From 734d22c03ee68192393ec660b3512a425c17e4aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 30 Oct 2023 15:15:45 +0000 Subject: [PATCH 1/5] Move PSA information and dependency automation into their own module MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This will let us use these features from other modules (yet to be created). Signed-off-by: Gilles Peskine Signed-off-by: Tomás González --- scripts/mbedtls_dev/psa_information.py | 117 ++++++++++++++++++++ tests/scripts/generate_psa_tests.py | 147 +++++-------------------- 2 files changed, 144 insertions(+), 120 deletions(-) create mode 100644 scripts/mbedtls_dev/psa_information.py diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py new file mode 100644 index 0000000000..0d3b246ee7 --- /dev/null +++ b/scripts/mbedtls_dev/psa_information.py @@ -0,0 +1,117 @@ +"""Collect information about PSA cryptographic mechanisms. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import re +from typing import Dict, FrozenSet, List, Optional + +from . import macro_collector + + +def psa_want_symbol(name: str) -> str: + """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature.""" + if name.startswith('PSA_'): + return name[:4] + 'WANT_' + name[4:] + else: + raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name) + +def finish_family_dependency(dep: str, bits: int) -> str: + """Finish dep if it's a family dependency symbol prefix. + A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be + qualified by the key size. If dep is such a symbol, finish it by adjusting + the prefix and appending the key size. Other symbols are left unchanged. + """ + return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep) + +def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]: + """Finish any family dependency symbol prefixes. + Apply `finish_family_dependency` to each element of `dependencies`. + """ + return [finish_family_dependency(dep, bits) for dep in dependencies] + +SYMBOLS_WITHOUT_DEPENDENCY = frozenset([ + 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies + 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier + 'PSA_ALG_ANY_HASH', # only in policies + 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies + 'PSA_ALG_KEY_AGREEMENT', # chaining + 'PSA_ALG_TRUNCATED_MAC', # modifier +]) + +def automatic_dependencies(*expressions: str) -> List[str]: + """Infer dependencies of a test case by looking for PSA_xxx symbols. + The arguments are strings which should be C expressions. Do not use + string literals or comments as this function is not smart enough to + skip them. + """ + used = set() + for expr in expressions: + used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr)) + used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) + return sorted(psa_want_symbol(name) for name in used) + +# A temporary hack: at the time of writing, not all dependency symbols +# are implemented yet. Skip test cases for which the dependency symbols are +# not available. Once all dependency symbols are available, this hack must +# be removed so that a bug in the dependency symbols properly leads to a test +# failure. +def read_implemented_dependencies(filename: str) -> FrozenSet[str]: + return frozenset(symbol + for line in open(filename) + for symbol in re.findall(r'\bPSA_WANT_\w+\b', line)) +_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name + +def hack_dependencies_not_implemented(dependencies: List[str]) -> None: + global _implemented_dependencies #pylint: disable=global-statement,invalid-name + if _implemented_dependencies is None: + _implemented_dependencies = \ + read_implemented_dependencies('include/psa/crypto_config.h') + if not all((dep.lstrip('!') in _implemented_dependencies or + not dep.lstrip('!').startswith('PSA_WANT')) + for dep in dependencies): + dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') + +class Information: + """Gather information about PSA constructors.""" + + def __init__(self) -> None: + self.constructors = self.read_psa_interface() + + @staticmethod + def remove_unwanted_macros( + constructors: macro_collector.PSAMacroEnumerator + ) -> None: + # Mbed TLS doesn't support finite-field DH yet and will not support + # finite-field DSA. Don't attempt to generate any related test case. + constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR') + constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY') + constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') + constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') + + def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator: + """Return the list of known key types, algorithms, etc.""" + constructors = macro_collector.InputsForTest() + header_file_names = ['include/psa/crypto_values.h', + 'include/psa/crypto_extra.h'] + test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data'] + for header_file_name in header_file_names: + constructors.parse_header(header_file_name) + for test_cases in test_suites: + constructors.parse_test_cases(test_cases) + self.remove_unwanted_macros(constructors) + constructors.gather_arguments() + return constructors diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index f5b921eff9..5f350d83a9 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -27,108 +27,13 @@ from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional import scripts_path # pylint: disable=unused-import from mbedtls_dev import crypto_knowledge -from mbedtls_dev import macro_collector +from mbedtls_dev import macro_collector #pylint: disable=unused-import +from mbedtls_dev import psa_information from mbedtls_dev import psa_storage from mbedtls_dev import test_case from mbedtls_dev import test_data_generation -def psa_want_symbol(name: str) -> str: - """Return the PSA_WANT_xxx symbol associated with a PSA crypto feature.""" - if name.startswith('PSA_'): - return name[:4] + 'WANT_' + name[4:] - else: - raise ValueError('Unable to determine the PSA_WANT_ symbol for ' + name) - -def finish_family_dependency(dep: str, bits: int) -> str: - """Finish dep if it's a family dependency symbol prefix. - - A family dependency symbol prefix is a PSA_WANT_ symbol that needs to be - qualified by the key size. If dep is such a symbol, finish it by adjusting - the prefix and appending the key size. Other symbols are left unchanged. - """ - return re.sub(r'_FAMILY_(.