eden-emu/mbedtls
19
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only

Browse source
This commit is contained in:
Yanray Wang 2023-10-16 17:38:32 +08:00
commit aa01ee303a
300 changed files with 8348 additions and 4962 deletions
Download patch file Download diff file Expand all files Collapse all files

1080
tests/scripts/all.sh
View file

File diff suppressed because it is too large Load diff

213
tests/scripts/analyze_outcomes.py
View file

@ -206,6 +206,7 @@ TASKS = {
'ignored_suites': [
'shax', 'mdx', # the software implementations that are being excluded
'md.psa', # purposefully depends on whether drivers are present
'psa_crypto_low_hash.generated', # testing the builtins
],
'ignored_tests': {
}
@ -263,6 +264,17 @@ TASKS = {
'ECP test vectors secp384r1 rfc 5114',
'ECP test vectors secp521r1 rfc 5114',
],
'test_suite_psa_crypto': [
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
],
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
},
@ -322,10 +334,13 @@ TASKS = {
'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
],
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
},
'analyze_driver_vs_reference_no_bignum': {
'analyze_driver_vs_reference_ecc_no_bignum': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_no_bignum',
@ -415,6 +430,106 @@ TASKS = {
'Debug print mbedtls_mpi: 764 bits #1',
'Debug print mbedtls_mpi: 764 bits #2',
],
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
},
'analyze_driver_vs_reference_ecc_ffdh_no_bignum': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum',
'component_driver': 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum',
'ignored_suites': [
# Ignore test suites for the modules that are disabled in the
# accelerated test case.
'ecp',
'ecdsa',
'ecdh',
'ecjpake',
'bignum_core',
'bignum_random',
'bignum_mod',
'bignum_mod_raw',
'bignum.generated',
'bignum.misc',
'dhm',
],
'ignored_tests': {
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
'test_suite_psa_crypto': [
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
'PSA key derivation: HKDF-SHA-256 -> ECC secp384r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #0',
'PSA key derivation: HKDF-SHA-256 -> ECC secp521r1 #1',
'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
],
'test_suite_pkparse': [
# See the description provided above in the
# analyze_driver_vs_reference_no_ecp_at_all component.
'Parse EC Key #10a (SEC1 PEM, secp384r1, compressed)',
'Parse EC Key #11a (SEC1 PEM, secp521r1, compressed)',
'Parse EC Key #12a (SEC1 PEM, bp256r1, compressed)',
'Parse EC Key #13a (SEC1 PEM, bp384r1, compressed)',
'Parse EC Key #14a (SEC1 PEM, bp512r1, compressed)',
'Parse EC Key #2a (SEC1 PEM, secp192r1, compressed)',
'Parse EC Key #8a (SEC1 PEM, secp224r1, compressed)',
'Parse EC Key #9a (SEC1 PEM, secp256r1, compressed)',
'Parse Public EC Key #2a (RFC 5480, PEM, secp192r1, compressed)',
'Parse Public EC Key #3a (RFC 5480, secp224r1, compressed)',
'Parse Public EC Key #4a (RFC 5480, secp256r1, compressed)',
'Parse Public EC Key #5a (RFC 5480, secp384r1, compressed)',
'Parse Public EC Key #6a (RFC 5480, secp521r1, compressed)',
'Parse Public EC Key #7a (RFC 5480, brainpoolP256r1, compressed)',
'Parse Public EC Key #8a (RFC 5480, brainpoolP384r1, compressed)',
'Parse Public EC Key #9a (RFC 5480, brainpoolP512r1, compressed)',
],
'test_suite_asn1parse': [
# This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
# Following tests depends on BIGNUM_C
'ASN.1 Write mpi 0 (1 limb)',
'ASN.1 Write mpi 0 (null)',
'ASN.1 Write mpi 0x100',
'ASN.1 Write mpi 0x7f',
'ASN.1 Write mpi 0x7f with leading 0 limb',
'ASN.1 Write mpi 0x80',
'ASN.1 Write mpi 0x80 with leading 0 limb',
'ASN.1 Write mpi 0xff',
'ASN.1 Write mpi 1',
'ASN.1 Write mpi, 127*8 bits',
'ASN.1 Write mpi, 127*8+1 bits',
'ASN.1 Write mpi, 127*8-1 bits',
'ASN.1 Write mpi, 255*8 bits',
'ASN.1 Write mpi, 255*8-1 bits',
'ASN.1 Write mpi, 256*8-1 bits',
],
'test_suite_debug': [
# Following tests depends on BIGNUM_C
'Debug print mbedtls_mpi #2: 3 bits',
'Debug print mbedtls_mpi: 0 (empty representation)',
'Debug print mbedtls_mpi: 0 (non-empty representation)',
