tests: flatten class hierarchy in _core
There is no semantic changes to the generated tests, the order of the
test blocks has changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
be5e7aea7c Bignum tests: remove deprecated dataset
Remove old dataset that was overriding the defaults in bignum_core. This
will change the datasets for core_sub and core_add to the default
inherited from bignum_common.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
dac44e6021 Bignum tests: add default datasets
Add data for small values, 192 bit and 1024 bit values, primes,
non-primes odd, even, and some typical corner cases.

All subclasses override this for the time being so there are no changes
to the test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
b2a850c746 Bignum Tests: add test data
The goal of this commit is to add some constants that can be used to
define datasets and add test data in a more readable and reusable
manner.

All platforms using ECC need to support calculations with at least 192
bits, therefore constants for this length are added. We are not using a
curve prime as those will be tested elsewhere and it is better not to
play favourites.

All platforms using RSA or FFDH need to support calculations with at
least 1024 bits, therefore numbers of this size are added too.

A safe prime is added for both sizes as it makes all elements generators
(except 0 and 1 of course), which in turn makes some tests more
effective.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
a36e430251 Bignum tests: add support for fixed width input
Only fixed width input_style uses the default value of the bits_in_limb
parameter, so set it to 32 in order to have less leading zeroes.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
8ae7a657ac Bignum tests: improve mod descriptions
There are no semantic changes to the generated tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
284672ccfb Bignum tests: complete support for unary operators
There are no intended changes to generated tests. (The ordering of tests
in the mod_raw module has changed.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
435b305a49 Bignum tests: add special cases to mod
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
98edf21bb4 Bignum test: remove type restrictrion
The special case list type depends on the arity and the subclass. Remove
type restriction to make defining special case lists more flexible and natural.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
c4fca5de3e Bignum tests: automate modulo test object generation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
939621f8ed Bignum tests: add support for filtering
Sometimes we don't want all possible combinations of the input data and
sometimes not all combinations make sense. We are adding a convenient
way to decide on a case by case basis. Now child classes only need to
implement the is_valid method and the invalid cases will be filtered out
automatically.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
1921fd585c Bignum tests: use arity in bignum_mod_raw
This makes a couple of properties redundant which are cleaned up.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
a36a3d36b5 Bignum tests: add arity
Add the ability to control the number of operands, by setting the arity
class attribute.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
abfca8f938 Bignum tests: make n an attribute
Having int_ variants as an attribute has the advantage of the input
being validated when the object is instantiated. In theory otherwise if
a particular int_ attribute is not accessed, then the invalid argument
is passed to the tests as it is. (This would in all likelihood detected
by the actual test cases, still, it is more robust like this.)

There are no semantic changes to the generated test cases. (The order
of appearance of 64 and 32 bit mpi_core_add_and_add_if test cases has
changed.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
4c59d35e00 Bignum tests: make args use input_style
Before arg_ attributes were the arguments as they were defined in the
python script. Turning these into properties and having them take the
form respect the style set in input_style makes the class easier to use
and more consistent.

This change makes the hex_ properties redundant and therefore they are
removed.

There are no semantic changes to the generated test cases. (The order
of appearance of 64 and 32 bit mpi_core_add_and_add_if test cases has
changed.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
6fa3f0653a Bignum Tests: remove OperationCommonArchSplit
The ArchSplit functionality was duplicated and moved to OperationCommon
from the other copy. The remnants of the functionality is moved to the
only subclass using this.

There is no semantic change to the generated tests. The order has
changed however: core_add tests have been moved before core_mla tests
and the order of the 64 and 32 bit versions have been swapped.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
b41ab926b2 Bignum Tests: move properties to superclass
Move properties that are needed in several children to the superclass.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
155ad8c297 Bignum Tests: remove ModOperationCommonArchSplit
The functionality of ModOperationCommonArchSplit is needed in several
subclasses, therefore moving it to a superclass.

There is another, redundant ArchSplit class, which will be removed in a
later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
948afcecb9 Bignum Tests: move ModOperationArchSplit to common
The class BignumModRawOperationArchSplit has functionality that are
needed in other modules, therefore moving it to bignum_common.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
5b1dbb4cbc Bignum Tests: Move ModOperation to common
The class BignumModRawOperation implements functionality that are needed
in other modules, therefore we move it to common.

