From 1fac371ebe52125d8e41af187090a108be3bf60b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Sep 2024 17:57:11 +0200 Subject: [PATCH] In PSA generated tests, ignore patterns for which an issue has been raised Ignore certain test cases which either should not be generated or should be executed. For each ignore list entry, link to a GitHub issue whose definition of done includes removing the entry. Signed-off-by: Gilles Peskine --- tests/scripts/analyze_outcomes.py | 41 +++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py index b0b16c54d7..4ee0c40cf4 100755 --- a/tests/scripts/analyze_outcomes.py +++ b/tests/scripts/analyze_outcomes.py @@ -82,7 +82,21 @@ class CoverageTask(outcome_analysis.CoverageTask): exclude=r'ECC_PUB'), ], 'test_suite_psa_crypto_not_supported.generated': [ + # It is a bug that not-supported test cases aren't getting + # run for never-implemented key types. + # https://github.com/Mbed-TLS/mbedtls/issues/7915 PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE, + # We mever test with DH key support disabled but support + # for a DH group enabled. The dependencies of these test + # cases don't really make sense. + # https://github.com/Mbed-TLS/mbedtls/issues/9574 + re.compile(r'PSA \w+ DH_.*type not supported'), + # We only test partial support for DH with the 2048-bit group + # enabled and the other groups disabled. + # https://github.com/Mbed-TLS/mbedtls/issues/9575 + 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported', + 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported', + 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported', ], 'test_suite_psa_crypto_op_fail.generated': [ # Ignore mechanisms that are not implemented, except @@ -91,6 +105,33 @@ class CoverageTask(outcome_analysis.CoverageTask): exclude=(r'.*: !(?:' + r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) + r')\b')), + # Incorrect dependency generation. To be fixed as part of the + # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167 + # by forward-porting the commit + # "PSA test case generation: dependency inference class: operation fail" + # from https://github.com/Mbed-TLS/mbedtls/pull/9025 . + re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'), + # PBKDF2_HMAC is not in the default configuration, so we don't + # enable it in depends.py where we remove hashes. + # https://github.com/Mbed-TLS/mbedtls/issues/9576 + re.compile(r'PSA key_derivation PBKDF2_HMAC\(\w+\): !(?!PBKDF2_HMAC\Z).*'), + # We never test with TLS12_PRF or TLS12_PSK_TO_MS disabled + # but certain other things enabled. + # https://github.com/Mbed-TLS/mbedtls/issues/9577 + re.compile(r'PSA key_derivation TLS12_PRF\(\w+\): !TLS12_PRF'), + re.compile(r'PSA key_derivation TLS12_PSK_TO_MS' + r'\((?!SHA_256|SHA_384|SHA_512)\w+\): !TLS12_PSK_TO_MS'), + 'PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_256)): !TLS12_PRF', + 'PSA key_derivation KEY_AGREEMENT(ECDH,TLS12_PRF(SHA_384)): !TLS12_PRF', + + # We never test with the HMAC algorithm enabled but the HMAC + # key type disabled. Those dependencies don't really make sense. + # https://github.com/Mbed-TLS/mbedtls/issues/9573 + re.compile(r'.* !HMAC with HMAC'), + # There's something wrong with PSA_WANT_ALG_RSA_PSS_ANY_SALT + # differing from PSA_WANT_ALG_RSA_PSS. + # https://github.com/Mbed-TLS/mbedtls/issues/9578 + re.compile(r'PSA sign RSA_PSS_ANY_SALT.*!(?:MD|RIPEMD|SHA).*'), ], 'test_suite_psa_crypto_storage_format.current': [ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,