Merge pull request #9762 from Harry-Ramsey/update-gcm-doc-3.6
[Backport 3.6] Fix doc on GCM API
diff --git a/.gitignore b/.gitignore
index 6068cbc..2917cfb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -35,6 +35,7 @@
# Unix-like build artifacts:
*.o
+*.s
# MSVC build artifacts:
*.exe
diff --git a/BRANCHES.md b/BRANCHES.md
index 9d5d779..cf86a9d 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -107,7 +107,7 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-3.6`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6)
maintained until March 2027, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.1>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.2>.
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until the end of 2024, see
<https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.9>.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 6aed3d3..c6d31dc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -40,12 +40,12 @@
if(TEST_CPP)
project("Mbed TLS"
LANGUAGES C CXX
- VERSION 3.6.1
+ VERSION 3.6.2
)
else()
project("Mbed TLS"
LANGUAGES C
- VERSION 3.6.1
+ VERSION 3.6.2
)
endif()
@@ -229,7 +229,21 @@
set(CMAKE_C_FLAGS_RELEASE "-O2")
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
- set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ # Old GCC versions hit a performance problem with test_suite_pkwrite
+ # "Private keey write check EC" tests when building with Asan+UBSan
+ # and -O3: those tests take more than 100x time than normal, with
+ # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
+ # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
+ # GCC 7.5 and above on Ubuntu 18.04 appear fine.
+ # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0.
+ # It doesn't slow down much even with modern compiler versions.
+ if (GCC_VERSION VERSION_LESS 7.0)
+ message(STATUS "USING O2")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O2")
+ else()
+ message(STATUS "USING O3")
+ set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3")
+ endif()
set(CMAKE_C_FLAGS_ASANDBG "-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
set(CMAKE_C_FLAGS_TSAN "-fsanitize=thread -O3")
set(CMAKE_C_FLAGS_TSANDBG "-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls")
@@ -301,7 +315,11 @@
endif()
if (NOT EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt")
- message(FATAL_ERROR "${CMAKE_CURRENT_SOURCE_DIR}/framework/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+ if (EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/.git/")
+ message(FATAL_ERROR "${CMAKE_CURRENT_SOURCE_DIR}CMakeLists.txt not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+ else ()
+ message(FATAL_ERROR "${CMAKE_CURRENT_SOURCE_DIR}/CMakeLists.txt not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub.")
+ endif()
endif()
add_subdirectory(framework)
@@ -314,7 +332,7 @@
add_subdirectory(pkgconfig)
#
-# The C files in tests/src directory contain test code shared among test suites
+# The C files in framework/tests/src directory contain test code shared among test suites
# and programs. This shared test code is compiled and linked to test suites and
# programs objects as a set of compiled objects. The compiled objects are NOT
# built into a library that the test suite and program objects would link
@@ -330,23 +348,24 @@
if(ENABLE_TESTING OR ENABLE_PROGRAMS)
file(GLOB MBEDTLS_TEST_FILES
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/*.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
if(GEN_FILES)
add_custom_command(
OUTPUT
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h
+ ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/tests
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py"
"--output"
- "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h"
+ "${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/framework/scripts/generate_test_keys.py
)
- add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h)
+ add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/src/test_keys.h)
add_custom_command(
OUTPUT
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
@@ -364,6 +383,7 @@
add_dependencies(mbedtls_test test_keys_header test_certs_header)
endif()
target_include_directories(mbedtls_test
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
@@ -374,6 +394,7 @@
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
target_include_directories(mbedtls_test_helpers
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
@@ -452,7 +473,7 @@
write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion
- VERSION 3.6.1)
+ VERSION 3.6.2)
install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
diff --git a/ChangeLog b/ChangeLog
index 8eb43fe..ec94776 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,16 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.6.2 branch released 2024-10-14
+
+Security
+ * Fix a buffer underrun in mbedtls_pk_write_key_der() when
+ called on an opaque key, MBEDTLS_USE_PSA_CRYPTO is enabled,
+ and the output buffer is smaller than the actual output.
+ Fix a related buffer underrun in mbedtls_pk_write_key_pem()
+ when called on an opaque RSA key, MBEDTLS_USE_PSA_CRYPTO is enabled
+ and MBEDTLS_MPI_MAX_SIZE is smaller than needed for a 4096-bit RSA key.
+ CVE-2024-49195
+
= Mbed TLS 3.6.1 branch released 2024-08-30
API changes
@@ -2599,9 +2610,9 @@
fit into the record buffer. Previously, such extensions were silently
dropped. As a consequence, the TLS handshake now fails when the output
buffer is not large enough to hold the ClientHello.
- * The unit tests now rely on header files in tests/include/test and source
- files in tests/src. When building with make or cmake, the files in
- tests/src are compiled and the resulting object linked into each test
+ * The unit tests now rely on header files in framework/tests/include/test and source
+ files in framework/tests/src. When building with make or cmake, the files in
+ framework/tests/src are compiled and the resulting object linked into each test
executable.
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
diff --git a/ChangeLog.d/9302.txt b/ChangeLog.d/9302.txt
new file mode 100644
index 0000000..d61ba19
--- /dev/null
+++ b/ChangeLog.d/9302.txt
@@ -0,0 +1,6 @@
+Features
+ * Added new configuration option MBEDTLS_PSA_STATIC_KEY_SLOTS, which
+ uses static storage for keys, enabling malloc-less use of key slots.
+ The size of each buffer is given by the option
+ MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE. By default it accommodates the
+ largest PSA key enabled in the build.
diff --git a/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt
new file mode 100644
index 0000000..69c00e1
--- /dev/null
+++ b/ChangeLog.d/mbedtls_psa_ecp_generate_key-no_public_key.txt
@@ -0,0 +1,3 @@
+Changes
+ * Improve performance of PSA key generation with ECC keys: it no longer
+ computes the public key (which was immediately discarded). Fixes #9732.
diff --git a/ChangeLog.d/psa_util-bits-0.txt b/ChangeLog.d/psa_util-bits-0.txt
new file mode 100644
index 0000000..9aa70ad
--- /dev/null
+++ b/ChangeLog.d/psa_util-bits-0.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix undefined behavior in some cases when mbedtls_psa_raw_to_der() or
+ mbedtls_psa_der_to_raw() is called with bits=0.
diff --git a/ChangeLog.d/replace-close-with-mbedtls_net_close.txt b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
new file mode 100644
index 0000000..213cf55
--- /dev/null
+++ b/ChangeLog.d/replace-close-with-mbedtls_net_close.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Use 'mbedtls_net_close' instead of 'close' in 'mbedtls_net_bind'
+ and 'mbedtls_net_connect' to prevent possible double close fd
+ problems. Fixes #9711.
diff --git a/Makefile b/Makefile
index e4d98c9..4615a44 100644
--- a/Makefile
+++ b/Makefile
@@ -6,11 +6,16 @@
ifeq (,$(wildcard framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
- define error_message
-$(MBEDTLS_PATH)/framework/exported.make not found.
-Run `git submodule update --init` to fetch the submodule contents.
+ ifeq (,$(wildcard .git))
+ define error_message
+${MBEDTLS_PATH}/framework/exported.make not found (and does appear to be a git checkout). Run `git submodule update --init` from the source tree to fetch the submodule contents.
This is a fatal error
- endef
+ endef
+ else
+ define error_message
+${MBEDTLS_PATH}/framework/exported.make not found (and does not appear to be a git checkout). Please ensure you have downloaded the right archive from the release page on GitHub.
+ endef
+ endif
$(error $(error_message))
endif
include framework/exported.make
@@ -202,8 +207,8 @@
include/*/*.h \
library/*.[hc] \
programs/*/*.[hc] \
- tests/include/*/*.h tests/include/*/*/*.h \
- tests/src/*.c tests/src/*/*.c \
+ framework/tests/include/*/*.h framework/tests/include/*/*/*.h \
+ framework/tests/src/*.c framework/tests/src/*/*.c \
tests/suites/*.function \
)
# Exuberant-ctags invocation. Other ctags implementations may require different options.
@@ -217,5 +222,5 @@
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc
cscope: cscope.in.out cscope.po.out cscope.out
cscope.in.out cscope.po.out cscope.out: $(C_SOURCE_FILES)
- cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Itests/include $(C_SOURCE_FILES)
+ cscope -bq -u -Iinclude -Ilibrary $(patsubst %,-I%,$(wildcard 3rdparty/*/include)) -Iframework/tests/include $(C_SOURCE_FILES)
.PHONY: cscope global
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index 0954602..3421354 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -78,7 +78,7 @@
* [ ] PSA Crypto API draft, if not already done — [PSA standardization](#psa-standardization)
* [ ] `include/psa/crypto_values.h` or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros)
-* [ ] `include/psa/crypto_config.h`, `tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols)
+* [ ] `include/psa/crypto_config.h`, `tests/configs/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols)
* Occasionally `library/check_crypto_config.h` — [Preprocessor symbols](#preprocessor-symbols)
* [ ] `include/mbedtls/config_psa.h` — [Preprocessor symbols](#preprocessor-symbols)
* [ ] `library/psa_crypto.c`, `library/psa_crypto_*.[hc]` — [Implementation of the mechanisms](#implementation-of-the-mechanisms)
@@ -128,7 +128,7 @@
* If `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`.
* if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols.
* For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`.
-* For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols.
+* For the testing of the driver dispatch code, `tests/configs/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols.
For more details, see *[Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS](../proposed/psa-conditional-inclusion-c.html)*.
diff --git a/docs/architecture/psa-keystore-design.md b/docs/architecture/psa-keystore-design.md
index cdd2cac..be082a8 100644
--- a/docs/architecture/psa-keystore-design.md
+++ b/docs/architecture/psa-keystore-design.md
@@ -67,7 +67,7 @@
There are three variants of the key store implementation, responding to different needs.
* Hybrid key store ([static key slots](#static-key-store) with dynamic key data): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Key material is allocated on the heap. This is the historical implementation. It remains the default in the Mbed TLS 3.6 long-time support (LTS) branch when using a handwritten `mbedtls_config.h`, as is common on resource-constrained platforms, because the alternatives have tradeoffs (key size limit and larger RAM usage at rest for the static key store, larger code size and more risk due to code complexity for the dynamic key store).
-* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.2): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
+* Fully [static key store](#static-key-store) (since Mbed TLS 3.6.3): the key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. Each key slot contains the key representation directly, and the key representation must be no more than `MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE` bytes. This is intended for very constrained devices that do not have a heap.
* [Dynamic key store](#dynamic-key-store) (since Mbed TLS 3.6.1): the key store is dynamically allocated as multiple slices on the heap, with a size that adjusts to the application's usage. Key material is allocated on the heap. Compared to the hybrid key store, the code size and RAM consumption are larger. This is intended for higher-end devices where applications are not expected to have a highly predicatable resource usage. This is the default implementation when using the default `mbedtls_config.h` file, as is common on platforms such as Linux, starting with Mbed TLS 3.6.1.
#### Future improvement: merging the key store variants
@@ -95,7 +95,7 @@
The static key store is the historical implementation. The key store is a statically allocated array of slots, of size `MBEDTLS_PSA_KEY_SLOT_COUNT`. This value is an upper bound for the total number of volatile keys plus loaded keys.
-Since Mbed TLS 3.6.2, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
+Since Mbed TLS 3.6.3, there are two variants for the static key store: a hybrid variant (default), and a fully-static variant enabled by the configuration option `MBEDTLS_PSA_STATIC_KEY_SLOTS`. The two variants have the same key store management: the only difference is in how the memory for key data is managed. With fully static key slots, the key data is directly inside the slot, and limited to `MBEDTLS_PSA_KEY_SLOT_BUFFER_SIZE` bytes. With the hybrid key store, the slot contains a pointer to the key data, which is allocated on the heap.
#### Volatile key identifiers in the static key store
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index aa825ad..90bbb33 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -43,7 +43,7 @@
- C header files defining the types required by the driver description. The names of these header files are declared in the driver description file.
- An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled.
-The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `tests/src/drivers`.
+The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
### Process for Entry Points where auto-generation is not implemented
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 740bb19..d872818 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -10,7 +10,7 @@
*/
/**
- * @mainpage Mbed TLS v3.6.1 API Documentation
+ * @mainpage Mbed TLS v3.6.2 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 2a82820..281f062 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "Mbed TLS v3.6.1"
+PROJECT_NAME = "Mbed TLS v3.6.2"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/framework b/framework
index 1de0641..50d074d 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 1de0641e789d3c38b3ce99d7922002992cbe816c
+Subproject commit 50d074d09d899263ca76213ca4de2cc3ccb4cfd3
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 8242ec6..d91d296 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 6
-#define MBEDTLS_VERSION_PATCH 1
+#define MBEDTLS_VERSION_PATCH 2
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03060100
-#define MBEDTLS_VERSION_STRING "3.6.1"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.1"
+#define MBEDTLS_VERSION_NUMBER 0x03060200
+#define MBEDTLS_VERSION_STRING "3.6.2"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.6.2"
/* Macros for build-time platform detection */
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index c80e286..aec5050 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -741,6 +741,11 @@
#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG"
#endif
+#if defined(MBEDTLS_PSA_KEY_STORE_DYNAMIC) && \
+ defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+#error "MBEDTLS_PSA_KEY_STORE_DYNAMIC and MBEDTLS_PSA_STATIC_KEY_SLOTS cannot be defined simultaneously"
+#endif
+
#if defined(MBEDTLS_PSA_ITS_FILE_C) && \
!defined(MBEDTLS_FS_IO)
#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites"
diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h
index 20fd687..6c64e3e 100644
--- a/include/mbedtls/entropy.h
+++ b/include/mbedtls/entropy.h
@@ -17,12 +17,13 @@
#include "md.h"
-#if defined(MBEDTLS_MD_CAN_SHA512) && !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA512) || defined(PSA_WANT_ALG_SHA_512)) && \
+ !defined(MBEDTLS_ENTROPY_FORCE_SHA256)
#define MBEDTLS_ENTROPY_SHA512_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA512
#define MBEDTLS_ENTROPY_BLOCK_SIZE 64 /**< Block size of entropy accumulator (SHA-512) */
#else
-#if defined(MBEDTLS_MD_CAN_SHA256)
+#if (defined(MBEDTLS_MD_CAN_SHA256) || defined(PSA_WANT_ALG_SHA_256))
#define MBEDTLS_ENTROPY_SHA256_ACCUMULATOR
#define MBEDTLS_ENTROPY_MD MBEDTLS_MD_SHA256
#define MBEDTLS_ENTROPY_BLOCK_SIZE 32 /**< Block size of entropy accumulator (SHA-256) */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index bd3f71d..ebc9276 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -3269,6 +3269,26 @@
#define MBEDTLS_PSA_ITS_FILE_C
/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOTS
+ *
+ * Statically preallocate memory to store keys' material in PSA instead
+ * of allocating it dynamically when required. This allows builds without a
+ * heap, if none of the enabled cryptographic implementations or other features
+ * require it.
+ * This feature affects both volatile and persistent keys which means that
+ * it's not possible to persistently store a key which is larger than
+ * #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE.
+ *
+ * \note This feature comes with a (potentially) higher RAM usage since:
+ * - All the key slots are allocated no matter if they are used or not.
+ * - Each key buffer's length is #MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE bytes.
+ *
+ * Requires: MBEDTLS_PSA_CRYPTO_C
+ *
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOTS
+
+/**
* \def MBEDTLS_RIPEMD160_C
*
* Enable the RIPEMD-160 hash algorithm.
@@ -4069,6 +4089,19 @@
*/
//#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
+/**
+ * \def MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+ *
+ * Define the size (in bytes) of each static key buffer when
+ * #MBEDTLS_PSA_STATIC_KEY_SLOTS is set. If not
+ * explicitly defined then it's automatically guessed from available PSA keys
+ * enabled in the build through PSA_WANT_xxx symbols.
+ * If required by the application this parameter can be set to higher values
+ * in order to store larger objects (ex: raw keys), but please note that this
+ * will increase RAM usage.
+ */
+//#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 256
+
/* RSA OPTIONS */
//#define MBEDTLS_RSA_GEN_KEY_MIN_BITS 1024 /**< Minimum RSA key size that can be generated in bits (Minimum possible value is 128 bits) */
diff --git a/include/mbedtls/psa_util.h b/include/mbedtls/psa_util.h
index c78cc23..b898f1f 100644
--- a/include/mbedtls/psa_util.h
+++ b/include/mbedtls/psa_util.h
@@ -161,6 +161,16 @@
* \param[out] der_len On success it contains the amount of valid data
* (in bytes) written to \p der. It's undefined
* in case of failure.