*)', r'_\1_' + str(bits), dep) - -def finish_family_dependencies(dependencies: List[str], bits: int) -> List[str]: - """Finish any family dependency symbol prefixes. - - Apply `finish_family_dependency` to each element of `dependencies`. - """ - return [finish_family_dependency(dep, bits) for dep in dependencies] - -SYMBOLS_WITHOUT_DEPENDENCY = frozenset([ - 'PSA_ALG_AEAD_WITH_AT_LEAST_THIS_LENGTH_TAG', # modifier, only in policies - 'PSA_ALG_AEAD_WITH_SHORTENED_TAG', # modifier - 'PSA_ALG_ANY_HASH', # only in policies - 'PSA_ALG_AT_LEAST_THIS_LENGTH_MAC', # modifier, only in policies - 'PSA_ALG_KEY_AGREEMENT', # chaining - 'PSA_ALG_TRUNCATED_MAC', # modifier -]) -def automatic_dependencies(*expressions: str) -> List[str]: - """Infer dependencies of a test case by looking for PSA_xxx symbols. - - The arguments are strings which should be C expressions. Do not use - string literals or comments as this function is not smart enough to - skip them. - """ - used = set() - for expr in expressions: - used.update(re.findall(r'PSA_(?:ALG|ECC_FAMILY|KEY_TYPE)_\w+', expr)) - used.difference_update(SYMBOLS_WITHOUT_DEPENDENCY) - return sorted(psa_want_symbol(name) for name in used) - -# A temporary hack: at the time of writing, not all dependency symbols -# are implemented yet. Skip test cases for which the dependency symbols are -# not available. Once all dependency symbols are available, this hack must -# be removed so that a bug in the dependency symbols properly leads to a test -# failure. -def read_implemented_dependencies(filename: str) -> FrozenSet[str]: - return frozenset(symbol - for line in open(filename) - for symbol in re.findall(r'\bPSA_WANT_\w+\b', line)) -_implemented_dependencies = None #type: Optional[FrozenSet[str]] #pylint: disable=invalid-name -def hack_dependencies_not_implemented(dependencies: List[str]) -> None: - global _implemented_dependencies #pylint: disable=global-statement,invalid-name - if _implemented_dependencies is None: - _implemented_dependencies = \ - read_implemented_dependencies('include/psa/crypto_config.h') - if not all((dep.lstrip('!') in _implemented_dependencies or 'PSA_WANT' not in dep) - for dep in dependencies): - dependencies.append('DEPENDENCY_NOT_IMPLEMENTED_YET') - - -class Information: - """Gather information about PSA constructors.""" - - def __init__(self) -> None: - self.constructors = self.read_psa_interface() - - @staticmethod - def remove_unwanted_macros( - constructors: macro_collector.PSAMacroEnumerator - ) -> None: - # Mbed TLS doesn't support finite-field DH yet and will not support - # finite-field DSA. Don't attempt to generate any related test case. - constructors.key_types.discard('PSA_KEY_TYPE_DH_KEY_PAIR') - constructors.key_types.discard('PSA_KEY_TYPE_DH_PUBLIC_KEY') - constructors.key_types.discard('PSA_KEY_TYPE_DSA_KEY_PAIR') - constructors.key_types.discard('PSA_KEY_TYPE_DSA_PUBLIC_KEY') - - def read_psa_interface(self) -> macro_collector.PSAMacroEnumerator: - """Return the list of known key types, algorithms, etc.""" - constructors = macro_collector.InputsForTest() - header_file_names = ['include/psa/crypto_values.h', - 'include/psa/crypto_extra.h'] - test_suites = ['tests/suites/test_suite_psa_crypto_metadata.data'] - for header_file_name in header_file_names: - constructors.parse_header(header_file_name) - for test_cases in test_suites: - constructors.parse_test_cases(test_cases) - self.remove_unwanted_macros(constructors) - constructors.gather_arguments() - return constructors - - def test_case_for_key_type_not_supported( verb: str, key_type: str, bits: int, dependencies: List[str], @@ -138,7 +43,7 @@ def test_case_for_key_type_not_supported( """Return one test case exercising a key creation method for an unsupported key type or size. """ - hack_dependencies_not_implemented(dependencies) + psa_information.hack_dependencies_not_implemented(dependencies) tc = test_case.TestCase() short_key_type = crypto_knowledge.short_expression(key_type) adverb = 'not' if dependencies else 'never' @@ -154,7 +59,7 @@ def test_case_for_key_type_not_supported( class KeyTypeNotSupported: """Generate test cases for when a key type is not supported.""" - def __init__(self, info: Information) -> None: + def __init__(self, info: psa_information.Information) -> None: self.constructors = info.constructors ALWAYS_SUPPORTED = frozenset([ @@ -178,10 +83,10 @@ class KeyTypeNotSupported: # They would be skipped in all configurations, which is noise. return import_dependencies = [('!' if param is None else '') + - psa_want_symbol(kt.name)] + psa_information.psa_want_symbol(kt.name)] if kt.params is not None: import_dependencies += [('!' if param == i else '') + - psa_want_symbol(sym) + psa_information.psa_want_symbol(sym) for i, sym in enumerate(kt.params)] if kt.name.endswith('_PUBLIC_KEY'): generate_dependencies = [] @@ -190,7 +95,7 @@ class KeyTypeNotSupported: for bits in kt.sizes_to_test(): yield test_case_for_key_type_not_supported( 'import', kt.expression, bits, - finish_family_dependencies(import_dependencies, bits), + psa_information.finish_family_dependencies(import_dependencies, bits), test_case.hex_string(kt.key_material(bits)), param_descr=param_descr, ) @@ -204,7 +109,7 @@ class KeyTypeNotSupported: if not kt.is_public(): yield test_case_for_key_type_not_supported( 'generate', kt.expression, bits, - finish_family_dependencies(generate_dependencies, bits), + psa_information.finish_family_dependencies(generate_dependencies, bits), str(bits), param_descr=param_descr, ) @@ -236,7 +141,7 @@ def test_case_for_key_generation( ) -> test_case.TestCase: """Return one test case exercising a key generation. """ - hack_dependencies_not_implemented(dependencies) + psa_information.hack_dependencies_not_implemented(dependencies) tc = test_case.TestCase() short_key_type = crypto_knowledge.short_expression(key_type) tc.set_description('PSA {} {}-bit' @@ -250,7 +155,7 @@ def test_case_for_key_generation( class KeyGenerate: """Generate positive and negative (invalid argument) test cases for key generation.""" - def __init__(self, info: Information) -> None: + def __init__(self, info: psa_information.Information) -> None: self.constructors = info.constructors ECC_KEY_TYPES = ('PSA_KEY_TYPE_ECC_KEY_PAIR', @@ -267,9 +172,9 @@ class KeyGenerate: """ result = 'PSA_SUCCESS' - import_dependencies = [psa_want_symbol(kt.name)] + import_dependencies = [psa_information.psa_want_symbol(kt.name)] if kt.params is not None: - import_dependencies += [psa_want_symbol(sym) + import_dependencies += [psa_information.psa_want_symbol(sym) for i, sym in enumerate(kt.params)] if kt.name.endswith('_PUBLIC_KEY'): # The library checks whether the key type is a public key generically, @@ -284,7 +189,7 @@ class KeyGenerate: for bits in kt.sizes_to_test(): yield test_case_for_key_generation( kt.expression, bits, - finish_family_dependencies(generate_dependencies, bits), + psa_information.finish_family_dependencies(generate_dependencies, bits), str(bits), result ) @@ -311,7 +216,7 @@ class OpFail: INCOMPATIBLE = 2 PUBLIC = 3 - def __init__(self, info: Information) -> None: + def __init__(self, info: psa_information.Information) -> None: self.constructors = info.constructors key_type_expressions = self.constructors.generate_expressions( sorted(self.constructors.key_types) @@ -348,7 +253,7 @@ class OpFail: pretty_alg, pretty_reason, ' with ' + pretty_type if pretty_type else '')) - dependencies = automatic_dependencies(alg.base_expression, key_type) + dependencies = psa_information.automatic_dependencies(alg.base_expression, key_type) for i, dep in enumerate(dependencies): if dep in not_deps: dependencies[i] = '!' + dep @@ -375,7 +280,7 @@ class OpFail: """Generate failure test cases for keyless operations with the specified algorithm.""" if alg.can_do(category): # Compatible operation, unsupported algorithm - for dep in automatic_dependencies(alg.base_expression): + for dep in psa_information.automatic_dependencies(alg.base_expression): yield self.make_test_case(alg, category, self.Reason.NOT_SUPPORTED, not_deps=frozenset([dep])) @@ -393,7 +298,7 @@ class OpFail: key_is_compatible = kt.can_do(alg) if key_is_compatible and alg.can_do(category): # Compatible key and operation, unsupported algorithm - for dep in automatic_dependencies(alg.base_expression): + for dep in psa_information.automatic_dependencies(alg.base_expression): yield self.make_test_case(alg, category, self.Reason.NOT_SUPPORTED, kt=kt, not_deps=frozenset([dep])) @@ -499,10 +404,10 @@ class StorageTestData(StorageKey): class StorageFormat: """Storage format stability test cases.""" - def __init__(self, info: Information, version: int, forward: bool) -> None: + def __init__(self, info: psa_information.Information, version: int, forward: bool) -> None: """Prepare to generate test cases for storage format stability. - * `info`: information about the API. See the `Information` class. + * `info`: information about the API. See the `psa_information.Information` class. * `version`: the storage format version to generate test cases for. * `forward`: if true, generate forward compatibility test cases which save a key and check that its representation is as intended. Otherwise @@ -569,11 +474,11 @@ class StorageFormat: verb = 'save' if self.forward else 'read' tc = test_case.TestCase() tc.set_description(verb + ' ' + key.description) - dependencies = automatic_dependencies( + dependencies = psa_information.automatic_dependencies( key.lifetime.string, key.type.string, key.alg.string, key.alg2.string, ) - dependencies = finish_family_dependencies(dependencies, key.bits) + dependencies = psa_information.finish_family_dependencies(dependencies, key.bits) tc.set_dependencies(dependencies) tc.set_function('key_storage_' + verb) if self.forward: @@ -778,13 +683,13 @@ class StorageFormat: class StorageFormatForward(StorageFormat): """Storage format stability test cases for forward compatibility.""" - def __init__(self, info: Information, version: int) -> None: + def __init__(self, info: psa_information.Information, version: int) -> None: super().__init__(info, version, True) class StorageFormatV0(StorageFormat): """Storage format stability test cases for version 0 compatibility.""" - def __init__(self, info: Information) -> None: + def __init__(self, info: psa_information.Information) -> None: super().__init__(info, 0, False) def all_keys_for_usage_flags(self) -> Iterator[StorageTestData]: @@ -894,6 +799,7 @@ class StorageFormatV0(StorageFormat): yield from super().generate_all_keys() yield from self.all_keys_for_implicit_usage() + class PSATestGenerator(test_data_generation.TestGenerator): """Test generator subclass including PSA targets and info.""" # Note that targets whose names contain 'test_format' have their content @@ -909,14 +815,15 @@ class PSATestGenerator(test_data_generation.TestGenerator): lambda info: StorageFormatForward(info, 0).all_test_cases(), 'test_suite_psa_crypto_storage_format.v0': lambda info: StorageFormatV0(info).all_test_cases(), - } #type: Dict[str, Callable[[Information], Iterable[test_case.TestCase]]] + } #type: Dict[str, Callable[[psa_information.Information], Iterable[test_case.TestCase]]] def __init__(self, options): super().