lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-01 10:06:53 +03:00
Code Activity

Merge remote-tracking branch 'upstream-crypto/development' into psa-api-1.0-beta-merge_development_20190801

Browse Source 
Conflict resolution:
* `scripts/config.pl`:
  Take the exclusion of `MBEDTLS_PSA_CRYPTO_SE_C` from the API branch.
  Take the removal of `MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C` (obsolete) from
  the development branch.
* `tests/scripts/all.sh`:
  Multiple instances of factoring a sequence of `config.pl` calls into
  a mere `config.pl baremetal` in the development branch, and a change in
  the composition of `baremetal` in the API branch. In each case, take the
  version from development.
* `tests/suites/test_suite_psa_crypto_slot_management.function`:
  A function became non-static in development and disappeared in the API
  branch. Keep the version from the API branch. Functions need to be
  non-static if they're defined but unused in some configurations,
  which is not the case for any function in this file at the moment.
* `tests/suites/test_suite_psa_crypto.function`:
  Consecutive changes in the two branches, reconciled.
This commit is contained in:
Gilles Peskine
2019-07-31 17:47:49 +02:00
parent adb1c52149 fe93bc4ed4
commit 72c8c5b352
183 changed files with 1195 additions and 927 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
tests/CMakeLists.txt
View File

@ -2,6 +2,13 @@ set(libs
mbedcrypto
)
# Set the project root directory if it's not already defined, as may happen if
# the tests folder is included directly by a parent project, without including
# the top level CMakeLists.txt.
if(NOT DEFINED MBEDTLS_DIR)
set(MBEDTLS_DIR ${CMAKE_SOURCE_DIR})
endif()
find_package(Perl)
if(NOT PERL_FOUND)
message(FATAL_ERROR "Cannot build test suites without Perl")
@ -43,9 +50,9 @@ function(add_test_suite suite_name)
add_executable(${exe_name} test_suite_${data_name}.c)
target_link_libraries(${exe_name} ${libs})
target_include_directories(${exe_name}
PUBLIC ${CMAKE_SOURCE_DIR}/include/
PUBLIC ${CMAKE_SOURCE_DIR}/crypto/include/
PRIVATE ${CMAKE_SOURCE_DIR}/crypto/library/)
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/
PUBLIC ${MBEDTLS_DIR}/crypto/library/)
if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX})
message(STATUS "The test suite ${data_name} will not be executed.")

2
tests/Makefile
View File

@ -2,7 +2,7 @@
# To compile on SunOS: add "-lsocket -lnsl" to LDFLAGS
CFLAGS ?= -O2
WARNING_CFLAGS ?= -Wall -W -Wdeclaration-after-statement -Wno-unused-function -Wno-unused-value
WARNING_CFLAGS ?= -Wall -Wextra
LDFLAGS ?=
CRYPTO_INCLUDES ?= -I../include

