Commit graph

1978 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 13:02:13 +01:00
Valerio Setti
6445912d9c test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-22 12:35:16 +01:00
Przemek Stekiel
b45b8ce474 Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:32 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:30:31 +01:00
Przemek Stekiel
03790029a6 Add test components to test accelerated pake and fallback
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-22 11:25:30 +01:00
Manuel Pégourié-Gonnard
d1c001aff7 Fix some dependencies in test_suite_psa_crypto
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:37:17 +01:00
Manuel Pégourié-Gonnard
e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 13:07:19 +01:00
Manuel Pégourié-Gonnard
59a2b8fd57 Add component accel_ecdh_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard
e3095e7cb0 Add comments to accel_ecdh component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 12:19:06 +01:00
Manuel Pégourié-Gonnard
9e04b5bcfc Disable MD-light in accel_hash_use_psa
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-16 22:30:06 +01:00
Gilles Peskine
e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction
Extract Secp192r1 fast reduction from the prototype
2023-02-15 16:22:36 +01:00
Andrzej Kurek
72082dc28e Improve tests/scripts/depends.py code
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-15 05:20:33 -05:00
Valerio Setti
5dc6867f7e test: don't skip debug and ssl suites in test parity for driver only ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-13 15:35:37 +01:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858
driver-only ECDSA: get testing parity in X.509
2023-02-13 15:30:06 +01:00
Gabor Mezei
a9d82dd0a2
Keep the description in one place, just refer it
Delete the duplicated file description and refer to the original one
in generate_bignum_tests.py.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-02-13 14:10:23 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos
Fix typos
2023-02-10 15:07:07 +01:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage
Pkcs7 coverage
2023-02-10 12:55:29 +00:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-08 16:40:40 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-08 15:38:48 +00:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-08 13:52:31 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857
driver-only ECDSA: get testing parity in PK
2023-02-08 13:33:15 +01:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64
all.sh: test_m32_xx is not supported on arm64 host
2023-02-07 10:26:10 +01:00
Jerry Yu
e51eddce38 disable aesce when ASM not available
Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-02-07 17:11:53 +08:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-07 08:02:23 +01:00
Jan Bruckner
1aabe5c4d7 Fix typos
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-02-06 12:54:53 +01:00
Andrzej Kurek
81cf5ad347
Improve tests/scripts/depends.py code
As suggested by gilles-peskine-arm.

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-02-06 10:48:43 +01:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-03 20:33:12 +00:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-01 10:50:50 +08:00
Gabor Mezei
95ecaaf56d
Add test generation support for the ecp module
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-31 14:40:05 +01:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:19:32 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard
e28397a376
Merge pull request #6938 from aditya-deshpande-arm/check-names-exclusions
check_names.py: Compare identifiers in excluded files against symbols parsed by nm
2023-01-30 09:21:58 +01:00
Manuel Pégourié-Gonnard
169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
2023-01-27 10:05:00 +01:00
Gilles Peskine
47aab850da Batch cipher translations to go faster
Python has a high startup cost, so go back to invoking it only once per
server start, rather than once per client start. This is a measurable
performance improvement (running time ~*0.5 with PSK, less dramatic with
asymmetric crypto).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-26 21:45:45 +01:00
Valerio Setti
9cb0f7a423 test: driver-only: fix disparities in random
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:11 +01:00
Valerio Setti
3002c99247 test: extend analyze_outcomes.py in order to skip only some test in a suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:49:00 +01:00
Valerio Setti
7e57920511 test: driver-only: fix disparities in psa_crypto_se_driver_hal
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:46 +01:00
Valerio Setti
4682948c1e test: driver-only: fix disparities in ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-25 11:30:31 +01:00
David Horstmann
f0c75796be Fix a missing type hint warning
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-24 18:53:15 +00:00
Andrzej Kurek
576803faa2 depends.py: improve expected argument type
Requested config option can be either boolean or a string.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-24 07:40:42 -05:00
Manuel Pégourié-Gonnard
00d3e96042
Merge pull request #6855 from mpg/driver-only-ecdsa-starter
Driver-only ECDSA starter
2023-01-24 13:06:17 +01:00
Manuel Pégourié-Gonnard
4455fd2449
Merge pull request #6531 from AndrzejKurek/depends-py-kex-fixes
Depends.py - add exclusive domain tests to key exchange testing
2023-01-24 09:32:05 +01:00
Andrzej Kurek
3b0215d453 depends.py: merge set/unset config option into one function
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 07:19:22 -05:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Andrzej Kurek
98682b50a4 Remove obsolete comment from depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-23 06:16:23 -05:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Gilles Peskine
bba2630549 Add ECJPAKE secret input types to psa/crypto_config.h
Add PSA_WANT_KEY_TYPE_PASSWORD and PSA_WANT_KEY_TYPE_PASSWORD_HASH to
psa/crypto_config.h, since the types PSA_KEY_TYPE_PASSWORD and
PSA_KEY_TYPE_PASSWORD_HASH are used by ECJPAKE.

The two key types are always enabled, like PSA_KEY_TYPE_DERIVE.

Add the key types to the metadata test suite as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:19 +01:00
Gilles Peskine
cafda872f3 Fix documentation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:18 +01:00
Gilles Peskine
0e9e4422ab NotSupported is specifically about key types
Rename NotSupported to KeyTypeNotSupported, because it's only about testing
key management. For algorithms, not-supported is handled by OpFail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-19 12:11:17 +01:00
Andrzej Kurek
1ff7336e2c depends.py: enable key exchange tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-01-17 10:38:10 -05:00
Yanray Wang
ee97f05d35 Translate cipher suite names based on standard naming convention
With this commit, translate_ciphers.py would be based on standard
cipher suite names instead of MbedTLS naming convention.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-17 14:56:37 +08:00
Aditya Deshpande
0584df4131 Minor changes to account for CodeParser.parse_identifiers being used in list_internal_identifiers.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 16:36:31 +00:00
Dave Rodgman
461b8254d0
Merge pull request #6865 from scop/patch-1
Use `grep -E` instead of `egrep`
2023-01-16 15:21:24 +00:00
Aditya Deshpande
dd8ac67792 Update check_names.py so that identifiers in excluded files are still compared against the output of nm.
This fixes the issue where excluding a file containing identifiers from checks would cause check_symbols_in_header to fail.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-16 14:57:48 +00:00
Valerio Setti
41b5fb6536 test: ensure X509 has no dependency on BIGNUM when built without MBEDTLS_DEPRECATED_REMOVED
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Dave Rodgman
378ecdd859 Rename VS2010 directory to VS2013 and update Makefiles etc
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Gilles Peskine
c848d226bf Switch code style check to enforcement mode
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:14 +01:00
Gilles Peskine
c55c343670
Merge pull request #6884 from gilles-peskine-arm/check-files-unicode
Reject bad characters in source code
2023-01-11 13:46:59 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Gilles Peskine
d11bb47fe0 Reject invalid UTF-8 and weird characters in text files
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).

Also reject byte sequences that aren't valid UTF-8.

Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:31:14 +01:00
Gilles Peskine
b389743ace Pass line number to issue_with_line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:28:30 +01:00
Gilles Peskine
0ed9e78bf7 Treat more *.bin files as binary
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-05 20:27:35 +01:00
Manuel Pégourié-Gonnard
c6967d21b9 Tune output format of analyze_outcomes.py
The part "driver: skipped/failed, reference: passed" didn't add any
information, but used up space on the screen and made the output
slightly harder to parse.

OTOH, now that we have multiple analyze_vs_reference tasks, we
should print out which one we're doing, so that that output makes sense
in case of a failure on the CI (which runs all tasks).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
10e3963aa4 Add comparison of accel_ecdsa against reference
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
171c45feda Add component accel_ecdsa_use_psa
This is the basis for future work, we'll want to make sure everything
passes in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
6d7db93bbb Enable TLS 1.3 in accelerated ECDSA test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
200fd0f099 Add comments to accel_ecdsa component
Slightly re-organize (accel list at the top).

No need to disable USE_PSA or TLS 1.3 because they're already that way
in the default config.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
462e3a9931 all.sh: restore config_test_driver.h automatically
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:03 +01:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
e1655b8132 test: add test for building without BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
3322f611e6 test: verify that TLS and X509 are independent from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:42 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Ville Skyttä
66edfe45f5
Use grep -E instead of egrep
`egrep` has been deprecated in GNU grep since 2007,
and since 3.8 it emits obsolescence warnings:
https://git.savannah.gnu.org/cgit/grep.git/commit/?id=a9515624709865d480e3142fd959bccd1c9372d1


Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2023-01-01 18:19:49 +02:00
Valerio Setti
ea8c88fcbb test: fix some descriptions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-29 11:08:35 +01:00
Valerio Setti
c963bb11c7 test: remove SHA224 from default test driver config
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-28 12:58:14 +01:00
Andrzej Kurek
3f93012bf1 Use config.py as a module in depends.py
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-12-27 06:36:24 -05:00
Manuel Pégourié-Gonnard
2fcb4c1d06
Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random
Bignum mod random
2022-12-23 10:36:22 +01:00
Valerio Setti
b6bf7dcc28 test: fix depends.py for hash tests
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:28:03 +01:00
Manuel Pégourié-Gonnard
eab43a62c3
Merge pull request #6795 from gilles-peskine-arm/check_test_cases-quiet_ci
Hide check_test_cases warnings on the CI
2022-12-21 09:42:41 +01:00
Gilles Peskine
c377f31ad9 Remove unused import
This wasn't reported by pylint due to a pylint bug (apparently):
`pylint A B` doesn't complain about an unused import in B if A happens to
import and use the same module, which happens to be the case when we run
pylint on the CI.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-20 19:52:42 +01:00
Manuel Pégourié-Gonnard
82dad10746
Merge pull request #6820 from gilles-peskine-arm/code-style-skip-generated-files
Don't touch the style of generated files
2022-12-19 13:06:25 +01:00
Manuel Pégourié-Gonnard
bb12621746
Merge pull request #6808 from gilles-peskine-arm/basic-build-test-lcov-format-robustness-3.3
Fix code_coverage broken by extra echo in make lcov
2022-12-19 13:03:37 +01:00
Manuel Pégourié-Gonnard
c572246fa5 Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.

This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.

The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).

So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
Gilles Peskine
3b56d29147 List all the places with instructions to generate those files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:56:44 +01:00
Gilles Peskine
9a3771e1b3 Don't touch the style of generated files
Ideally the result of the generator would conform to the code style, but
this would be difficult, especially with respect to the placement of line
breaks in long logical lines. So, to avoid surprises when checking the style
of generated files (which happens in releases and in long-time support
branches), systematically skip generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-19 00:52:39 +01:00
Gilles Peskine
546493bee9
Merge pull request #6789 from mpg/doc-docker-from-ci
Point to docker images used in the CI
2022-12-17 01:54:24 +01:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
David Horstmann
f91090e4a3 Fix an incorrect regex in check_names.py
Allow check_names.py to detect declarations of the form:

enum some_enum_name {

This pattern has only just appeared due to code style correction, which
explains why the issue was not previously noticed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-16 13:39:04 +00:00
Gilles Peskine
98d3a67a5c Simplify the coverage statistics summary
The script was parsing the output from `make lcov` to extract numbers and
calculate percentages. But everything including the percentages is already
present in the output of `make lcov`, just with a slightly different
presentation. So replace all this by a simple extraction of the relevant
lines from the output of `make lcov`.

This is more robust than the previous code, which relied on `tail -n4` to
extract relevant lines, which broke when `make lcov` started to emit one
extra line at the end.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-16 12:09:17 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Gilles Peskine
031114d6ec Hide check_test_cases warnings on the CI
We aren't paying attention to the warnings. So hide them and save log size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 14:46:31 +01:00
Gilles Peskine
081369111e
Merge pull request #6594 from gilles-peskine-arm/generate_test_code-function_comments
Allow comments in test function prototypes
2022-12-15 12:32:11 +01:00
Manuel Pégourié-Gonnard
59626b6179 Point to docker images used in the CI
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-15 10:08:26 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Manuel Pégourié-Gonnard
2b70a3f831
Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo
check_names: extend typo check to PSA macro/enum names
2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard
cd98805bd7
Merge pull request #6683 from mpg/optimize-with-asan
Optimize with asan
2022-12-12 11:58:23 +01:00
Manuel Pégourié-Gonnard
182a23b1da Adjust all.sh now that restartable is in full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
ad45c4d386 Document that ECP_RESTARTABLE depends on ECP_C
This is not new, it had always been the case, just not documented.

Pointed out by depends.py pkalgs (again, now that restartable is part of
full).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a6e3d3ec10 Disable restartable in build_module_alt
Previously we did not need that as restartable was excluded from full.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a37398427b Remove check for tests disabled with USE_PSA
The previous commit declared that some tests cases in ssl-opt.sh depend
on USE_PSA being disabled, which is the right thing to do.

We had a check that forbade that - it was mainly meant to prevent
accidental re-introduction of such dependencies after we cleaned up a
number of cases where it was not warranted, but already at the time that
was controversial [1]. Now it's preventing us from doing the right
thing, so let's just remove it.

