1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Commit Graph

33 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3e59e0ae08 Merge pull request #1411 from mpg/bypass-wrappers
[3.6] Bypass GCD/modinv wrappers when possible
2025-09-11 12:25:23 +02:00
Manuel Pégourié-Gonnard
f35d30799c ECP: use CT modinv
A function that was previously called in multiple places is now called
only once, hence more susceptible to being inlined, hence the test fix.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-08-14 09:18:52 +02:00
Gilles Peskine
4eba1cc364 Improve outcome reporting of additional valgrind_cf testing
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 15:15:07 +02:00
Gilles Peskine
580d1f4954 Do dedicated constant-time testing in a few more configurations
Do constant-time testing in a couple of configurations that give some
interesting coverage;

* In a configuration that's close to the default: `test_aes_only_128_bit_keys`.
  Having only 128-bit AES keys doesn't reduce the interesting scope much
  (except that it doesn't test 192-bit and 256-bit AES, but since that
  configuration uses hardware AES, we don't care about that part).
* when PSA buffer copying is not done, i.e. when
  `MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS` is enabled. This will be very
  relevant for the upcoming PSA constant-time tests.

Use Valgrind, since some of the interesting tests require constant-time AES,
which for us means AESNI or AESCE, which MSan doesn't support.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-08-08 15:14:47 +02:00
Gilles Peskine
361799acbe typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-06 14:52:06 +02:00
Gilles Peskine
bd6fb46ff6 Add a build with NV seed as the only entropy source
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-06-06 10:18:36 +02:00
David Horstmann
cbf530dde7 Disable test hooks when checking missing symbols
The function mbedtls_test_hook_error_add() is declared in the library
but supplied by test helpers in framework/tests/src, so it is undefined
in library-only builds. This messes up our checks for missing symbols,
so disable MBEDTLS_TEST_HOOKS when we are building to check missing
symbols.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:49 +00:00
David Horstmann
b19374f548 Update path to PSA crypto alt headers
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:42 +00:00
David Horstmann
dcf42a0b53 Update references to test helpers
Replace:
* tests/src -> framework/tests/src
* tests/include -> framework/tests/include

Except for occurrences of:
* tests/src/test_helpers (since this only contains ssl_helpers.c)
* tests/src/test_certs.h
* tests/include/alt_dummy

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-14 14:19:40 +00:00
Gilles Peskine
91972cc13d Merge pull request #9608 from gilles-peskine-arm/outcome-check-repeated-configurations-all.sh-preliminaries-3.6
Backport 3.6: Fix some all.sh components with sub-components
2024-10-25 11:47:48 +00:00
Gilles Peskine
0b8b7a1ee1 Merge pull request #9448 from valeriosetti/psa-use-static-slots-backport
[Backport 3.6] PSA: use static key slots to store keys
2024-10-24 07:27:43 +00:00
Valerio Setti
92f1d2dcb2 test: disable dynamic key store in test_crypto_with_static_key_slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
ba98d5b90e test: properly select MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE value
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
291532fd45 test: extend component_test_crypto_with_static_key_slots
Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly
smaller than the maximum RSA key pair size for an RSA key of 4096
bits. Also add a test in test_suite_psa_crypto to verify this
condition.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
f7485fbba1 test: disable all legacy symbols in test_psa_crypto_without_heap
Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled)
when building the main library.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
bc6117166a test: minor fixes to test_psa_crypto_without_heap and test_crypto_with_static_key_slots
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
efce6052d8 test: add new component to test core library without calloc/free
This commit also fixes issues found in test suites
function/data files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Valerio Setti
168d24a00d test: add new component to test MBEDTLS_PSA_STATIC_KEY_SLOTS
This commit also fixes related errors in test suites. In all
cases those failures are related to the use of raw keys whose
size cannot be determined a-priori.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-10-22 13:31:19 +02:00
Manuel Pégourié-Gonnard
452db6050b all.sh: rename a helper function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-10-16 10:24:40 +02:00
Manuel Pégourié-Gonnard
8536c3c792 Merge pull request #9161 from mpg/doc-guards
[3.6 only] Document transitional feature macros / guards
2024-10-09 10:30:50 +00:00
Gilles Peskine
f0d2eb5828 Merge pull request #9603 from gilles-peskine-arm/test-ref-configs-go-away-3.6
Backport 3.6: Switch from test-ref-configs.pl to separate components
2024-09-24 13:00:54 +00:00
Gilles Peskine
5ea32988ef Fix spurious * in regex
`grep mbedtls_des*` would pick up e.g. mbedtls_derive_xxx.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-20 17:34:46 +02:00
Gilles Peskine
ced0edc43e Move config-tfm.h testing to separate all.sh component
Rename the existing component_test_tfm_config which tests a modified version
of config-tfm.h for the sake of driver-vs-reference comparison.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-19 18:57:11 +02:00
Gilles Peskine
dbd0f424b0 Move config-symmetric-only.h testing to separate all.sh components
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-19 18:57:03 +02:00
Gilles Peskine
4d347aa433 Move config-no-entropy.h testing to separate all.sh component
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-19 18:55:08 +02:00
Elena Uziunaite
fbab4f88dc Add missing ALG_SHA_1
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-16 12:34:11 +01:00
Manuel Pégourié-Gonnard
b50b6387d5 Clarify a comment in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-10 10:58:50 +02:00
Manuel Pégourié-Gonnard
32bdf19a01 Minor updates in doc/comments/debug
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-10 10:58:47 +02:00
Gilles Peskine
9dc903a316 Add test components with the PSA static key store
We were only testing the static key store (MBEDTLS_PSA_KEY_STORE_DYNAMIC
disabled) with configs/*.h. Add a component with the static key store and
everything else (including built-in keys), and a component with the static
key store and CTR_DBRG using PSA for AES (which means PSA uses a volatile
key internally).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-08-09 13:54:56 +02:00
Minos Galanakis
5f6d2e3120 all.sh/components: Moved driver components to configuration crypto.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-08-05 12:20:26 +01:00
Minos Galanakis
0c0c3e1713 all.sh/components: Moved more components to configuration crypto.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-08-05 12:20:26 +01:00
Minos Galanakis
3ece57e173 Extract configuration-crypto-components into a separate file.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-08-05 12:01:08 +01:00
Minos Galanakis
7771119069 Created placeholder component files.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2024-08-01 18:37:33 +01:00