No intended changes to test cases. The order of add_and_add_if and sub tests
have been switched.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
351e6885f5 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00
Janos Follath
3aeb60add6 Bignum test: move archsplit to superclass
We need arch split tests in different modules, moving it to the common
module makes it reusable.

No intended changes in the generated tests. (The position of the
core_add_if tests changed, but they are still all there.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Janos Follath
87df373e0e Bignum test: Move identical function to superclass
No intended change in generated test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Janos Follath
0cd8967ba1 Split test generator base class
The class BaseTarget served two purposes:
- track test cases and target files for generation
- provide an abstract base class for individual test groups

Splitting these allows decoupling these two and to have further common
superclasses across targets.

No intended change in generated test cases.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:13 +00:00
Gilles Peskine
b9b9026c53 Pacify pylint
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:49:43 +01:00
Gilles Peskine
35af02171d Add negative zero as an input to automatically generated tests
Although negative zero is officially unsupported, we've had bugs related to
it in the past. So do test functions with a negative zero input.

There will likely be cases where we don't want to accept negative zero as if
it was valid, because it's too hard to handle. We'll add exceptions on a
case by case basis.

For the functions that are currently tested by the generated tests, the new
test cases pass.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:47:07 +01:00
Gilles Peskine
4cbbfd8d4e For binary operations, test both x op y and y op x
This exposes a bug in mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() which
will be fixed in a subsequent commit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:35:26 +01:00
Minos Galanakis
50de073c84 bignum_mod_raw.py: Added BignumModRawConvertfromMont
This patch adds test class for 'mpi_mod_raw_from_mont_rep()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-12 13:21:31 +00:00
Minos Galanakis
a252f6b24c bignum_mod_raw.py: Added BignumModRawConvertToMont
This patch adds test class for 'mpi_mod_raw_to_mont_rep()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-12 13:21:31 +00:00
Minos Galanakis
855c228b29 bignum_mod_raw.py: Moved Classes outside of slots
This patch moves `BignumModRawOperation` and `BignumModRawOperationArchSplit`
outside of the scaffolding merge slot.

It also renames `r_sqrt` property to `r2`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-10 11:37:33 +00:00
Minos Galanakis
a461ece810 bignum_mod_raw.py: Refactoring BignumModRawOperation
This patch modifies the BignumModRawOperation class to
provide special access to key members commonly used
in tests.

It binds the module's getters to conversion functions
which enable automatic conversions such as:

* hex to int.
* zero padding hex strings.
* common Montgomery constants such as R, R^2 and R^01
  are now be calculated upon access.

class `BignumModRawOperationArchSplit` is also updated to
utilise the new design.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-10 11:37:33 +00:00
Minos Galanakis
e9c86a100a bignum_mod_raw.py: Added BignumModRawOperation
This patch is adding a basic instantance of `BignumModRawOperation`
and creates an `BignumModRawOperationArchSplit` class, copying
over the implementation of `BignumCoreRawOperationArchSplit`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-11-10 11:37:33 +00:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Pengyu Lv
c1ecb25d8a fix PSA_XXX typos detected by check_names.py
Fix the PSA_XXX typos detected by check_names.py.
PSA_WANT is actually not typo, but would cause a false negative
result. So PSA_WANT is reworded to PSA_WANT_xxx.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-08 18:22:53 +08:00
Aditya Deshpande
d1b72a7b83 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-07 17:36:23 +00:00
Gilles Peskine
34c09469f3
Merge pull request #5396 from SiliconLabs/codegen_1.1
Driver dispatch Codegen 1.1
2022-11-07 15:27:41 +01:00
Janos Follath
f8b3b72910 Add merge slots to bignum_common.py
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 14:46:18 +00:00
Janos Follath
d820ca5d07
Fix bignum test generator class names
Co-authored-by: minosgalanakis <30719586+minosgalanakis@users.noreply.github.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-03 08:42:54 +00:00
Janos Follath
9cf14cd6b0 Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:28:39 +00:00
Janos Follath
1be322a795 Add merge slots to raw and mod_raw test generation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
b99b056f0a Add script for generating mod test cases
This commit only adds the boilerplate, no actual tests are added.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
df8239b846 Add script for generating mod_raw test cases
This commit only adds the boilerplate, no actual tests are added.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:36 +00:00
Janos Follath
5933f691a2 Add merge slots to Bignum files
Legacy Bignum is excluded as it doesn't get regular extensions like new
ones.

