Skip to content

Move tests/data_files to data_files in framework #18

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 239 commits into from
Jul 9, 2024
Merged

Move tests/data_files to data_files in framework #18

merged 239 commits into from
Jul 9, 2024

Conversation

@davidhorstmann-arm
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm commented May 9, 2024
edited
Loading

Move tests/data_files to the framework with history. Partial fix for #17.

daantimmer and others added 16 commits October 18, 2023 16:15
@daantimmer
Use CMAKE_C_SIMULATE_ID when available to determine compiler
3766a32 
Signed-off-by: Daan Timmer <[email protected]>
@gilles-peskine-arm
Guard configuration-specific code
c6d2df8 
A large block of code is only reachable if MBEDTLS_PK_USE_PSA_EC_DATA is
enabled, i.e. if MBEDTLS_USE_PSA_CRYPTO is enabled with driver-only ECC.
Compilers are likely to figure it out, but still, for clarity and
robustness, do guard that block of code with the appropriate conditional
compilation guard.

Signed-off-by: Gilles Peskine <[email protected]>
@Troy-Butler
Fix NULL argument handling in mbedtls_xxx_free() functions
9ac3e23 
Signed-off-by: Troy-Butler <[email protected]>
@Troy-Butler
Fix NULL handling in mbedtls_ssl_config.free() function
da73abc 
Signed-off-by: Troy-Butler <[email protected]>
@tom-daubney-arm
Modify component_test_tls1_2_default_stream_cipher_only_use_psa
b8cbbe7 
Replace relevant Mbed TLS API config options with their PSA
API equivalents.

Signed-off-by: Thomas Daubney <[email protected]>
@tom-daubney-arm
Modify component_test_tls1_2_deafult_cbc_legacy_cipher_only_use_psa
6258621 
Replace relevant Mbed TLS API config options with their PSA
API equivalents.

Signed-off-by: Thomas Daubney <[email protected]>
@tom-daubney-arm
Modify component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_u…
ff33abd 
…se_psa

Replace relevant Mbed TLS API config options with their PSA
API equivalents.

Signed-off-by: Thomas Daubney <[email protected]>
@andre-rosa
Add invalid padding_len check in get_pkcs_padding
30666d4 
When trying to decrypt data with an invalid key, we found that `mbedtls`
returned `0x6200` (`-25088`), which means "_CIPHER - Input data contains
invalid padding and is rejected_" from `mbedtls_cipher_finish`, but it also
set the output len as `18446744073709551516`.

In case we detect an error with padding, we leave the output len zero'ed
and return `MBEDTLS_ERR_CIPHER_INVALID_PADDING`. I believe that the current
test cases are sufficient, as they fail if I return the alternative code
`MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA`, so they do already expect a padding
failure, but now we don't change the output len in the error case.

Here's a reference for the way `openssl` checks the padding length:
  - https://github.com/openssl/openssl/blob/1848c561ec39a9ea91ff1bf740a554be274f98b0/crypto/evp/evp_enc.c#L1023
  - openssl/openssl@b554eef

Signed-off-by: Andre Goddard Rosa <[email protected]>
Signed-off-by: Andre Goddard Rosa <[email protected]>
@andre-rosa
Remove unnecessary cast
d0a1691 
Signed-off-by: Andre Goddard Rosa <[email protected]>
Signed-off-by: Andre Goddard Rosa <[email protected]>
@tom-daubney-arm
Restore Mbed TLS style AEAD options for now
1ca1f3d 
Signed-off-by: Thomas Daubney <[email protected]>
@ronald-cron-arm
Update framework submodule
72b9800 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
Extend basic checks of files to framework files
1e05deb 
Signed-off-by: Ronald Cron <[email protected]>
@andre-rosa
Add check ensuring output is set to the least-harmful value in error …
043aa9e 
…cases

With the robustness fix:
`PASSED (125 suites, 26639 tests run)`

Without the robustness fix:
`FAILED (125 suites, 26639 tests run)`

Signed-off-by: Andre Goddard Rosa <[email protected]>
Signed-off-by: Andre Goddard Rosa <[email protected]>
@ronald-cron-arm
Extend C code style check to framework files
62a908d 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
Do not use --recurse-submodules
7661aa0 
On the CI, the git version when running on
Ubuntu 16.04 is 2.7 and it does not support
the "--recurse-submodules" option of
"git ls-files" thus do not use it.