168
tests/docker/bionic/Dockerfile Normal file
View File

@ -0,0 +1,168 @@
# Dockerfile
#
# Purpose
# -------
# Defines a Docker container suitable to build and run all tests (all.sh),
# except for those that use a proprietary toolchain.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
ARG MAKEFLAGS_PARALLEL=""
ARG MY_REGISTRY=
FROM ${MY_REGISTRY}ubuntu:bionic
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update \
&& apt-get -y install software-properties-common \
&& rm -rf /var/lib/apt/lists
RUN add-apt-repository -y ppa:team-gcc-arm-embedded/ppa
RUN apt-get update \
&& apt-get -y install \
# mbedtls build/test dependencies
build-essential \
clang \
cmake \
doxygen \
gcc-arm-none-eabi \
gcc-mingw-w64-i686 \
gcc-multilib \
g++-multilib \
gdb \
git \
graphviz \
lsof \
python \
python3-pip \
python3 \
pylint3 \
valgrind \
wget \
# libnettle build dependencies
libgmp-dev \
m4 \
pkg-config \
&& rm -rf /var/lib/apt/lists/*
# Build a static, legacy openssl from sources with sslv3 enabled
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
# Note: openssl-1.0.2 and earlier has known build issues with parallel make.
RUN cd /tmp \
&& wget https://www.openssl.org/source/old/1.0.1/openssl-1.0.1j.tar.gz -qO- | tar xz \
&& cd openssl-1.0.1j \
&& ./config --openssldir=/usr/local/openssl-1.0.1j no-shared \
&& (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL_LEGACY=/usr/local/openssl-1.0.1j/bin/openssl
# Build OPENSSL as 1.0.2g
RUN cd /tmp \
&& wget https://www.openssl.org/source/old/1.0.2/openssl-1.0.2g.tar.gz -qO- | tar xz \
&& cd openssl-1.0.2g \
&& ./config --openssldir=/usr/local/openssl-1.0.2g no-shared \
&& (make ${MAKEFLAGS_PARALLEL} || make -j 1) \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL=/usr/local/openssl-1.0.2g/bin/openssl
# Build a new openssl binary for ARIA/CHACHA20 support
# Based on https://gist.github.com/bmaupin/8caca3a1e8c3c5686141 (build-openssl.sh)
RUN cd /tmp \
&& wget https://www.openssl.org/source/openssl-1.1.1a.tar.gz -qO- | tar xz \
&& cd openssl-1.1.1a \
&& ./config --prefix=/usr/local/openssl-1.1.1a -Wl,--enable-new-dtags,-rpath,'${LIBRPATH}' no-shared \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install_sw \
&& rm -rf /tmp/openssl*
ENV OPENSSL_NEXT=/usr/local/openssl-1.1.1a/bin/openssl
# Build libnettle 2.7.1 (needed by legacy gnutls)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-2.7.1.tar.gz -qO- | tar xz \
&& cd nettle-2.7.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build legacy gnutls (3.3.8)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.3/gnutls-3.3.8.tar.xz -qO- | tar xJ \
&& cd gnutls-3.3.8 \
&& ./configure --prefix=/usr/local/gnutls-3.3.8 --exec_prefix=/usr/local/gnutls-3.3.8 --disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_LEGACY_CLI=/usr/local/gnutls-3.3.8/bin/gnutls-cli
ENV GNUTLS_LEGACY_SERV=/usr/local/gnutls-3.3.8/bin/gnutls-serv
# Build libnettle 3.1 (needed by gnutls)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.1.tar.gz -qO- | tar xz \
&& cd nettle-3.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build gnutls (3.4.10)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.4/gnutls-3.4.10.tar.xz -qO- | tar xJ \
&& cd gnutls-3.4.10 \
&& ./configure --prefix=/usr/local/gnutls-3.4.10 --exec_prefix=/usr/local/gnutls-3.4.10 \
--with-included-libtasn1 --without-p11-kit \
--disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_CLI=/usr/local/gnutls-3.4.10/bin/gnutls-cli
ENV GNUTLS_SERV=/usr/local/gnutls-3.4.10/bin/gnutls-serv
# Build libnettle 3.4 (needed by gnutls next)
RUN cd /tmp \
&& wget https://ftp.gnu.org/gnu/nettle/nettle-3.4.1.tar.gz -qO- | tar xz \
&& cd nettle-3.4.1 \
&& ./configure --disable-documentation \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& /sbin/ldconfig \
&& rm -rf /tmp/nettle*
# Build gnutls next (3.6.5)
RUN cd /tmp \
&& wget https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.5.tar.xz -qO- | tar xJ \
&& cd gnutls-3.6.5 \
&& ./configure --prefix=/usr/local/gnutls-3.6.5 --exec_prefix=/usr/local/gnutls-3.6.5 \
--with-included-libtasn1 --with-included-unistring --without-p11-kit \
--disable-shared --disable-guile --disable-doc \
&& make ${MAKEFLAGS_PARALLEL} \
&& make install \
&& rm -rf /tmp/gnutls*
ENV GNUTLS_NEXT_CLI=/usr/local/gnutls-3.6.5/bin/gnutls-cli
ENV GNUTLS_NEXT_SERV=/usr/local/gnutls-3.6.5/bin/gnutls-serv
RUN pip3 install --no-cache-dir \
mbed-host-tests \
mock

31
tests/make-in-docker.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/bash -eu
# make-in-docker.sh
#
# Purpose
# -------
# This runs make in a Docker container.
#
# See also:
# - scripts/docker_env.sh for general Docker prerequisites and other information.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
run_in_docker make $@

37
tests/scripts/all-in-docker.sh Executable file
View File

@ -0,0 +1,37 @@
#!/bin/bash -eu
# all-in-docker.sh
#
# Purpose
# -------
# This runs all.sh (except for armcc) in a Docker container.
#
# Notes for users
# ---------------
# See docker_env.sh for prerequisites and other information.
#
# See also all.sh for notes about invocation of that script.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
# Run tests that are possible with openly available compilers
run_in_docker tests/scripts/all.sh \
--no-armcc \
$@

163
tests/scripts/all.sh
View File

@ -218,6 +218,16 @@ cleanup()
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
# Remove any artifacts from the component_test_cmake_as_subdirectory test.
rm -rf programs/test/cmake_subproject/build
rm -f programs/test/cmake_subproject/Makefile
rm -f programs/test/cmake_subproject/cmake_subproject
if [ -f "$CONFIG_BAK" ]; then
mv "$CONFIG_BAK" "$CONFIG_H"
fi
@ -536,7 +546,7 @@ component_check_files () {
component_check_names () {
msg "test/build: declared and exported names" # < 3s
record_status tests/scripts/check-names.sh
record_status tests/scripts/check-names.sh -v
}
component_check_doxygen_warnings () {
@ -575,6 +585,19 @@ component_test_ref_configs () {
record_status tests/scripts/test-ref-configs.pl
}
component_test_no_pem_no_fs () {
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
scripts/config.pl unset MBEDTLS_PEM_PARSE_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C # requires a filesystem
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C # requires PSA ITS
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
make test
}
component_test_rsa_no_crt () {
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
scripts/config.pl set MBEDTLS_RSA_NO_CRT
@ -602,13 +625,23 @@ component_test_full_cmake_clang () {
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On .
make
msg "test: main suites (full config)" # ~ 5s
msg "test: main suites (full config, clang)" # ~ 5s
make test
msg "test: psa_constant_names (full config)" # ~ 1s
msg "test: psa_constant_names (full config, clang)" # ~ 1s
record_status tests/scripts/test_psa_constant_names.py
}
component_test_full_make_gcc_o0 () {
msg "build: make, full config, gcc -O0" # ~ 50s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
make CC=gcc CFLAGS='-O0'
msg "test: main suites (full config, gcc -O0)" # ~ 5s
make test
}
component_build_deprecated () {
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
scripts/config.pl full
@ -627,7 +660,6 @@ component_build_deprecated () {
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
}
component_test_depends_curves () {
msg "test/build: curves.pl (gcc)" # ~ 4 min
record_status tests/scripts/curves.pl
@ -654,24 +686,38 @@ component_build_default_make_gcc_and_cxx () {
make TEST_CPP=1
}
component_test_use_psa_crypto_full_cmake_asan() {
# MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
component_test_no_use_psa_crypto_full_cmake_asan() {
# full minus MBEDTLS_USE_PSA_CRYPTO: run the same set of tests as basic-build-test.sh
msg "build: cmake, full config + MBEDTLS_USE_PSA_CRYPTO, ASan"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_ECP_RESTARTABLE # restartable ECC not supported through PSA
scripts/config.pl set MBEDTLS_ECP_RESTARTABLE # not using PSA, so enable restartable ECC
scripts/config.pl set MBEDTLS_PSA_CRYPTO_C
scripts/config.pl set MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
msg "test: main suites (MBEDTLS_USE_PSA_CRYPTO)"
msg "test: main suites (full minus MBEDTLS_USE_PSA_CRYPTO)"
make test
}
component_test_check_params_functionality () {
msg "build+test: MBEDTLS_CHECK_PARAMS functionality"
scripts/config.pl full # includes CHECK_PARAMS
# Make MBEDTLS_PARAM_FAILED call mbedtls_param_failed().
scripts/config.pl unset MBEDTLS_CHECK_PARAMS_ASSERT
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
# Only build and run tests. Do not build sample programs, because
# they don't have a mbedtls_param_failed() function.
make CC=gcc CFLAGS='-Werror -O1' lib test
}
component_test_check_params_without_platform () {
msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C"
scripts/config.pl full # includes CHECK_PARAMS
# Keep MBEDTLS_PARAM_FAILED as assert.
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT
@ -689,6 +735,7 @@ component_test_check_params_silent () {
msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()"
scripts/config.pl full # includes CHECK_PARAMS
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
# Set MBEDTLS_PARAM_FAILED to nothing.
sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H"
make CC=gcc CFLAGS='-Werror -O1' all test
}
@ -712,7 +759,6 @@ component_test_no_platform () {
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19,
# to re-enable platform integration features otherwise disabled in C99 builds
make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs
@ -803,14 +849,14 @@ component_test_se_full () {
component_test_make_shared () {
msg "build/test: make shared" # ~ 40s
make SHARED=1 all check
make SHARED=1 all check -j1
}
component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address'
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)"
make test
@ -829,7 +875,7 @@ component_test_m32_o1 () {
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address'
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)"
make test
@ -841,7 +887,7 @@ support_test_m32_o1 () {
component_test_mx32 () {
msg "build: 64-bit ILP32, make, gcc" # ~ 30s
scripts/config.pl full
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32'
make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' LDFLAGS='-mx32'
msg "test: 64-bit ILP32, make, gcc"
make test
@ -909,41 +955,13 @@ component_test_no_64bit_multiplication () {
component_build_arm_none_eabi_gcc () {
msg "build: arm-none-eabi-gcc, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
}
component_build_arm_none_eabi_gcc_no_udbl_division () {
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
echo "Checking that software 64-bit division is not required"
@ -952,21 +970,7 @@ component_build_arm_none_eabi_gcc_no_udbl_division () {
component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl baremetal
scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib
echo "Checking that software 64-bit multiplication is not required"
@ -975,25 +979,7 @@ component_build_arm_none_eabi_gcc_no_64bit_multiplication () {
component_build_armcc () {
msg "build: ARM Compiler 5, make"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_TIMING_C
scripts/config.pl unset MBEDTLS_FS_IO
scripts/config.pl unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_SE_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C
scripts/config.pl unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED
scripts/config.pl unset MBEDTLS_HAVE_TIME
scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE
scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY
# following things are not in the default config
scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING
scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c
scripts/config.pl unset MBEDTLS_THREADING_PTHREAD
scripts/config.pl unset MBEDTLS_THREADING_C
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit
scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME
scripts/config.pl baremetal
make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
make clean
@ -1016,15 +1002,15 @@ component_build_armcc () {
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -j1
# note Make tests only builds the tests, but doesn't run them
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -j1
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -j1
make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -j1
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
@ -1069,6 +1055,19 @@ component_test_cmake_out_of_source () {
unset MBEDTLS_ROOT_DIR
}
component_test_cmake_as_subdirectory () {
msg "build: cmake 'as-subdirectory' build"
MBEDTLS_ROOT_DIR="$PWD"
cd programs/test/cmake_subproject
cmake .
make
if_build_succeeded ./cmake_subproject
cd "$MBEDTLS_ROOT_DIR"
unset MBEDTLS_ROOT_DIR
}
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an

4
tests/scripts/basic-build-test.sh
View File

@ -43,6 +43,7 @@ echo
# Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 '
export LDFLAGS=' --coverage'
make clean
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
@ -53,6 +54,9 @@ make -j
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
cd tests
if [ ! -f "seedfile" ]; then
dd if=/dev/urandom of="seedfile" bs=32 count=1
fi
# Step 2a - Unit Tests
perl scripts/run-test-suites.pl -v 2 |tee unit-test-$TEST_OUTPUT