'Debug print mbedtls_mpi: 49 bits',
'Debug print mbedtls_mpi: 759 bits',
'Debug print mbedtls_mpi: 764 bits #1',
'Debug print mbedtls_mpi: 764 bits #2',
],
'test_suite_ssl': [
'Test configuration of groups for DHE through mbedtls_ssl_conf_curves()',
],
}
}
},
@ -427,6 +542,102 @@ TASKS = {
'ignored_tests': {}
}
},
'analyze_driver_vs_reference_tfm_config': {
'test_function': do_analyze_driver_vs_reference,
'args': {
'component_ref': 'test_tfm_config',
'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
'ignored_suites': [
# Ignore test suites for the modules that are disabled in the
# accelerated test case.
'ecp',
'ecdsa',
'ecdh',
'ecjpake',
'bignum_core',
'bignum_random',
'bignum_mod',
'bignum_mod_raw',
'bignum.generated',
'bignum.misc',
],
'ignored_tests': {
# Ignore all tests that require DERIVE support which is disabled
# in the driver version
'test_suite_psa_crypto': [
'PSA key agreement setup: ECDH + HKDF-SHA-256: good',
('PSA key agreement setup: ECDH + HKDF-SHA-256: good, key algorithm broader '
'than required'),
'PSA key agreement setup: ECDH + HKDF-SHA-256: public key not on curve',
'PSA key agreement setup: KDF instead of a key agreement algorithm',
'PSA key agreement setup: bad key agreement algorithm',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: capacity=8160',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 0+32',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 1+31',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 31+1',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+0',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 32+32',
'PSA key agreement: ECDH SECP256R1 (RFC 5903) + HKDF-SHA-256: read 64+0',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, info first',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, key output',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, missing info',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, omitted salt',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, raw output',
'PSA key derivation: ECDH on P256 with HKDF-SHA256, salt after secret',
'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, good case',
'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label',
'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, missing label and secret',
'PSA key derivation: ECDH with TLS 1.2 PRF SHA-256, no inputs',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1 (1 redraw)',
'PSA key derivation: HKDF-SHA-256 -> ECC secp256r1, exercise ECDSA',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 0+48, ka',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 24+24, ka',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, SHA-256, 48+0, ka',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #1, ka',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #3, ka',
'PSA key derivation: TLS 1.2 Mix-PSK-to-MS, bad state #4, ka',
'PSA key derivation: bits=7 invalid for ECC BRAINPOOL_P_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC MONTGOMERY (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECP_R2 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_K1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R1 (ECC enabled)',
'PSA key derivation: bits=7 invalid for ECC SECT_R2 (ECC enabled)',
'PSA raw key agreement: ECDH SECP256R1 (RFC 5903)',
],
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
'test_suite_psa_crypto_pake': [
'PSA PAKE: ecjpake size macros',
],
'test_suite_asn1parse': [
# This test depends on BIGNUM_C
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
# Following tests depends on BIGNUM_C
'ASN.1 Write mpi 0 (1 limb)',
'ASN.1 Write mpi 0 (null)',
'ASN.1 Write mpi 0x100',
'ASN.1 Write mpi 0x7f',
'ASN.1 Write mpi 0x7f with leading 0 limb',
'ASN.1 Write mpi 0x80',
'ASN.1 Write mpi 0x80 with leading 0 limb',
'ASN.1 Write mpi 0xff',
'ASN.1 Write mpi 1',
'ASN.1 Write mpi, 127*8 bits',
'ASN.1 Write mpi, 127*8+1 bits',
'ASN.1 Write mpi, 127*8-1 bits',
'ASN.1 Write mpi, 255*8 bits',
'ASN.1 Write mpi, 255*8-1 bits',
'ASN.1 Write mpi, 256*8-1 bits',
],
}
}
}
}
def main():