+ *
+ * \note The behavior is undefined if \p der is null,
+ * even if \p der_size is 0.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p der_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if one of the
+ * numbers in the signature is 0.
*/
int mbedtls_ecdsa_raw_to_der(size_t bits, const unsigned char *raw, size_t raw_len,
unsigned char *der, size_t der_size, size_t *der_len);
@@ -177,6 +187,15 @@
* \param[out] raw_len On success it is updated with the amount of valid
* data (in bytes) written to \p raw. It's undefined
* in case of failure.
+ *
+ * \return 0 if successful.
+ * \return #MBEDTLS_ERR_ASN1_BUF_TOO_SMALL if \p raw_size
+ * is too small or if \p bits is larger than the
+ * largest supported curve.
+ * \return #MBEDTLS_ERR_ASN1_INVALID_DATA if the data in
+ * \p der is inconsistent with \p bits.
+ * \return An \c MBEDTLS_ERR_ASN1_xxx error code if
+ * \p der is malformed.
*/
int mbedtls_ecdsa_der_to_raw(size_t bits, const unsigned char *der, size_t der_len,
unsigned char *raw, size_t raw_size, size_t *raw_len);
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index d50d04e..b4df0e3 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -30,7 +30,7 @@
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* WARNING - state should only be accessed when holding the mutex lock in
- * tests/src/threading_helpers.c, otherwise corruption can occur.
+ * framework/tests/src/threading_helpers.c, otherwise corruption can occur.
* state will be 0 after a failed init or a free, and nonzero after a
* successful init. This field is for testing only and thus not considered
* part of the public API of Mbed TLS and may change without notice.*/
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index 0cf42c6..f48c087 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -32,6 +32,16 @@
#define MBEDTLS_PSA_KEY_SLOT_COUNT 32
#endif
+/* If the size of static key slots is not explicitly defined by the user, then
+ * set it to the maximum between PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE and
+ * PSA_CIPHER_MAX_KEY_LENGTH.
+ * See mbedtls_config.h for the definition. */
+#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#define MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE > PSA_CIPHER_MAX_KEY_LENGTH) ? \
+ PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE : PSA_CIPHER_MAX_KEY_LENGTH)
+#endif /* !MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE*/
+
/** \addtogroup attributes
* @{
*/
diff --git a/include/psa/crypto_sizes.h b/include/psa/crypto_sizes.h
index 635ee98..87b8c39 100644
--- a/include/psa/crypto_sizes.h
+++ b/include/psa/crypto_sizes.h
@@ -1038,6 +1038,10 @@
PSA_KEY_EXPORT_FFDH_PUBLIC_KEY_MAX_SIZE(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
+ ((PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
+ PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE)
+
/** Sufficient output buffer size for psa_raw_key_agreement().
*
* This macro returns a compile-time constant if its arguments are
@@ -1085,6 +1089,27 @@
#define PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE PSA_BITS_TO_BYTES(PSA_VENDOR_FFDH_MAX_KEY_BITS)
#endif
+/** Maximum key length for ciphers.
+ *
+ * Since there is no additional PSA_WANT_xxx symbol to specifiy the size of
+ * the key once a cipher is enabled (as it happens for asymmetric keys for
+ * example), the maximum key length is taken into account for each cipher.
+ * The resulting value will be the maximum cipher's key length given depending
+ * on which ciphers are enabled.
+ *
+ * Note: max value for AES used below would be doubled if XTS were enabled, but
+ * this mode is currently not supported in Mbed TLS implementation of PSA
+ * APIs.
+ */
+#if (defined(PSA_WANT_KEY_TYPE_AES) || defined(PSA_WANT_KEY_TYPE_ARIA) || \
+ defined(PSA_WANT_KEY_TYPE_CAMELLIA) || defined(PSA_WANT_KEY_TYPE_CHACHA20))
+#define PSA_CIPHER_MAX_KEY_LENGTH 32u
+#elif defined(PSA_WANT_KEY_TYPE_DES)
+#define PSA_CIPHER_MAX_KEY_LENGTH 24u
+#else
+#define PSA_CIPHER_MAX_KEY_LENGTH 0u
+#endif
+
/** The default IV size for a cipher algorithm, in bytes.
*
* The IV that is generated as part of a call to #psa_cipher_encrypt() is always
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index e4d8f0d..4be9a54 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -166,11 +166,11 @@
${CMAKE_CURRENT_BINARY_DIR}/ssl_debug_helpers_generated.c
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
--mbedtls-root ${CMAKE_CURRENT_SOURCE_DIR}/..
${CMAKE_CURRENT_BINARY_DIR}
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/../scripts/generate_ssl_debug_helpers.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ssl_debug_helpers.py
${error_headers}
)
@@ -300,7 +300,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.1 SOVERSION 16)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.6.2 SOVERSION 16)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET ${everest_target})
@@ -312,11 +312,11 @@
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.1 SOVERSION 7)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.6.2 SOVERSION 7)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.1 SOVERSION 21)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.6.2 SOVERSION 21)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/Makefile b/library/Makefile
index 388fcea..eb3b901 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -337,6 +337,10 @@
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+.c.s:
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -S -o $@ -c $<
+
.PHONY: generated_files
generated_files: $(GENERATED_FILES)
@@ -355,11 +359,11 @@
echo " Gen $@"
$(PERL) ../scripts/generate_errors.pl
-ssl_debug_helpers_generated.c: $(gen_file_dep) ../scripts/generate_ssl_debug_helpers.py
+ssl_debug_helpers_generated.c: $(gen_file_dep) ../framework/scripts/generate_ssl_debug_helpers.py
ssl_debug_helpers_generated.c: $(gen_file_dep) $(filter-out %config%,$(wildcard ../include/mbedtls/*.h))
ssl_debug_helpers_generated.c:
echo " Gen $@"
- $(PYTHON) ../scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
+ $(PYTHON) ../framework/scripts/generate_ssl_debug_helpers.py --mbedtls-root .. .
version_features.c: $(gen_file_dep) ../scripts/generate_features.pl
version_features.c: $(gen_file_dep) ../scripts/data_files/version_features.fmt
@@ -387,12 +391,13 @@
clean:
ifndef WINDOWS
- rm -f *.o libmbed*
- rm -f $(THIRDPARTY_CRYPTO_OBJECTS)
+ rm -f *.o *.s libmbed*
+ rm -f $(THIRDPARTY_CRYPTO_OBJECTS) $(THIRDPARTY_CRYPTO_OBJECTS:.o=.s)
else
if exist *.o del /Q /F *.o
+ if exist *.s del /Q /F *.s
if exist libmbed* del /Q /F libmbed*
- del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(THIRDPARTY_CRYPTO_OBJECTS))
+ del /Q /F del_errors_out_if_the_file_list_is_empty_but_not_if_a_file_does_not_exist $(subst /,\,$(THIRDPARTY_CRYPTO_OBJECTS) $(THIRDPARTY_CRYPTO_OBJECTS:.o=.s))
endif
neat: clean
diff --git a/library/net_sockets.c b/library/net_sockets.c
index ef89a88..bd5c47b 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -190,7 +190,7 @@
break;
}
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_CONNECT_FAILED;
}
@@ -237,13 +237,13 @@
n = 1;
if (setsockopt(ctx->fd, SOL_SOCKET, SO_REUSEADDR,
(const char *) &n, sizeof(n)) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_SOCKET_FAILED;
continue;
}
if (bind(ctx->fd, cur->ai_addr, MSVC_INT_CAST cur->ai_addrlen) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_BIND_FAILED;
continue;
}
@@ -251,7 +251,7 @@
/* Listen only makes sense for TCP */
if (proto == MBEDTLS_NET_PROTO_TCP) {
if (listen(ctx->fd, MBEDTLS_NET_LISTEN_BACKLOG) != 0) {
- close(ctx->fd);
+ mbedtls_net_close(ctx);
ret = MBEDTLS_ERR_NET_LISTEN_FAILED;
continue;
}
diff --git a/library/pk.c b/library/pk.c
index 3fe51ea..51f0c24 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -35,10 +35,6 @@
#include <limits.h>
#include <stdint.h>
-#define PSA_EXPORT_KEY_PAIR_OR_PUBLIC_MAX_SIZE \
- (PSA_EXPORT_KEY_PAIR_MAX_SIZE > PSA_EXPORT_PUBLIC_KEY_MAX_SIZE) ? \
- PSA_EXPORT_KEY_PAIR_MAX_SIZE : PSA_EXPORT_PUBLIC_KEY_MAX_SIZE
-
/*
* Initialise a mbedtls_pk_context
*/
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 5e009c5..2a69844 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -65,17 +65,21 @@
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (mbedtls_pk_get_type(pk) == MBEDTLS_PK_OPAQUE) {
uint8_t tmp[PSA_EXPORT_KEY_PAIR_MAX_SIZE];
- size_t len = 0, tmp_len = 0;
+ size_t tmp_len = 0;
if (psa_export_key(pk->priv_id, tmp, sizeof(tmp), &tmp_len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (tmp_len > (size_t) (*p - buf)) {
+ mbedtls_platform_zeroize(tmp, sizeof(tmp));
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= tmp_len;
memcpy(*p, tmp, tmp_len);
- len += tmp_len;
mbedtls_platform_zeroize(tmp, sizeof(tmp));
- return (int) len;
+ return (int) tmp_len;
}
#endif /* MBEDTLS_USE_PSA_CRYPTO */
return mbedtls_rsa_write_key(mbedtls_pk_rsa(*pk), buf, p);
@@ -125,6 +129,10 @@
if (psa_export_public_key(pk->priv_id, buf, sizeof(buf), &len) != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_BAD_INPUT_DATA;
}
+ /* Ensure there's enough space in the provided buffer before copying data into it. */
+ if (len > (size_t) (*p - start)) {
+ return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ }
*p -= len;
memcpy(*p, buf, len);
return (int) len;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c4f41db..f0ccf3d 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -705,6 +705,11 @@
psa_status_t psa_allocate_buffer_to_slot(psa_key_slot_t *slot,
size_t buffer_length)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (buffer_length > ((size_t) MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)) {
+ return PSA_ERROR_NOT_SUPPORTED;
+ }
+#else
if (slot->key.data != NULL) {
return PSA_ERROR_ALREADY_EXISTS;
}
@@ -713,6 +718,7 @@
if (slot->key.data == NULL) {
return PSA_ERROR_INSUFFICIENT_MEMORY;
}
+#endif
slot->key.bytes = buffer_length;
return PSA_SUCCESS;
@@ -1177,11 +1183,18 @@
psa_status_t psa_remove_key_data_from_memory(psa_key_slot_t *slot)
{
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ if (slot->key.bytes > 0) {
+ mbedtls_platform_zeroize(slot->key.data, MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE);
+ }
+#else
if (slot->key.data != NULL) {
mbedtls_zeroize_and_free(slot->key.data, slot->key.bytes);
}
slot->key.data = NULL;
+#endif /* MBEDTLS_PSA_STATIC_KEY_SLOTS */
+
slot->key.bytes = 0;
return PSA_SUCCESS;
@@ -2096,7 +2109,7 @@
* storage ( thus not in the case of importing a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the imported key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (psa_key_lifetime_is_external(attributes->lifetime)) {
status = psa_driver_wrapper_get_key_buffer_size_from_key_data(
attributes, data, data_length, &storage_size);
@@ -8013,7 +8026,7 @@
* storage ( thus not in the case of generating a key in a secure element
* with storage ( MBEDTLS_PSA_CRYPTO_SE_C ) ),we have to allocate a
* buffer to hold the generated key material. */
- if (slot->key.data == NULL) {
+ if (slot->key.bytes == 0) {
if (PSA_KEY_LIFETIME_GET_LOCATION(attributes->lifetime) ==
PSA_KEY_LOCATION_LOCAL_STORAGE) {
status = psa_validate_key_type_and_size_for_key_generation(
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 21e7559..df0ee50 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -155,7 +155,11 @@
/* Dynamically allocated key data buffer.
* Format as specified in psa_export_key(). */
struct key_data {
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+ uint8_t data[MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE];
+#else
uint8_t *data;
+#endif
size_t bytes;
} key;
} psa_key_slot_t;
diff --git a/library/psa_crypto_ecp.c b/library/psa_crypto_ecp.c
index 95baff6..48b90ef 100644
--- a/library/psa_crypto_ecp.c
+++ b/library/psa_crypto_ecp.c
@@ -321,38 +321,36 @@
const psa_key_attributes_t *attributes,
uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
-
psa_ecc_family_t curve = PSA_KEY_TYPE_ECC_GET_FAMILY(
attributes->type);
mbedtls_ecp_group_id grp_id =
mbedtls_ecc_group_from_psa(curve, attributes->bits);
-
- const mbedtls_ecp_curve_info *curve_info =
- mbedtls_ecp_curve_info_from_grp_id(grp_id);
- mbedtls_ecp_keypair ecp;
-
- if (grp_id == MBEDTLS_ECP_DP_NONE || curve_info == NULL) {
+ if (grp_id == MBEDTLS_ECP_DP_NONE) {
return PSA_ERROR_NOT_SUPPORTED;
}
+ mbedtls_ecp_keypair ecp;
mbedtls_ecp_keypair_init(&ecp);
- ret = mbedtls_ecp_gen_key(grp_id, &ecp,
- mbedtls_psa_get_random,
- MBEDTLS_PSA_RANDOM_STATE);
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+
+ ret = mbedtls_ecp_group_load(&ecp.grp, grp_id);
if (ret != 0) {
- mbedtls_ecp_keypair_free(&ecp);
- return mbedtls_to_psa_error(ret);
+ goto exit;
}
- status = mbedtls_to_psa_error(
- mbedtls_ecp_write_key_ext(&ecp, key_buffer_length,
- key_buffer, key_buffer_size));
+ ret = mbedtls_ecp_gen_privkey(&ecp.grp, &ecp.d,
+ mbedtls_psa_get_random,
+ MBEDTLS_PSA_RANDOM_STATE);
+ if (ret != 0) {
+ goto exit;
+ }
+ ret = mbedtls_ecp_write_key_ext(&ecp, key_buffer_length,
+ key_buffer, key_buffer_size);
+
+exit:
mbedtls_ecp_keypair_free(&ecp);
-
- return status;
+ return mbedtls_to_psa_error(ret);
}
#endif /* MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index d7f5b18..433ecdc 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -21,9 +21,16 @@
#include <stdint.h>
#include <string.h>
-/* Limit the maximum key size in storage. This should have no effect
- * since the key size is limited in memory. */
+/* Limit the maximum key size in storage. */
+#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
+/* Reflect the maximum size for the key buffer. */
+#define PSA_CRYPTO_MAX_STORAGE_SIZE (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE)
+#else
+/* Just set an upper boundary but it should have no effect since the key size
+ * is limited in memory. */
#define PSA_CRYPTO_MAX_STORAGE_SIZE (PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS))
+#endif
+
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
diff --git a/library/psa_util.c b/library/psa_util.c
index 679d00e..014e648 100644
--- a/library/psa_util.c
+++ b/library/psa_util.c
@@ -440,6 +440,9 @@
unsigned char *p = der + der_size;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ if (bits == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
if (raw_len != (2 * coordinate_len)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
}
@@ -559,6 +562,9 @@
size_t coordinate_size = PSA_BITS_TO_BYTES(bits);
int ret;
+ if (bits == 0) {
+ return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ }
/* The output raw buffer should be at least twice the size of a raw
* coordinate in order to store r and s. */
if (raw_size < coordinate_size * 2) {
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 78ec3bd..7495ae3 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -11,6 +11,7 @@
#define MBEDTLS_SSL_MISC_H
#include "mbedtls/build_info.h"
+#include "common.h"
#include "mbedtls/error.h"
@@ -47,7 +48,7 @@
#include "ssl_ciphersuites_internal.h"
#include "x509_internal.h"
#include "pk_internal.h"
-#include "common.h"
+
/* Shorthand for restartable ECC */
#if defined(MBEDTLS_ECP_RESTARTABLE) && \
diff --git a/library/threading.c b/library/threading.c
index 85db243..fde7cea 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -61,7 +61,7 @@
* this here in a thread safe manner without a significant performance
* hit, so state transitions are checked in tests only via the state
* variable. Please make sure any new mutex that gets added is exercised in
- * tests; see tests/src/threading_helpers.c for more details. */
+ * tests; see framework/tests/src/threading_helpers.c for more details. */
(void) pthread_mutex_init(&mutex->mutex, NULL);
}
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index 4d4c890..192d4fe 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -6,7 +6,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index effaf8a..b73f36b 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -6,7 +6,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index f5358ff..9953dce 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -40,7 +40,8 @@
endif()
add_executable(${exe} ${exe_sources})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if (NOT FUZZINGENGINE_LIB)
target_link_libraries(${exe} ${libs})
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index 0ad974d..44805b2 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -8,7 +8,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index defbe28..c315601 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -7,7 +7,7 @@
foreach(exe IN LISTS executables_mbedtls)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
set(executables_mbedcrypto
@@ -35,7 +35,7 @@
foreach(exe IN LISTS executables_mbedcrypto)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index a6933a6..48094f5 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -30,7 +30,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index f0c7825..e6b9226 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -7,7 +7,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 02010d8..1a9e75e 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -41,7 +41,8 @@
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
if(GEN_FILES)
add_dependencies(${exe} generate_query_config_c)
@@ -53,7 +54,8 @@
if(THREADS_FOUND)
add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
- target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
endif(THREADS_FOUND)
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 929f83d..ec68730 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -109,7 +109,7 @@
#define DFL_SRTP_MKI ""
#define DFL_KEY_OPAQUE_ALG "none"
-#define GET_REQUEST "GET %s HTTP/1.0\r\nExtra-header: "
+#define GET_REQUEST "GET %s HTTP/1.0\r\nHost: %s\r\nExtra-header: "
#define GET_REQUEST_END "\r\n\r\n"
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
@@ -727,7 +727,7 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len, tail_len, request_size;
- ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page);
+ ret = mbedtls_snprintf((char *) buf, buf_size, GET_REQUEST, opt.request_page, opt.server_name);
if (ret < 0) {
return ret;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 0edadd4..9cee43f 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -359,8 +359,6 @@
goto exit;
}
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
exit:
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 1670b94..70d827b 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -76,7 +76,7 @@
endif()
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
${extra_sources})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library)
if(exe STREQUAL "query_compile_time_config")
target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index d876e9a..f39cb54 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -261,7 +261,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0);
@@ -277,7 +277,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0);
@@ -293,7 +293,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_free(&mutex);
@@ -307,7 +307,7 @@
mbedtls_threading_mutex_t mutex;
mbedtls_mutex_init(&mutex);
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_init(&mutex);
@@ -323,7 +323,7 @@
mbedtls_mutex_init(&mutex);
mbedtls_mutex_free(&mutex);
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_free(&mutex);
@@ -338,7 +338,7 @@
mbedtls_mutex_init(&mutex);
#endif
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
}
@@ -361,7 +361,7 @@
* - "msan": triggers MSan (Memory Sanitizer).
* - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS,
* which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test
- * framework (see tests/src/threading_helpers.c).
+ * framework (see framework/tests/src/threading_helpers.c).
*/
const char *platform;
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index 7213f8a..43d2e8c 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -938,8 +938,6 @@
}
- exit_code = MBEDTLS_EXIT_SUCCESS;
-
exit:
#ifdef MBEDTLS_ERROR_C
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index 264d941..76e7c68 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -11,7 +11,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index a09813c..18a6520 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -15,7 +15,7 @@
foreach(exe IN LISTS executables)
add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
target_link_libraries(cert_app ${mbedtls_target})
diff --git a/scripts/common.make b/scripts/common.make
index 439f13d..0e92a66 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -21,8 +21,12 @@
WARNING_CXXFLAGS ?= -Wall -Wextra -Wformat=2 -Wno-format-nonliteral -std=c++11 -pedantic
LDFLAGS ?=
-LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include -I$(MBEDTLS_PATH)/include -D_FILE_OFFSET_BITS=64
-LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
+LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
+ -I$(MBEDTLS_PATH)/framework/tests/include \
+ -I$(MBEDTLS_PATH)/include \
+ -D_FILE_OFFSET_BITS=64
+LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) $(LOCAL_CFLAGS)
+
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \
@@ -123,12 +127,13 @@
endif
# Auxiliary modules used by tests and some sample programs
-MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
- ${MBEDTLS_TEST_PATH}/src/*.c \
- ${MBEDTLS_TEST_PATH}/src/drivers/*.c \
+MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
+ ${MBEDTLS_PATH}/framework/tests/src/*.c \
+ ${MBEDTLS_PATH}/framework/tests/src/drivers/*.c \
))
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
+ ${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \
))
diff --git a/scripts/config.py b/scripts/config.py
index bb4a22c..ef13062 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -110,6 +110,8 @@
'MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN', # build dependency (clang+memsan)
'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers)
'MBEDTLS_X509_REMOVE_INFO', # removes a feature
+ 'MBEDTLS_PSA_STATIC_KEY_SLOTS', # only relevant for embedded devices
+ 'MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE', # only relevant for embedded devices
])
def is_seamless_alt(name):
diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt
index 781e72a..b75a9ab 100644
--- a/scripts/data_files/error.fmt
+++ b/scripts/data_files/error.fmt
@@ -152,8 +152,4 @@
#endif /* MBEDTLS_ERROR_C */
-#if defined(MBEDTLS_TEST_HOOKS)
-void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
-#endif
-
#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */
diff --git a/scripts/generate_ssl_debug_helpers.py b/scripts/generate_ssl_debug_helpers.py
deleted file mode 100755
index 600d160..0000000
--- a/scripts/generate_ssl_debug_helpers.py
+++ /dev/null
@@ -1,416 +0,0 @@
-#!/usr/bin/env python3
-
-"""Generate library/ssl_debug_helpers_generated.c
-
-The code generated by this module includes debug helper functions that can not be
-implemented by fixed codes.
-
-"""
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-import sys
-import re
-import os
-import textwrap
-import argparse
-
-import framework_scripts_path # pylint: disable=unused-import
-from mbedtls_framework import build_tree
-
-
-def remove_c_comments(string):
- """
- Remove C style comments from input string
- """
- string_pattern = r"(?P<string>\".*?\"|\'.*?\')"
- comment_pattern = r"(?P<comment>/\*.*?\*/|//[^\r\n]*$)"
- pattern = re.compile(string_pattern + r'|' + comment_pattern,
- re.MULTILINE | re.DOTALL)
-
- def replacer(match):
- if match.lastgroup == 'comment':
- return ""
- return match.group()
- return pattern.sub(replacer, string)
-
-
-class CondDirectiveNotMatch(Exception):
- pass
-
-
-def preprocess_c_source_code(source, *classes):
- """
- Simple preprocessor for C source code.
-
- Only processes condition directives without expanding them.
- Yield object according to the classes input. Most match firstly
-
- If the directive pair does not match , raise CondDirectiveNotMatch.
-
- Assume source code does not include comments and compile pass.
-
- """
-
- pattern = re.compile(r"^[ \t]*#[ \t]*" +
- r"(?P<directive>(if[ \t]|ifndef[ \t]|ifdef[ \t]|else|endif))" +
- r"[ \t]*(?P<param>(.*\\\n)*.*$)",
- re.MULTILINE)
- stack = []
-
- def _yield_objects(s, d, p, st, end):
- """
- Output matched source piece
- """
- nonlocal stack
- start_line, end_line = '', ''
- if stack:
- start_line = '#{} {}'.format(d, p)
- if d == 'if':
- end_line = '#endif /* {} */'.format(p)
- elif d == 'ifdef':
- end_line = '#endif /* defined({}) */'.format(p)
- else:
- end_line = '#endif /* !defined({}) */'.format(p)
- has_instance = False
- for cls in classes:
- for instance in cls.extract(s, st, end):
- if has_instance is False:
- has_instance = True
- yield pair_start, start_line
- yield instance.span()[0], instance
- if has_instance:
- yield start, end_line
-
- for match in pattern.finditer(source):
-
- directive = match.groupdict()['directive'].strip()
- param = match.groupdict()['param']
- start, end = match.span()
-
- if directive in ('if', 'ifndef', 'ifdef'):
- stack.append((directive, param, start, end))
- continue
-
- if not stack:
- raise CondDirectiveNotMatch()
-
- pair_directive, pair_param, pair_start, pair_end = stack.pop()
- yield from _yield_objects(source,
- pair_directive,
- pair_param,
- pair_end,
- start)
-
- if directive == 'endif':
- continue
-
- if pair_directive == 'if':
- directive = 'if'
- param = "!( {} )".format(pair_param)
- elif pair_directive == 'ifdef':
- directive = 'ifndef'
- param = pair_param
- else:
- directive = 'ifdef'
- param = pair_param
-
- stack.append((directive, param, start, end))
- assert not stack, len(stack)
-
-
-class EnumDefinition:
- """
- Generate helper functions around enumeration.
-
- Currently, it generate translation function from enum value to string.
- Enum definition looks like:
- [typedef] enum [prefix name] { [body] } [suffix name];
-
- Known limitation:
- - the '}' and ';' SHOULD NOT exist in different macro blocks. Like
- ```
- enum test {
- ....
- #if defined(A)
- ....
- };
- #else
- ....
- };
- #endif
- ```
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- enum_pattern = re.compile(r'enum\s*(?P<prefix_name>\w*)\s*' +
- r'{\s*(?P<body>[^}]*)}' +
- r'\s*(?P<suffix_name>\w*)\s*;',
- re.MULTILINE | re.DOTALL)
-
- for match in enum_pattern.finditer(source_code, start, end):
- yield EnumDefinition(source_code,
- span=match.span(),
- group=match.groupdict())
-
- def __init__(self, source_code, span=None, group=None):
- assert isinstance(group, dict)
- prefix_name = group.get('prefix_name', None)
- suffix_name = group.get('suffix_name', None)
- body = group.get('body', None)
- assert prefix_name or suffix_name
- assert body
- assert span
- # If suffix_name exists, it is a typedef
- self._prototype = suffix_name if suffix_name else 'enum ' + prefix_name
- self._name = suffix_name if suffix_name else prefix_name
- self._body = body
- self._source = source_code
- self._span = span
-
- def __repr__(self):
- return 'Enum({},{})'.format(self._name, self._span)
-
- def __str__(self):
- return repr(self)
-
- def span(self):
- return self._span
-
- def generate_translation_function(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
-
- for line in self._body.splitlines():
-
- if line.strip().startswith('#'):
- # Preprocess directive, keep it in table
- translation_table.append(line.strip())
- continue
-
- if not line.strip():
- continue
-
- for field in line.strip().split(','):
- if not field.strip():
- continue
- member = field.strip().split()[0]
- translation_table.append(
- '{space}case {member}:\n{space} return "{member}";'
- .format(member=member, space=' '*8)
- )
-
- body = textwrap.dedent('''\
- const char *{name}_str( {prototype} in )
- {{
- switch (in) {{
- {translation_table}
- default:
- return "UNKNOWN_VALUE";
- }}
- }}
- ''')
- body = body.format(translation_table='\n'.join(translation_table),
- name=self._name,
- prototype=self._prototype)
- return body
-
-
-class SignatureAlgorithmDefinition:
- """
- Generate helper functions for signature algorithms.
-
- It generates translation function from signature algorithm define to string.
- Signature algorithm definition looks like:
- #define MBEDTLS_TLS1_3_SIG_[ upper case signature algorithm ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- sig_alg_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_TLS1_3_SIG_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(sig_alg_pattern.finditer(source_code, start, end))
- if matches:
- yield SignatureAlgorithmDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'SigAlgs({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- return_val = name[len('MBEDTLS_TLS1_3_SIG_'):].lower()
- translation_table.append(
- ' case {}:\n return "{}";'.format(name, return_val))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_sig_alg_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-class NamedGroupDefinition:
- """
- Generate helper functions for named group
-
- It generates translation function from named group define to string.
- Named group definition looks like:
- #define MBEDTLS_SSL_IANA_TLS_GROUP_[ upper case named group ] [ value(hex) ]
-
- Known limitation:
- - the definitions SHOULD exist in same macro blocks.
- """
-
- @classmethod
- def extract(cls, source_code, start=0, end=-1):
- named_group_pattern = re.compile(r'#define\s+(?P<name>MBEDTLS_SSL_IANA_TLS_GROUP_\w+)\s+' +
- r'(?P<value>0[xX][0-9a-fA-F]+)$',
- re.MULTILINE | re.DOTALL)
- matches = list(named_group_pattern.finditer(source_code, start, end))
- if matches:
- yield NamedGroupDefinition(source_code, definitions=matches)
-
- def __init__(self, source_code, definitions=None):
- if definitions is None:
- definitions = []
- assert isinstance(definitions, list) and definitions
- self._definitions = definitions
- self._source = source_code
-
- def __repr__(self):
- return 'NamedGroup({})'.format(self._definitions[0].span())
-
- def span(self):
- return self._definitions[0].span()
-
- def __str__(self):
- """
- Generate function for translating value to string
- """
- translation_table = []
- for m in self._definitions:
- name = m.groupdict()['name']
- iana_name = name[len('MBEDTLS_SSL_IANA_TLS_GROUP_'):].lower()
- translation_table.append(' case {}:\n return "{}";'.format(name, iana_name))
-
- body = textwrap.dedent('''\
- const char *mbedtls_ssl_named_group_to_str( uint16_t in )
- {{
- switch( in )
- {{
- {translation_table}
- }};
-
- return "UNKNOWN";
- }}''')
- body = body.format(translation_table='\n'.join(translation_table))
- return body
-
-
-OUTPUT_C_TEMPLATE = '''\
-/* Automatically generated by generate_ssl_debug_helpers.py. DO NOT EDIT. */
-
-/**
- * \\file ssl_debug_helpers_generated.c
- *
- * \\brief Automatically generated helper functions for debugging
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-#include "common.h"
-
-#if defined(MBEDTLS_DEBUG_C)
-
-#include "ssl_debug_helpers.h"
-
-{functions}
-
-#endif /* MBEDTLS_DEBUG_C */
-/* End of automatically generated file. */
-
-'''
-
-
-def generate_ssl_debug_helpers(output_directory, mbedtls_root):
- """
- Generate functions of debug helps
- """
- mbedtls_root = os.path.abspath(
- mbedtls_root or build_tree.guess_mbedtls_root())
- with open(os.path.join(mbedtls_root, 'include/mbedtls/ssl.h')) as f:
- source_code = remove_c_comments(f.read())
-
- definitions = dict()
- for start, instance in preprocess_c_source_code(source_code,
- EnumDefinition,
- SignatureAlgorithmDefinition,
- NamedGroupDefinition):
- if start in definitions:
- continue
- if isinstance(instance, EnumDefinition):
- definition = instance.generate_translation_function()
- else:
- definition = instance
- definitions[start] = definition
-
- function_definitions = [str(v) for _, v in sorted(definitions.items())]
- if output_directory == sys.stdout:
- sys.stdout.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
- else:
- with open(os.path.join(output_directory, 'ssl_debug_helpers_generated.c'), 'w') as f:
- f.write(OUTPUT_C_TEMPLATE.format(
- functions='\n'.join(function_definitions)))
-
-
-def main():
- """
- Command line entry
- """
- parser = argparse.ArgumentParser()
- parser.add_argument('--mbedtls-root', nargs='?', default=None,
- help='root directory of mbedtls source code')
- parser.add_argument('output_directory', nargs='?',
- default='library', help='source/header files location')
-
- args = parser.parse_args()
-
- generate_ssl_debug_helpers(args.output_directory, args.mbedtls_root)
- return 0
-
-
-if __name__ == '__main__':
- sys.exit(main())
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index a0dfc57..bc1d502 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -25,10 +25,12 @@
my $mbedtls_header_dir = 'include/mbedtls';
my $psa_header_dir = 'include/psa';
my $source_dir = 'library';
-my $test_source_dir = 'tests/src';
-my $test_header_dir = 'tests/include/test';
-my $test_drivers_header_dir = 'tests/include/test/drivers';
-my $test_drivers_source_dir = 'tests/src/drivers';
+my $tls_test_source_dir = 'tests/src';
+my $tls_test_header_dir = 'tests/include/test';
+my $test_source_dir = 'framework/tests/src';
+my $test_header_dir = 'framework/tests/include/test';
+my $test_drivers_header_dir = 'framework/tests/include/test/drivers';
+my $test_drivers_source_dir = 'framework/tests/src/drivers';
my @thirdparty_header_dirs = qw(
3rdparty/everest/include/everest
@@ -49,6 +51,7 @@
3rdparty/everest/include/everest/vs2013
3rdparty/everest/include/everest/kremlib
tests/include
+ framework/tests/include
);
my $include_directories = join(';', map {"../../$_"} @include_directories);
@@ -104,8 +107,10 @@
&& -d $psa_header_dir
&& -d $source_dir
&& -d $test_source_dir
+ && -d $tls_test_source_dir
&& -d $test_drivers_source_dir
&& -d $test_header_dir
+ && -d $tls_test_header_dir
&& -d $test_drivers_header_dir
&& -d $programs_dir;
}
@@ -259,6 +264,7 @@
$mbedtls_header_dir,
$psa_header_dir,
$test_header_dir,
+ $tls_test_header_dir,
$test_drivers_header_dir,
$source_dir,
@thirdparty_header_dirs,
@@ -267,6 +273,7 @@
my @source_dirs = (
$source_dir,
$test_source_dir,
+ $tls_test_source_dir,
$test_drivers_source_dir,
@thirdparty_source_dirs,
);
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 19d5832..29687cb 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -13,7 +13,7 @@
perl scripts\generate_errors.pl || exit /b 1
perl scripts\generate_query_config.pl || exit /b 1
perl scripts\generate_features.pl || exit /b 1
-python scripts\generate_ssl_debug_helpers.py || exit /b 1
+python framework\scripts\generate_ssl_debug_helpers.py || exit /b 1
@rem @@@@ Build @@@@
perl scripts\generate_visualc_files.pl || exit /b 1
@@ -26,6 +26,6 @@
python framework\scripts\generate_config_tests.py || exit /b 1
python framework\scripts\generate_ecp_tests.py || exit /b 1
python framework\scripts\generate_psa_tests.py || exit /b 1
-python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
+python framework\scripts\generate_test_keys.py --output framework\tests\src\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
-python tests\scripts\generate_tls13_compat_tests.py || exit /b 1
+python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index b056ffd..32f1f86 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -78,10 +78,6 @@
echo
if [ "${RUN_ARMCC:-1}" -ne 0 ]; then
- : "${ARMC5_CC:=armcc}"
- print_version "$ARMC5_CC" "--vsn" "" "head -n 2"
- echo
-
: "${ARMC6_CC:=armclang}"
print_version "$ARMC6_CC" "--vsn" "" "head -n 2"
echo
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 0f68e40..c13d643 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -170,9 +170,9 @@
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
- "${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py"
+ "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py"
DEPENDS
- ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_tls13_compat_tests.py
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls13_compat_tests.py
)
add_custom_target(tls13-compat.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/tls13-compat.sh)
@@ -318,6 +318,7 @@
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library)
# Request C11, which is needed for memory poisoning tests
set_target_properties(test_suite_${data_name} PROPERTIES C_STANDARD 11)
diff --git a/tests/Makefile b/tests/Makefile
index 1fa3e9a..baeb7f7 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -53,14 +53,14 @@
GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
GENERATED_FILES = $(GENERATED_DATA_FILES)
-GENERATED_FILES += src/test_keys.h src/test_certs.h
+GENERATED_FILES += ../framework/tests/src/test_keys.h src/test_certs.h
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
-opt-testcases/tls13-compat.sh: scripts/generate_tls13_compat_tests.py
+opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
echo " Gen $@"
- $(PYTHON) scripts/generate_tls13_compat_tests.py -o $@
+ $(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@
GENERATED_FILES += opt-testcases/tls13-compat.sh
ssl-opt: opt-testcases/tls13-compat.sh
@@ -161,7 +161,7 @@
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
-src/test_keys.h: ../framework/scripts/generate_test_keys.py
+../framework/tests/src/test_keys.h: ../framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
@@ -170,16 +170,21 @@
# Explicitly depend on this header because on a clean copy of the source tree,
# it doesn't exist yet and must be generated as part of the build, and
# therefore the wildcard enumeration above doesn't include it.
-TEST_OBJS_DEPS += include/test/instrument_record_status.h
+TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
endif
-TEST_OBJS_DEPS += src/test_certs.h src/test_keys.h
+TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/src/test_keys.h
-# Rule to compile common test C files in src folder
-src/%.o : src/%.c $(TEST_OBJS_DEPS)
+# Rule to compile common test C files in framework
+../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
-src/drivers/%.o : src/drivers/%.c
+../framework/tests/src/drivers/%.o : ../framework/tests/src/drivers/%.c
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+
+# Rule to compile common test C files in src folder
+src/%.o : src/%.c $(TEST_OBJS_DEPS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
@@ -223,9 +228,10 @@
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax
- rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed*
- rm -f include/test/instrument_record_status.h
- rm -f include/alt-extra/*/*_alt.h
+ rm -f src/*.o src/test_helpers/*.o src/libmbed*
+ rm -f ../framework/tests/src/*.o ../framework/tests/src/drivers/*.o
+ rm -f ../framework/tests/include/test/instrument_record_status.h
+ rm -f ../framework/tests/include/alt-extra/*/*_alt.h
rm -rf libtestdriver1
rm -f ../library/libtestdriver1.a
else
@@ -233,10 +239,11 @@
if exist *.exe del /Q /F *.exe
if exist *.datax del /Q /F *.datax
if exist src/*.o del /Q /F src/*.o
- if exist src/drivers/*.o del /Q /F src/drivers/*.o
if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o
if exist src/libmbed* del /Q /F src/libmbed*
- if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
+ if exist ../framework/tests/src/*.o del /Q /F ../framework/tests/src/*.o
+ if exist ../framework/tests/src/drivers/*.o del /Q /F ../framework/tests/src/drivers/*.o
+ if exist ../framework/tests/include/test/instrument_record_status.h del /Q /F ../framework/tests/include/test/instrument_record_status.h
endif
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
@@ -246,7 +253,7 @@
test: check
# Generate variants of some headers for testing
-include/alt-extra/%_alt.h: ../include/%.h
+../framework/tests/include/alt-extra/%_alt.h: ../include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
# Generate test library
@@ -274,16 +281,16 @@
touch ./libtestdriver1/3rdparty/Makefile.inc
# Set the test driver base (minimal) configuration.
- cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
+ cp configs/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
# Set the PSA cryptography configuration for the test library.
# It is set from the copied include/psa/crypto_config.h of the Mbed TLS
# library the test library is intended to be linked with extended by
- # ./include/test/drivers/crypto_config_test_driver_extension.h to
- # mirror the PSA_ACCEL_* macros.
+ # configs/crypto_config_test_driver_extension.h to mirror the PSA_ACCEL_*
+ # macros.
mv ./libtestdriver1/include/psa/crypto_config.h ./libtestdriver1/include/psa/crypto_config.h.bak
head -n -1 ./libtestdriver1/include/psa/crypto_config.h.bak > ./libtestdriver1/include/psa/crypto_config.h
- cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h
+ cat configs/crypto_config_test_driver_extension.h >> ./libtestdriver1/include/psa/crypto_config.h
echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/include/psa/crypto_config.h
# Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as
@@ -296,7 +303,7 @@
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
-include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
+../framework/tests/include/test/instrument_record_status.h: ../include/psa/crypto.h Makefile
echo " Gen $@"
sed <../include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif
diff --git a/tests/compat.sh b/tests/compat.sh
index 52f75e0..22da5ee 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -290,7 +290,7 @@
# list of entries of the form "STANDARD_NAME=PROGRAM_NAME".
translate_ciphers()
{
- ciphers=$(scripts/translate_ciphers.py "$@")
+ ciphers=$(../framework/scripts/translate_ciphers.py "$@")
if [ $? -ne 0 ]; then
echo "translate_ciphers.py failed with exit code $1" >&2
echo "$2" >&2
diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/configs/config_test_driver.h
similarity index 100%
rename from tests/include/test/drivers/config_test_driver.h
rename to tests/configs/config_test_driver.h
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/configs/crypto_config_test_driver_extension.h
similarity index 92%
rename from tests/include/test/drivers/crypto_config_test_driver_extension.h
rename to tests/configs/crypto_config_test_driver_extension.h
index dac07ac..66378e7 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/configs/crypto_config_test_driver_extension.h
@@ -1,9 +1,24 @@
/**
- * This file is intended to be used to build PSA test driver libraries. It is
- * intended to be appended by the test build system to the crypto_config.h file
- * of the Mbed TLS library the test library will be linked to. It mirrors the
- * PSA_ACCEL_* macros defining the cryptographic operations the test library
- * supports.
+ * This file is intended to be used to build PSA external test driver
+ * libraries (libtestdriver1).
+ *
+ * It is intended to be appended by the test build system to the
+ * crypto_config.h file of the Mbed TLS library the test library will be
+ * linked to (see `tests/Makefile` libtestdriver1 target). This is done in
+ * order to insert it at the right time: after the main configuration
+ * (PSA_WANT) but before the logic that determines what built-ins to enable
+ * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros.
+ *
+ * It reverses the PSA_ACCEL_* macros defining the cryptographic operations
+ * that will be accelerated in the main library:
+ * - When something is accelerated in the main library, we need it supported
+ * in libtestdriver1, so we disable the accel macro in order to the built-in
+ * to be enabled.
+ * - When something is NOT accelerated in the main library, we don't need it
+ * in libtestdriver1, so we enable its accel macro in order to the built-in
+ * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the
+ * PSA_WANT macros as they need to be the same between libtestdriver1 and
+ * the main library, since they determine the ABI between the two.)
*/
#include "psa/crypto_legacy.h"
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 639496b..e187ae2 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -39,6 +39,7 @@
/* Use the accelerator driver for all cryptographic mechanisms for which
* the test driver implemented. */
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
diff --git a/tests/include/alt-extra/psa/crypto.h b/tests/include/alt-extra/psa/crypto.h
deleted file mode 100644
index 005f3ae..0000000
--- a/tests/include/alt-extra/psa/crypto.h
+++ /dev/null
@@ -1,7 +0,0 @@
-/* The goal of the include/alt-extra directory is to test what happens
- * if certain files come _after_ the normal include directory.
- * Make sure that if the alt-extra directory comes before the normal
- * directory (so we wouldn't be achieving our test objective), the build
- * will fail.
- */
-#error "The normal include directory must come first in the include path"
diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h
deleted file mode 100644
index 0a44275..0000000
--- a/tests/include/baremetal-override/time.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
deleted file mode 100644
index fdf3a2d..0000000
--- a/tests/include/spe/crypto_spe.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-/**
- * \file crypto_spe.h
- *
- * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
- * enabled, this header is included by all .c files in Mbed TLS that
- * use PSA Crypto function names. This avoids duplication of symbols
- * between TF-M and Mbed TLS.
- *
- * \note This file should be included before including any PSA Crypto headers
- * from Mbed TLS.
- */
-
-#ifndef CRYPTO_SPE_H
-#define CRYPTO_SPE_H
-
-#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
-
-#define psa_crypto_init \
- PSA_FUNCTION_NAME(psa_crypto_init)
-#define psa_key_derivation_get_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
-#define psa_key_derivation_set_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
-#define psa_key_derivation_input_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
-#define psa_key_derivation_output_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
-#define psa_key_derivation_input_key \
- PSA_FUNCTION_NAME(psa_key_derivation_input_key)
-#define psa_key_derivation_output_key \
- PSA_FUNCTION_NAME(psa_key_derivation_output_key)
-#define psa_key_derivation_setup \
- PSA_FUNCTION_NAME(psa_key_derivation_setup)
-#define psa_key_derivation_abort \
- PSA_FUNCTION_NAME(psa_key_derivation_abort)
-#define psa_key_derivation_key_agreement \
- PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
-#define psa_raw_key_agreement \
- PSA_FUNCTION_NAME(psa_raw_key_agreement)
-#define psa_generate_random \
- PSA_FUNCTION_NAME(psa_generate_random)
-#define psa_aead_encrypt \
- PSA_FUNCTION_NAME(psa_aead_encrypt)
-#define psa_aead_decrypt \
- PSA_FUNCTION_NAME(psa_aead_decrypt)
-#define psa_open_key \
- PSA_FUNCTION_NAME(psa_open_key)
-#define psa_close_key \
- PSA_FUNCTION_NAME(psa_close_key)
-#define psa_import_key \
- PSA_FUNCTION_NAME(psa_import_key)
-#define psa_destroy_key \
- PSA_FUNCTION_NAME(psa_destroy_key)
-#define psa_get_key_attributes \
- PSA_FUNCTION_NAME(psa_get_key_attributes)
-#define psa_reset_key_attributes \
- PSA_FUNCTION_NAME(psa_reset_key_attributes)
-#define psa_export_key \
- PSA_FUNCTION_NAME(psa_export_key)
-#define psa_export_public_key \
- PSA_FUNCTION_NAME(psa_export_public_key)
-#define psa_purge_key \
- PSA_FUNCTION_NAME(psa_purge_key)
-#define psa_copy_key \
- PSA_FUNCTION_NAME(psa_copy_key)
-#define psa_cipher_operation_init \
- PSA_FUNCTION_NAME(psa_cipher_operation_init)
-#define psa_cipher_generate_iv \
- PSA_FUNCTION_NAME(psa_cipher_generate_iv)
-#define psa_cipher_set_iv \
- PSA_FUNCTION_NAME(psa_cipher_set_iv)
-#define psa_cipher_encrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
-#define psa_cipher_decrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
-#define psa_cipher_update \
- PSA_FUNCTION_NAME(psa_cipher_update)
-#define psa_cipher_finish \
- PSA_FUNCTION_NAME(psa_cipher_finish)
-#define psa_cipher_abort \
- PSA_FUNCTION_NAME(psa_cipher_abort)
-#define psa_hash_operation_init \
- PSA_FUNCTION_NAME(psa_hash_operation_init)
-#define psa_hash_setup \
- PSA_FUNCTION_NAME(psa_hash_setup)
-#define psa_hash_update \
- PSA_FUNCTION_NAME(psa_hash_update)
-#define psa_hash_finish \
- PSA_FUNCTION_NAME(psa_hash_finish)
-#define psa_hash_verify \
- PSA_FUNCTION_NAME(psa_hash_verify)
-#define psa_hash_abort \
- PSA_FUNCTION_NAME(psa_hash_abort)
-#define psa_hash_clone \
- PSA_FUNCTION_NAME(psa_hash_clone)
-#define psa_hash_compute \
- PSA_FUNCTION_NAME(psa_hash_compute)
-#define psa_hash_compare \
- PSA_FUNCTION_NAME(psa_hash_compare)
-#define psa_mac_operation_init \
- PSA_FUNCTION_NAME(psa_mac_operation_init)
-#define psa_mac_sign_setup \
- PSA_FUNCTION_NAME(psa_mac_sign_setup)
-#define psa_mac_verify_setup \
- PSA_FUNCTION_NAME(psa_mac_verify_setup)
-#define psa_mac_update \
- PSA_FUNCTION_NAME(psa_mac_update)
-#define psa_mac_sign_finish \
- PSA_FUNCTION_NAME(psa_mac_sign_finish)
-#define psa_mac_verify_finish \
- PSA_FUNCTION_NAME(psa_mac_verify_finish)
-#define psa_mac_abort \
- PSA_FUNCTION_NAME(psa_mac_abort)
-#define psa_sign_hash \
- PSA_FUNCTION_NAME(psa_sign_hash)
-#define psa_verify_hash \
- PSA_FUNCTION_NAME(psa_verify_hash)
-#define psa_asymmetric_encrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
-#define psa_asymmetric_decrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
-#define psa_generate_key \
- PSA_FUNCTION_NAME(psa_generate_key)
-
-#endif /* CRYPTO_SPE_H */
diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h
deleted file mode 100644
index 6d267b6..0000000
--- a/tests/include/test/arguments.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * \file arguments.h
- *
- * \brief Manipulation of test arguments.
- *
- * Much of the code is in host_test.function, to be migrated here later.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_ARGUMENTS_H
-#define TEST_ARGUMENTS_H
-
-#include "mbedtls/build_info.h"
-#include <stdint.h>
-#include <stdlib.h>
-
-typedef union {
- size_t len;
- intmax_t sint;
-} mbedtls_test_argument_t;
-
-#endif /* TEST_ARGUMENTS_H */
diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h
deleted file mode 100644
index 2eb9171..0000000
--- a/tests/include/test/asn1_helpers.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/** Helper functions for tests that manipulate ASN.1 data.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef ASN1_HELPERS_H
-#define ASN1_HELPERS_H
-
-#include "test/helpers.h"
-
-/** Skip past an INTEGER in an ASN.1 buffer.
- *
- * Mark the current test case as failed in any of the following conditions:
- * - The buffer does not start with an ASN.1 INTEGER.
- * - The integer's size or parity does not match the constraints expressed
- * through \p min_bits, \p max_bits and \p must_be_odd.
- *
- * \param p Upon entry, `*p` points to the first byte of the
- * buffer to parse.
- * On successful return, `*p` points to the first byte
- * after the parsed INTEGER.
- * On failure, `*p` is unspecified.
- * \param end The end of the ASN.1 buffer.