Another argument to not use it is that
when TF-PSA-Crypto will be a submodule of
mbedtls we will not want check_files.py to
check the TF-PSA-Crypto files as well.

Signed-off-by: Ronald Cron <[email protected]>
@tom-daubney-arm
Restore toggling of MBEDTLS_CIPHER_MODE_CBC
67338c0 
Signed-off-by: Thomas Daubney <[email protected]>
@davidhorstmann-arm davidhorstmann-arm force-pushed the dev/davidhorstmann-arm/add-test-data-files branch from 0ca171b to eed2d9a Compare May 9, 2024 14:43
@davidhorstmann-arm davidhorstmann-arm mentioned this pull request May 9, 2024
Merged
4 tasks
tom-daubney-arm and others added 10 commits May 14, 2024 16:09
@tom-daubney-arm
Remove non- _use_psa versions of components
5f2595a 
Signed-off-by: Thomas Daubney <[email protected]>
@tom-daubney-arm
Remove _use_psa suffix from remaining components
b7c624d 
Signed-off-by: Thomas Daubney <[email protected]>
@tom-daubney-arm
Fix typo
69ca57e 
Signed-off-by: Thomas Daubney <[email protected]>
Silence gcc 12.2.0 warning
5da4b7d 
Unfortunately this compiler complains about a variable potentially being
used un-initialized.  Silence the warning by initializing it to a sane
default.

Signed-off-by: Patrick Wildt <[email protected]>
@tom-daubney-arm
Change the way CBC is set
8f83ba0 
Signed-off-by: Thomas Daubney <[email protected]>
@tom-daubney-arm
Add additional CCM unset
a8004f2 
Signed-off-by: Thomas Daubney <[email protected]>
@ttytm
fix typo
27098b4 
Signed-off-by: Turiiya <[email protected]>
@gilles-peskine-arm
ssl-opt.sh, compat.sh: Error out if not executing any tests
39c5207 
Alert if all tests are filtered out or skipped: that probably indicates a
test script that set up an unintended configuration or an overly strict
filter. You can pass `--min 0` to bypass this check. You can pass `--min`
with a larger value to require that many test cases to run.

Signed-off-by: Gilles Peskine <[email protected]>
@valeriosetti
adjust_legacy_crypto: enable CIPHER_C when PSA CMAC is builtin
a37ea26 
psa_crypto_mac.c uses mbedtls_cipher_xxx() functions to perform
CMAC operations. Therefore we need to enable CIPHER_C when
PSA CMAC is builtin.

Signed-off-by: Valerio Setti <[email protected]>
@ronald-cron-arm
Update framework submodule to the merge of PR #15
680bee4 
Signed-off-by: Ronald Cron <[email protected]>
ronald-cron-arm and others added 19 commits July 3, 2024 13:09
@ronald-cron-arm
Merge pull request #9172 from gilles-peskine-arm/test_suite_config-bo…
5e3c529 
…oleans

Report configuration settings in the outcome file
@gilles-peskine-arm
Merge pull request #9082 from andre-rosa/check-overflow-when-reading-…
94f0768 
…padding-len-on-aes-128-cbc-decryption

Add invalid `padding_len` check in `get_pkcs_padding`
@gilles-peskine-arm
Merge pull request #9170 from eleuzi01/replace-mbedtls-md-can-sha224
4a17523 
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
@valeriosetti
tests_suite_debug: fix psa initialization
3a994b7 
Since MD_OR_USE_PSA_INIT() can fail and jump to the "exit"
label it should be placed after all initializations has been
done. This issue was discovered by Coverity testing.