47
tests/scripts/basic-in-docker.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash -eu
# basic-in-docker.sh
#
# Purpose
# -------
# This runs a rough equivalent of the travis.yml in a Docker container.
# The tests are run for both clang and gcc.
#
# Notes for users
# ---------------
# See docker_env.sh for prerequisites and other information.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
source tests/scripts/docker_env.sh
run_in_docker tests/scripts/recursion.pl library/*.c
run_in_docker tests/scripts/check-generated-files.sh
run_in_docker tests/scripts/check-doxy-blocks.pl
run_in_docker tests/scripts/check-names.sh
run_in_docker tests/scripts/check-files.py
run_in_docker tests/scripts/doxygen.sh
for compiler in clang gcc; do
run_in_docker -e CC=${compiler} cmake -D CMAKE_BUILD_TYPE:String="Check" .
run_in_docker -e CC=${compiler} make
run_in_docker -e CC=${compiler} make test
run_in_docker programs/test/selftest
run_in_docker tests/scripts/test-ref-configs.pl
run_in_docker tests/scripts/curves.pl
done

36
tests/scripts/check-files.py
View File

@ -1,14 +1,12 @@
#!/usr/bin/env python3
# This file is part of Mbed TLS (https://tls.mbed.org)
# Copyright (c) 2018, Arm Limited, All Rights Reserved
"""
This file is part of Mbed TLS (https://tls.mbed.org)
Copyright (c) 2018, Arm Limited, All Rights Reserved
Purpose
This script checks the current state of the source code for minor issues,
including incorrect file permissions, presence of tabs, non-Unix line endings,
trailing whitespace, presence of UTF-8 BOM, and TODO comments.
trailing whitespace, and presence of UTF-8 BOM.
Note: requires python 3, must be run from Mbed TLS root.
"""
@ -170,19 +168,6 @@ class MergeArtifactIssueTracker(LineIssueTracker):
return True
return False
class TodoIssueTracker(LineIssueTracker):
"""Track lines containing ``TODO``."""
heading = "TODO present:"
files_exemptions = frozenset([
os.path.basename(__file__),
"benchmark.c",
"pull_request_template.md",
])
def issue_with_line(self, line, _filepath):
return b"todo" in line.lower()
class IntegrityChecker(object):
"""Sanity-check files under the current directory."""
@ -211,7 +196,6 @@ class IntegrityChecker(object):
TrailingWhitespaceIssueTracker(),
TabIssueTracker(),
MergeArtifactIssueTracker(),
TodoIssueTracker(),
]
@staticmethod
@ -257,15 +241,7 @@ class IntegrityChecker(object):
def run_main():
parser = argparse.ArgumentParser(
description=(
"This script checks the current state of the source code for "
"minor issues, including incorrect file permissions, "
"presence of tabs, non-Unix line endings, trailing whitespace, "
"presence of UTF-8 BOM, and TODO comments. "
"Note: requires python 3, must be run from Mbed TLS root."
)
)
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument(
"-l", "--log_file", type=str, help="path to optional output log",
)

42
tests/scripts/check-names.sh
View File

@ -2,26 +2,42 @@
#
# This file is part of mbed TLS (https://tls.mbed.org)
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# This script confirms that the naming of all symbols and identifiers in mbed
# TLS are consistent with the house style and are also self-consistent.
#
# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved
set -eu
if [ $# -ne 0 ] && [ "$1" = "--help" ]; then
cat <<EOF
$0 [-v]
This script confirms that the naming of all symbols and identifiers in mbed
TLS are consistent with the house style and are also self-consistent.
-v If the script fails unexpectedly, print a command trace.
EOF
exit
fi
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
trace=
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
shift
trace='-x'
exec 2>check-names.err
trap 'echo "FAILED UNEXPECTEDLY, status=$?";
cat check-names.err' EXIT
set -x
fi
printf "Analysing source code...\n"
tests/scripts/list-macros.sh
sh $trace tests/scripts/list-macros.sh
tests/scripts/list-enum-consts.pl
tests/scripts/list-identifiers.sh
tests/scripts/list-symbols.sh
sh $trace tests/scripts/list-identifiers.sh
sh $trace tests/scripts/list-symbols.sh
FAIL=0
@ -82,6 +98,12 @@ else
FAIL=1
fi
if [ -n "$trace" ]; then
set +x
trap - EXIT
rm check-names.err
fi
printf "\nOverall: "
if [ "$FAIL" -eq 0 ]; then
rm macros actual-macros enum-consts identifiers exported-symbols

2
tests/scripts/curves.pl
View File

@ -57,7 +57,7 @@ for my $curve (@curves) {
system( "CFLAGS='-Werror -Wall -Wextra' make lib" )
and abort "Failed to build lib: $curve\n";
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
system( "make" ) and abort "Failed to build tests: $curve\n";
system( "make test" ) and abort "Failed test suite: $curve\n";
}

93
tests/scripts/docker_env.sh Executable file
View File

@ -0,0 +1,93 @@
#!/bin/bash -eu
# docker_env.sh
#
# Purpose
# -------
#
# This is a helper script to enable running tests under a Docker container,
# thus making it easier to get set up as well as isolating test dependencies
# (which include legacy/insecure configurations of openssl and gnutls).
#
# Notes for users
# ---------------
# This script expects a Linux x86_64 system with a recent version of Docker
# installed and available for use, as well as http/https access. If a proxy
# server must be used, invoke this script with the usual environment variables
# (http_proxy and https_proxy) set appropriately. If an alternate Docker
# registry is needed, specify MBEDTLS_DOCKER_REGISTRY to point at the
# host name.
#
#
# Running this script directly will check for Docker availability and set up
# the Docker image.
# Copyright (C) 2006-2019, Arm Limited (or its affiliates), All Rights Reserved.
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This file is part of Mbed TLS (https://tls.mbed.org)
# default values, can be overridden by the environment
: ${MBEDTLS_DOCKER_GUEST:=bionic}
DOCKER_IMAGE_TAG="armmbed/mbedtls-test:${MBEDTLS_DOCKER_GUEST}"
# Make sure docker is available
if ! which docker > /dev/null; then
echo "Docker is required but doesn't seem to be installed. See https://www.docker.com/ to get started"
exit 1
fi
# Figure out if we need to 'sudo docker'
if groups | grep docker > /dev/null; then
DOCKER="docker"
else
echo "Using sudo to invoke docker since you're not a member of the docker group..."
DOCKER="sudo docker"
fi
# Build the Docker image
echo "Getting docker image up to date (this may take a few minutes)..."
${DOCKER} image build \
-t ${DOCKER_IMAGE_TAG} \
--cache-from=${DOCKER_IMAGE_TAG} \
--build-arg MAKEFLAGS_PARALLEL="-j $(nproc)" \
--network host \
${http_proxy+--build-arg http_proxy=${http_proxy}} \
${https_proxy+--build-arg https_proxy=${https_proxy}} \
${MBEDTLS_DOCKER_REGISTRY+--build-arg MY_REGISTRY="${MBEDTLS_DOCKER_REGISTRY}/"} \
tests/docker/${MBEDTLS_DOCKER_GUEST}
run_in_docker()
{
ENV_ARGS=""
while [ "$1" == "-e" ]; do
ENV_ARGS="${ENV_ARGS} $1 $2"
shift 2
done
${DOCKER} container run -it --rm \
--cap-add SYS_PTRACE \
--user "$(id -u):$(id -g)" \
--volume $PWD:$PWD \
--workdir $PWD \
-e MAKEFLAGS \
-e PYLINTHOME=/tmp/.pylintd \
${ENV_ARGS} \
${DOCKER_IMAGE_TAG} \
$@
}

15
tests/scripts/list-symbols.sh
View File

@ -14,8 +14,21 @@ fi
cp include/mbedtls/config.h include/mbedtls/config.h.bak
scripts/config.pl full
CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1
make clean
make_ret=
CFLAGS=-fno-asynchronous-unwind-tables make lib \
>list-symbols.make.log 2>&1 ||
{
make_ret=$?
echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib"
cat list-symbols.make.log >&2
}
rm list-symbols.make.log
mv include/mbedtls/config.h.bak include/mbedtls/config.h
if [ -n "$make_ret" ]; then
exit "$make_ret"
fi
if uname | grep -F Darwin >/dev/null; then
nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p'
elif uname | grep -F Linux >/dev/null; then

22
tests/scripts/mbedtls_test.py
View File

@ -79,7 +79,7 @@ class TestDataParser(object):
split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
if len(split_char) > 1:
raise ValueError('Expected split character. Found string!')
out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str))
out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
out = [x for x in out if x]
return out
@ -99,11 +99,11 @@ class TestDataParser(object):
# Check dependencies
dependencies = []
line = data_f.next().strip()
line = next(data_f).strip()
match = re.search('depends_on:(.*)', line)
if match:
dependencies = [int(x) for x in match.group(1).split(':')]
line = data_f.next().strip()
line = next(data_f).strip()
# Read test vectors
line = line.replace('\\n', '\n')
@ -115,7 +115,7 @@ class TestDataParser(object):
err_str_fmt = "Number of test arguments({}) should be even: {}"
raise TestDataParserError(err_str_fmt.format(args_count, line))
grouped_args = [(args[i * 2], args[(i * 2) + 1])
for i in range(len(args)/2)]
for i in range(int(len(args)/2))]
self.tests.append((name, function_name, dependencies,
grouped_args))
@ -261,21 +261,21 @@ class MbedTlsTest(BaseHostTest):
data_bytes += bytearray([function_id, len(parameters)])
for typ, param in parameters:
if typ == 'int' or typ == 'exp':
i = int(param)
data_bytes += 'I' if typ == 'int' else 'E'
i = int(param, 0)
data_bytes += b'I' if typ == 'int' else b'E'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
elif typ == 'char*':
param = param.strip('"')
i = len(param) + 1 # + 1 for null termination
data_bytes += 'S'
data_bytes += b'S'
self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i)
data_bytes += bytearray(list(param))
data_bytes += '\0' # Null terminate
data_bytes += bytearray(param, encoding='ascii')
data_bytes += b'\0' # Null terminate
elif typ == 'hex':
binary_data = self.hex_str_bytes(param)
data_bytes += 'H'
data_bytes += b'H'
self.align_32bit(data_bytes)
i = len(binary_data)
data_bytes += self.int32_to_big_endian_bytes(i)
@ -310,7 +310,7 @@ class MbedTlsTest(BaseHostTest):
param_bytes, length = self.test_vector_to_bytes(function_id,
dependencies, args)
self.send_kv(length, param_bytes)
self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes))
@staticmethod
def get_result(value):

