Merge branch 'Mbed-TLS:development' into codegen_1.1

tests/include/test/drivers/config_test_driver.h

@@ -48,6 +48,7 @@
 //#define MBEDTLS_SHA1_C
 //#define MBEDTLS_SHA384_C
 //#define MBEDTLS_SHA512_C
+//#define MBEDTLS_MD_C
 //#define MBEDTLS_PEM_PARSE_C
 //#define MBEDTLS_BASE64_C
 

tests/include/test/drivers/crypto_config_test_driver_extension.h

@@ -190,6 +190,8 @@
 #define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
 #define MBEDTLS_PSA_ACCEL_ALG_GCM 1
 #define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
+#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
+#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
 #define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
 #define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
 #define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1

tests/include/test/helpers.h

@@ -154,6 +154,48 @@ void mbedtls_test_info_reset( void );
 int mbedtls_test_equal( const char *test, int line_no, const char* filename,
                         unsigned long long value1, unsigned long long value2 );
 
+/**
+ * \brief           Record the current test case as a failure based
+ *                  on comparing two unsigned integers.
+ *
+ *                  This function is usually called via the macro
+ *                  #TEST_LE_U.
+ *
+ * \param test      Description of the failure or assertion that failed. This
+ *                  MUST be a string literal. This normally has the form
+ *                  "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
+ *                  and EXPR2 has the value \p value2.
+ * \param line_no   Line number where the failure originated.
+ * \param filename  Filename where the failure originated.
+ * \param value1    The first value to compare.
+ * \param value2    The second value to compare.
+ *
+ * \return          \c 1 if \p value1 <= \p value2, otherwise \c 0.
+ */
+int mbedtls_test_le_u( const char *test, int line_no, const char* filename,
+                       unsigned long long value1, unsigned long long value2 );
+
+/**
+ * \brief           Record the current test case as a failure based
+ *                  on comparing two signed integers.
+ *
+ *                  This function is usually called via the macro
+ *                  #TEST_LE_S.
+ *
+ * \param test      Description of the failure or assertion that failed. This
+ *                  MUST be a string literal. This normally has the form
+ *                  "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
+ *                  and EXPR2 has the value \p value2.
+ * \param line_no   Line number where the failure originated.
+ * \param filename  Filename where the failure originated.
+ * \param value1    The first value to compare.
+ * \param value2    The second value to compare.
+ *
+ * \return          \c 1 if \p value1 <= \p value2, otherwise \c 0.
+ */
+int mbedtls_test_le_s( const char *test, int line_no, const char* filename,
+                       long long value1, long long value2 );
+
 /**
  * \brief          This function decodes the hexadecimal representation of
  *                 data.
@@ -234,7 +276,7 @@ void mbedtls_test_err_add_check( int high, int low,
 #endif
 
 #if defined(MBEDTLS_BIGNUM_C)
-/** Read an MPI from a string.
+/** Read an MPI from a hexadecimal string.
  *
  * Like mbedtls_mpi_read_string(), but size the resulting bignum based
  * on the number of digits in the string. In particular, construct a
@@ -245,13 +287,12 @@ void mbedtls_test_err_add_check( int high, int low,
  * "leading zeros" test cases do what they claim.
  *
  * \param[out] X        The MPI object to populate. It must be initialized.
- * \param radix         The radix (2 to 16).
- * \param[in] s         The null-terminated string to read from.
+ * \param[in] s         The null-terminated hexadecimal string to read from.
  *
  * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
  */
 /* Since the library has exactly the desired behavior, this is trivial. */
-int mbedtls_test_read_mpi( mbedtls_mpi *X, int radix, const char *s );
+int mbedtls_test_read_mpi( mbedtls_mpi *X, const char *s );
 #endif /* MBEDTLS_BIGNUM_C */
 
 #endif /* TEST_HELPERS_H */

tests/include/test/macros.h

@@ -89,6 +89,32 @@
             goto exit;                                                  \
     } while( 0 )
 
+/** Evaluate two unsigned integer expressions and fail the test case
+ * if they are not in increasing order (left <= right).
+ *
+ * \param expr1     An integral-typed expression to evaluate.
+ * \param expr2     Another integral-typed expression to evaluate.
+ */
+#define TEST_LE_U( expr1, expr2 )                                       \
+    do {                                                                \
+        if( ! mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+                                 expr1, expr2 ) )                      \
+            goto exit;                                                  \
+    } while( 0 )
+
+/** Evaluate two signed integer expressions and fail the test case
+ * if they are not in increasing order (left <= right).
+ *
+ * \param expr1     An integral-typed expression to evaluate.
+ * \param expr2     Another integral-typed expression to evaluate.
+ */
+#define TEST_LE_S( expr1, expr2 )                                       \
+    do {                                                                \
+        if( ! mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
+                                 expr1, expr2 ) )                      \
+            goto exit;                                                  \
+    } while( 0 )
+
 /** Allocate memory dynamically and fail the test case if this fails.
  * The allocated memory will be filled with zeros.
  *

tests/include/test/psa_crypto_helpers.h

@@ -277,13 +277,24 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags
     }                                                                      \
     while( 0 )
 
+#if !defined(MBEDTLS_MD_C)
+#define PSA_INIT_IF_NO_MD( ) PSA_INIT( )
+#define PSA_DONE_IF_NO_MD( ) PSA_DONE( )
+#endif
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
+#if defined(MBEDTLS_MD_C)
+#define PSA_INIT_IF_NO_MD( ) ( (void) 0 )
+#define PSA_DONE_IF_NO_MD( ) ( (void) 0 )
+#endif
 /** \def USE_PSA_INIT
  *
  * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
- * is enabled and do nothing otherwise. If the initialization fails, mark
- * the test case as failed and jump to the \p exit label.
+ * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
+ * TLS 1.3 one uses PSA independently of the definition of
+ * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise. If the
+ * initialization fails, mark the test case as failed and jump to the \p exit
+ * label.
  */
 /** \def USE_PSA_DONE
  *
@@ -291,15 +302,15 @@ psa_key_usage_t mbedtls_test_update_key_usage_flags( psa_key_usage_t usage_flags
  * This is like #PSA_DONE, except that it does nothing if
  * #MBEDTLS_USE_PSA_CRYPTO is disabled.
  */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
+#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3)
 #define USE_PSA_INIT( ) PSA_INIT( )
 #define USE_PSA_DONE( ) PSA_DONE( )
-#else /* MBEDTLS_USE_PSA_CRYPTO */
+#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
 /* Define empty macros so that we can use them in the preamble and teardown
  * of every test function that uses PSA conditionally based on
  * MBEDTLS_USE_PSA_CRYPTO. */
 #define USE_PSA_INIT( ) ( (void) 0 )
 #define USE_PSA_DONE( ) ( (void) 0 )
-#endif /* !MBEDTLS_USE_PSA_CRYPTO */
+#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
 
 #endif /* PSA_CRYPTO_HELPERS_H */