Test case description is printed by different block of code. This
causes code maintenance harder since we need to maintain two parts
of code with same functionality. print_test_title is used to
control test case description in compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Test case description in compat.sh is in format of
[ogm]->[ogm] TLSmode, VERIFY CIPHERSUITE_NAME
This program calls compat.sh to list all potential test case
descriptions then checks test case duplication.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
The option --list-test-case lists all potential test cases without
executing them. The test case description is identical with $TITLE
during test case execution.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
* Turn the warnings produced when finding non-executed tests that
are not in the allow list into errors.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
Introduce the --require-full-coverage in analyze_outcomes.py so that
when analyze_outcomes.py --require-full-coverage is called, those
tests that are not executed and are not in the allowed list issue an
error instead of a warning.
Note that it is useful to run analyze_outcomes.py on incomplete test
results, so this error mode needs to remain optional in the long
term.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
The allow list explicits which test cases are allowed to not be
executed when testing. This may be, for example, because a feature
is yet to be developed but the test for that feature is already in
our code base.
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
The hardware module name otherName SAN contains 2 OIDs:
OtherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
HardwareModuleName ::= SEQUENCE {
hwType OBJECT IDENTIFIER,
hwSerialNum OCTET STRING }
The first, type-id, is the one that identifies the otherName as a
HardwareModuleName. The second, hwType, identifies the type of hardware.
This change fixes 2 issues:
1. We were erroneously trying to identify HardwareModuleNames by looking
at hwType, not type-id.
2. We accidentally inverted the check so that we were checking that
hwType did NOT match HardwareModuleName.
This fix ensures that type-id is correctly checked to make sure that it
matches the OID for HardwareModuleName.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When parsing a subject alternative name of type otherName, retain the
type-id field of the otherName. Previously this was not copied to the
mbedtls_x509_san_other_name struct when it should have been.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE is always greater
than 1 so no need for the workaround on the original patch
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Clear some confusion between `X` as the output variable and "X" as a name
given to the accumulator. Previous iterations of the code used the variable
`X` as the accumulator, but now that the accumulator is `W[x_index]`, some
of the comments didn't make sense.
Remove the copy of the initial value of `X` into `W[x_index]`, which was
meaningless: the initial value of an output variable should not, and did
not, matter. `W[x_index]` is later overridden unconditionally to take the
value `RR`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some of the error strings that should be printed with the
error preprocessor directive are missing quotes
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
Applied the same change as in mbed-crypto for using this as a sub
project with the IAR toolchain. Use __asm generic ,and avoid empty
enum. Avoid declaration of array with null size. This is a porting
of the original patch contributed to trusted-firmware-m.
Signed-off-by: TTornblom <thomas.tornblom@iar.com>
Signed-off-by: Michel Jaouen <michel.jaouen@st.com>
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
reused but with changing padding data in last block to
check for valid/invalid padding.
* Document new behaviour, known limitations and possible
security concerns.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
The link to the DRBG paper points to the March 2007 version, the same as the
original link (rather than the latest version).
The amended Rijndael paper has a two-page "Note on naming" prefix.
Fixes#7193
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