Each slot uses comments of their respective filetype. Since .data files
don't have a syntax for comments, dummy test cases are used. (These test
cases will never be executed and no noise will be added to tests.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-02 17:27:25 +00:00
Janos Follath
8904a2db29 mpi_core_ct_uint_table_lookup: style and docs
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 16:51:56 +00:00
Janos Follath
88e3177fcc Make pylint happy
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 14:32:46 +00:00
Janos Follath
032924f297 Add mbedtls_mpi_core_ct_uint_table_lookup tests
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-31 11:32:55 +00:00
Tom Cosgrove
eee0d6ce6b Extend the unit tests for mbedtls_mpi_core_add_if() to also test mbedtls_mpi_core_add()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Gilles Peskine
e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r
Bignum core: shift_r
2022-10-25 10:40:39 +02:00
Janos Follath
78e3c9b574 Fix style in bignum_core.py
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-20 12:09:30 +01:00
Gilles Peskine
b0ee577287 Bignum core: test shift_r
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-20 12:00:57 +02:00
Janos Follath
ba516f7524 mpi_core_add_if test: Remove dependency on old API
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-20 10:59:50 +01:00
Janos Follath
5ff03d49c0 Bignum Core test: move bound to constructor
We will need it to pad parameters in the base class, but it is useful
because every child class would need to calculate it anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-20 10:53:14 +01:00
Janos Follath
e153a715f0 mpi_core_add_if: simplify tests
Use the new, limb size aware base class to generate tests for
mpi_core_add_if().

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-20 10:40:03 +01:00
Janos Follath
dd2e4683d0 Bignum Core: add limb size specific test generation
In Bignum Core the result also involves a carry and both the result and
the carry depend on the size of the limbs.

Before this change both 32 and 64 bit specific result have been passed
to the test functions.

Moving this decision out of the tests makes the test functions easier to
write and read and the test cases easier to read and debug. The change
doesn't make writing the generator script any harder and might even make
reading it easier.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-10-20 10:38:22 +01:00
Werner Lewis
f86c82e8f3 Pass bits_in_limb parameter to duplicated methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
63653b9b0a Remove unnecessary check
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
2295eecb12 Add missing space in string
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
1b20e7e645 Redefine result() method to return List
Many bignum tests have multiple calculated result values, so return
these as a list, rather than formatting as a string.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
7a2731463b Add function to generate random montmul cases
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
a850312e9d Add test generation for mpi_core_montmul
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
0a9c48b68e Add test generation for mpi_core_mla
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
bbf0a32d67 Add flag for unique combinations in operations
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
6351c7f5f3 Add test generation for mpi_core_sub
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
ce769d1fc9 Add test generation for mpi_core_add_if
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Werner Lewis
99e8178fa7 Add module for bignum_core test generation
Separate file is added for classes used to generate cases for tests
in bignum_core.function. Common elements of the BignumOperation class
are added to classes in a new common file, for use across files.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-10-19 15:20:01 +01:00
Janos Follath
7cd1ebe0bb
Merge pull request #6296 from gilles-peskine-arm/test_data_generation-pr_6093_followup
Minor fixes to test_data_generation.py
2022-10-18 13:38:28 +01:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Aditya Deshpande
40c05cc8e4 Newlines at end of file + trim trailing whitespace
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-10-14 16:46:51 +01:00
Aditya Deshpande
17845b8f71 Add driver wrapper function for raw key agreement, along with test call for transparent drivers.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-10-14 16:46:00 +01:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Raef Coles
7dce69a27a
Make LMOTS a private api
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:22 +01:00
Raef Coles
8ff6df538c
Add LMS implementation
Also an LM-OTS implementation as one is required for LMS.

Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:28:15 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Gilles Peskine
cf42536d4e Add a note that config.py must remain compatible with Python 3.4
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-10 22:52:30 +02:00
Asfandyar Orakzai
6eaa75a79d fixed docstring sentence
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-10-10 19:55:40 +02:00
Przemek Stekiel
8a05a646f4 Remove psa_driver_get_tag_len() and use PSA_ALG_AEAD_GET_TAG_LENGTH macro instead
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-06 17:01:58 +02:00
Gilles Peskine
c217f48251 Replace the output file atomically
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:10:00 +02:00
Gilles Peskine
31a8815f25 Documentation typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-29 18:48:41 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Gilles Peskine
b3ea98c606 Replace the output file atomically
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-21 22:00:06 +02:00
Asfandyar Orakzai
ac6f650a9f fixed formating
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-19 10:03:05 +02:00
Gilles Peskine
d9071e7d96 Unify check_repo_path
We had 4 identical copies of the check_repo_path function. Replace them by a
single copy in the build_tree module where it naturally belongs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 21:17:09 +02:00
Asfandyar Orakzai
4ca4a930a9 fixed opaque schemas paths
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-18 12:37:53 +02:00
Asfandyar Orakzai
9e6170d95e added some doc strings and fixed formating
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-17 23:37:16 +02:00
Asfandyar Orakzai
5c9569a2bc fixed formating
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-17 23:14:29 +02:00
Asfandyar Orakzai
de08803170 refactored and addressed reviewer observations in generate_driver_wrappers.py
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-17 22:07:58 +02:00
asfand-silabs
b549776a23
Merge branch 'Mbed-TLS:development' into codegen_1.1 2022-09-17 19:54:01 +02:00
Gilles Peskine
15997bd389 Use relative imports when importing other modules in the same directory
We were using absolute imports under the assumption that the /scripts
directory is in the path. This worked in normal use because every one of our
Python scripts either were in the /scripts directory, or added the /scripts
directory to the module search path in order to reference mbedtls_dev.
However, this broke things like
```
python3 -m unittest scripts/mbedtls_dev/psa_storage.py
```

Fix this by using relative imports.

Relative imports are only supposed to be used inside a package (Python
doesn't complain, but Pylint does). So make /scripts/mbedtls_dev a proper
package by creating __init__.py.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-17 10:38:58 +02:00
Gilles Peskine
7b3fa657af generate_*_tests.py --directory: fix handling of relative path
The option to --directory was intended to be relative to the current
directory when the script is invoked, which is the intuitive behavior. But
this was not implemented correctly, and it was actually interpreted relative
to the mbedtls root (which the script chdir's into). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-17 10:38:58 +02:00
Gilles Peskine
049042586e Clarify the descriptions of test-case-data-related modules
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-17 10:38:58 +02:00
Gilles Peskine
64f2efdc40 More precise name for test data generation
We have Python code both for test code generation
(tests/scripts/generate_test_code.py) and now for test data generation.
Avoid the ambiguous expression "test generation".

This commit renames the Python module and adjusts all references to it. A
subsequent commit will adjust the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-17 10:38:58 +02:00
Gilles Peskine
1716f06ee3
Merge pull request #6093 from wernerlewis/bignum_test_script
Add bignum test case generation script
2022-09-17 10:37:26 +02:00
Werner Lewis
c2fb540c67 Use a script specific description in CLI help
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-16 17:03:54 +01:00
Asfandyar Orakzai
39452a8ca4 fixed formating of driver generator script
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 13:02:06 +02:00
Asfandyar Orakzai
08f397a676 refactored generate_driver_wrappers.py
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
a2cac3224d Update and document mbedtls extensions
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
1776dd9022 Doc improvements -Cosmetic
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
22c7827876 Schema and script improvements
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
01aa39e3ff Arg parse improvements
Arg parse improved to update the input params path relative to
mbedtls_root passed, if the other params are not explicitly passed.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
a78dc70a50 Fix JsonObject type for MyPy
Workaround a MyPy error by marking the driver json Object as of type
dict and indexable.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
fdbbcba3eb JSONschema and python improvements
* JSON Schema manually updated to be more semantically valid.
* Python script improved to be more verbose with exceptions
* Templating file improved by adding an additional macro.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
25876b8abb Adding JSONSchema to CI scripts
jsonschema is added to the ci scripts and Dockerfile

