mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-18 10:20:50 +00:00
Merge pull request #9841 from gilles-peskine-arm/psa-storage-test-cases-never-supported-positive-dev
Switch generate_psa_test.py to automatic dependencies for positive test cases
This commit is contained in:
commit
eef2a2e59b
9
Makefile
9
Makefile
@ -49,11 +49,14 @@ tests: mbedtls_test
|
||||
mbedtls_test:
|
||||
$(MAKE) -C tests mbedtls_test
|
||||
|
||||
library/%:
|
||||
.PHONY: FORCE
|
||||
FORCE:
|
||||
|
||||
library/%: FORCE
|
||||
$(MAKE) -C library $*
|
||||
programs/%:
|
||||
programs/%: FORCE
|
||||
$(MAKE) -C programs $*
|
||||
tests/%:
|
||||
tests/%: FORCE
|
||||
$(MAKE) -C tests $*
|
||||
|
||||
.PHONY: generated_files
|
||||
|
@ -198,12 +198,6 @@
|
||||
//#define PSA_WANT_ECC_MONTGOMERY_255 1
|
||||
//#define PSA_WANT_ECC_MONTGOMERY_448 1
|
||||
//#define PSA_WANT_ECC_SECP_K1_192 1
|
||||
/*
|
||||
* SECP224K1 is buggy via the PSA API in Mbed TLS
|
||||
* (https://github.com/Mbed-TLS/mbedtls/issues/3541). Thus, do not enable it by
|
||||
* default.
|
||||
*/
|
||||
//#define PSA_WANT_ECC_SECP_K1_224 1
|
||||
//#define PSA_WANT_ECC_SECP_K1_256 1
|
||||
//#define PSA_WANT_ECC_SECP_R1_192 1
|
||||
//#define PSA_WANT_ECC_SECP_R1_224 1
|
||||
|
@ -43,7 +43,6 @@
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192) || \
|
||||
defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224) || \
|
||||
|
@ -6251,9 +6251,6 @@ static const struct {
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
|
||||
#endif
|
||||
|
@ -518,11 +518,6 @@ static const struct {
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
|
||||
#else
|
||||
|
@ -60,13 +60,8 @@ PSA_DEPRECATED_FEATURE = frozenset([
|
||||
'PSA_WANT_KEY_TYPE_RSA_KEY_PAIR'
|
||||
])
|
||||
|
||||
PSA_UNSTABLE_FEATURE = frozenset([
|
||||
'PSA_WANT_ECC_SECP_K1_224'
|
||||
])
|
||||
|
||||
EXCLUDE_FROM_CRYPTO = PSA_UNSUPPORTED_FEATURE | \
|
||||
PSA_DEPRECATED_FEATURE | \
|
||||
PSA_UNSTABLE_FEATURE
|
||||
PSA_DEPRECATED_FEATURE
|
||||
|
||||
# The goal of the full configuration is to have everything that can be tested
|
||||
# together. This includes deprecated or insecure options. It excludes:
|
||||
@ -114,7 +109,6 @@ EXCLUDE_FROM_FULL = frozenset([
|
||||
'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
|
||||
*PSA_UNSUPPORTED_FEATURE,
|
||||
*PSA_DEPRECATED_FEATURE,
|
||||
*PSA_UNSTABLE_FEATURE
|
||||
])
|
||||
|
||||
def is_seamless_alt(name):
|
||||
@ -367,8 +361,6 @@ class CryptoConfig(config_common.Config):
|
||||
|
||||
if name in PSA_UNSUPPORTED_FEATURE:
|
||||
raise ValueError(f'Feature is unsupported: \'{name}\'')
|
||||
if name in PSA_UNSTABLE_FEATURE:
|
||||
raise ValueError(f'Feature is unstable: \'{name}\'')
|
||||
|
||||
if name not in self.settings:
|
||||
self._get_configfile().templates.append((name, '', '#define ' + name + ' '))
|
||||
@ -417,8 +409,6 @@ class CombinedConfig(config_common.Config):
|
||||
if configfile == self.crypto_configfile:
|
||||
if name in PSA_UNSUPPORTED_FEATURE:
|
||||
raise ValueError(f'Feature is unsupported: \'{name}\'')
|
||||
if name in PSA_UNSTABLE_FEATURE:
|
||||
raise ValueError(f'Feature is unstable: \'{name}\'')
|
||||
|
||||
# The default value in the crypto config is '1'
|
||||
if not value and re.match(self._crypto_regexp, name):
|
||||
|
@ -127,6 +127,7 @@ generated_psa_test_data: ../framework/scripts/mbedtls_framework/crypto_knowledge
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/macro_collector.py
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_information.py
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_storage.py
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/psa_test_case.py
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_case.py
|
||||
generated_psa_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
|
||||
## The generated file only depends on the options that are present in
|
||||
|
@ -132,8 +132,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
'Config: PSA_WANT_ALG_CBC_MAC',
|
||||
# Algorithm declared but not supported.
|
||||
'Config: PSA_WANT_ALG_XTS',
|
||||
# Family declared but not supported.
|
||||
'Config: PSA_WANT_ECC_SECP_K1_224',
|
||||
# More granularity of key pair type enablement macros
|
||||
# than we care to test.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9590
|
||||
@ -200,16 +198,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9592
|
||||
re.compile(r'.*ECDSA.*only deterministic supported'),
|
||||
],
|
||||
'test_suite_psa_crypto_generate_key.generated': [
|
||||
# Ignore mechanisms that are not implemented, except
|
||||
# for public keys for which we always test that
|
||||
# psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT
|
||||
# regardless of whether the specific key type is supported.
|
||||
_has_word_re((mech
|
||||
for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED
|
||||
if not mech.startswith('ECC_PUB')),
|
||||
exclude=r'ECC_PUB'),
|
||||
],
|
||||
'test_suite_psa_crypto_metadata': [
|
||||
# Algorithms declared but not supported.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9579
|
||||
@ -223,10 +211,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
'MAC: CBC_MAC-AES-256',
|
||||
],
|
||||
'test_suite_psa_crypto_not_supported.generated': [
|
||||
# It is a bug that not-supported test cases aren't getting
|
||||
# run for never-implemented key types.
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/7915
|
||||
PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
|
||||
# We never test with DH key support disabled but support
|
||||
# for a DH group enabled. The dependencies of these test
|
||||
# cases don't really make sense.
|
||||
@ -265,12 +249,6 @@ class CoverageTask(outcome_analysis.CoverageTask):
|
||||
# https://github.com/Mbed-TLS/mbedtls/issues/9592
|
||||
'PSA sign DETERMINISTIC_ECDSA(SHA_256): !ECDSA but DETERMINISTIC_ECDSA with ECC_KEY_PAIR(SECP_R1)', #pylint: disable=line-too-long
|
||||
],
|
||||
'test_suite_psa_crypto_storage_format.current': [
|
||||
PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
|
||||
],
|
||||
'test_suite_psa_crypto_storage_format.v0': [
|
||||
PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
|
||||
],
|
||||
'tls13-misc': [
|
||||
# Disabled due to OpenSSL bug.
|
||||
# https://github.com/openssl/openssl/issues/10714
|
||||
|
@ -2690,13 +2690,6 @@ requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
|
||||
run_test_psa_force_curve "brainpoolP256r1"
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_224
|
||||
run_test_psa_force_curve "secp224r1"
|
||||
## SECP224K1 is buggy via the PSA API
|
||||
## (https://github.com/Mbed-TLS/mbedtls/issues/3541),
|
||||
## so it is disabled in PSA even when it's enabled in Mbed TLS.
|
||||
## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but
|
||||
## dependencies on PSA symbols in ssl-opt.sh are not implemented yet.
|
||||
#requires_config_enabled PSA_WANT_ECC_SECP_K1_224
|
||||
#run_test_psa_force_curve "secp224k1"
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_R1_192
|
||||
run_test_psa_force_curve "secp192r1"
|
||||
requires_config_enabled PSA_WANT_ECC_SECP_K1_192
|
||||
|
@ -3595,11 +3595,6 @@ void elliptic_curve_get_properties()
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224);
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
TEST_AVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
|
||||
#else
|
||||
TEST_UNAVAILABLE_ECC(20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224);
|
||||
#endif
|
||||
#if defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
TEST_AVAILABLE_ECC(19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192);
|
||||
#else
|
||||
|
@ -1 +1 @@
|
||||
Subproject commit e95def83c262522fd0c78b89837b218ac839138a
|
||||
Subproject commit c78da5a1e7fd503685f28b18e17756a38f10444e
|
Loading…
x
Reference in New Issue
Block a user