From 3ee4e648db3567f0efee8848f383dabe7ef76907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Tue, 2 Apr 2024 11:33:14 +0200 Subject: [PATCH 1/6] Remove dependency on X509(_REMOVE)_INFO MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - MBEDTS_X509_INFO is incorrect in all branches: the macro is called REMOVE_INFO and also starts with MBEDTLS not MBEDTS... this caused the test to be always skipped. - !MBEDTLS_X509_REMOVE_INFO is the correct way to express this but info functions are not optional in the 2.28 branch. Since this is a negative dependency, I don't think it was causing the test to be skipped, but I'm removing it anyway for clarity's sake. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_x509parse.data | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6ffba8460..cfc53c1fc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -327,7 +327,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256, containing commas -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 8c72e5af3..07c0c38ff 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -800,7 +800,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void mbedtls_x509_dn_gets_subject_replace(char *crt_file, char *new_subject_ou, char *result_str, From 57cd7a82926b3aad04e84a6e1ea86f2ec1c6be66 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Mon, 4 Dec 2023 14:22:09 +0800 Subject: [PATCH 2/6] Add missing definition of AT_LEAST_ONE_BUILTIN_KDF MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pengyu Lv Signed-off-by: Manuel Pégourié-Gonnard --- ...st_suite_psa_crypto_se_driver_hal.function | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index ff0ccdd09..485251ef5 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -13,6 +13,19 @@ #include "psa/internal_trusted_storage.h" #endif +/* Same in library/psa_crypto.c */ +#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND) +#define BUILTIN_ALG_ANY_HKDF 1 +#endif +#if defined(BUILTIN_ALG_ANY_HKDF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS) || \ + defined(MBEDTLS_PSA_BUILTIN_ALG_TLS12_ECJPAKE_TO_PMS) || \ + defined(PSA_HAVE_SOFT_PBKDF2) +#define AT_LEAST_ONE_BUILTIN_KDF +#endif /****************************************************************/ /* Test driver helpers */ @@ -714,7 +727,7 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) buffer, sizeof(buffer), NULL, 0, buffer, sizeof(buffer), &length)); -#if defined(MBEDTLS_SHA256_C) +#if defined(MBEDTLS_SHA256_C) && defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF) /* Try the key in a plain key derivation. */ PSA_ASSERT(psa_key_derivation_setup(&derivation_operation, PSA_ALG_HKDF(PSA_ALG_SHA_256))); @@ -747,7 +760,9 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) alg, key, buffer, length, buffer, sizeof(buffer), &length)); } -#endif /* MBEDTLS_SHA256_C */ +#else + (void) derivation_operation; +#endif /* MBEDTLS_SHA256_C && MBEDTLS_PSA_BUILTIN_ALG_HKDF */ ok = 1; From 108fe17956f29e7e46a40d797b3aa8e86652ff9d Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Tue, 5 Dec 2023 15:14:12 +0800 Subject: [PATCH 3/6] Add missing dependency of fallback test in driver wrappers suite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit To pass a fallback test, we need a dependency on built-in implementation. Signed-off-by: Pengyu Lv Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto_driver_wrappers.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index e14516b0f..b589d81bc 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -241,7 +241,7 @@ generate_key through transparent driver: in-driver generate_key:PSA_SUCCESS:"":PSA_SUCCESS generate_key through transparent driver: fallback -depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR +depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 generate_key:PSA_ERROR_NOT_SUPPORTED:"":PSA_SUCCESS generate_key through transparent driver: fallback not available From d3590a8c09baa94eb9abaaa9843892860947e6d5 Mon Sep 17 00:00:00 2001 From: Pengyu Lv Date: Thu, 7 Dec 2023 16:11:53 +0800 Subject: [PATCH 4/6] Fix failures in psa_cryto_driver_wrappers suite MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - "in-driver" test should depend on the present of a driver. - add new counter in key manangement driver test hook which counts the calls of generate_key. - We only care about the hits when processing `psa_generate_key`. Signed-off-by: Pengyu Lv Signed-off-by: Manuel Pégourié-Gonnard --- tests/include/test/drivers/key_management.h | 6 +++++- tests/src/drivers/test_driver_key_management.c | 1 + tests/suites/test_suite_psa_crypto_driver_wrappers.data | 1 + .../test_suite_psa_crypto_driver_wrappers.function | 9 +++++---- 4 files changed, 12 insertions(+), 5 deletions(-) diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h index 003a35d64..b2529ce08 100644 --- a/tests/include/test/drivers/key_management.h +++ b/tests/include/test/drivers/key_management.h @@ -30,6 +30,10 @@ typedef struct { /* Count the amount of times one of the key management driver functions * is called. */ unsigned long hits; + /* Subset of hits which only counts public key export operations */ + unsigned long hits_export_public_key; + /* Subset of hits which only counts key generation operations */ + unsigned long hits_generate_key; /* Location of the last key management driver called to import a key. */ psa_key_location_t location; } mbedtls_test_driver_key_management_hooks_t; @@ -38,7 +42,7 @@ typedef struct { * sense that no PSA specification will assign