- * \param min_bits Fail the test case if the integer does not have at
- * least this many significant bits.
- * \param max_bits Fail the test case if the integer has more than
- * this many significant bits.
- * \param must_be_odd Fail the test case if the integer is even.
- *
- * \return \c 0 if the test failed, otherwise 1.
- */
-int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd);
-
-#endif /* ASN1_HELPERS_H */
diff --git a/tests/include/test/bignum_codepath_check.h b/tests/include/test/bignum_codepath_check.h
deleted file mode 100644
index 3d72be1..0000000
--- a/tests/include/test/bignum_codepath_check.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/** Support for path tracking in optionally safe bignum functions
- *
- * The functions are called when an optionally safe path is taken and logs it with a single
- * variable. This variable is at any time in one of three states:
- * - MBEDTLS_MPI_IS_TEST: No optionally safe path has been taken since the last reset
- * - MBEDTLS_MPI_IS_SECRET: Only safe paths were teken since the last reset
- * - MBEDTLS_MPI_IS_PUBLIC: At least one unsafe path has been taken since the last reset
- *
- * Use a simple global variable to track execution path. Making it work with multithreading
- * isn't worth the effort as multithreaded tests add little to no value here.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef BIGNUM_CODEPATH_CHECK_H
-#define BIGNUM_CODEPATH_CHECK_H
-
-#include "bignum_core.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-
-extern int mbedtls_codepath_check;
-
-/**
- * \brief Setup the codepath test hooks used by optionally safe bignum functions to signal
- * the path taken.
- */
-void mbedtls_codepath_test_hooks_setup(void);
-
-/**
- * \brief Teardown the codepath test hooks used by optionally safe bignum functions to
- * signal the path taken.
- */
-void mbedtls_codepath_test_hooks_teardown(void);
-
-/**
- * \brief Reset the state of the codepath to the initial state.
- */
-static inline void mbedtls_codepath_reset(void)
-{
- mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
-}
-
-/** Check the codepath taken and fail if it doesn't match.
- *
- * When a function returns with an error, it can do so before reaching any interesting codepath. The
- * same can happen if a parameter to the function is zero. In these cases we need to allow
- * the codepath tracking variable to still have its initial "not set" value.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param path The expected codepath.
- * This expression may be evaluated multiple times.
- * \param ret The expected return value.
- * \param E The MPI parameter that can cause shortcuts.
- */
-#define ASSERT_BIGNUM_CODEPATH(path, ret, E) \
- do { \
- if ((ret) != 0 || (E).n == 0) { \
- TEST_ASSERT(mbedtls_codepath_check == (path) || \
- mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
- } else { \
- TEST_EQUAL(mbedtls_codepath_check, (path)); \
- } \
- } while (0)
-
-/** Check the codepath taken and fail if it doesn't match.
- *
- * When a function returns with an error, it can do so before reaching any interesting codepath. In
- * this case we need to allow the codepath tracking variable to still have its
- * initial "not set" value.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param path The expected codepath.
- * This expression may be evaluated multiple times.
- * \param ret The expected return value.
- */
-#define ASSERT_RSA_CODEPATH(path, ret) \
- do { \
- if ((ret) != 0) { \
- TEST_ASSERT(mbedtls_codepath_check == (path) || \
- mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
- } else { \
- TEST_EQUAL(mbedtls_codepath_check, (path)); \
- } \
- } while (0)
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-
-#endif /* BIGNUM_CODEPATH_CHECK_H */
diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h
deleted file mode 100644
index a5e49cb..0000000
--- a/tests/include/test/bignum_helpers.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * \file bignum_helpers.h
- *
- * \brief This file contains the prototypes of helper functions for
- * bignum-related testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_BIGNUM_HELPERS_H
-#define TEST_BIGNUM_HELPERS_H
-
-#include <mbedtls/build_info.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include <mbedtls/bignum.h>
-#include <bignum_mod.h>
-
-/** Allocate and populate a core MPI from a test case argument.
- *
- * This function allocates exactly as many limbs as necessary to fit
- * the length of the input. In other words, it preserves leading zeros.
- *
- * The limb array is allocated with mbedtls_calloc() and must later be
- * freed with mbedtls_free().
- *
- * \param[in,out] pX The address where a pointer to the allocated limb
- * array will be stored.
- * \c *pX must be null on entry.
- * On exit, \c *pX is null on error or if the number
- * of limbs is 0.
- * \param[out] plimbs The address where the number of limbs will be stored.
- * \param[in] input The test argument to read.
- * It is interpreted as a hexadecimal representation
- * of a non-negative integer.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
- const char *input);
-
-/** Read a modulus from a hexadecimal string.
- *
- * This function allocates exactly as many limbs as necessary to fit
- * the length of the input. In other words, it preserves leading zeros.
- *
- * The limb array is allocated with mbedtls_calloc() and must later be
- * freed with mbedtls_free(). You can do that by calling
- * mbedtls_test_mpi_mod_modulus_free_with_limbs().
- *
- * \param[in,out] N A modulus structure. It must be initialized, but
- * not set up.
- * \param[in] s The null-terminated hexadecimal string to read from.
- * \param int_rep The desired representation of residues.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
- const char *s,
- mbedtls_mpi_mod_rep_selector int_rep);
-
-/** Free a modulus and its limbs.
- *
- * \param[in] N A modulus structure such that there is no other
- * reference to `N->p`.
- */
-void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
-
-/** Read an MPI from a hexadecimal string.
- *
- * Like mbedtls_mpi_read_string(), but with tighter guarantees around
- * edge cases.
- *
- * - This function guarantees that if \p s begins with '-' then the sign
- * bit of the result will be negative, even if the value is 0.
- * When this function encounters such a "negative 0", it calls
- * mbedtls_test_increment_case_uses_negative_0().
- * - The size of the result is exactly the minimum number of limbs needed to fit
- * the digits in the input. In particular, this function constructs a bignum
- * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
- * string has sufficiently many leading 0 digits. This is important so that
- * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
- * claim.
- *
- * \param[out] X The MPI object to populate. It must be initialized.
- * \param[in] s The null-terminated hexadecimal string to read from.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#endif /* TEST_BIGNUM_HELPERS_H */
diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h
deleted file mode 100644
index c5658eb..0000000
--- a/tests/include/test/constant_flow.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * \file constant_flow.h
- *
- * \brief This file contains tools to ensure tested code has constant flow.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_CONSTANT_FLOW_H
-#define TEST_CONSTANT_FLOW_H
-
-#include "mbedtls/build_info.h"
-
-/*
- * This file defines the two macros
- *
- * #define TEST_CF_SECRET(ptr, size)
- * #define TEST_CF_PUBLIC(ptr, size)
- *
- * that can be used in tests to mark a memory area as secret (no branch or
- * memory access should depend on it) or public (default, only needs to be
- * marked explicitly when it was derived from secret data).
- *
- * Arguments:
- * - ptr: a pointer to the memory area to be marked
- * - size: the size in bytes of the memory area
- *
- * Implementation:
- * The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can
- * re-use tools that were designed for checking use of uninitialized memory.
- * This file contains two implementations: one based on MemorySanitizer, the
- * other on valgrind's memcheck. If none of them is enabled, dummy macros that
- * do nothing are defined for convenience.
- *
- * \note #TEST_CF_SECRET must be called directly from within a .function file,
- * not indirectly via a macro defined under tests/include or a function
- * under tests/src. This is because we only run Valgrind for constant
- * flow on test suites that have greppable annotations inside them (see
- * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`).
- */
-
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
-#include <sanitizer/msan_interface.h>
-
-/* Use macros to avoid messing up with origin tracking */
-#define TEST_CF_SECRET __msan_allocated_memory
-// void __msan_allocated_memory(const volatile void* data, size_t size);
-#define TEST_CF_PUBLIC __msan_unpoison
-// void __msan_unpoison(const volatile void *a, size_t size);
-
-#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
-#include <valgrind/memcheck.h>
-
-#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED
-// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len)
-#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED
-// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len)
-
-#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
- MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
-
-#define TEST_CF_SECRET(ptr, size)
-#define TEST_CF_PUBLIC(ptr, size)
-
-#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
- MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
-
-#endif /* TEST_CONSTANT_FLOW_H */
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
deleted file mode 100644
index a033e39..0000000
--- a/tests/include/test/drivers/aead.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Test driver for AEAD driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
-#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times AEAD driver functions are called. */
- unsigned long hits_encrypt;
- unsigned long hits_decrypt;
- unsigned long hits_encrypt_setup;
- unsigned long hits_decrypt_setup;
- unsigned long hits_set_nonce;
- unsigned long hits_set_lengths;
- unsigned long hits_update_ad;
- unsigned long hits_update;
- unsigned long hits_finish;
- unsigned long hits_verify;
- unsigned long hits_abort;
-
- /* Status returned by the last AEAD driver function call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_aead_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
-static inline mbedtls_test_driver_aead_hooks_t
-mbedtls_test_driver_aead_hooks_init(void)
-{
- const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
-
-psa_status_t mbedtls_test_transparent_aead_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
-
-psa_status_t mbedtls_test_transparent_aead_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
-
-psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_aead_set_nonce(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length);
-
-psa_status_t mbedtls_test_transparent_aead_set_lengths(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length);
-
-psa_status_t mbedtls_test_transparent_aead_update_ad(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_aead_update(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_aead_finish(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length);
-
-psa_status_t mbedtls_test_transparent_aead_verify(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length);
-
-psa_status_t mbedtls_test_transparent_aead_abort(
- mbedtls_transparent_test_driver_aead_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */
diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h
deleted file mode 100644
index 0ac7708..0000000
--- a/tests/include/test/drivers/asymmetric_encryption.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Test driver for asymmetric encryption.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
-#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-#include <psa/crypto.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the asymmetric_encryption driver
- functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_asymmetric_encryption_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 }
-
-static inline mbedtls_test_driver_asymmetric_encryption_hooks_t
-mbedtls_test_driver_asymmetric_encryption_hooks_init(void)
-{
- const mbedtls_test_driver_asymmetric_encryption_hooks_t v =
- MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_asymmetric_encryption_hooks_t
- mbedtls_test_driver_asymmetric_encryption_hooks;
-
-psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
deleted file mode 100644
index 2fe47e4..0000000
--- a/tests/include/test/drivers/cipher.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Test driver for cipher functions
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
-#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-#include <psa/crypto.h>
-
-#include "mbedtls/cipher.h"
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- psa_status_t forced_status_encrypt;
- psa_status_t forced_status_set_iv;
- /* Count the amount of times one of the cipher driver functions is called. */
- unsigned long hits;
- unsigned long hits_encrypt;
- unsigned long hits_set_iv;
-} mbedtls_test_driver_cipher_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \
- PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \
- 0, 0, 0 }
-static inline mbedtls_test_driver_cipher_hooks_t
-mbedtls_test_driver_cipher_hooks_init(void)
-{
- const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_cipher_abort(
- mbedtls_transparent_test_driver_cipher_operation_t *operation);
-
-psa_status_t mbedtls_test_transparent_cipher_set_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length);
-
-psa_status_t mbedtls_test_transparent_cipher_update(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_finish(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-/*
- * opaque versions
- */
-psa_status_t mbedtls_test_opaque_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_cipher_abort(
- mbedtls_opaque_test_driver_cipher_operation_t *operation);
-
-psa_status_t mbedtls_test_opaque_cipher_set_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length);
-
-psa_status_t mbedtls_test_opaque_cipher_update(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_finish(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
deleted file mode 100644
index ad48c45..0000000
--- a/tests/include/test/drivers/hash.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Test driver for hash driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
-#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times hash driver entry points are called. */
- unsigned long hits;
- /* Status returned by the last hash driver entry point call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_hash_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
-static inline mbedtls_test_driver_hash_hooks_t
-mbedtls_test_driver_hash_hooks_init(void)
-{
- const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
-
-psa_status_t mbedtls_test_transparent_hash_compute(
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length);
-
-psa_status_t mbedtls_test_transparent_hash_setup(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_hash_clone(
- const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation);
-
-psa_status_t mbedtls_test_transparent_hash_update(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_hash_finish(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length);
-
-psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */
diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h
deleted file mode 100644
index ca82b3a..0000000
--- a/tests/include/test/drivers/key_agreement.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Test driver for key agreement functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
-#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the signature driver functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_key_agreement_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline mbedtls_test_driver_key_agreement_hooks_t
-mbedtls_test_driver_key_agreement_hooks_init(void)
-{
- const mbedtls_test_driver_key_agreement_hooks_t
- v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_key_agreement_hooks_t
- mbedtls_test_driver_key_agreement_hooks;
-
-psa_status_t mbedtls_test_transparent_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length);
-
-psa_status_t mbedtls_test_opaque_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length);
-
-#endif /*PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
deleted file mode 100644
index 1d9bc43..0000000
--- a/tests/include/test/drivers/key_management.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
-#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
-#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the key management driver functions
- * is called. */
- unsigned long hits;
- /* Subset of hits which only counts public key export operations */
- unsigned long hits_export_public_key;
- /* Subset of hits which only counts key generation operations */
- unsigned long hits_generate_key;
- /* Location of the last key management driver called to import a key. */
- psa_key_location_t location;
-} mbedtls_test_driver_key_management_hooks_t;
-
-/* The location is initialized to the invalid value 0x800000. Invalid in the
- * sense that no PSA specification will assign a meaning to this location
- * (stated first in version 1.0.1 of the specification) and that it is not
- * used as a location of an opaque test drivers. */
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 }
-static inline mbedtls_test_driver_key_management_hooks_t
-mbedtls_test_driver_key_management_hooks_init(void)
-{
- const mbedtls_test_driver_key_management_hooks_t
- v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
- return v;
-}
-
-/*
- * In order to convert the plain text keys to Opaque, the size of the key is
- * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to
- * xor mangling the key. The pad prefix needs to be accounted for while
- * sizing for the key.
- */
-#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U
-#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \
- PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX)
-
-size_t mbedtls_test_opaque_size_function(
- const psa_key_type_t key_type,
- const size_t key_bits);
-
-extern mbedtls_test_driver_key_management_hooks_t
- mbedtls_test_driver_key_management_hooks;
-
-psa_status_t mbedtls_test_transparent_init(void);
-void mbedtls_test_transparent_free(void);
-psa_status_t mbedtls_test_opaque_init(void);
-void mbedtls_test_opaque_free(void);
-
-psa_status_t mbedtls_test_opaque_unwrap_key(
- const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer,
- size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t mbedtls_test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length);
-
-psa_status_t mbedtls_test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length);
-
-psa_status_t mbedtls_test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits);
-
-psa_status_t mbedtls_test_opaque_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits);
-
-psa_status_t mbedtls_test_opaque_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t mbedtls_test_opaque_copy_key(
- psa_key_attributes_t *attributes,
- const uint8_t *source_key,
- size_t source_key_length,
- uint8_t *target_key_buffer,
- size_t target_key_buffer_size,
- size_t *target_key_buffer_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
deleted file mode 100644
index d92eff9..0000000
--- a/tests/include/test/drivers/mac.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Test driver for MAC driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
-#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times MAC driver functions are called. */
- unsigned long hits;
- /* Status returned by the last MAC driver function call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_mac_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 }
-static inline mbedtls_test_driver_mac_hooks_t
-mbedtls_test_driver_mac_hooks_init(void)
-{
- const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks;
-
-psa_status_t mbedtls_test_transparent_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_sign_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_mac_verify_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_mac_update(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_mac_sign_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_verify_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation);
-
-psa_status_t mbedtls_test_opaque_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_sign_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_mac_verify_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_mac_update(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_opaque_mac_sign_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_verify_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */
diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h
deleted file mode 100644
index d292ca0..0000000
--- a/tests/include/test/drivers/pake.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Test driver for PAKE driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H
-#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* PAKE driver setup is executed on the first call to
- pake_output/pake_input (added to distinguish forced statuses). */
- psa_status_t forced_setup_status;
- /* Count the amount of times PAKE driver functions are called. */
- struct {
- unsigned long total;
- unsigned long setup;
- unsigned long input;
- unsigned long output;
- unsigned long implicit_key;
- unsigned long abort;
- } hits;
- /* Status returned by the last PAKE driver function call. */
- psa_status_t driver_status;
- /* Output returned by pake_output */
- void *forced_output;
- size_t forced_output_length;
-} mbedtls_test_driver_pake_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \
- NULL, 0 }
-static inline mbedtls_test_driver_pake_hooks_t
-mbedtls_test_driver_pake_hooks_init(void)
-{
- const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks;
-
-psa_status_t mbedtls_test_transparent_pake_setup(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- const psa_crypto_driver_pake_inputs_t *inputs);
-
-psa_status_t mbedtls_test_transparent_pake_output(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_pake_input(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_pake_abort(
- mbedtls_transparent_test_driver_pake_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
deleted file mode 100644
index 8c5703e..0000000
--- a/tests/include/test/drivers/signature.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Test driver for signature functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
-#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the signature driver functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_signature_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline mbedtls_test_driver_signature_hooks_t
-mbedtls_test_driver_signature_hooks_init(void)
-{
- const mbedtls_test_driver_signature_hooks_t
- v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_sign_hooks;
-extern mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_verify_hooks;
-
-psa_status_t mbedtls_test_transparent_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
deleted file mode 100644
index 74605d6..0000000
--- a/tests/include/test/drivers/test_driver.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Umbrella include for all of the test driver functionality
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVER_H
-#define PSA_CRYPTO_TEST_DRIVER_H
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#ifndef PSA_CRYPTO_DRIVER_PRESENT
-#define PSA_CRYPTO_DRIVER_PRESENT
-#endif
-#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#endif
-
-#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
-
-#include "test/drivers/aead.h"
-#include "test/drivers/cipher.h"
-#include "test/drivers/hash.h"
-#include "test/drivers/mac.h"
-#include "test/drivers/key_management.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/asymmetric_encryption.h"
-#include "test/drivers/key_agreement.h"
-#include "test/drivers/pake.h"
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
deleted file mode 100644
index e3e331d..0000000
--- a/tests/include/test/fake_external_rng_for_test.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Insecure but standalone implementation of mbedtls_psa_external_get_random().
- * Only for use in tests!
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
-#define FAKE_EXTERNAL_RNG_FOR_TEST_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** Enable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * The insecure implementation of mbedtls_psa_external_get_random() is
- * disabled by default.
- *
- * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
- * helpers are linked into a program, you must enable this before running any
- * code that uses the PSA subsystem to generate random data (including internal
- * random generation for purposes such as blinding when the random generation
- * is routed through PSA).
- *
- * You can enable and disable it at any time, regardless of the state
- * of the PSA subsystem. You may disable it temporarily to simulate a
- * depleted entropy source.
- */
-void mbedtls_test_enable_insecure_external_rng(void);
-
-/** Disable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * See mbedtls_test_enable_insecure_external_rng().
- */
-void mbedtls_test_disable_insecure_external_rng(void);
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
deleted file mode 100644
index d08100f..0000000
--- a/tests/include/test/helpers.h
+++ /dev/null
@@ -1,404 +0,0 @@
-/**
- * \file helpers.h
- *
- * \brief This file contains the prototypes of helper functions for the
- * purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_HELPERS_H
-#define TEST_HELPERS_H
-
-/* Most fields of publicly available structs are private and are wrapped with
- * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
- * directly (without using the MBEDTLS_PRIVATE wrapper). */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
-#include "mbedtls/build_info.h"
-
-#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
-# define MBEDTLS_TEST_HAVE_ASAN
-#endif
-#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */
-# define MBEDTLS_TEST_HAVE_TSAN
-#endif
-
-#if defined(__has_feature)
-# if __has_feature(address_sanitizer) /* clang -fsanitize=address */
-# define MBEDTLS_TEST_HAVE_ASAN
-# endif
-# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */
-# define MBEDTLS_TEST_HAVE_MSAN
-# endif
-# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */
-# define MBEDTLS_TEST_HAVE_TSAN
-# endif
-#endif
-
-#include "test/threading_helpers.h"
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-#include "mbedtls/threading.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/** The type of test case arguments that contain binary data. */
-typedef struct data_tag {
- uint8_t *x;
- uint32_t len;
-} data_t;
-
-typedef enum {
- MBEDTLS_TEST_RESULT_SUCCESS = 0,
- MBEDTLS_TEST_RESULT_FAILED,
- MBEDTLS_TEST_RESULT_SKIPPED
-} mbedtls_test_result_t;
-
-#define MBEDTLS_TEST_LINE_LENGTH 76
-
-typedef struct {
- mbedtls_test_result_t result;
- const char *test;
- const char *filename;
- int line_no;
- unsigned long step;
- char line1[MBEDTLS_TEST_LINE_LENGTH];
- char line2[MBEDTLS_TEST_LINE_LENGTH];
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- const char *mutex_usage_error;
-#endif
-#if defined(MBEDTLS_BIGNUM_C)
- unsigned case_uses_negative_0;
-#endif
-}
-mbedtls_test_info_t;
-
-/**
- * \brief Get the current test result status
- *
- * \return The current test result status
- */
-mbedtls_test_result_t mbedtls_test_get_result(void);
-
-/**
- * \brief Get the current test name/description
- *
- * \return The current test name/description
- */
-const char *mbedtls_test_get_test(void);
-
-/**
- * \brief Get the current test filename
- *
- * \return The current test filename
- */
-const char *mbedtls_get_test_filename(void);
-
-/**
- * \brief Get the current test file line number (for failure / skip)
- *
- * \return The current test file line number (for failure / skip)
- */
-int mbedtls_test_get_line_no(void);
-
-/**
- * \brief Increment the current test step.
- *
- * \note It is not recommended for multiple threads to call this
- * function concurrently - whilst it is entirely thread safe,
- * the order of calls to this function can obviously not be
- * ensured, so unexpected results may occur.
- */
-void mbedtls_test_increment_step(void);
-
-/**
- * \brief Get the current test step
- *
- * \return The current test step
- */
-unsigned long mbedtls_test_get_step(void);
-
-/**
- * \brief Get the current test line buffer 1
- *
- * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
- * which will have line buffer 1 copied to it.
- */
-void mbedtls_test_get_line1(char *line);
-
-/**
- * \brief Get the current test line buffer 2
- *
- * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
- * which will have line buffer 1 copied to it.
- */
-void mbedtls_test_get_line2(char *line);
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/**
- * \brief Get the current mutex usage error message
- *
- * \return The current mutex error message (may be NULL if no error)
- */
-const char *mbedtls_test_get_mutex_usage_error(void);
-
-/**
- * \brief Set the current mutex usage error message
- *
- * \note This will only set the mutex error message if one has not
- * already been set, or if we are clearing the message (msg is
- * NULL)
- *
- * \param msg Error message to set (can be NULL to clear)
- */
-void mbedtls_test_set_mutex_usage_error(const char *msg);
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/**
- * \brief Get whether the current test is a bignum test that uses
- * negative zero.
- *
- * \return non zero if the current test uses bignum negative zero.
- */
-unsigned mbedtls_test_get_case_uses_negative_0(void);
-
-/**
- * \brief Indicate that the current test uses bignum negative zero.
- *
- * \note This function is called if the current test case had an
- * input parsed with mbedtls_test_read_mpi() that is a negative
- * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with
- * the sign bit set to -1 and the value being all-limbs-0,
- * which is not a valid representation in #mbedtls_mpi but is
- * tested for robustness). *
- */
-void mbedtls_test_increment_case_uses_negative_0(void);
-#endif
-
-int mbedtls_test_platform_setup(void);
-void mbedtls_test_platform_teardown(void);
-
-/**
- * \brief Record the current test case as a failure.
- *
- * This function can be called directly however it is usually
- * called via macros such as TEST_ASSERT, TEST_EQUAL,
- * PSA_ASSERT, etc...
- *
- * \note If the test case was already marked as failed, calling
- * `mbedtls_test_fail( )` again will not overwrite any
- * previous information about the failure.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- */
-void mbedtls_test_fail(const char *test, int line_no, const char *filename);
-
-/**
- * \brief Record the current test case as skipped.
- *
- * This function can be called directly however it is usually
- * called via the TEST_ASSUME macro.
- *
- * \param test Description of the assumption that caused the test case to
- * be skipped. This MUST be a string literal.
- * \param line_no Line number where the test case was skipped.
- * \param filename Filename where the test case was skipped.
- */
-void mbedtls_test_skip(const char *test, int line_no, const char *filename);
-
-/**
- * \brief Set the test step number for failure reports.
- *
- * Call this function to display "step NNN" in addition to the
- * line number and file name if a test fails. Typically the
- * "step number" is the index of a for loop but it can be
- * whatever you want.
- *
- * \note It is not recommended for multiple threads to call this
- * function concurrently - whilst it is entirely thread safe,
- * the order of calls to this function can obviously not be
- * ensured, so unexpected results may occur.
- *
- * \param step The step number to report.
- */
-void mbedtls_test_set_step(unsigned long step);
-
-/**
- * \brief Reset mbedtls_test_info to a ready/starting state.
- */
-void mbedtls_test_info_reset(void);
-
-#ifdef MBEDTLS_TEST_MUTEX_USAGE
-/**
- * \brief Get the test info data mutex.
- *
- * \note This is designed only to be used by threading_helpers to
- * avoid a deadlock, not for general access to this mutex.
- *
- * \return The test info data mutex.
- */
-mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void);
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-/**
- * \brief Record the current test case as a failure if two integers
- * have a different value.
- *
- * This function is usually called via the macro
- * #TEST_EQUAL.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 == EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if the values are equal, otherwise \c 0.
- */
-int mbedtls_test_equal(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2);
-
-/**
- * \brief Record the current test case as a failure based
- * on comparing two unsigned integers.
- *
- * This function is usually called via the macro
- * #TEST_LE_U.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
- */
-int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2);
-
-/**
- * \brief Record the current test case as a failure based
- * on comparing two signed integers.
- *
- * This function is usually called via the macro
- * #TEST_LE_S.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
- */
-int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
- long long value1, long long value2);
-
-/**
- * \brief This function decodes the hexadecimal representation of
- * data.
- *
- * \note The output buffer can be the same as the input buffer. For
- * any other overlapping of the input and output buffers, the
- * behavior is undefined.
- *
- * \param obuf Output buffer.
- * \param obufmax Size in number of bytes of \p obuf.
- * \param ibuf Input buffer.
- * \param len The number of unsigned char written in \p obuf. This must
- * not be \c NULL.
- *
- * \return \c 0 on success.
- * \return \c -1 if the output buffer is too small or the input string
- * is not a valid hexadecimal representation.
- */
-int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax,
- const char *ibuf, size_t *len);
-
-void mbedtls_test_hexify(unsigned char *obuf,
- const unsigned char *ibuf,
- int len);
-
-/**
- * \brief Convert hexadecimal digit to an integer.
- *
- * \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or
- * `'a'` to `'f'`).
- * \param[out] uc On success, the value of the digit (0 to 15).
- *
- * \return 0 on success, -1 if \p c is not a hexadecimal digit.
- */
-int mbedtls_test_ascii2uc(const char c, unsigned char *uc);
-
-/**
- * Allocate and zeroize a buffer.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-unsigned char *mbedtls_test_zero_alloc(size_t len);
-
-/**
- * Allocate and fill a buffer from hex data.
- *
- * The buffer is sized exactly as needed. This allows to detect buffer
- * overruns (including overreads) when running the test suite under valgrind.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen);
-
-int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
- uint32_t a_len, uint32_t b_len);
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#include "test/fake_external_rng_for_test.h"
-#endif
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Check that only a pure high-level error code is being combined with
- * a pure low-level error code as otherwise the resultant error code
- * would be corrupted.
- *
- * \note Both high-level and low-level error codes cannot be greater than
- * zero however can be zero. If one error code is zero then the
- * other error code is returned even if both codes are zero.
- *
- * \note If the check fails, fail the test currently being run.
- */
-void mbedtls_test_err_add_check(int high, int low,
- const char *file, int line);
-#endif
-
-#endif /* TEST_HELPERS_H */
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
deleted file mode 100644
index a73e06f..0000000
--- a/tests/include/test/macros.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/**
- * \file macros.h
- *
- * \brief This file contains generic macros for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_MACROS_H
-#define TEST_MACROS_H
-
-#include "mbedtls/build_info.h"
-
-#include <stdlib.h>
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-#include "common.h"
-
-/**
- * \brief This macro tests the expression passed to it as a test step or
- * individual test in a test case.
- *
- * It allows a library function to return a value and return an error
- * code that can be tested.
- *
- * Failing the test means:
- * - Mark this test case as failed.
- * - Print a message identifying the failure.
- * - Jump to the \c exit label.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_ASSERT(TEST) \
- do { \
- if (!(TEST)) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
- goto exit; \
- } \
- } while (0)
-
-/** This macro asserts fails the test with given output message.
- *
- * \param MESSAGE The message to be outputed on assertion
- */
-#define TEST_FAIL(MESSAGE) \
- do { \
- mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
- goto exit; \
- } while (0)
-
-/** Evaluate two integer expressions and fail the test case if they have
- * different values.
- *
- * The two expressions should have the same signedness, otherwise the
- * comparison is not meaningful if the signed value is negative.
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_EQUAL(expr1, expr2) \
- do { \
- if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
- (unsigned long long) (expr1), (unsigned long long) (expr2))) \
- goto exit; \
- } while (0)
-
-/** Evaluate two unsigned integer expressions and fail the test case
- * if they are not in increasing order (left <= right).
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_LE_U(expr1, expr2) \
- do { \
- if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2)) \
- goto exit; \
- } while (0)
-
-/** Evaluate two signed integer expressions and fail the test case
- * if they are not in increasing order (left <= right).
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_LE_S(expr1, expr2) \
- do { \
- if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2)) \
- goto exit; \
- } while (0)
-
-/** Allocate memory dynamically and fail the test case if this fails.
- * The allocated memory will be filled with zeros.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free(pointer)` in the test's cleanup code.
- *
- * If \p item_count is zero, the resulting \p pointer will be \c NULL.
- * This is usually what we want in tests since API functions are
- * supposed to accept null pointers when a buffer size is zero.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param item_count Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- */
-#define TEST_CALLOC(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- TEST_ASSERT((pointer) != NULL); \
- } \
- } while (0)
-
-/** Allocate memory dynamically and fail the test case if this fails.
- * The allocated memory will be filled with zeros.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free(pointer)` in the test's cleanup code.
- *
- * If \p item_count is zero, the resulting \p pointer will not be \c NULL.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param item_count Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- * Note: if passing size 0, mbedtls_calloc may return NULL. In this case,
- * we reattempt to allocate with the smallest possible buffer to assure a
- * non-NULL pointer.
- */
-#define TEST_CALLOC_NONNULL(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- if (((pointer) == NULL) && ((item_count) == 0)) { \
- (pointer) = mbedtls_calloc(1, 1); \
- } \
- TEST_ASSERT((pointer) != NULL); \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
-
-/** Allocate memory dynamically. If the allocation fails, skip the test case.
- *
- * This macro behaves like #TEST_CALLOC, except that if the allocation
- * fails, it marks the test as skipped rather than failed.
- */
-#define TEST_CALLOC_OR_SKIP(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- TEST_ASSUME((pointer) != NULL); \
- } \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count)
-
-/** Compare two buffers and fail the test case if they differ.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param p1 Pointer to the start of the first buffer.
- * \param size1 Size of the first buffer in bytes.
- * This expression may be evaluated multiple times.
- * \param p2 Pointer to the start of the second buffer.
- * \param size2 Size of the second buffer in bytes.
- * This expression may be evaluated multiple times.
- */
-#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \
- do { \
- TEST_EQUAL((size1), (size2)); \
- if ((size1) != 0) { \
- TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
- } \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2)
-
-/**
- * \brief This macro tests the expression passed to it and skips the
- * running test if it doesn't evaluate to 'true'.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_ASSUME(TEST) \
- do { \
- if (!(TEST)) \
- { \
- mbedtls_test_skip( #TEST, __LINE__, __FILE__); \
- goto exit; \
- } \
- } while (0)
-
-#define TEST_HELPER_ASSERT(a) if (!(a)) \
- { \
- mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \
- __FILE__, __LINE__, #a); \
- mbedtls_exit(1); \
- }
-
-/** Return the smaller of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The smaller of \p x and \p y.
- */
-#define MIN(x, y) ((x) < (y) ? (x) : (y))
-
-/** Return the larger of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The larger of \p x and \p y.
- */
-#define MAX(x, y) ((x) > (y) ? (x) : (y))
-
-#endif /* TEST_MACROS_H */
diff --git a/tests/include/test/memory.h b/tests/include/test/memory.h
deleted file mode 100644
index 940d9e6..0000000
--- a/tests/include/test/memory.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * \file memory.h
- *
- * \brief Helper macros and functions related to testing memory management.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_MEMORY_H
-#define TEST_MEMORY_H
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform.h"
-#include "test/helpers.h"
-
-/** \def MBEDTLS_TEST_MEMORY_CAN_POISON
- *
- * This macro is defined if the tests are compiled with a method to mark
- * memory as poisoned, which can be used to enforce some memory access
- * policies.
- *
- * Support for the C11 thread_local keyword is also required.
- *
- * Currently, only Asan (Address Sanitizer) is supported.
- */
-#if defined(MBEDTLS_TEST_HAVE_ASAN) && \
- (__STDC_VERSION__ >= 201112L) && \
- !defined(PSA_CRYPTO_DRIVER_TEST)
-# define MBEDTLS_TEST_MEMORY_CAN_POISON
-#endif
-
-/** \def MBEDTLS_TEST_MEMORY_POISON(buf, size)
- *
- * Poison a memory area so that any attempt to read or write from it will
- * cause a runtime failure.
- *
- * Depending on the implementation, this may poison a few bytes beyond the
- * indicated region, but will never poison a separate object on the heap
- * or a separate object with more than the alignment of a long long.
- *
- * The behavior is undefined if any part of the memory area is invalid.
- *
- * This is a no-op in builds without a poisoning method.
- * See #MBEDTLS_TEST_MEMORY_CAN_POISON.
- *
- * \param buf Pointer to the beginning of the memory area to poison.
- * \param size Size of the memory area in bytes.
- */
-
-/** \def MBEDTLS_TEST_MEMORY_UNPOISON(buf, size)
- *
- * Undo the effect of #MBEDTLS_TEST_MEMORY_POISON.
- *
- * The behavior is undefined if any part of the memory area is invalid,
- * or if the memory area contains a mixture of poisoned and unpoisoned parts.
- *
- * This is a no-op in builds without a poisoning method.
- * See #MBEDTLS_TEST_MEMORY_CAN_POISON.
- *
- * \param buf Pointer to the beginning of the memory area to unpoison.
- * \param size Size of the memory area in bytes.
- */
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-/** Thread-local variable used to enable memory poisoning. This is set and
- * unset in the test wrappers so that calls to PSA functions from the library
- * do not poison memory.
- */
-extern _Thread_local unsigned int mbedtls_test_memory_poisoning_count;
-
-/** Poison a memory area so that any attempt to read or write from it will
- * cause a runtime failure.
- *
- * The behavior is undefined if any part of the memory area is invalid.
- */
-void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size);
-#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) \
- do { \
- mbedtls_test_memory_poisoning_count++; \
- mbedtls_test_memory_poison(ptr, size); \
- } while (0)
-
-/** Undo the effect of mbedtls_test_memory_poison().
- *
- * This is a no-op if the given area is entirely valid, unpoisoned memory.
- *
- * The behavior is undefined if any part of the memory area is invalid,
- * or if the memory area contains a mixture of poisoned and unpoisoned parts.
- */
-void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size);
-#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) \
- do { \
- mbedtls_test_memory_unpoison(ptr, size); \
- if (mbedtls_test_memory_poisoning_count != 0) { \
- mbedtls_test_memory_poisoning_count--; \
- } \
- } while (0)
-
-#else /* MBEDTLS_TEST_MEMORY_CAN_POISON */
-#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) ((void) (ptr), (void) (size))
-#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) ((void) (ptr), (void) (size))
-#endif /* MBEDTLS_TEST_MEMORY_CAN_POISON */
-
-#endif /* TEST_MEMORY_H */
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
deleted file mode 100644
index 1039712..0000000
--- a/tests/include/test/psa_crypto_helpers.h
+++ /dev/null
@@ -1,471 +0,0 @@
-/*
- * Helper functions for tests that use the PSA Crypto API.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_HELPERS_H
-#define PSA_CRYPTO_HELPERS_H
-
-#include "test/helpers.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-#include "test/psa_helpers.h"
-#include <psa/crypto.h>
-#endif
-
-#include <mbedtls/ctr_drbg.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-/** Initialize the PSA Crypto subsystem. */
-#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
-
-/** Shut down the PSA Crypto subsystem and destroy persistent keys.
- * Expect a clean shutdown, with no slots in use.
- *
- * If some key slots are still in use, record the test case as failed,
- * but continue executing. This macro is suitable (and primarily intended)
- * for use in the cleanup section of test functions.
- *
- * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
- * creating them.
- */
-#define PSA_DONE() \
- do \
- { \
- mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
- mbedtls_test_psa_purge_key_storage(); \
- mbedtls_psa_crypto_free(); \
- } \
- while (0)
-#else /*MBEDTLS_PSA_CRYPTO_C */
-#define PSA_INIT() ((void) 0)
-#define PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-
-/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */
-int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id);
-
-/** Destroy persistent keys recorded with #TEST_USES_KEY_ID.
- */
-void mbedtls_test_psa_purge_key_storage(void);
-
-/** Purge the in-memory cache of persistent keys recorded with
- * #TEST_USES_KEY_ID.
- *
- * Call this function before calling PSA_DONE() if it's ok for
- * persistent keys to still exist at this point.
- */
-void mbedtls_test_psa_purge_key_cache(void);
-
-/** \def TEST_USES_KEY_ID
- *
- * Call this macro in a test function before potentially creating a
- * persistent key. Test functions that use this mechanism must call
- * mbedtls_test_psa_purge_key_storage() in their cleanup code.
- *
- * This macro records a persistent key identifier as potentially used in the
- * current test case. Recorded key identifiers will be cleaned up at the end
- * of the test case, even on failure.
- *
- * This macro has no effect on volatile keys. Therefore, it is safe to call
- * this macro in a test function that creates either volatile or persistent
- * keys depending on the test data.
- *
- * This macro currently has no effect on special identifiers
- * used to store implementation-specific files.
- *
- * Calling this macro multiple times on the same key identifier in the same
- * test case has no effect.
- *
- * This macro can fail the test case if there isn't enough memory to
- * record the key id.
- *
- * \param key_id The PSA key identifier to record.
- */
-#define TEST_USES_KEY_ID(key_id) \
- TEST_ASSERT(mbedtls_test_uses_key_id(key_id))
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-#define TEST_USES_KEY_ID(key_id) ((void) (key_id))
-#define mbedtls_test_psa_purge_key_storage() ((void) 0)
-#define mbedtls_test_psa_purge_key_cache() ((void) 0)
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-/** Check for things that have not been cleaned up properly in the
- * PSA subsystem.
- *
- * \return NULL if nothing has leaked.
- * \return A string literal explaining what has not been cleaned up
- * if applicable.
- */
-const char *mbedtls_test_helper_is_psa_leaking(void);
-
-/** Check that no PSA Crypto key slots are in use.
- *
- * If any slots are in use, mark the current test as failed and jump to
- * the exit label. This is equivalent to
- * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
- * but with a more informative message.
- */
-#define ASSERT_PSA_PRISTINE() \
- do \
- { \
- if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \
- goto exit; \
- } \
- while (0)
-
-/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
- * Expect a clean shutdown, with no slots in use.
- *
- * If some key slots are still in use, record the test case as failed and
- * jump to the `exit` label.
- */
-#define PSA_SESSION_DONE() \
- do \
- { \
- mbedtls_test_psa_purge_key_cache(); \
- ASSERT_PSA_PRISTINE(); \
- mbedtls_psa_crypto_free(); \
- } \
- while (0)
-
-
-
-#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
-psa_status_t mbedtls_test_record_status(psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr);
-
-/** Return value logging wrapper macro.
- *
- * Evaluate \p expr. Write a line recording its value to the log file
- * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated
- * list of fields:
- * ```
- * value of expr:string:__FILE__:__LINE__:expr
- * ```
- *
- * The test code does not call this macro explicitly because that would
- * be very invasive. Instead, we instrument the source code by defining
- * a bunch of wrapper macros like
- * ```
- * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())
- * ```
- * These macro definitions must be present in `instrument_record_status.h`
- * when building the test suites.
- *
- * \param string A string, normally a function name.
- * \param expr An expression to evaluate, normally a call of the function
- * whose name is in \p string. This expression must return
- * a value of type #psa_status_t.
- * \return The value of \p expr.
- */
-#define RECORD_STATUS(string, expr) \
- mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr)
-
-#include "instrument_record_status.h"
-
-#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
-
-/** Return extended key usage policies.
- *
- * Do a key policy permission extension on key usage policies always involves
- * permissions of other usage policies
- * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
- */
-psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags);
-
-/** Check that no PSA Crypto key slots are in use.
- *
- * If any slots are in use, mark the current test as failed.
- *
- * \return 0 if the key store is empty, 1 otherwise.
- */
-int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
-
-
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
- * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
- * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
- * is to read and write from the entropy seed file, which is located
- * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
- * (These could have been provided as library functions, but for historical
- * reasons, they weren't, and so each integrator has to provide a copy
- * of these functions.)
- *
- * Provide implementations of these functions for testing. */
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
-
-
-/** Make sure that the injected entropy is present.
- *
- * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
- * will fail if the PSA entropy seed is not present.
- * This function must be called at least once in a test suite or other
- * program before any call to psa_crypto_init().
- * It does not need to be called in each test case.
- *
- * The test framework calls this function before running any test case.
- *
- * The few tests that might remove the entropy file must call this function
- * in their cleanup.
- */
-int mbedtls_test_inject_entropy_restore(void);
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-/** Parse binary string and convert it to a long integer
- */
-uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
-
-/** Skip a test case if the given key is a 192 bits AES key and the AES
- * implementation is at least partially provided by an accelerator or
- * alternative implementation.
- *
- * Call this macro in a test case when a cryptographic operation that may
- * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code.
- * The macro call will skip and not fail the test case in case the operation
- * involves a 192 bits AES key and the AES implementation is at least
- * partially provided by an accelerator or alternative implementation.
- *
- * Hardware AES implementations not supporting 192 bits keys commonly exist.
- * Consequently, PSA test cases aim at not failing when an AES operation with
- * a 192 bits key performed by an alternative AES implementation returns
- * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
- * is to facilitate this and make the test case code more readable.
- *
- * \param key_type Key type
- * \param key_bits Key length in number of bits.
- */
-#if defined(MBEDTLS_AES_ALT) || \
- defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define MBEDTLS_TEST_HAVE_ALT_AES 1
-#else
-#define MBEDTLS_TEST_HAVE_ALT_AES 0
-#endif
-
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \
- do \
- { \
- if ((MBEDTLS_TEST_HAVE_ALT_AES) && \
- ((key_type) == PSA_KEY_TYPE_AES) && \
- (key_bits == 192)) \
- { \
- mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \
- goto exit; \
- } \
- } \
- while (0)
-
-/** Skip a test case if a GCM operation with a nonce length different from
- * 12 bytes fails and was performed by an accelerator or alternative
- * implementation.
- *
- * Call this macro in a test case when an AEAD cryptography operation that
- * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error
- * code. The macro call will skip and not fail the test case in case the
- * operation involves the GCM mode, a nonce with a length different from
- * 12 bytes and the GCM mode implementation is an alternative one.
- *
- * Hardware GCM implementations not supporting nonce lengths different from
- * 12 bytes commonly exist, as supporting a non-12-byte nonce requires
- * additional computations involving the GHASH function.
- * Consequently, PSA test cases aim at not failing when an AEAD operation in
- * GCM mode with a nonce length different from 12 bytes is performed by an
- * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED
- * error code. The purpose of this macro is to facilitate this check and make
- * the test case code more readable.
- *
- * \param alg The AEAD algorithm.
- * \param nonce_length The nonce length in number of bytes.
- */
-#if defined(MBEDTLS_GCM_ALT) || \
- defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
-#define MBEDTLS_TEST_HAVE_ALT_GCM 1
-#else
-#define MBEDTLS_TEST_HAVE_ALT_GCM 0
-#endif
-
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \
- nonce_length) \
- do \
- { \
- if ((MBEDTLS_TEST_HAVE_ALT_GCM) && \
- (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \
- PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \
- ((nonce_length) != 12)) \
- { \
- mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \
- goto exit; \
- } \
- } \
- while (0)
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-/** \def USE_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
- * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
- * TLS 1.3 one uses PSA independently of the definition of
- * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def USE_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #USE_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #USE_PSA_INIT.
- */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#define USE_PSA_INIT() PSA_INIT()
-#define USE_PSA_DONE() PSA_DONE()
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/* TLS 1.3 must work without having called psa_crypto_init(), for backward
- * compatibility with Mbed TLS <= 3.5 when connecting with a peer that
- * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init()
- * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */
-#define USE_PSA_INIT() ((void) 0)
-/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly,
- * otherwise Asan and Valgrind would notice a resource leak. */
-#define USE_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
-/* Define empty macros so that we can use them in the preamble and teardown
- * of every test function that uses PSA conditionally based on
- * MBEDTLS_USE_PSA_CRYPTO. */
-#define USE_PSA_INIT() ((void) 0)
-#define USE_PSA_DONE() ((void) 0)
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
-
-/** \def MD_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if MD uses a driver,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def MD_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #MD_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #MD_PSA_INIT.
- */
-#if defined(MBEDTLS_MD_SOME_PSA)
-#define MD_PSA_INIT() PSA_INIT()
-#define MD_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_MD_SOME_PSA */
-#define MD_PSA_INIT() ((void) 0)
-#define MD_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_MD_SOME_PSA */
-
-/** \def BLOCK_CIPHER_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def BLOCK_CIPHER_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #BLOCK_CIPHER_PSA_INIT.
- */
-#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
-#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
-#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_MD_SOME_PSA */
-#define BLOCK_CIPHER_PSA_INIT() ((void) 0)
-#define BLOCK_CIPHER_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_MD_SOME_PSA */
-
-
-/** \def MD_OR_USE_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if MD uses a driver,
- * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def MD_OR_USE_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #MD_OR_USE_PSA_INIT.
- */
-#if defined(MBEDTLS_MD_SOME_PSA)
-#define MD_OR_USE_PSA_INIT() PSA_INIT()
-#define MD_OR_USE_PSA_DONE() PSA_DONE()
-#else
-#define MD_OR_USE_PSA_INIT() USE_PSA_INIT()
-#define MD_OR_USE_PSA_DONE() USE_PSA_DONE()
-#endif
-
-/** \def AES_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if AES_C is not defined,
- * so that CTR_DRBG uses PSA implementation to get AES-ECB.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def AES_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #AES_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #AES_PSA_INIT.
- */
-#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
-#define AES_PSA_INIT() PSA_INIT()
-#define AES_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
-#define AES_PSA_INIT() ((void) 0)
-#define AES_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
- defined(MBEDTLS_CTR_DRBG_C) && \
- defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
-/* When AES_C is not defined and PSA does not have an external RNG,
- * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
- * slot is used internally from PSA to hold the AES key and it should
- * not be taken into account when evaluating remaining open slots. */
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1
-#else
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0
-#endif
-
-/** The number of volatile keys that PSA crypto uses internally.
- *
- * We expect that many volatile keys to be in use after a successful
- * psa_crypto_init().
- */
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \
- MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
-
-#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
deleted file mode 100644
index f6be307..0000000
--- a/tests/include/test/psa_exercise_key.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
- * and can do what it is supposed to do.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_EXERCISE_KEY_H
-#define PSA_EXERCISE_KEY_H
-
-#include "test/helpers.h"
-#include "test/psa_crypto_helpers.h"
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PK_C)
-#include <mbedtls/pk.h>
-#endif
-
-/** \def KNOWN_SUPPORTED_HASH_ALG
- *
- * A hash algorithm that is known to be supported.
- *
- * This is used in some smoke tests.
- */
-#if defined(PSA_WANT_ALG_SHA_256)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
-#elif defined(PSA_WANT_ALG_SHA_384)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
-#elif defined(PSA_WANT_ALG_SHA_512)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
-#elif defined(PSA_WANT_ALG_SHA3_256)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
-#elif defined(PSA_WANT_ALG_SHA_1)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
-#elif defined(PSA_WANT_ALG_MD5)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
-/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of
- * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
- * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
- * implausible anyway. */
-#else
-#undef KNOWN_SUPPORTED_HASH_ALG
-#endif
-
-/** \def KNOWN_SUPPORTED_BLOCK_CIPHER
- *
- * A block cipher that is known to be supported.
- *
- * For simplicity's sake, stick to block ciphers with 16-byte blocks.
- */
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
-#elif defined(PSA_WANT_KEY_TYPE_ARIA)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
-#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
-#else
-#undef KNOWN_SUPPORTED_BLOCK_CIPHER
-#endif
-
-/** \def KNOWN_SUPPORTED_MAC_ALG
- *
- * A MAC mode that is known to be supported.
- *
- * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
- * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
- *
- * This is used in some smoke tests.
- */
-#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC)
-#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG))
-#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
-#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
-#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
-#else
-#undef KNOWN_SUPPORTED_MAC_ALG
-#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
-#endif
-
-/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
- *
- * A cipher algorithm and key type that are known to be supported.