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
314380564c PyLint errors fixed
Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
04cfe34639 JSON Validation added
(1) JSON file structure altered a bit.
(2) JSON validated against schema.
(3) Corresponding changes in the python script.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
05efa17549 JSON upgrade to give function names
Function names can be provided against entry points.
This helps to ensure easy migration for misnamed functions.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Archana
e829cd6953 Driver Wrapper CodeGen Rev 1.1
(1) Add in driver jsons.
(2) Improve Python scripts to take JSON file directory and template
directory paths as arguments.
(3) Add in file augment template files to template common functionality
(4) render tempplates for Header files, ID generation and key
management.
(5) Changed driver ID nomenclature to be in synch with function names.

Signed-off-by: Archana <archana.madhavan@silabs.com>
Signed-off-by: Asfandyar Orakzai <asfandyar.orakzai@silabs.com>
2022-09-16 11:01:01 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Werner Lewis
07c830c164 Fix setting for default test suite directory
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-15 09:02:07 +01:00
Werner Lewis
52ae326ebb Update references to file targets in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:45 +01:00
Werner Lewis
00d02423a5 Remove argparser default for directory
This reverts commit f156c43702. Adds a
comment to explain reasoning for current implementation.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:42 +01:00
Werner Lewis
858cffde1e Add toggle for test case count in descriptions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:25 +01:00
Werner Lewis
34d6d3e4e5 Update comments/docstrings in TestGenerator
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-14 16:52:18 +01:00
Andrzej Kurek
08d34b8693 Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2
TLS uses it to derive the session secret. The algorithm takes a serialized
point in an uncompressed form, extracts the X coordinate and computes
SHA256 of it. It is only expected to work with P-256.
Fixes #5978.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 08:39:26 -04:00
Werner Lewis
56013081c7 Remove unused imports
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-02 12:57:37 +01:00
Werner Lewis
a4668a6b6c Rework TestGenerator to add file targets
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-02 11:56:34 +01:00
Nayna Jain
ca07f06024 mbedtls: add pkcs7 in generate_errors.pl
This patch updates the generate_errors.pl to handle
PKCS7 code as well.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00
Nayna Jain
c9deb184b0 mbedtls: add support for pkcs7
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.

This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:

* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:33 -05:00
Werner Lewis
aaf3b79bbb Use Python 3.5 style typing for dependencies
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-31 17:16:44 +01:00
Werner Lewis
466f036326 Add dependencies attribute to BaseTarget
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-31 17:01:38 +01:00
Werner Lewis
81f24443b7 Modify wording in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-30 09:37:07 +01:00
Werner Lewis
76f45625e6 Fix trailing whitespace
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 13:21:45 +01:00
Werner Lewis
9df9faac5c Use argparser default for targets
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 12:49:41 +01:00
Werner Lewis
6ef5436f3c Clarify documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 12:29:46 +01:00
Werner Lewis
f156c43702 Use argparser default for directory
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 11:31:55 +01:00
Werner Lewis
e3ad22ecf2 Fix TARGET types and code style
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 10:02:06 +01:00
Werner Lewis
6d654c6491 Raise NotImplementedError in abstract methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-25 09:56:51 +01:00
Werner Lewis
a195ce73f5 Disable pylint unused arg in __new__
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:55 +01:00
Werner Lewis
d03d2a3a91 Remove trailing whitespace in description
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:25 +01:00
Werner Lewis
cfd4768df2 Use __new__() for case counting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
2b527a394d Split generate_tests to reduce code complexity
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 18:10:13 +01:00
Werner Lewis
699e126942 Use ABCMeta for abstract classes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:33:21 +01:00
Werner Lewis
169034ae63 Add details to docstrings
Clarification is added to docstrings, mostly in abstract classes.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:30:30 +01:00
Werner Lewis
55e638ca57 Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 17:29:08 +01:00
Werner Lewis
fbb75e3fc5 Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-24 15:08:56 +01:00
Dave Rodgman
fca2bcc733 Update bump_version.sh to recognise Makefile changes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-12 11:02:03 +01:00
Werner Lewis
8b2df74b12 Add bignum test generation framework
Adds python script for generation of bignum test cases, with initial
classes for mpi_cmp_mpi test cases. Build scripts are updated to
generate test data.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-08-08 11:58:21 +01:00
Dave Rodgman
27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments
Fix a/an typos in doxygen and other comments
2022-07-29 12:59:05 +01:00
Tom Cosgrove
ce7f18c00b Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 05:50:56 +01:00
Tom Cosgrove
5900c1d405 Fix stupid mistake (s/-d/-f/) and typo found by mpg review - thanks
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-27 08:55:03 +01:00
Tom Cosgrove
b839c54e1d Correctly include psa/crypto.h in query_config.fmt
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-26 11:54:08 +01:00
Tom Cosgrove
ff3c6c1a1a Add parsing of psa/crypto_config.h for PSA_WANT_xxx to query_compile_time_config
Fixes #6131