a meaning to this location * (stated first in version 1.0.1 of the specification) and that it is not * used as a location of an opaque test drivers. */ -#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0x800000 } +#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 } static inline mbedtls_test_driver_key_management_hooks_t mbedtls_test_driver_key_management_hooks_init(void) { diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 4d06d23b8..e6d7a0107 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -93,6 +93,7 @@ psa_status_t mbedtls_test_transparent_generate_key( uint8_t *key, size_t key_size, size_t *key_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits_generate_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.data b/tests/suites/test_suite_psa_crypto_driver_wrappers.data index b589d81bc..a58f0835b 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.data +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.data @@ -238,6 +238,7 @@ generate_key through transparent driver: fake generate_key:PSA_SUCCESS:"ab45435712649cb30bbddac49197eebf2740ffc7f874d9244c3460f54f322d3a":PSA_SUCCESS generate_key through transparent driver: in-driver +depends_on:MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR generate_key:PSA_SUCCESS:"":PSA_SUCCESS generate_key through transparent driver: fallback diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 0394735aa..64b3d1b67 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -300,13 +300,14 @@ void generate_key(int force_status_arg, fake_output->len; } - mbedtls_test_driver_key_management_hooks.hits = 0; - mbedtls_test_driver_key_management_hooks.forced_status = force_status; - PSA_ASSERT(psa_crypto_init()); + mbedtls_test_driver_key_management_hooks.hits = 0; + mbedtls_test_driver_key_management_hooks.hits_generate_key = 0; + mbedtls_test_driver_key_management_hooks.forced_status = force_status; + actual_status = psa_generate_key(&attributes, &key); - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_generate_key, 1); TEST_EQUAL(actual_status, expected_status); if (actual_status == PSA_SUCCESS) { From 70d8fea2dc77884ca8928f6e1f11deeebaf335cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 3 Apr 2024 09:54:49 +0200 Subject: [PATCH 5/6] Finish backporting hits_export_public_key; MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit A previous commit backported the declaration of this field as part of conflict resolution in the hope of preventing further conflicts in the future. But if we backport it we should do it properly. This commit finishes the job. Signed-off-by: Manuel Pégourié-Gonnard --- tests/src/drivers/test_driver_key_management.c | 1 + tests/suites/test_suite_psa_crypto_driver_wrappers.function | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index e6d7a0107..54a3f5b72 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -292,6 +292,7 @@ psa_status_t mbedtls_test_transparent_export_public_key( uint8_t *data, size_t data_size, size_t *data_length) { ++mbedtls_test_driver_key_management_hooks.hits; + ++mbedtls_test_driver_key_management_hooks.hits_export_public_key; if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) { return mbedtls_test_driver_key_management_hooks.forced_status; diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function index 64b3d1b67..eba637f22 100644 --- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function +++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function @@ -426,6 +426,7 @@ void export_key(int force_status_arg, mbedtls_test_driver_key_management_hooks.hits = 0; mbedtls_test_driver_key_management_hooks.forced_status = force_status; + mbedtls_test_driver_key_management_hooks.hits_export_public_key = 0; if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type)) { actual_status = psa_export_public_key(handle, @@ -442,7 +443,7 @@ void export_key(int force_status_arg, if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(output_key_type) && !PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(input_key_type)) { - TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits, 1); + TEST_EQUAL(mbedtls_test_driver_key_management_hooks.hits_export_public_key, 1); } if (actual_status == PSA_SUCCESS) { From 1186a1aff3f446ece5fcf9b9efefbed3c0b35184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 3 Apr 2024 10:03:21 +0200 Subject: [PATCH 6/6] Fix inconsistency in variable declaration/use MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The guards for the declaration and use were not consistent. This could be resolved either way; I chose the way that matches development. Signed-off-by: Manuel Pégourié-Gonnard --- tests/suites/test_suite_psa_crypto_se_driver_hal.function | 2 -- 1 file changed, 2 deletions(-) diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function index 485251ef5..2f1ffabe4 100644 --- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function +++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function @@ -669,10 +669,8 @@ static int smoke_test_key(mbedtls_svc_key_id_t key) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; psa_mac_operation_t mac_operation = PSA_MAC_OPERATION_INIT; psa_cipher_operation_t cipher_operation = PSA_CIPHER_OPERATION_INIT; -#if defined(MBEDTLS_SHA256_C) psa_key_derivation_operation_t derivation_operation = PSA_KEY_DERIVATION_OPERATION_INIT; -#endif uint8_t buffer[80]; /* large enough for a public key for ECDH */ size_t length; mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;