26
tests/suites/helpers.function
View File

@ -278,7 +278,7 @@ typedef enum
#define TEST_VALID_PARAM( TEST ) \
TEST_ASSERT( ( TEST, 1 ) );
#define assert(a) if( !( a ) ) \
#define TEST_HELPER_ASSERT(a) if( !( a ) ) \
{ \
mbedtls_fprintf( stderr, "Assertion Failed at %s:%d - %s\n", \
__FILE__, __LINE__, #a ); \
@ -401,7 +401,7 @@ jmp_buf jmp_tmp;
/*----------------------------------------------------------------------------*/
/* Helper Functions */
static void test_fail( const char *test, int line_no, const char* filename )
void test_fail( const char *test, int line_no, const char* filename )
{
test_info.failed = 1;
test_info.test = test;
@ -492,11 +492,11 @@ static void close_output( FILE* out_stream )
}
#endif /* __unix__ || __APPLE__ __MACH__ */
static int unhexify( unsigned char *obuf, const char *ibuf )
int unhexify( unsigned char *obuf, const char *ibuf )
{
unsigned char c, c2;
int len = strlen( ibuf ) / 2;
assert( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
TEST_HELPER_ASSERT( strlen( ibuf ) % 2 == 0 ); /* must be even number of bytes */
while( *ibuf != 0 )
{
@ -508,7 +508,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf )
else if( c >= 'A' && c <= 'F' )
c -= 'A' - 10;
else
assert( 0 );
TEST_HELPER_ASSERT( 0 );
c2 = *ibuf++;
if( c2 >= '0' && c2 <= '9' )
@ -518,7 +518,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf )
else if( c2 >= 'A' && c2 <= 'F' )
c2 -= 'A' - 10;
else
assert( 0 );
TEST_HELPER_ASSERT( 0 );
*obuf++ = ( c << 4 ) | c2;
}
@ -526,7 +526,7 @@ static int unhexify( unsigned char *obuf, const char *ibuf )
return len;
}
static void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
void hexify( unsigned char *obuf, const unsigned char *ibuf, int len )
{
unsigned char l, h;
@ -563,7 +563,7 @@ static unsigned char *zero_alloc( size_t len )
size_t actual_len = ( len != 0 ) ? len : 1;
p = mbedtls_calloc( 1, actual_len );
assert( p != NULL );
TEST_HELPER_ASSERT( p != NULL );
memset( p, 0x00, actual_len );
@ -580,7 +580,7 @@ static unsigned char *zero_alloc( size_t len )
*
* For convenience, dies if allocation fails.
*/
static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
{
unsigned char *obuf;
@ -590,7 +590,7 @@ static unsigned char *unhexify_alloc( const char *ibuf, size_t *olen )
return( zero_alloc( *olen ) );
obuf = mbedtls_calloc( 1, *olen );
assert( obuf != NULL );
TEST_HELPER_ASSERT( obuf != NULL );
(void) unhexify( obuf, ibuf );
@ -631,7 +631,7 @@ static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
*
* rng_state shall be NULL.
*/
static int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_zero_rand( void *rng_state, unsigned char *output, size_t len )
{
if( rng_state != NULL )
rng_state = NULL;
@ -658,7 +658,7 @@ typedef struct
*
* After the buffer is empty it will return rand();
*/
static int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_buffer_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_buf_info *info = (rnd_buf_info *) rng_state;
size_t use_len;
@ -704,7 +704,7 @@ typedef struct
*
* rng_state shall be a pointer to a rnd_pseudo_info structure.
*/
static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len )
{
rnd_pseudo_info *info = (rnd_pseudo_info *) rng_state;
uint32_t i, *k, sum, delta=0x9E3779B9;

2
tests/suites/host_test.function
View File

@ -179,7 +179,7 @@ static int parse_arguments( char *buf, size_t len, char **params,
if( p + 1 < buf + len )
{
cur = p + 1;
assert( cnt < params_len );
TEST_HELPER_ASSERT( cnt < params_len );
params[cnt++] = cur;
}
*p = '\0';

50
tests/suites/target_test.function
View File

@ -13,11 +13,11 @@
*/
#define INCR_ASSERT(p, start, len, step) do \
{ \
assert( ( p ) >= ( start ) ); \
assert( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
TEST_HELPER_ASSERT( ( p ) >= ( start ) ); \
TEST_HELPER_ASSERT( sizeof( *( p ) ) == sizeof( *( start ) ) ); \
/* <= is checked to support use inside a loop where \
pointer is incremented after reading data. */ \
assert( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
TEST_HELPER_ASSERT( (uint32_t)( ( ( p ) - ( start ) ) + ( step ) ) <= ( len ) );\
( p ) += ( step ); \
} \
while( 0 )
@ -59,10 +59,29 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
return( DEPENDENCY_SUPPORTED );
}
/**
* \brief Receives hex string on serial interface, and converts to a byte.
*
* \param none
*
* \return unsigned int8
*/
uint8_t receive_byte()
{
uint8_t byte;
uint8_t c[3];
char *endptr;
c[0] = greentea_getc();
c[1] = greentea_getc();
c[2] = '\0';
assert( unhexify( &byte, c ) != 2 );
return( byte );
}
/**
* \brief Receives unsigned integer on serial interface.
* Integers are encoded in network order.
* Integers are encoded in network order, and sent as hex ascii string.
*
* \param none
*
@ -71,10 +90,17 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
uint32_t receive_uint32()
{
uint32_t value;
value = (uint8_t)greentea_getc() << 24;
value |= (uint8_t)greentea_getc() << 16;
value |= (uint8_t)greentea_getc() << 8;
value |= (uint8_t)greentea_getc();
const uint8_t c[9] = { greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
'\0'
};
assert( unhexify( &value, c ) != 8 );
return( (uint32_t)value );
}
@ -127,12 +153,12 @@ uint8_t * receive_data( uint32_t * data_len )
/* Read data length */
*data_len = receive_uint32();
data = (uint8_t *)malloc( *data_len );
assert( data != NULL );
TEST_HELPER_ASSERT( data != NULL );
greentea_getc(); // read ';' received after key i.e. *data_len
for( i = 0; i < *data_len; i++ )
data[i] = greentea_getc();
data[i] = receive_byte();
/* Read closing braces */
for( i = 0; i < 2; i++ )
@ -221,7 +247,7 @@ void ** parse_parameters( uint8_t count, uint8_t * data, uint32_t data_len,
hex_count = find_hex_count(count, data, data_len);
params = (void **)malloc( sizeof( void *) * ( count + hex_count ) );
assert( params != NULL );
TEST_HELPER_ASSERT( params != NULL );
cur = params;
p = data;
@ -360,7 +386,7 @@ int execute_tests( int args, const char ** argv )
{
/* Read dependency count */
count = *p;
assert( count < data_len );
TEST_HELPER_ASSERT( count < data_len );
INCR_ASSERT( p, data, data_len, sizeof( uint8_t ) );
ret = verify_dependencies( count, p );
if ( ret != DEPENDENCY_SUPPORTED )

2
tests/suites/test_suite_cipher.aes.data
View File

@ -1,6 +1,6 @@
Decrypt empty buffer
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
dec_empty_buf:
dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC
AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7

4
tests/suites/test_suite_cipher.chacha20.data
View File

@ -1,7 +1,3 @@
Decrypt empty buffer
depends_on:MBEDTLS_CHACHA20_C
dec_empty_buf:
Chacha20 RFC 7539 Test Vector #1
depends_on:MBEDTLS_CHACHA20_C
decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0

2
tests/suites/test_suite_cipher.chachapoly.data
View File

@ -1,6 +1,6 @@
Decrypt empty buffer
depends_on:MBEDTLS_CHACHAPOLY_C
dec_empty_buf:
dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305
ChaCha20+Poly1305 Encrypt and decrypt 0 bytes
depends_on:MBEDTLS_CHACHAPOLY_C

30
tests/suites/test_suite_cipher.function
View File

@ -710,7 +710,7 @@ exit:
/* END_CASE */
/* BEGIN_CASE */
void dec_empty_buf( )
void dec_empty_buf( int cipher )
{
unsigned char key[32];
unsigned char iv[16];
@ -723,6 +723,8 @@ void dec_empty_buf( )
size_t outlen = 0;
int expected_ret;
memset( key, 0, 32 );
memset( iv , 0, 16 );
@ -732,12 +734,15 @@ void dec_empty_buf( )
memset( decbuf, 0, 64 );
/* Initialise context */
cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
cipher_info = mbedtls_cipher_info_from_type( cipher );
TEST_ASSERT( NULL != cipher_info);
TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) );
TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
key, cipher_info->key_bitlen,
MBEDTLS_DECRYPT ) );
TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
@ -750,8 +755,23 @@ void dec_empty_buf( )
/* decode 0-byte string */
TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
TEST_ASSERT( 0 == outlen );
TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish(
&ctx_dec, decbuf + outlen, &outlen ) );
if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
cipher_info->mode == MBEDTLS_MODE_ECB )
{
/* CBC and ECB ciphers need a full block of input. */
expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
}
else
{
/* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
* return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
* decrypting an empty buffer. */
expected_ret = 0;
}
TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
&ctx_dec, decbuf + outlen, &outlen ) );
TEST_ASSERT( 0 == outlen );
exit:

8
tests/suites/test_suite_entropy.function
View File

@ -48,7 +48,7 @@ static int entropy_dummy_source( void *data, unsigned char *output,
* This might break memory checks in the future if sources need 'free-ing' then
* as well.
*/
static void entropy_clear_sources( mbedtls_entropy_context *ctx )
void entropy_clear_sources( mbedtls_entropy_context *ctx )
{
ctx->source_count = 0;
}
@ -58,7 +58,7 @@ static void entropy_clear_sources( mbedtls_entropy_context *ctx )
*/
static unsigned char buffer_seed[MBEDTLS_ENTROPY_BLOCK_SIZE];
static int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
{
if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
return( -1 );
@ -67,7 +67,7 @@ static int buffer_nv_seed_read( unsigned char *buf, size_t buf_len )
return( 0 );
}
static int buffer_nv_seed_write( unsigned char *buf, size_t buf_len )
int buffer_nv_seed_write( unsigned char *buf, size_t buf_len )
{
if( buf_len != MBEDTLS_ENTROPY_BLOCK_SIZE )
return( -1 );
@ -98,7 +98,7 @@ static int write_nv_seed( unsigned char *buf, size_t buf_len )
return( 0 );
}
static int read_nv_seed( unsigned char *buf, size_t buf_len )
int read_nv_seed( unsigned char *buf, size_t buf_len )
{
FILE *f;