__init__(options) - self.info = Information() + self.info = psa_information.Information() def generate_target(self, name: str, *target_args) -> None: super().generate_target(name, self.info) + if __name__ == '__main__': test_data_generation.main(sys.argv[1:], __doc__, PSATestGenerator) From 2bff1bfd472c103ca4809daa5283e05d6748a7c2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 30 Oct 2023 15:29:23 +0000 Subject: [PATCH 2/5] New test suite for the low-level hash interface MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Some basic test coverage for now: * Nominal operation. * Larger output buffer. * Clone an operation and use it after the original operation stops. Generate test data automatically. For the time being, only do that for hashes that Python supports natively. Supporting all algorithms is future work. Signed-off-by: Gilles Peskine Signed-off-by: Tomás González --- scripts/mbedtls_dev/crypto_data_tests.py | 123 ++++++++++ tests/scripts/generate_psa_tests.py | 3 + .../test_suite_psa_crypto_low_hash.function | 226 ++++++++++++++++++ ...t_suite_psa_crypto_low_hash.generated.data | 171 +++++++++++++ 4 files changed, 523 insertions(+) create mode 100644 scripts/mbedtls_dev/crypto_data_tests.py create mode 100644 tests/suites/test_suite_psa_crypto_low_hash.function create mode 100644 tests/suites/test_suite_psa_crypto_low_hash.generated.data diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py new file mode 100644 index 0000000000..99c4e3db3c --- /dev/null +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -0,0 +1,123 @@ +"""Generate test data for cryptographic mechanisms. +This module is a work in progress, only implementing a few cases for now. +""" + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import hashlib +from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import + +from . import crypto_knowledge +from . import psa_information +from . import test_case + + +def psa_low_level_dependencies(*expressions: str) -> List[str]: + """Infer dependencies of a PSA low-level test case by looking for PSA_xxx symbols. + This function generates MBEDTLS_PSA_BUILTIN_xxx symbols. + """ + high_level = psa_information.automatic_dependencies(*expressions) + for dep in high_level: + assert dep.startswith('PSA_WANT_') + return ['MBEDTLS_PSA_BUILTIN_' + dep[9:] for dep in high_level] + + +class HashPSALowLevel: + """Generate test cases for the PSA low-level hash interface.""" + + def __init__(self, info: psa_information.Information) -> None: + self.info = info + base_algorithms = sorted(info.constructors.algorithms) + all_algorithms = \ + [crypto_knowledge.Algorithm(expr) + for expr in info.constructors.generate_expressions(base_algorithms)] + self.algorithms = \ + [alg + for alg in all_algorithms + if (not alg.is_wildcard and + alg.can_do(crypto_knowledge.AlgorithmCategory.HASH))] + + # CALCULATE[alg] = function to return the hash of its argument in hex + # TO-DO: implement the None entries with a third-party library, because + # hashlib might not have everything, depending on the Python version and + # the underlying OpenSSL. On Ubuntu 16.04, truncated sha512 and sha3/shake + # are not available. On Ubuntu 22.04, md2, md4 and ripemd160 are not + # available. + CALCULATE = { + 'PSA_ALG_MD2': None, + 'PSA_ALG_MD4': None, + 'PSA_ALG_MD5': lambda data: hashlib.md5(data).hexdigest(), + 'PSA_ALG_RIPEMD160': None, #lambda data: hashlib.new('ripdemd160').hexdigest() + 'PSA_ALG_SHA_1': lambda data: hashlib.sha1(data).hexdigest(), + 'PSA_ALG_SHA_224': lambda data: hashlib.sha224(data).hexdigest(), + 'PSA_ALG_SHA_256': lambda data: hashlib.sha256(data).hexdigest(), + 'PSA_ALG_SHA_384': lambda data: hashlib.sha384(data).hexdigest(), + 'PSA_ALG_SHA_512': lambda data: hashlib.sha512(data).hexdigest(), + 'PSA_ALG_SHA_512_224': None, #lambda data: hashlib.new('sha512_224').hexdigest() + 'PSA_ALG_SHA_512_256': None, #lambda data: hashlib.new('sha512_256').hexdigest() + 'PSA_ALG_SHA3_224': None, #lambda data: hashlib.sha3_224(data).hexdigest(), + 'PSA_ALG_SHA3_256': None, #lambda data: hashlib.sha3_256(data).hexdigest(), + 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(), + 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(), + 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64), + } #typing: Optional[Dict[str, Callable[[bytes], str]]] + + @staticmethod + def one_test_case(alg: crypto_knowledge.Algorithm, + function: str, note: str, + arguments: List[str]) -> test_case.TestCase: + """Construct one test case involving a hash.""" + tc = test_case.TestCase() + tc.set_description('{}{} {}' + .format(function, + ' ' + note if note else '', + alg.short_expression())) + tc.set_dependencies(psa_low_level_dependencies(alg.expression)) + tc.set_function(function) + tc.set_arguments([alg.expression] + + ['"{}"'.format(arg) for arg in arguments]) + return tc + + def test_cases_for_hash(self, + alg: crypto_knowledge.Algorithm + ) -> Iterator[test_case.TestCase]: + """Enumerate all test cases for one hash algorithm.""" + calc = self.CALCULATE[alg.expression] + if calc is None: + return # not implemented yet + + short = b'abc' + hash_short = calc(short) + long = (b'Hello, world. Here are 16 unprintable bytes: [' + b'\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a' + b'\x80\x81\x82\x83\xfe\xff]. ' + b' This message was brought to you by a natural intelligence. ' + b' If you can read this, good luck with your debugging!') + hash_long = calc(long) + + yield self.one_test_case(alg, 'hash_empty', '', [calc(b'')]) + yield self.one_test_case(alg, 'hash_valid_one_shot', '', + [short.hex(), hash_short]) + for n in [0, 1, 64, len(long) - 1, len(long)]: + yield self.one_test_case(alg, 'hash_valid_multipart', + '{} + {}'.format(n, len(long) - n), + [long[:n].hex(), calc(long[:n]), + long[n:].hex(), hash_long]) + + def all_test_cases(self) -> Iterator[test_case.TestCase]: + """Enumerate all test cases for all hash algorithms.""" + for alg in self.algorithms: + yield from self.test_cases_for_hash(alg) diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 5f350d83a9..872d214725 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -26,6 +26,7 @@ import sys from typing import Callable, Dict, FrozenSet, Iterable, Iterator, List, Optional import scripts_path # pylint: disable=unused-import +from mbedtls_dev import crypto_data_tests from mbedtls_dev import crypto_knowledge from mbedtls_dev import macro_collector #pylint: disable=unused-import from mbedtls_dev import psa_information @@ -809,6 +810,8 @@ class PSATestGenerator(test_data_generation.TestGenerator): lambda info: KeyGenerate(info).test_cases_for_key_generation(), 'test_suite_psa_crypto_not_supported.generated': lambda info: KeyTypeNotSupported(info).test_cases_for_not_supported(), + 'test_suite_psa_crypto_low_hash.generated': + lambda info: crypto_data_tests.HashPSALowLevel(info).all_test_cases(), 'test_suite_psa_crypto_op_fail.generated': lambda info: OpFail(info).all_test_cases(), 'test_suite_psa_crypto_storage_format.current': diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function new file mode 100644 index 0000000000..6bdbefa1e5 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_low_hash.function @@ -0,0 +1,226 @@ +/* BEGIN_HEADER */ +/* + * Test suite for the PSA hash built-in driver + * + * This test suite exercises some aspects of the built-in PSA driver for + * hash algorithms (psa_crypto_hash.c). This code is mostly tested via + * the application interface (above the PSA API layer) and via tests of + * individual hash modules. The goal of this test suite is to ensure that + * the driver dispatch layer behaves correctly even when not invoked via + * the API layer, but directly from another driver. + * + * This test suite is currently incomplete. It focuses on non-regression + * tests for past bugs or near misses. + */ + +#include + +/* END_HEADER */ + +/* BEGIN_DEPENDENCIES + * depends_on:MBEDTLS_PSA_BUILTIN_HASH + * END_DEPENDENCIES + */ + +/* BEGIN_CASE */ +void hash_valid_one_shot(int alg_arg, data_t *input, + data_t *expected) +{ + psa_algorithm_t alg = alg_arg; + uint8_t *output = NULL; + size_t output_size = expected->len; + size_t length = SIZE_MAX; + + /* Nominal case */ + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected->x, expected->len, output, length); + mbedtls_free(output); + output = NULL; + + /* Larger output buffer */ + output_size = expected->len + 1; + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected->x, expected->len, output, length); + mbedtls_free(output); + output = NULL; + +#if 0 + + /* Smaller output buffer (does not have to work!) */ + output_size = expected->len - 1; + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len, + output, output_size, &length), + PSA_ERROR_BUFFER_TOO_SMALL); + mbedtls_free(output); + output = NULL; +#endif + +exit: + mbedtls_free(output); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void hash_valid_multipart(int alg_arg, + data_t *input1, data_t *expected1, + data_t *input2, data_t *expected2) +{ + psa_algorithm_t alg = alg_arg; + uint8_t *output = NULL; + size_t output_size = expected1->len; + size_t length = SIZE_MAX; + mbedtls_psa_hash_operation_t operation0; // original + memset(&operation0, 0, sizeof(operation0)); + mbedtls_psa_hash_operation_t clone_start; // cloned after setup + memset(&clone_start, 0, sizeof(clone_start)); + mbedtls_psa_hash_operation_t clone_middle; // cloned between updates + memset(&clone_middle, 0, sizeof(clone_middle)); + mbedtls_psa_hash_operation_t clone_end; // cloned before finish + memset(&clone_end, 0, sizeof(clone_end)); + mbedtls_psa_hash_operation_t clone_more; // cloned before finish + memset(&clone_more, 0, sizeof(clone_more)); + + /* Nominal case with two update calls */ + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_setup(&operation0, alg), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_start), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input1->x, input1->len), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_middle), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_update(&operation0, input2->x, input2->len), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_clone(&operation0, &clone_end), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_finish(&operation0, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected2->x, expected2->len, output, length); + + /* Nominal case with an operation cloned after setup */ + memset(output, 0, output_size); + TEST_EQUAL(mbedtls_psa_hash_update(&clone_start, input1->x, input1->len), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_start, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected1->x, expected1->len, output, length); + + /* Nominal case with an operation cloned between updates */ + memset(output, 0, output_size); + TEST_EQUAL(mbedtls_psa_hash_update(&clone_middle, input2->x, input2->len), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_middle, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected2->x, expected2->len, output, length); + + /* Nominal case with an operation cloned before finish */ + TEST_EQUAL(mbedtls_psa_hash_clone(&clone_end, &clone_more), + PSA_SUCCESS); + memset(output, 0, output_size); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected2->x, expected2->len, output, length); + mbedtls_free(output); + output = NULL; + + /* Larger output buffer */ + TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end), + PSA_SUCCESS); + output_size = expected2->len + 1; + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected2->x, expected2->len, output, length); + mbedtls_free(output); + output = NULL; + +#if 0 + /* Smaller output buffer (does not have to work!) */ + TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end), + PSA_SUCCESS); + output_size = expected2->len - 1; + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end, + output, output_size, &length), + PSA_ERROR_BUFFER_TOO_SMALL); + mbedtls_free(output); + output = NULL; +#endif + + /* Nominal case again after an error in a cloned operation */ + output_size = expected2->len; + ASSERT_ALLOC(output, output_size); + TEST_EQUAL(mbedtls_psa_hash_finish(&clone_more, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected2->x, expected2->len, output, length); + mbedtls_free(output); + output = NULL; + +exit: + mbedtls_free(output); + mbedtls_psa_hash_abort(&operation0); + mbedtls_psa_hash_abort(&clone_start); + mbedtls_psa_hash_abort(&clone_middle); + mbedtls_psa_hash_abort(&clone_end); + mbedtls_psa_hash_abort(&clone_more); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void hash_empty(int alg_arg, data_t *expected) +{ + psa_algorithm_t alg = alg_arg; + uint8_t *output = NULL; + size_t output_size = expected->len; + size_t length = SIZE_MAX; + mbedtls_psa_hash_operation_t operation; + memset(&operation, 0, sizeof(operation)); + + ASSERT_ALLOC(output, output_size); + + /* One-shot */ + TEST_EQUAL(mbedtls_psa_hash_compute(alg, NULL, 0, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected->x, expected->len, output, length); + + /* Multipart, no update */ + memset(output, 0, output_size); + TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_finish(&operation, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected->x, expected->len, output, length); + + /* Multipart, one update */ + memset(output, 0, output_size); + memset(&operation, 0, sizeof(operation)); + TEST_EQUAL(mbedtls_psa_hash_setup(&operation, alg), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_update(&operation, NULL, 0), + PSA_SUCCESS); + TEST_EQUAL(mbedtls_psa_hash_finish(&operation, + output, output_size, &length), + PSA_SUCCESS); + ASSERT_COMPARE(expected->x, expected->len, output, length); + +exit: + mbedtls_free(output); + mbedtls_psa_hash_abort(&operation); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_low_hash.generated.data b/tests/suites/test_suite_psa_crypto_low_hash.generated.data new file mode 100644 index 0000000000..30cc9cfce9 --- /dev/null +++ b/tests/suites/test_suite_psa_crypto_low_hash.generated.data @@ -0,0 +1,171 @@ +# Automatically generated by generate_psa_tests.py. Do not edit! + +hash_empty MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_empty:PSA_ALG_MD5:"d41d8cd98f00b204e9800998ecf8427e" + +hash_valid_one_shot MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_one_shot:PSA_ALG_MD5:"616263":"900150983cd24fb0d6963f7d28e17f72" + +hash_valid_multipart 0 + 179 MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_multipart:PSA_ALG_MD5:"":"d41d8cd98f00b204e9800998ecf8427e":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166" + +hash_valid_multipart 1 + 178 MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_multipart:PSA_ALG_MD5:"48":"c1d9f50f86825a1a2302ec2449c17196":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166" + +hash_valid_multipart 64 + 115 MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"f643f3cdd664a99674b060a871e5cdf6":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166" + +hash_valid_multipart 178 + 1 MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"484d9ce483e5d65fa93622e5e0502163":"21":"581d07c1c1cf41c302d587ca06659166" + +hash_valid_multipart 179 + 0 MD5 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_MD5 +hash_valid_multipart:PSA_ALG_MD5:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"581d07c1c1cf41c302d587ca06659166":"":"581d07c1c1cf41c302d587ca06659166" + +hash_empty SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_empty:PSA_ALG_SHA_1:"da39a3ee5e6b4b0d3255bfef95601890afd80709" + +hash_valid_one_shot SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_one_shot:PSA_ALG_SHA_1:"616263":"a9993e364706816aba3e25717850c26c9cd0d89d" + +hash_valid_multipart 0 + 179 SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_multipart:PSA_ALG_SHA_1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72" + +hash_valid_multipart 1 + 178 SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_multipart:PSA_ALG_SHA_1:"48":"7cf184f4c67ad58283ecb19349720b0cae756829":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72" + +hash_valid_multipart 64 + 115 SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"750ba870591b392b0a82a93715018733809d6d60":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72" + +hash_valid_multipart 178 + 1 SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"95147c023be4f648064a8003d856901dd4cae0aa":"21":"68e3b2a18096d66916a64b84085772c1ee2b7e72" + +hash_valid_multipart 179 + 0 SHA_1 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_1 +hash_valid_multipart:PSA_ALG_SHA_1:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"68e3b2a18096d66916a64b84085772c1ee2b7e72":"":"68e3b2a18096d66916a64b84085772c1ee2b7e72" + +hash_empty SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_empty:PSA_ALG_SHA_224:"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f" + +hash_valid_one_shot SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_one_shot:PSA_ALG_SHA_224:"616263":"23097d223405d8228642a477bda255b32aadbce4bda0b3f7e36c9da7" + +hash_valid_multipart 0 + 179 SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_multipart:PSA_ALG_SHA_224:"":"d14a028c2a3a2bc9476102bb288234c415a2b01f828ea62ac5b3e42f":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444" + +hash_valid_multipart 1 + 178 SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_multipart:PSA_ALG_SHA_224:"48":"7e27c59a202f5e2b2b3b5458300140ef7aa7edc3a97a605b788546a1":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444" + +hash_valid_multipart 64 + 115 SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"ee50241ec35c16da236ed1d98a67635ec684dcaa205d59ef91a0bc95":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444" + +hash_valid_multipart 178 + 1 SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"b28b9b1080f8ba1f274c41ad40823dca0d6e575abaa42c5b01588cd2":"21":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444" + +hash_valid_multipart 179 + 0 SHA_224 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_224 +hash_valid_multipart:PSA_ALG_SHA_224:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444":"":"6e2ca0f9c283b6c8759e761d8bd1dd5dba0a49af1dff64f9beb2e444" + +hash_empty SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_empty:PSA_ALG_SHA_256:"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855" + +hash_valid_one_shot SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_one_shot:PSA_ALG_SHA_256:"616263":"ba7816bf8f01cfea414140de5dae2223b00361a396177a9cb410ff61f20015ad" + +hash_valid_multipart 0 + 179 SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_multipart:PSA_ALG_SHA_256:"":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc" + +hash_valid_multipart 1 + 178 SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_multipart:PSA_ALG_SHA_256:"48":"44bd7ae60f478fae1061e11a7739f4b94d1daf917982d33b6fc8a01a63f89c21":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc" + +hash_valid_multipart 64 + 115 SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"ac068007f505c49f58818543ba0566528b54caffe65494da3515a8295ca986ad":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc" + +hash_valid_multipart 178 + 1 SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"82effb9677d08d1ef33f578433cfcfb96355fe19372808e0711d72337671f152":"21":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc" + +hash_valid_multipart 179 + 0 SHA_256 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_256 +hash_valid_multipart:PSA_ALG_SHA_256:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc":"":"4d30d19911e5974d669fa735cbd7a5b03dbea5754fc1d52f8c2a5d08ae7110dc" + +hash_empty SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_empty:PSA_ALG_SHA_384:"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b" + +hash_valid_one_shot SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_one_shot:PSA_ALG_SHA_384:"616263":"cb00753f45a35e8bb5a03d699ac65007272c32ab0eded1631a8b605a43ff5bed8086072ba1e7cc2358baeca134c825a7" + +hash_valid_multipart 0 + 179 SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_multipart:PSA_ALG_SHA_384:"":"38b060a751ac96384cd9327eb1b1e36a21fdb71114be07434c0cc7bf63f6e1da274edebfe76f65fbd51ad2f14898b95b":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd" + +hash_valid_multipart 1 + 178 SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_multipart:PSA_ALG_SHA_384:"48":"72df8089b04fd6038238731b218a64da29bd83a34bced02a29f3139833671028584a653f74f1afecfac51064a0e6416c":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd" + +hash_valid_multipart 64 + 115 SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"fced26dd21bb61dbb69f704e8aa6cd6e00da4ceecfc55dc94fe48458bc72fb603c23186150923578e4a7237af0e6105c":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd" + +hash_valid_multipart 178 + 1 SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"30d426688d31277644b0aa8c32435a36c17f2b8ef20c17e2069405951d01d0e66983e4f98ae1103f85b5e94862ea8b59":"21":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd" + +hash_valid_multipart 179 + 0 SHA_384 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_384 +hash_valid_multipart:PSA_ALG_SHA_384:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd":"":"23d654bbaa58d813adce62c4a6e94a5589d9104b0c908173c583eb1aefe08f884b2c90e945e9c27ac3cdfa80fb8e1efd" + +hash_empty SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_empty:PSA_ALG_SHA_512:"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e" + +hash_valid_one_shot SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_one_shot:PSA_ALG_SHA_512:"616263":"ddaf35a193617abacc417349ae20413112e6fa4e89a97ea20a9eeee64b55d39a2192992a274fc1a836ba3c23a3feebbd454d4423643ce80e2a9ac94fa54ca49f" + +hash_valid_multipart 0 + 179 SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_multipart:PSA_ALG_SHA_512:"":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e":"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0" + +hash_valid_multipart 1 + 178 SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_multipart:PSA_ALG_SHA_512:"48":"9032fb94055d4d14e42185bdff59642b98fe6073f68f29d394620c4e698a86fb2e51351ca6997e6a164aae0b871cf789fbc6e0d863733d05903b4eb11be58d9c":"656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0" + +hash_valid_multipart 64 + 115 SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d":"98cde721bfa735807497358c48c5e5d4302410f30c3afc3b08f40da267d23a28a88ecdd9d52711189fa2ddca54343e37a14d401aee3ac47df3b469c15906bce1":"2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0" + +hash_valid_multipart 178 + 1 SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e67":"0d86ca214f7634d86c13f95068b226d16bd1e65337da4983ce88e82fa2515957495fc6c50b2afb677bea54de9e1b8e7c694591605c514abed7fdc18f181fe01c":"21":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0" + +hash_valid_multipart 179 + 0 SHA_512 +depends_on:MBEDTLS_PSA_BUILTIN_ALG_SHA_512 +hash_valid_multipart:PSA_ALG_SHA_512:"48656c6c6f2c20776f726c642e20486572652061726520313620756e7072696e7461626c652062797465733a205b000102030405060708090a80818283feff5d2e202054686973206d657373616765207761732062726f7567687420746f20796f752062792061206e61747572616c20696e74656c6c6967656e63652e2020496620796f752063616e207265616420746869732c20676f6f64206c75636b207769746820796f757220646562756767696e6721":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0":"":"f01271da8ba8505cc60393b497939b10a7e8c9e4fb4e636bac3ca92d5bec0d6d3d9f19ee9229173e40840e14740214fe454893a044d1da5aca4ef9b830d0dab0" + +# End of automatically generated file. From e25a6198245aa2385d3693fbe34a87ea9cf3e0be Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 7 Aug 2023 21:21:21 +0200 Subject: [PATCH 3/5] Remove dead code MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Do explain why we don't test a smaller buffer in addition to testing the nominal size and a larger buffer. Signed-off-by: Gilles Peskine Signed-off-by: Tomás González --- .../test_suite_psa_crypto_low_hash.function | 29 ++++--------------- 1 file changed, 6 insertions(+), 23 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function index 6bdbefa1e5..6dabceff9e 100644 --- a/tests/suites/test_suite_psa_crypto_low_hash.function +++ b/tests/suites/test_suite_psa_crypto_low_hash.function @@ -50,17 +50,9 @@ void hash_valid_one_shot(int alg_arg, data_t *input, mbedtls_free(output); output = NULL; -#if 0 - - /* Smaller output buffer (does not have to work!) */ - output_size = expected->len - 1; - ASSERT_ALLOC(output, output_size); - TEST_EQUAL(mbedtls_psa_hash_compute(alg, input->x, input->len, - output, output_size, &length), - PSA_ERROR_BUFFER_TOO_SMALL); - mbedtls_free(output); - output = NULL; -#endif + /* We don't test with a smaller output buffer because this isn't + * guaranteed to work: the core must pass a sufficiently large + * output buffer to the driver. */ exit: mbedtls_free(output); @@ -147,18 +139,9 @@ void hash_valid_multipart(int alg_arg, mbedtls_free(output); output = NULL; -#if 0 - /* Smaller output buffer (does not have to work!) */ - TEST_EQUAL(mbedtls_psa_hash_clone(&clone_more, &clone_end), - PSA_SUCCESS); - output_size = expected2->len - 1; - ASSERT_ALLOC(output, output_size); - TEST_EQUAL(mbedtls_psa_hash_finish(&clone_end, - output, output_size, &length), - PSA_ERROR_BUFFER_TOO_SMALL); - mbedtls_free(output); - output = NULL; -#endif + /* We don't test with a smaller output buffer because this isn't + * guaranteed to work: the core must pass a sufficiently large + * output buffer to the driver. */ /* Nominal case again after an error in a cloned operation */ output_size = expected2->len; From 9043a2fc0b4188e738fe35807474c3a71f5a83a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 9 Aug 2023 10:50:58 +0200 Subject: [PATCH 4/5] Fix type annotation Signed-off-by: Gilles Peskine --- scripts/mbedtls_dev/crypto_data_tests.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py index 99c4e3db3c..2036ea3eae 100644 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -73,7 +73,7 @@ class HashPSALowLevel: 'PSA_ALG_SHA3_384': None, #lambda data: hashlib.sha3_384(data).hexdigest(), 'PSA_ALG_SHA3_512': None, #lambda data: hashlib.sha3_512(data).hexdigest(), 'PSA_ALG_SHAKE256_512': None, #lambda data: hashlib.shake_256(data).hexdigest(64), - } #typing: Optional[Dict[str, Callable[[bytes], str]]] + } #type: Dict[str, Optional[Callable[[bytes], str]]] @staticmethod def one_test_case(alg: crypto_knowledge.Algorithm, From 5fae560b4a054a69587a8574a60eb5c6f54af5f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1s=20Gonz=C3=A1lez?= Date: Mon, 13 Nov 2023 11:45:12 +0000 Subject: [PATCH 5/5] Update new license headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomás González --- scripts/mbedtls_dev/crypto_data_tests.py | 15 ++------------- scripts/mbedtls_dev/psa_information.py | 15 ++------------- tests/scripts/generate_psa_tests.py | 14 +------------- 3 files changed, 5 insertions(+), 39 deletions(-) diff --git a/scripts/mbedtls_dev/crypto_data_tests.py b/scripts/mbedtls_dev/crypto_data_tests.py index 2036ea3eae..bad26fdd77 100644 --- a/scripts/mbedtls_dev/crypto_data_tests.py +++ b/scripts/mbedtls_dev/crypto_data_tests.py @@ -3,19 +3,8 @@ This module is a work in progress, only implementing a few cases for now. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + import hashlib from typing import Callable, Dict, Iterator, List, Optional #pylint: disable=unused-import diff --git a/scripts/mbedtls_dev/psa_information.py b/scripts/mbedtls_dev/psa_information.py index 0d3b246ee7..a3a84f6dba 100644 --- a/scripts/mbedtls_dev/psa_information.py +++ b/scripts/mbedtls_dev/psa_information.py @@ -2,19 +2,8 @@ """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + import re from typing import Dict, FrozenSet, List, Optional diff --git a/tests/scripts/generate_psa_tests.py b/tests/scripts/generate_psa_tests.py index 872d214725..faebe510c0 100755 --- a/tests/scripts/generate_psa_tests.py +++ b/tests/scripts/generate_psa_tests.py @@ -6,19 +6,7 @@ generate only the specified files. """ # Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 -# -# Licensed under the Apache License, Version 2.0 (the "License"); you may -# not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT -# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later import enum import re