1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-04 08:02:28 +03:00
Commit Graph

3354 Commits

Author SHA1 Message Date
8da0e9eef7 all.sh: rationalize relative path usage
In preparation for adding tf-psa-crypto/test/scripts/all.sh which will
run from tf-psa-crypto.

Use paths relative to the currently sourced file when including common
files (ie, those that will soon be moved to the framework). Otherwise,
use paths relative to the current directory, aka project's root.

Document that test/script/all.sh must be invoked from the project's root
(that was already the case, but implicit so far).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-23 10:06:38 +02:00
d2da02b1ce Remove obsolete exemptions from test case coverage
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-22 22:10:42 +02:00
fef912c30b Test partial ECC creation support: switch to MBEDTLS_USE_PSA_CRYPTO
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE disabled, test TLS 1.3 and
USE_PSA TLS 1.2.

With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE disabled, just test crypto,
because the TLS code needs that to generate ephemeral ECDH keys but this is
not tracked properly (the ephemeral ECDH code is only gated on having ECDH).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-22 22:10:42 +02:00
ec028d8451 analyze_outcomes.py: allow test with PSA_WANT_ALG_TLS12_PRF disabled
Do not assume that tests with !PSA_WANT_ALG_TLS12_PRF will not
be executed in AnalyzeCoverage task.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 18:02:04 +02:00
7213fbc2e2 components-basic-checks: add new exception for MBEDTLS_CTR_DRBG_MAX_REQUEST
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
8bc8172c4a test: disable dynamic key store in test_crypto_with_static_key_slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
4d9a8219ac test: properly select MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE value
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
2a3c9b347c test: extend component_test_crypto_with_static_key_slots
Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly
smaller than the maximum RSA key pair size for an RSA key of 4096
bits. Also add a test in test_suite_psa_crypto to verify this
condition.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
35b0b02e4a test: disable all legacy symbols in test_psa_crypto_without_heap
Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled)
when building the main library.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
13aadd7981 test: minor fixes to test_psa_crypto_without_heap and test_crypto_with_static_key_slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
a47b045a68 test: add new component to test core library without calloc/free
This commit also fixes issues found in test suites
function/data files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
dbb646b99a test: add new component to test MBEDTLS_PSA_STATIC_KEY_SLOTS
This commit also fixes related errors in test suites. In all
cases those failures are related to the use of raw keys whose
size cannot be determined a-priori.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 17:56:36 +02:00
b50043b960 Update cipher_id domain to use PSA macros
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-22 16:55:19 +02:00
6b644938d2 Merge pull request #9657 from mpg/refactor-all.sh-dev
Refactor all.sh
2024-10-22 13:33:45 +00:00
6a986d9122 Update coverage datebase
With the `depend.py` using the crypto config the `PBKDF2_HMAC` can be
enabled so thest cases can be run.

The equivalence (synonym) between `PSA_WANT_ALG_RSA_PSS_ANY_SALT` and
`PSA_WANT_ALG_RSA_PSS` is now done properly, the test can be run.

Dependencies for `MBEDTLS_CIPHER_PADDING_PKCS7' has been updated and
now it can be actually disabled.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-22 10:43:03 +02:00
4fef797450 Update macro dependencies
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:27:23 +02:00
f10402c028 Update macro dependencies
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:27:22 +02:00
c9f01cf8b5 Use f-string instead of concatenation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:27:22 +02:00
224152eec0 Remove unneeded newlines
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:27:22 +02:00
fb06101b9f Fix recursive dependencies for cross referencing
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:27:22 +02:00
4e10d6c21d Add consistency check for option avalability
The PSA and MbedTLS options can switch the same functionality separately
so add a check to ensure the cpnsistency.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
8f94485166 Fix dependency
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
610e6e2aea Add PSA macro dependencies
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
8ec990bc45 Apply config dependecies recursively
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
9ce6d244f1 Remove depends.py option to use without PSA
Also removed test which uses this option.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
035d7c8cfa Move file backup support to config_common.py
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
f5408f0909 Enable usage of crypto config in depends.py
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-10-21 14:26:52 +02:00
4cd797e7fb tf-psa-crypto: Add cmake_package test program
We cannot add the equivalent of
cmake_package_install yet as the build in
tf-psa-crypto still references some headers
in ./include/mbedtls like mbedtls_config.h.

We cannot add the equivalent of
cmake_subproject yet as currently only
the case of the Mbed TLS parent project is
supported.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-18 11:42:17 +02:00
4870e613f8 Refactor pkgconfig.sh
Refactor pkgconfig.sh to be able to use it
for Mbed TLS and TF-PSA-Crypto packages.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-18 10:23:15 +02:00
fd4f2831d7 Fix a typo in a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-18 09:58:11 +02:00
8b4b15269a Fix test scripts for split error files
This commit fixes failing tests to do with generated files and code
styles.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-18 08:19:50 +01:00
f5025e2680 Merge remote-tracking branch 'development' into test-cases-not-executed-enforce-development
Conflicts:
* framework: update to the head of 'main'.
2024-10-17 21:20:01 +02:00
13d2939563 Merge pull request #9673 from eleuzi01/issue-54-fw
Move TLS auxiliary test scripts to the framework
2024-10-17 17:15:46 +00:00
dea880f035 all.sh: fix missing quotes
Without quotes, when the variable is empty, the shell will see three
tokens: [, -n, ]. After skipping ] as usual, it will see a single token,
so it will consider it not as command, but a string to be tested for "is
it empty", and since "-n" is not empty, the command will return true.

With quotes it see 4 tokens: [, -n, <empty string>, ] and interprets -n
as desired.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-17 09:21:19 +02:00
e1f37c58a2 Merge pull request #9566 from gilles-peskine-arm/error-codes-4.0-enforce-add-macro
Error codes: enforce add macro
2024-10-16 17:28:04 +00:00
8085f51108 Use MBEDTLS_ERROR_ADD instead of explicit addition: enforcement
Reject direct additions of error constants (regex-based approximation).

Fix the lone straggler.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-16 11:52:27 +02:00
6c0b4e73c0 all.sh: adjust for when tf-psa-crypto is absent
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-16 10:50:43 +02:00
f48d4edd0c all.sh: re-instate 3.6-specific code
This aligns development and 3.6 in preparation for moving to the
framework repo.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-16 10:50:15 +02:00
ede04b34d1 Remove unnecessary -O2 compilation flag
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-16 10:47:15 +02:00
a0afbfb2a4 Fix/Add documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-15 17:09:36 +02:00
67cc6a73aa Use config_adjust_test_accelerators.h
Use config_adjust_test_accelerators.h
to adjust the configuration needed for
test_psa_crypto_drivers all.sh component
with PSA_CRYPTO_CONFIG enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-15 17:09:36 +02:00
9669eeabcf Adjust file path for translate_ciphers.py
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 11:45:15 +01:00
b74c3eaf87 Adjust file path for generate_tls13_compat_tests.py
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 11:45:05 +01:00
09fee364a3 Adjust file path for generate_ssl_debug_helpers.py
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 11:43:51 +01:00
2df289290f Move some files to framework repository
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-10-15 11:41:39 +01:00
5e3ed3f8a0 Minor readability improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-11 12:00:44 +02:00
095561cca1 Switch outcome analysis to enforcing that all tests are executed
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-10 17:26:11 +02:00
d9c40f538d We never test without the PSA client code.
Should we? To be decided later.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-10 17:26:11 +02:00
24b03d8b72 Add ignore list for restartable ECDH in TLS
TLS only supports actual restartable ECDH with the legacy code that's going
away, not with the MBEDTLS_USE_PSA_CRYPTO code that's becoming the only
variant. This leaves a few test cases that validate restartable ECDH in TLS
as desirable, but not currently able to pass.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-10 17:26:11 +02:00
2fd25bb2a5 Add ignore list entries for configurations that are not tested
For each ignore list entry, link to a GitHub issue for its resolution,
except for a few configurations which there is a good reason to leave
uncovered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-10 17:26:11 +02:00