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-25 12:19:35 +01:00
Tom Cosgrove
ef83b839d0 Tidy up generate_query_config.pl in preparation for further work
Output is unchanged.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-25 11:42:38 +01:00
Dave Rodgman
ca9556bff1 Fix case of Mbed TLS in assemble_changelog.py
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-11 11:39:21 +01:00
Paul Elliott
4a49651860 Fix formatting of generate_ssl_debug_helpers.py
Satisfy pylint formatting errors

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 20:45:39 +01:00
Paul Elliott
fe9d43c21d Fix generation of ssl_debug_helpers
File was being generated with tabs rather than spaces which breaks
release builds

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 17:27:25 +01:00
Gilles Peskine
ed5c21dc37 Declare deprecated option for no_deprecated configs
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-27 23:02:09 +02:00
Gilles Peskine
76851ae3a6 Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 19:10:35 +02:00
Gilles Peskine
228d99b57e Document how to interpret negative reports
The abi_check script has common false positives. Document the intent of each
family of checks and typical cases of false positives that can be overridden.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:51:44 +02:00
Gilles Peskine
6100d3c93c Remove redundant sentence
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-20 18:51:18 +02:00
Bence Szépkúti
44f138d539 Add minimum requirements for Python 3.10 support
This is needed for min_requirements.py, since it installs the oldest
possible version of all the requirements.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-05-13 16:52:28 +02:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Jerry Yu
ab8bea23e6 fix comment and name issues in debug helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:08 +08:00
Jerry Yu
fe24d1c9f5 add named group debug helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:00 +08:00
Gilles Peskine
2b5d898eb4
Merge pull request #5644 from gilles-peskine-arm/psa-storage-format-test-exercise
PSA storage format: exercise key
2022-04-28 18:20:02 +02:00
Gilles Peskine
038108388a
Merge pull request #5654 from gilles-peskine-arm/psa-crypto-config-file
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:50 +02:00
Gilles Peskine
ae396bbe66
Merge pull request #5773 from daverodgman/fix_debug_helper
Fix Doxygen syntax error in generated code
2022-04-28 18:16:12 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Dave Rodgman
4914d50c73 Fix spelling error in generated helper code
Also a minor comment fix in the generator script.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-22 15:26:50 +01:00
Dave Rodgman
b8f7694e6a Fix Doxygen syntax error in generated code
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-22 15:20:46 +01:00
Gilles Peskine
dce7d8f51e Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2773f26971 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
ac17ec4388 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
4bd90dc6b1 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
7095d47749 Reject block cipher modes that are not implemented in Mbed TLS
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e3a0890e4f Reject invalid MAC and AEAD truncations
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.

This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
2fa829c7dd Fix invalid argument enumeration when there are >=3 arguments
This bug had no impact since currently no macro has more than 2 arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
d78c59c0de Test more truncated MAC and short AEAD tag lengths
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
c47d3a4286 64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e6b85b4d42 Storage format tests: exercise operations with keys
In key read tests, add usage flags that are suitable for the key type and
algorithm. This way, the call to exercise_key() in the test not only checks
that exporting the key is possible, but also that operations on the key are
possible.

