1
0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-10-24 11:43:21 +08:00
Commit Graph

813 Commits

Author SHA1 Message Date
Gilles Peskine
f8d031fb18 generate_*_tests.py: chdir to mbedtls root
Do this in 2.28 just like it's done in the development branch, so that
code and command line usage that works on one branch doesn't surprisingly
fail on 2.28.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 15:33:49 +02:00
Gilles Peskine
4881540b06 generate_*_tests.py: simplify test_suite_directory handling
test_suite_directory can be changed by a command line option in the
development branch but not in 2.28. Align the simplified version here with a
change in the development version
("generate_*_tests.py --directory: fix handling of relative path").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 15:33:45 +02:00
Gilles Peskine
bd5147c1c0 Clarify the descriptions of test-case-data-related modules
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 15:24:30 +02:00
Gilles Peskine
69feebd178 More precise name for test data generation
We have Python code both for test code generation
(tests/scripts/generate_test_code.py) and now for test data generation.
Avoid the ambiguous expression "test generation".

This commit renames the Python module and adjusts all references to it. A
subsequent commit will adjust the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 15:24:30 +02:00
Gilles Peskine
40de3d3639 Backport build_tree.py from development
Copy of scripts/mbedtls_dev/build_tree.py from mbedtls-3.2.1,
backported to facilitate future backports of python scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-14 15:24:30 +02:00
Gilles Peskine
279188f3f3 Merge pull request #6396 from gilles-peskine-arm/platform.h-unconditional-2.28
Backport 2.28: Include platform.h unconditionally
2022-10-13 10:19:25 +02:00
Gilles Peskine
207b874b5e Merge pull request #6307 from wernerlewis/bignum_test_script_2.28
[Backport 2.28] Add bignum test case generation script
2022-10-12 17:11:49 +02:00
Gilles Peskine
78c34c2d15 Add a note that config.py must remain compatible with Python 3.4
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-10 22:53:58 +02:00
Gilles Peskine
36f19b97e2 Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-05 11:26:07 +02:00
Gilles Peskine
eca29e4148 Replace the output file atomically
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-04 15:22:27 +02:00
Werner Lewis
4ed94a4f7e Use a script specific description in CLI help
Previous changes used the docstring of the test_generation module,
which does not inform a user about the script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:09:23 +01:00
Werner Lewis
64334d96d0 Update references to file targets in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:08:53 +01:00
Werner Lewis
113ddd0df6 Add toggle for test case count in descriptions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:08:24 +01:00
Werner Lewis
f518276457 Update comments/docstrings in TestGenerator
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:08:22 +01:00
Werner Lewis
e53be35c09 Remove unused imports
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:07:42 +01:00
Werner Lewis
0d07e86a44 Rework TestGenerator to add file targets
BaseTarget-derived targets are now added to TestGenerator.targets in
initialization. This reduces repeated code in generate_xxx_tests.py
scripts which use this framework.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 17:07:37 +01:00
Werner Lewis
6cc5e5f0d9 Use Python 3.5 style typing for dependencies
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
486b3410a4 Add dependencies attribute to BaseTarget
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
2b0f7d8d56 Modify wording in docstrings
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:49:13 +01:00
Werner Lewis
6f67bae527 Fix trailing whitespace
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:48:39 +01:00
Werner Lewis
ac86390da8 Use argparser default for targets
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:48:39 +01:00
Werner Lewis
b03420fb3b Clarify documentation
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:47:33 +01:00
Werner Lewis
412c497cbe Fix TARGET types and code style
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
d77d33defb Raise NotImplementedError in abstract methods
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
486d25850f Disable pylint unused arg in __new__
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
6d04142972 Remove trailing whitespace in description
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
cace1aa02e Use __new__() for case counting
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
c34d037fa0 Split generate_tests to reduce code complexity
Previous implementation mixed the test case generation and the
recursive generation calls together. A separate method is added to
generate test cases for the current class' test function. This reduces
the need to override generate_tests().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
47e37b3b75 Use ABCMeta for abstract classes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
008d90d424 Add details to docstrings
Clarification is added to docstrings, mostly in abstract classes.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
70d3f3dcdc Remove abbreviations and clarify attributes
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Werner Lewis
dcad1e93fe Separate common test generation classes/functions
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-09-21 16:46:39 +01:00
Tom Cosgrove
5205c976da Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 06:12:08 +01:00
Dave Rodgman
569d602890 Fix case of Mbed TLS in assemble_changelog.py
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-11 11:40:08 +01:00
Gilles Peskine
3d96ea1e4c Add warnings to test code and data about storage format stability
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 13:57:27 +02:00
Gilles Peskine
f4be01fadb Document how to interpret negative reports
The abi_check script has common false positives. Document the intent of each
family of checks and typical cases of false positives that can be overridden.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 13:57:27 +02:00
Gilles Peskine
4b9f7a28c9 Remove redundant sentence
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 13:57:27 +02:00
Shaun Case
0e7791ff07 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-28 18:22:20 +01:00
Gilles Peskine
9aa892b833 Merge pull request #5754 from gilles-peskine-arm/psa-storage-format-test-exercise-2.28
Backport 2.28: PSA storage format: exercise key
2022-04-28 18:20:09 +02:00
Gilles Peskine
f87d84361c Merge pull request #5740 from gilles-peskine-arm/psa-crypto-config-file-2.28
Backport 2.28: Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
2022-04-28 18:17:45 +02:00
Gilles Peskine
8e9e1f6819 Merge pull request #5744 from mpg/benchmark-ecc-heap-2.28
[backport 2.28]  Improve benchmarking of ECC heap usage
2022-04-22 16:43:04 +02:00
Gilles Peskine
ce78c9600f Rename and document mac_or_tag_lengths -> permitted_truncations
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
913c01f978 Fix digits in octal constant
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-20 20:58:04 +02:00
Gilles Peskine
cb451702b4 Public keys can't be used as private-key inputs to key agreement
The PSA API does not use public key objects in key agreement
operations: it imports the public key as a formatted byte string.
So a public key object with a key agreement algorithm is not
a valid combination.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
32611243d4 Don't exercise OAEP with small key and large hash
RSA-OAEP requires the key to be larger than a function of the hash size.
Ideally such combinations would be detected as a key/algorithm
incompatibility. However key/algorithm compatibility is currently tested
between the key type and the algorithm without considering the key size, and
this is inconvenient to change. So as a workaround, dispense
OAEP-with-too-small-hash from exercising, without including it in the
automatic operation-failure test generation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
ae93ee6ddc Reject block cipher modes that are not implemented in Mbed TLS
Mbed TLS doesn't support certain block cipher mode combinations. This
limitation should probably be lifted, but for now, test them as unsupported.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
b0537ba3b9 Reject invalid MAC and AEAD truncations
Reject algorithms of the form PSA_ALG_TRUNCATED_MAC(...) or
PSA_ALG_AEAD_WITH_SHORTENED_TAG(...) when the truncation length is invalid
or not accepted by policy in Mbed TLS.

This is done in KeyType.can_do, so in generate_psa_tests.py, keys will be
tested for operation failure with this algorithm if the algorithm is
rejected, and for storage if the algorithm is accepted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
d36ed48f19 Fix invalid argument enumeration when there are >=3 arguments
This bug had no impact since currently no macro has more than 2 arguments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
c77f16b356 Test more truncated MAC and short AEAD tag lengths
The current macro collector only tried the minimum and maximum expressible
lengths for PSA_ALG_TRUNCATED_MAC and PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG.
This was good enough for psa_constant_names, but it's weak for exercising
keys, in particular because it doesn't include any valid AEAD tag length.
So cover more lengths.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00
Gilles Peskine
4eb1c7e965 64-bit block ciphers are incompatible with some modes
Only allow selected modes with 64-bit block ciphers (i.e. DES).

This removes some storage tests and creates corresponding op_fail tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-15 16:15:48 +02:00