Signed-off-by: Valerio Setti <[email protected]>
@ronald-cron-arm
Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160
45aa4d5 
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
@tom-cosgrove-arm
Merge pull request #9345 from valeriosetti/fix-coverity
97e0028 
tests_suite_debug: fix psa initialization
@ronald-cron-arm
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
2cf41a2 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
@eleuzi01
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
e8cd45c 
Signed-off-by: Elena Uziunaite <[email protected]>
@eleuzi01
Replace MBEDTLS_MD_CAN_SHA3_512 in md.h
9567fd1 
Signed-off-by: Elena Uziunaite <[email protected]>
@ronald-cron-arm
Merge pull request #9214 from eleuzi01/replace-mbedtls-md-can-sha3-512
cd90695 
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
@gilles-peskine-arm
Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-c…
c971d80 
…cm_star-iv_length_enforcement

psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
@gilles-peskine-arm
Merge pull request #9139 from bluerise/silence
e290234 
Silence gcc 12.2.0 warning
@gilles-peskine-arm
Merge pull request #8983 from Troy-Butler/handle-null-args
4efd164 
Fix NULL argument handling in mbedtls_xxx_free() functions
@eleuzi01
Replace MBEDTLS_MD_CAN_SHA3_256 with PSA_WANT_ALG_SHA3_256
2fbe012 
Signed-off-by: Elena Uziunaite <[email protected]>
@eleuzi01
Replace MBEDTLS_MD_CAN_SHA3_256 in md.h
583c933 
Signed-off-by: Elena Uziunaite <[email protected]>
@gilles-peskine-arm
Merge pull request #9212 from eleuzi01/replace-mbedtls-md-can-sha3-256
675e150 
Replace MBEDTLS_MD_CAN_SHA3_256 with PSA_WANT_ALG_SHA3_256
@davidhorstmann-arm
Move some files to framework repository
7fee5fb 
Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Merge branch 'tmp-branch-move-files-to-framework' into dev/davidhorst…
cb7dfe8 
…mann-arm/add-test-data-files
@davidhorstmann-arm
Update paths in generate_test_cert_macros.py
1b173ae 
Tell the test certificate generation script to get the jinja template
from, and output the resulting header to, the framework repo.

Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm davidhorstmann-arm force-pushed the dev/davidhorstmann-arm/add-test-data-files branch from fd307a9 to 1b173ae Compare July 5, 2024 14:51
@davidhorstmann-arm
Copy link
Contributor Author

Rebased by doing the following actions:

  • Recreate the file-move commit on top of latest development from mbedtls and the latest main from the framework
  • Cherry-pick one commit from the existing branch. There were no conflicts.

ronald-cron-arm
ronald-cron-arm approved these changes Jul 8, 2024
View reviewed changes
Copy link
Contributor

@ronald-cron-arm ronald-cron-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tom-daubney-arm tom-daubney-arm added approved Design and code approved - may be waiting for CI or backports and removed needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review labels Jul 8, 2024
tom-daubney-arm
tom-daubney-arm approved these changes Jul 8, 2024
View reviewed changes
Copy link
Contributor

@tom-daubney-arm tom-daubney-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks!

@ronald-cron-arm
Copy link
Contributor

Validated by the CI of #9249 (dev) and #9375 (3.6), merging.

@ronald-cron-arm ronald-cron-arm merged commit 8853c84 into main Jul 9, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ronald-cron-arm ronald-cron-arm ronald-cron-arm approved these changes

+1 more reviewer

@tom-daubney-arm tom-daubney-arm tom-daubney-arm approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

approved Design and code approved - may be waiting for CI or backports

Projects

No open projects
Roadmap Board for Mbed TLS
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.