This triggers a number of failures in edge cases where the generator
generates combinations that are not valid, which will be fixed in subsequent
commits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
16b2506e3d Abbreviate descriptions of generated PSA storage tests
This currently makes all the descriptions unambiguous even when truncated at
66 characters, as the unit test framework does.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
e8e058c9d4 Unify the code to shorten expressions
The output of generate_psa_tests.py is almost unchanged: the differences are
only spaces after commas (now consistently omitted).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
fa70ced195 Remove ad hoc is_valid_for_signature method
Use the new generic is_public method.

Impact on generated cases: there are new HMAC test cases for SIGN_HASH. It
was a bug that these test cases were previously not generated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 11:10:14 +02:00
Gilles Peskine
09dc05b880
Merge pull request #5635 from gilles-peskine-arm/psa-test-op-fail
PSA: systematically test operation failure
2022-04-15 10:52:47 +02:00
Gilles Peskine
ba4162a526 Place MBEDTLS_CONFIG_FILE and such into a new section
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-11 17:04:38 +02:00
Gilles Peskine
e6300959df Test attempts to use a public key for a private-key operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 15:02:44 +02:00
Gilles Peskine
a401386f82 A key agreement algorithm can contain a key derivation
PSA_ALG_KEY_AGREEMENT(..., kdf) is a valid key derivation algorithm
when kdf is one.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 14:57:10 +02:00
Gilles Peskine
c82f62e3a5
Merge pull request #4907 from gilles-peskine-arm/config-baremetal-size-3.0
Disable debugging features in the primary code size measurement job
2022-04-04 16:12:58 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Dave Rodgman
1c41501949
Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
2022-03-29 15:34:12 +01:00
Jerry Yu
d73d0a327a remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-29 16:37:51 +08:00
Tom Cosgrove
87fbfb5d82 SECLIB-667: Accelerate SHA-512 with A64 crypto extensions
Provide an additional pair of #defines, MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
and MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY. At most one of them may be
specified. If used, it is necessary to compile with -march=armv8.2-a+sha3.

The MBEDTLS_SHA512_PROCESS_ALT and MBEDTLS_SHA512_ALT mechanisms
continue to work, and are mutually exclusive with SHA512_USE_A64_CRYPTO.

There should be minimal code size impact if no A64_CRYPTO option is set.

The SHA-512 implementation was originally written by Simon Tatham for PuTTY,
under the MIT licence; dual-licensed as Apache 2 with his kind permission.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-03-23 21:40:53 +00:00
Jerry Yu
bfcfe74b4e add signature algorithm debug helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Gilles Peskine
8345d63695 Add knowledge of the compatibility of key types and algorithms
Determine key types that are compatible with an algorithm based on
their names.

Key derivation and PAKE are not yet supported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
ee7554e606 Add knowledge of algorithms
Determine the category of operations supported by an algorithm based
on its name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-16 13:54:25 +01:00
Gilles Peskine
b9dbb7fe62 Add missing type annotation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-15 18:32:10 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
Gilles Peskine
afb482897b
Merge pull request #5292 from mprse/asym_encrypt
Driver dispatch for PSA asymmetric encryption + RSA tests
2022-03-10 20:07:38 +01:00
Gilles Peskine
dcf2ff53c8 Ensure files get closed when they go out of scope
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:02:00 +01:00
Gilles Peskine
4a9630a651 Fix typo and align on US spelling
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-04 20:00:29 +01:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Gilles Peskine
644b3f6072 Unify module documentation with --help text
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:23:09 +01:00
Gilles Peskine
93c2a42166 Don't require ABI tools if not checking the ABI
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-03 10:22:36 +01:00
Gilles Peskine
ca586a53e8 Look at manually written read tests as well
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).

Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 19:12:47 +01:00
Gilles Peskine
9216536415 Add storage format checks to the interface checker
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.

Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.

A known defect in this commit is that the --brief output is not brief
for storage format checks.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00
Gilles Peskine
c76ab85561 Make the API/ABI check optional
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.

I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-22 14:54:03 +01:00