8
tests/suites/test_suite_psa_crypto.function
View File

@ -712,9 +712,9 @@ exit:
return( ok );
}
static int asn1_skip_integer( unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd )
int asn1_skip_integer( unsigned char **p, const unsigned char *end,
size_t min_bits, size_t max_bits,
int must_be_odd )
{
size_t len;
size_t actual_bits;
@ -839,10 +839,10 @@ static int exported_key_sanity_check( psa_key_type_t type, size_t bits,
{
uint8_t *p = exported;
uint8_t *end = exported + exported_length;
size_t len;
#if defined(MBEDTLS_RSA_C)
if( type == PSA_KEY_TYPE_RSA_PUBLIC_KEY )
{
size_t len;
/* RSAPublicKey ::= SEQUENCE {
* modulus INTEGER, -- n
* publicExponent INTEGER } -- e

31
tests/suites/test_suite_psa_its.function
View File

@ -71,6 +71,7 @@ void set_get_remove( int uid_arg, int flags_arg, data_t *data )
uint32_t flags = flags_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
size_t ret_len = 0;
ASSERT_ALLOC( buffer, data->len );
@ -79,8 +80,8 @@ void set_get_remove( int uid_arg, int flags_arg, data_t *data )
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data->len );
TEST_ASSERT( info.flags == flags );
PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer ) );
ASSERT_COMPARE( data->x, data->len, buffer, data->len );
PSA_ASSERT( psa_its_get( uid, 0, data->len, buffer, &ret_len ) );
ASSERT_COMPARE( data->x, data->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@ -100,6 +101,7 @@ void set_overwrite( int uid_arg,
uint32_t flags2 = flags2_arg;
struct psa_storage_info_t info;
unsigned char *buffer = NULL;
size_t ret_len = 0;
ASSERT_ALLOC( buffer, MAX( data1->len, data2->len ) );
@ -107,15 +109,16 @@ void set_overwrite( int uid_arg,
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data1->len );
TEST_ASSERT( info.flags == flags1 );
PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer ) );
ASSERT_COMPARE( data1->x, data1->len, buffer, data1->len );
PSA_ASSERT( psa_its_get( uid, 0, data1->len, buffer, &ret_len ) );
ASSERT_COMPARE( data1->x, data1->len, buffer, ret_len );
PSA_ASSERT( psa_its_set_wrap( uid, data2->len, data2->x, flags2 ) );
PSA_ASSERT( psa_its_get_info( uid, &info ) );
TEST_ASSERT( info.size == data2->len );
TEST_ASSERT( info.flags == flags2 );
PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer ) );
ASSERT_COMPARE( data2->x, data2->len, buffer, data2->len );
ret_len = 0;
PSA_ASSERT( psa_its_get( uid, 0, data2->len, buffer, &ret_len ) );
ASSERT_COMPARE( data2->x, data2->len, buffer, ret_len );
PSA_ASSERT( psa_its_remove( uid ) );
@ -132,6 +135,7 @@ void set_multiple( int first_id, int count )
psa_storage_uid_t uid;
char stored[40];
char retrieved[40];
size_t ret_len = 0;
memset( stored, '.', sizeof( stored ) );
for( uid = uid0; uid < uid0 + count; uid++ )
@ -145,11 +149,11 @@ void set_multiple( int first_id, int count )
{
mbedtls_snprintf( stored, sizeof( stored ),
"Content of file 0x%08lx", (unsigned long) uid );
PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved ) );
ASSERT_COMPARE( retrieved, sizeof( stored ),
PSA_ASSERT( psa_its_get( uid, 0, sizeof( stored ), retrieved, &ret_len ) );
ASSERT_COMPARE( retrieved, ret_len,
stored, sizeof( stored ) );
PSA_ASSERT( psa_its_remove( uid ) );
TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
}
@ -173,7 +177,7 @@ void nonexistent( int uid_arg, int create_and_remove )
TEST_ASSERT( psa_its_remove( uid ) == PSA_ERROR_DOES_NOT_EXIST );
TEST_ASSERT( psa_its_get_info( uid, &info ) ==
PSA_ERROR_DOES_NOT_EXIST );
TEST_ASSERT( psa_its_get( uid, 0, 0, NULL ) ==
TEST_ASSERT( psa_its_get( uid, 0, 0, NULL, NULL ) ==
PSA_ERROR_DOES_NOT_EXIST );
exit:
@ -192,6 +196,7 @@ void get_at( int uid_arg, data_t *data,
size_t length = length_arg >= 0 ? length_arg : 0;
unsigned char *trailer;
size_t i;
size_t ret_len = 0;
ASSERT_ALLOC( buffer, length + 16 );
trailer = buffer + length;
@ -199,11 +204,11 @@ void get_at( int uid_arg, data_t *data,
PSA_ASSERT( psa_its_set_wrap( uid, data->len, data->x, 0 ) );
status = psa_its_get( uid, offset, length_arg, buffer );
status = psa_its_get( uid, offset, length_arg, buffer, &ret_len );
TEST_ASSERT( status == (psa_status_t) expected_status );
if( status == PSA_SUCCESS )
ASSERT_COMPARE( data->x + offset, length,
buffer, length );
ASSERT_COMPARE( data->x + offset, (size_t) length_arg,
buffer, ret_len );
for( i = 0; i < 16; i++ )
TEST_ASSERT( trailer[i] == '-' );
PSA_ASSERT( psa_its_remove( uid ) );