Use psa_information.TestCase for operation failure test cases.
This changes the generated output in two ways:
* Not-implemented mechanisms now have a `DEPENDENCY_NOT_IMPLEMENTED_YET_xxx`
dependency in addition to the never-fulfilled `PSA_WANT_xxx` dependency.
This does not affect when test cases run.
* ECC test cases now have correct dependency symbols, e.g.
`PSA_WANT_ECC_SECP_R1_192` instead of `PSA_WANT_ECC_FAMILY_SECP_R1`. This
is a bug fix: ECC test cases were formerly never executed because of
incorrect dependency symbols.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use psa_information.TestCase for not-supported test cases for key import and
generation.
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use psa_information.TestCase for positive test cases for key generation.
The caller remains responsible for tweaking dependencies for some key
types (public keys for which the test is a negative case, RSA which requires
an additional dependency).
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In automatically generated PSA test cases, annotate the test cases that are
expected to be never executed due to a dependency that is not implemented.
This was already done for not-supported test cases and for key generation,
but not for positive test cases of key usage.
You can audit which mechanisms are detected as not-implemented with
```
grep -hEo 'DEPENDENCY_NOT_IMPLEMENTED_YET_\w+' tests/suites/*.data | sort -u
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
To determine PSA mechanisms that are not implemented, also read PSA_WANT
symbols that cannot (or are not intended to) be configured independently,
and thus are not listed in psa/crypto_config.h. Find those symbols in
the config adjustment header mbedtls/config_psa.h.
No impact on generated files yet, because hack_dependencies_not_implemented
is currently only used on key types that have explicit dependencies. This
will allow using hack_dependencies_not_implemented in other places, for
example to handle algorithm variants like PSA_WANT_ALG_ECDSA_ANY which is
inferred from PSA_WANT_ALG_ECDSA.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a class for test cases with automatically inferred dependencies,
suitable for PSA crypto API test cases. As of this commit, only basic cases
that use a key are supported. Subsequent commits will address negative tests
and key generation tests that require fancier handling of dependencies.
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output is less nice, since it no longer mostly matches the order in
which symbols are used in the test case arguments. But this makes the output
more canonical, so it will be easier to notice if semantic changes occur in
subsequent commits.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Indicate which dependencies are not implemented. This makes it feasible to
audit the not-implemented detection.
The generated test cases that are detected as never-executed now have one or
more `DEPENDENCY_NOT_IMPLEMENTED_YET_PSA_WANT_xxx` instead of a single
`DEPENDENCY_NOT_IMPLEMENTED`. This does not affect when the test cases run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The guards for the declaration and use were not consistent. This could
be resolved either way; I chose the way that matches development.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
A previous commit backported the declaration of this field as part of
conflict resolution in the hope of preventing further conflicts in the
future. But if we backport it we should do it properly. This commit
finishes the job.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
To pass a fallback test, we need a dependency on built-in
implementation.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- MBEDTS_X509_INFO is incorrect in all branches: the macro is called
REMOVE_INFO and also starts with MBEDTLS not MBEDTS... this caused the
test to be always skipped.
- !MBEDTLS_X509_REMOVE_INFO is the correct way to express this but info
functions are not optional in the 2.28 branch. Since this is a negative
dependency, I don't think it was causing the test to be skipped, but I'm
removing it anyway for clarity's sake.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
TLS-RSA-WITH-NULL-SHA256 is officially a cipher suite only since TLS 1.2,
but Mbed TLS allows it in 1.0/1.1, and so did ancient versions of GnuTLS.
This script was only considering it for GnuTLS interoperability if the
running version of GnuTLS supported it with older protocol versions.
Change to always considering it, and in particular always including it with
--list-test-cases, but skipping it at runtime if GnuTLS doesn't support it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This is the issue that tracks incomplete support for buffer overlap, so
we should refer to it when we discuss partial support whenever
MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS is set.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
* Fix a grammatical typo
* Mention shared memory
* Mention overlap support in the security section
* Improve wording
Signed-off-by: David Horstmann <david.horstmann@arm.com>