2
tests/scripts/audit-validity-dates.py
View file

@ -276,7 +276,7 @@ class Auditor:
@staticmethod
def find_test_dir():
"""Get the relative path for the MbedTLS test directory."""
"""Get the relative path for the Mbed TLS test directory."""
return os.path.relpath(build_tree.guess_mbedtls_root() + '/tests')

2
tests/scripts/basic-build-test.sh
View file

@ -43,7 +43,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
echo "Must be run from Mbed TLS root" >&2
exit 1
fi

2
tests/scripts/check-doxy-blocks.pl
View file

@ -68,7 +68,7 @@ sub check_dir {
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
die "This script must be run from the mbed TLS root directory";
die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}

4
tests/scripts/check-generated-files.sh
View file

@ -35,7 +35,7 @@ EOF
fi
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
echo "Must be run from Mbed TLS root" >&2
exit 1
fi
@ -128,7 +128,7 @@ check()
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.c
check scripts/generate_driver_wrappers.py library/psa_crypto_driver_wrappers.h library/psa_crypto_driver_wrappers_no_static.c
check scripts/generate_features.pl library/version_features.c
check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
# generate_visualc_files enumerates source files (library/*.c). It doesn't

4
tests/scripts/check_names.py
View file

@ -284,7 +284,7 @@ class CodeParser():
"library/*.c",
"3rdparty/everest/library/everest.c",
"3rdparty/everest/library/x25519.c"
], ["library/psa_crypto_driver_wrappers.c"])
], ["library/psa_crypto_driver_wrappers.h"])
symbols = self.parse_symbols()
# Remove identifier macros like mbedtls_printf or mbedtls_calloc
@ -941,7 +941,7 @@ def main():
"This script confirms that the naming of all symbols and identifiers "
"in Mbed TLS are consistent with the house style and are also "
"self-consistent.\n\n"
"Expected to be run from the MbedTLS root directory.")
"Expected to be run from the Mbed TLS root directory.")
)
parser.add_argument(
"-v", "--verbose",

1
tests/scripts/depends.py
View file

@ -161,6 +161,7 @@ derived."""
log_command(['config.py', 'full'])
conf.adapt(config.full_adapter)
set_config_option_value(conf, 'MBEDTLS_TEST_HOOKS', colors, False)
set_config_option_value(conf, 'MBEDTLS_PSA_CRYPTO_CONFIG', colors, False)
if options.unset_use_psa:
set_config_option_value(conf, 'MBEDTLS_USE_PSA_CRYPTO', colors, False)

2
tests/scripts/doxygen.sh
View file

@ -21,7 +21,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
echo "Must be run from Mbed TLS root" >&2
exit 1
fi

2
tests/scripts/generate-afl-tests.sh
View file

@ -41,7 +41,7 @@ THIS_DIR=$(basename $PWD)
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
echo " [!] Must be run from mbed TLS tests directory" >&2
echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi

18
tests/scripts/test_psa_compliance.py
View file

@ -2,7 +2,7 @@
"""Run the PSA Crypto API compliance test suite.
Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF,
then compile and run the test suite. The clone is stored at <repository root>/psa-arch-tests.
Known defects in either the test suite or mbedtls / psa-crypto - identified by their test
Known defects in either the test suite or mbedtls / TF-PSA-Crypto - identified by their test
number - are ignored, while unexpected failures AND successes are reported as errors, to help
keep the list of known defects as up to date as possible.
"""
@ -34,8 +34,8 @@ from typing import List
import scripts_path
from mbedtls_dev import build_tree
# PSA Compliance tests we expect to fail due to known defects in Mbed TLS / PSA Crypto
# (or the test suite).
# PSA Compliance tests we expect to fail due to known defects in Mbed TLS /
# TF-PSA-Crypto (or the test suite).
# The test numbers correspond to the numbers used by the console output of the test suite.
# Test number 2xx corresponds to the files in the folder
# psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx
@ -46,7 +46,7 @@ EXPECTED_FAILURES = {
}
# We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches
# that allow it to build with MbedTLS 3, and fixes a couple of issues in the compliance test suite.
# that allow it to build with Mbed TLS 3, and fixes a couple of issues in the compliance test suite.
# These fixes allow the tests numbered 216, 248 and 249 to complete successfully.
#
# Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag.
@ -60,10 +60,10 @@ PSA_ARCH_TESTS_REF = 'fix-pr-5736'
def main(library_build_dir: str):
root_dir = os.getcwd()
in_psa_crypto_repo = build_tree.looks_like_psa_crypto_root(root_dir)
in_tf_psa_crypto_repo = build_tree.looks_like_tf_psa_crypto_root(root_dir)
if in_psa_crypto_repo:
crypto_name = 'psacrypto'
if in_tf_psa_crypto_repo:
crypto_name = 'tfpsacrypto'
library_subdir = 'core'
else:
crypto_name = 'mbedcrypto'
@ -102,7 +102,7 @@ def main(library_build_dir: str):
os.chdir(build_dir)
extra_includes = (';{}/drivers/builtin/include'.format(root_dir)
if in_psa_crypto_repo else '')
if in_tf_psa_crypto_repo else '')
#pylint: disable=bad-continuation
subprocess.check_call([
@ -178,7 +178,7 @@ if __name__ == '__main__':
# pylint: disable=invalid-name
parser = argparse.ArgumentParser()
parser.add_argument('--build-dir', nargs=1,
help='path to Mbed TLS / PSA Crypto build directory')
help='path to Mbed TLS / TF-PSA-Crypto build directory')
args = parser.parse_args()
if args.build_dir is not None: