This commit removes tcp_client.pl and removes it from ssl-opt.sh as it
has been replaced by test_suite_ssl.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes obsolete Travis CI scripts that are no longer
required due to the transition to a publically available CI image.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes Docker CI scripts from the repository as they are no
longer necessary with CI images being publically available.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
In particular, if interruptible ECDSA is supported but not the deterministic
variant, detect this in psa_sign_hash_start(), whereas before start() would
succeed and psa_sign_hash_complete() would fail. This avoids an
inconsistency between psa_sign_hash() and psa_sign_hash_start() that would
be annoying to handle in test_suite_psa_crypto_op_fail.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.
In this commit:
* Add manually written not-supported test cases for the signature
operation when exactly one variant is supported.
* Add manually written positive test cases for the verification
operation when exactly one variant is supported.
* Register that !ECDSA but DETERMINISTIC_ECDSA is not tested yet
(https://github.com/Mbed-TLS/mbedtls/issues/9592).
A commit in the framework will take care of automatically generated test cases.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Following "PSA sign/verify: more uniform error on an unsupported hash", some
error cases are detected earlier, so there is some sloppiness in test case
dependencies that is not longer acceptable.
* In test_suite_psa_crypto, one test case for a hash+sign algorithm now
returns NOT_SUPPORTED rather than INVALID_ARGUMENT when the hash is not
supported and the key is invalid.
* In test_suite_psa_crypto_se_driver_hal_mocks, some test cases now error
out before reaching the mocks rather than after when they attempt to
use an unsupported hash.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Allow imports of an ECC public key on an unsupported curve to return
INVALID_ARGUMENT rather than NOT_SUPPORTED. This can happen in our library
code in edge cases when only certain curve families are supported, and it's
acceptable.
The new code does not trigger yet, but it will be useful for a future commit
"Do run not-supported test cases on not-implemented mechanisms"
(forward port of 995d7d4c15406b0a115cadf3f5ec69becafdf20f).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The paths to this header in clean: targets were missed previously when
changing paths to reflect the move of the header to the framework.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The function mbedtls_test_hook_error_add() is declared in the library
but supplied by test helpers in framework/tests/src, so it is undefined
in library-only builds. This messes up our checks for missing symbols,
so disable MBEDTLS_TEST_HOOKS when we are building to check missing
symbols.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
These are not moving to the framework, so their paths are fine to stay
as they are, undo the update done through global search-replace.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
These need to include from the framework path as this is where most test
helpers have been moved to.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Everything not TLS-related and not ALT-interface-related has been moved
out of tests/src and tests/include and into the framework.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This commit fixes an issue in the GCM shared buffer test case where
input data could be of length 0 and an adequate buffer was not
allocated.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit adds test cases for input and output buffer overlap. The
data for the test cases is a duplicate of existing encrypt/decrypt test
cases.
The two test functions gcm_<encrypt/decrypt>_input_output_buffer_overlap
are modified to use a single malloc buffer rounded to the nearest
128-bits/16-bytes for input and output.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This fixes accesses to uninitialized memory in test code if
`psa_crypto_init()` fails.
A lot of those were pointed out by Coverity. I quickly reviewed all calls to
`MD_PSA_INIT()` manually, rather than follow any particular list.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The existing check only took care of CONFIG_H. This was both not enough
and too much:
- not enough because config.py can also modify CRYPTO_CONFIG_H and we
want to know about it just as much as CONFIG_H;
- too much because CONFIG_H does not exist in tf-psa-crypto.
Check a list of files instead of a single one, and adjust that list.
Also update an outdated comment about Makefiles
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In preparation for adding tf-psa-crypto/test/scripts/all.sh which will
run from tf-psa-crypto.
Use paths relative to the currently sourced file when including common
files (ie, those that will soon be moved to the framework). Otherwise,
use paths relative to the current directory, aka project's root.
Document that test/script/all.sh must be invoked from the project's root
(that was already the case, but implicit so far).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Skip 6144-bit and 8192-bit FFDH tests in MSan or Valgrind test
configurations. These test cases are slow and sometimes trigger GnuTLS's
built-in timeout (which cannot be configured until more recent versions).
Resolves#9742.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
generate_test_code.py doesn't support UTF-8 in .function files (but does
in .data files) when run in a non-UTF-8 locale with Python <=3.6.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Run the function on a few different curves with shorter, just-right and
larger buffer sizes. Perform some basic sanity checks on the output (which
is random).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