[1]: https://github.com/Mbed-TLS/mbedtls/pull/5742#discussion_r855112412

See also https://github.com/Mbed-TLS/mbedtls/pull/5907/ which also
removes this for a similar reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Dave Rodgman
1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests
Rationalize Valgrind tests
2022-12-06 18:39:32 +00:00
David Horstmann
92b5ac1a47 Add all.sh component to test with code style
Run the main test suites after running code style correction to check
that code style correction does not break these tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 17:44:30 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
dc40bbc2d7 test: pake: remove redundant test for opaque passwords
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00
Dave Rodgman
c3902ac661
Merge pull request #6698 from wernerlewis/bignum_mod_py
Bignum: Enable test generation from bignum_mod.py
2022-12-01 11:48:14 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Valerio Setti
a6b69dabc5 test: psa_pake: add a separate test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-30 16:44:49 +01:00
Gilles Peskine
18f7028a0e Preserve line breaks from continued line comments
The commit "Preserve line breaks in comments before test functions"
only handled block comments. This commit handles line comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-30 16:38:49 +01:00
Werner Lewis
c84b731941 Enable test generation from bignum_mod.py
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-11-30 14:43:31 +00:00
Manuel Pégourié-Gonnard
fe549a76e4 Add comment about use of ASAN_CFLAGS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-30 12:38:58 +01:00
Manuel Pégourié-Gonnard
30d9466762 Only run what we need from compat.sh
Also, comment why we run those tests.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-30 12:38:58 +01:00
Tom Cosgrove
fc2ac75453 Fix the name of basic-build-test.sh within the file
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-11-30 11:13:00 +00:00
Gilles Peskine
d8c0803821 Preserve line breaks in comments before test functions
This way line numbers match better in error messages.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 22:04:45 +01:00
Gilles Peskine
0c67160b00 Valgrind for constant flow: skip non-CF test suites
When testing under Valgrind for constant flow, skip test suites that don't
have any constant-flow annotations, since the testing wouldn't do anything
more that testing with ordinary Valgrind (component_test_valgrind and
component_test_valgrind_psa). This is a significant time saving since
testing with Valgrind is very slow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 16:46:06 +01:00
Gilles Peskine
df3dd4c3bc Test MBEDTLS_USE_PSA_CRYPTO with Valgrind
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 16:46:06 +01:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard
66f09834ea Enable optimisation with Asan with make in all.sh
All builds using ASAN_CFLAGS were with Asan but no optimisation, making
them particularly slow. Indeed, we were overwriting CFLAGS which
defaults to -O2 and not using any -O in the replacement. (CMake already has
optimisations on with ASan.)

While at it, also remove -Wall -Wextra which are redundant as they are
already part of WARNING_CFLAGS which we are not overwriting.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-29 09:12:12 +01:00
Manuel Pégourié-Gonnard
6a543ba1d3 Remove redundant component in all.sh
CID is now enabled in the default config (as well as full), so it's
already tested in numerous all.sh components, not need to add one for
that.

We need a component for the legacy/compat option though as it's never
enabled in existing components. So, keep that one, but adjust the name
and fix a typo in a message.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:48:17 +01:00
Hannes Tschofenig
df84bb30ab Removed MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH from CID tests in all.sh
Added also extra text.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:11 +01:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Pengyu Lv
3bb0e43b41 fix review comment
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2022-11-24 17:30:29 +08:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Ronald Cron
d8603a7b44
Merge pull request #6638 from ronald-cron-arm/tls13-misc
TLS 1.3: Adjustments for the coming release
2022-11-23 09:07:36 +01:00
Aditya Deshpande
5e3c70e3be Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:58:52 +00:00
Aditya Deshpande
8cc1470c18 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:55:53 +00:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Janos Follath
0fc88779ec
Merge pull request #6632 from yanesca/refactor_bignum_test_framework
Refactor bignum test framework
2022-11-22 14:53:58 +00:00
Gilles Peskine
a08103aa94
Merge pull request #6611 from gilles-peskine-arm/run-test-suites-out-of-tree
Fix run-test-suites.pl in out-of-tree builds
2022-11-22 15:01:13 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Aditya Deshpande
39e08d4094 Add tests for the key agreement driver wrapper to test_suite_psa_crypto_driver_wrappers
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-21 19:39:35 +00:00
Janos Follath
f45797652f Bignum tests: set unique combinations off by default
Normally we need all the combinations, unique combinations make sense
only if the operation is commutative.

No changes to generated tests.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-11-21 08:56:14 +00:00