- *
- * This is used in some smoke tests.
- */
-#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
-#else
-#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
-#endif
-#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
-#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
-#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
-#else
-#undef KNOWN_SUPPORTED_CIPHER_ALG
-#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
-#endif
-
-/** Convenience function to set up a key derivation.
- *
- * In case of failure, mark the current test case as failed.
- *
- * The inputs \p input1 and \p input2 are, in order:
- * - HKDF: salt, info.
- * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label.
- * - PBKDF2: input cost, salt.
- *
- * \param operation The operation object to use.
- * It must be in the initialized state.
- * \param key The key to use.
- * \param alg The algorithm to use.
- * \param input1 The first input to pass.
- * \param input1_length The length of \p input1 in bytes.
- * \param input2 The first input to pass.
- * \param input2_length The length of \p input2 in bytes.
- * \param capacity The capacity to set.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char *input1, size_t input1_length,
- const unsigned char *input2, size_t input2_length,
- size_t capacity, int key_destroyable);
-
-/** Perform a key agreement using the given key pair against its public key
- * using psa_raw_key_agreement().
- *
- * The result is discarded. The purpose of this function is to smoke-test a key.
- *
- * In case of failure, mark the current test case as failed.
- *
- * \param alg A key agreement algorithm compatible with \p key.
- * \param key A key that allows key agreement with \p alg.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
- psa_algorithm_t alg,
- mbedtls_svc_key_id_t key, int key_destroyable);
-
-/** Perform a key agreement using the given key pair against its public key
- * using psa_key_derivation_raw_key().
- *
- * The result is discarded. The purpose of this function is to smoke-test a key.
- *
- * In case of failure, mark the current test case as failed.
- *
- * \param operation An operation that has been set up for a key
- * agreement algorithm that is compatible with
- * \p key.
- * \param key A key pair object that is suitable for a key
- * agreement with \p operation.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-psa_status_t mbedtls_test_psa_key_agreement_with_self(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key, int key_destroyable);
-
-/** Perform sanity checks on the given key representation.
- *
- * If any of the checks fail, mark the current test case as failed.
- *
- * The checks depend on the key type.
- * - All types: check the export size against maximum-size macros.
- * - DES: parity bits.
- * - RSA: check the ASN.1 structure and the size and parity of the integers.
- * - ECC private or public key: exact representation length.
- * - Montgomery public key: first byte.
- *
- * \param type The key type.
- * \param bits The key size in bits.
- * \param exported A buffer containing the key representation.
- * \param exported_length The length of \p exported in bytes.
- *
- * \return \c 1 if all checks passed, \c 0 on failure.
- */
-int mbedtls_test_psa_exported_key_sanity_check(
- psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length);
-
-/** Do smoke tests on a key.
- *
- * Perform one of each operation indicated by \p alg (decrypt/encrypt,
- * sign/verify, or derivation) that is permitted according to \p usage.
- * \p usage and \p alg should correspond to the expected policy on the
- * key.
- *
- * Export the key if permitted by \p usage, and check that the output
- * looks sensible. If \p usage forbids export, check that
- * \p psa_export_key correctly rejects the attempt. If the key is
- * asymmetric, also check \p psa_export_public_key.
- *
- * If the key fails the tests, this function calls the test framework's
- * `mbedtls_test_fail` function and returns false. Otherwise this function
- * returns true. Therefore it should be used as follows:
- * ```
- * if( ! exercise_key( ... ) ) goto exit;
- * ```
- * To use this function for multi-threaded tests where the key
- * may be destroyed at any point: call this function with key_destroyable set
- * to 1, while another thread calls psa_destroy_key on the same key;
- * this will test whether destroying the key in use leads to any corruption.
- *
- * There cannot be a set of concurrent calls:
- * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique
- * persistent key not loaded into any key slot, and i is greater than the
- * number of free key slots.
- * This is because such scenarios can lead to unsupported
- * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes.
- *
- *
- * \param key The key to exercise. It should be capable of performing
- * \p alg.
- * \param usage The usage flags to assume.
- * \param alg The algorithm to exercise.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \retval 0 The key failed the smoke tests.
- * \retval 1 The key passed the smoke tests.
- */
-int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable);
-
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
- psa_algorithm_t alg);
-
-/** Whether the specified algorithm can be exercised.
- *
- * \note This function is solely based on the algorithm and does not
- * consider potential issues with the compatibility of a key.
- * The idea is that you already have a key, so you know that the
- * key type is supported, and you want to exercise the key but
- * only if the algorithm given in its policy is enabled in the
- * compile-time configuration.
- *
- * \note This function currently only supports signature algorithms
- * (including wildcards).
- * TODO: a more general mechanism, which should be automatically
- * generated and possibly available as a library function?
- */
-int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg);
-
-#if defined(MBEDTLS_PK_C)
-/** PK-PSA key consistency test.
- *
- * This function tests that the pk context and the PSA key are
- * consistent. At a minimum:
- *
- * - The two objects must contain keys of the same type,
- * or a key pair and a public key of the matching type.
- * - The two objects must have the same public key.
- *
- * \retval 0 The key failed the consistency tests.
- * \retval 1 The key passed the consistency tests.
- */
-int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key,
- const mbedtls_pk_context *pk);
-#endif /* MBEDTLS_PK_C */
-
-#endif /* PSA_EXERCISE_KEY_H */
diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h
deleted file mode 100644
index b617189..0000000
--- a/tests/include/test/psa_helpers.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Helper functions for tests that use any PSA API.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_HELPERS_H
-#define PSA_HELPERS_H
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-
-/** Evaluate an expression and fail the test case if it returns an error.
- *
- * \param expr The expression to evaluate. This is typically a call
- * to a \c psa_xxx function that returns a value of type
- * #psa_status_t.
- */
-#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS)
-
-#endif /* PSA_HELPERS_H */
diff --git a/tests/include/test/psa_memory_poisoning_wrappers.h b/tests/include/test/psa_memory_poisoning_wrappers.h
deleted file mode 100644
index 3f30b65..0000000
--- a/tests/include/test/psa_memory_poisoning_wrappers.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/** Support for memory poisoning wrappers for PSA functions.
- *
- * The wrappers poison the input and output buffers of each function
- * before calling it, to ensure that it does not access the buffers
- * except by calling the approved buffer-copying functions.
- *
- * This header declares support functions. The wrappers themselves are
- * decalred in the automatically generated file `test/psa_test_wrappers.h`.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_MEMORY_POISONING_WRAPPERS_H
-#define PSA_MEMORY_POISONING_WRAPPERS_H
-
-#include "psa/crypto.h"
-
-#include "test/memory.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-/**
- * \brief Setup the memory poisoning test hooks used by
- * psa_crypto_copy_input() and psa_crypto_copy_output() for
- * memory poisoning.
- */
-void mbedtls_poison_test_hooks_setup(void);
-
-/**
- * \brief Teardown the memory poisoning test hooks used by
- * psa_crypto_copy_input() and psa_crypto_copy_output() for
- * memory poisoning.
- */
-void mbedtls_poison_test_hooks_teardown(void);
-
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_TEST_MEMORY_CAN_POISON */
-
-#endif /* PSA_MEMORY_POISONING_WRAPPERS_H */
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
deleted file mode 100644
index 6304e05..0000000
--- a/tests/include/test/random.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * \file random.h
- *
- * \brief This file contains the prototypes of helper functions to generate
- * random numbers for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_RANDOM_H
-#define TEST_RANDOM_H
-
-#include "mbedtls/build_info.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef struct {
- unsigned char *buf; /* Pointer to a buffer of length bytes. */
- size_t length;
- /* If fallback_f_rng is NULL, fail after delivering length bytes. */
- int (*fallback_f_rng)(void *, unsigned char *, size_t);
- void *fallback_p_rng;
-} mbedtls_test_rnd_buf_info;
-
-/**
- * Info structure for the pseudo random function
- *
- * Key should be set at the start to a test-unique value.
- * Do not forget endianness!
- * State( v0, v1 ) should be set to zero.
- */
-typedef struct {
- uint32_t key[16];
- uint32_t v0, v1;
-} mbedtls_test_rnd_pseudo_info;
-
-/**
- * This function just returns data from rand().
- * Although predictable and often similar on multiple
- * runs, this does not result in identical random on
- * each run. So do not use this if the results of a
- * test depend on the random data that is generated.
- *
- * rng_state shall be NULL.
- */
-int mbedtls_test_rnd_std_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function only returns zeros.
- *
- * \p rng_state shall be \c NULL.
- */
-int mbedtls_test_rnd_zero_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function returns random data based on a buffer it receives.
- *
- * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
- *
- * The number of bytes released from the buffer on each call to
- * the random function is specified by \p len.
- *
- * After the buffer is empty, this function will call the fallback RNG in the
- * #mbedtls_test_rnd_buf_info structure if there is one, and
- * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
- */
-int mbedtls_test_rnd_buffer_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function returns random based on a pseudo random function.
- * This means the results should be identical on all systems.
- * Pseudo random is based on the XTEA encryption algorithm to
- * generate pseudorandom.
- *
- * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
- */
-int mbedtls_test_rnd_pseudo_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-#endif /* TEST_RANDOM_H */
diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h
deleted file mode 100644
index 79bc6c0..0000000
--- a/tests/include/test/threading_helpers.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * \file threading_helpers.h
- *
- * \brief This file contains the prototypes of helper functions for the purpose
- * of testing threading.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef THREADING_HELPERS_H
-#define THREADING_HELPERS_H
-
-#if defined MBEDTLS_THREADING_C
-
-#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
-
-/* Most fields of publicly available structs are private and are wrapped with
- * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
- * directly (without using the MBEDTLS_PRIVATE wrapper). */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
-#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-#endif /* MBEDTLS_THREADING_PTHREAD */
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_test_thread_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief Set your alternate threading implementation
- * function pointers for test threads. If used, this
- * function must be called once in the main thread
- * before any other MbedTLS function is called.
- *
- * \note These functions are part of the testing API only and
- * thus not considered part of the public API of
- * MbedTLS and thus may change without notice.
- *
- * \param thread_create The thread create function implementation.
- * \param thread_join The thread join function implementation.
-
- */
-void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread,
- void *(*thread_func)(
- void *),
- void *thread_data),
- int (*thread_join)(mbedtls_test_thread_t *thread));
-
-#else /* MBEDTLS_THREADING_ALT*/
-
-typedef struct mbedtls_test_thread_t {
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
- pthread_t MBEDTLS_PRIVATE(thread);
-#else /* MBEDTLS_THREADING_PTHREAD */
- /* Make sure this struct is always non-empty */
- unsigned dummy;
-#endif
-
-} mbedtls_test_thread_t;
-
-#endif /* MBEDTLS_THREADING_ALT*/
-
-/**
- * \brief The function pointers for thread create and thread
- * join.
- *
- * \note These functions are part of the testing API only
- * and thus not considered part of the public API of
- * MbedTLS and thus may change without notice.
- *
- * \note All these functions are expected to work or
- * the result will be undefined.
- */
-extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread,
- void *(*thread_func)(void *), void *thread_data);
-extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread);
-
-#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS)
-#define MBEDTLS_TEST_MUTEX_USAGE
-#endif
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/**
- * Activate the mutex usage verification framework. See threading_helpers.c for
- * information.
- */
-void mbedtls_test_mutex_usage_init(void);
-
-/**
- * Deactivate the mutex usage verification framework. See threading_helpers.c
- * for information.
- */
-void mbedtls_test_mutex_usage_end(void);
-
-/**
- * Call this function after executing a test case to check for mutex usage
- * errors.
- */
-void mbedtls_test_mutex_usage_check(void);
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-#endif /* MBEDTLS_THREADING_C */
-
-#endif /* THREADING_HELPERS_H */
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 003401c..76cbeec 100644
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -948,6 +948,7 @@
# ephemeral then ticket based scenario we use for early data testing the first
# handshake fails. The following skipped test is here to illustrate the kind
# of testing we would like to do.
+# https://github.com/Mbed-TLS/mbedtls/issues/9582
skip_next_test
requires_openssl_tls1_3_with_compatible_ephemeral
requires_config_enabled MBEDTLS_SSL_CLI_C
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 1a73020..ded238f 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -5,1130 +5,11 @@
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+# This file is executable; it is the entry point for users and the CI.
+# See "Files structure" in all-core.sh for other files used.
+# This script must be invoked from the project's root.
-################################################################
-#### Documentation
-################################################################
+source framework/scripts/all-core.sh
-# Purpose
-# -------
-#
-# To run all tests possible or available on the platform.
-#
-# Notes for users
-# ---------------
-#
-# Warning: the test is destructive. It includes various build modes and
-# configurations, and can and will arbitrarily change the current CMake
-# configuration. The following files must be committed into git:
-# * include/mbedtls/mbedtls_config.h
-# * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
-# programs/fuzz/Makefile
-# After running this script, the CMake cache will be lost and CMake
-# will no longer be initialised.
-#
-# The script assumes the presence of a number of tools:
-# * Basic Unix tools (Windows users note: a Unix-style find must be before
-# the Windows find in the PATH)
-# * Perl
-# * GNU Make
-# * CMake
-# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind)
-# * G++
-# * arm-gcc and mingw-gcc
-# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc
-# * OpenSSL and GnuTLS command line tools, in suitable versions for the
-# interoperability tests. The following are the official versions at the
-# time of writing:
-# * GNUTLS_{CLI,SERV} = 3.4.10
-# * GNUTLS_NEXT_{CLI,SERV} = 3.7.2
-# * OPENSSL = 1.0.2g (without Debian/Ubuntu patches)
-# * OPENSSL_NEXT = 3.1.2
-# See the invocation of check_tools below for details.
-#
-# This script must be invoked from the toplevel directory of a git
-# working copy of Mbed TLS.
-#
-# The behavior on an error depends on whether --keep-going (alias -k)
-# is in effect.
-# * Without --keep-going: the script stops on the first error without
-# cleaning up. This lets you work in the configuration of the failing
-# component.
-# * With --keep-going: the script runs all requested components and
-# reports failures at the end. In particular the script always cleans
-# up on exit.
-#
-# Note that the output is not saved. You may want to run
-# script -c tests/scripts/all.sh
-# or
-# tests/scripts/all.sh >all.log 2>&1
-#
-# Notes for maintainers
-# ---------------------
-#
-# The bulk of the code is organized into functions that follow one of the
-# following naming conventions:
-# * pre_XXX: things to do before running the tests, in order.
-# * component_XXX: independent components. They can be run in any order.
-# * component_check_XXX: quick tests that aren't worth parallelizing.
-# * component_build_XXX: build things but don't run them.
-# * component_test_XXX: build and test.
-# * component_release_XXX: tests that the CI should skip during PR testing.
-# * support_XXX: if support_XXX exists and returns false then
-# component_XXX is not run by default.
-# * post_XXX: things to do after running the tests.
-# * other: miscellaneous support functions.
-#
-# Each component must start by invoking `msg` with a short informative message.
-#
-# Warning: due to the way bash detects errors, the failure of a command
-# inside 'if' or '!' is not detected. Use the 'not' function instead of '!'.
-#
-# Each component is executed in a separate shell process. The component
-# fails if any command in it returns a non-zero status.
-#
-# The framework performs some cleanup tasks after each component. This
-# means that components can assume that the working directory is in a
-# cleaned-up state, and don't need to perform the cleanup themselves.
-# * Run `make clean`.
-# * Restore `include/mbedtls/mbedtls_config.h` from a backup made before running
-# the component.
-# * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
-# `tests/Makefile` and `programs/fuzz/Makefile` from git.
-# This cleans up after an in-tree use of CMake.
-#
-# The tests are roughly in order from fastest to slowest. This doesn't
-# have to be exact, but in general you should add slower tests towards
-# the end and fast checks near the beginning.
-
-
-
-################################################################
-#### Initialization and command line parsing
-################################################################
-
-# Abort on errors (even on the left-hand side of a pipe).
-# Treat uninitialised variables as errors.
-set -e -o pipefail -u
-
-# Enable ksh/bash extended file matching patterns
-shopt -s extglob
-
-# For project detection
-in_mbedtls_repo () {
- test "$PROJECT_NAME" = "Mbed TLS"
-}
-
-in_tf_psa_crypto_repo () {
- test "$PROJECT_NAME" = "TF-PSA-Crypto"
-}
-
-pre_check_environment () {
- # For project detection
- PROJECT_NAME_FILE='./scripts/project_name.txt'
- if read -r PROJECT_NAME < "$PROJECT_NAME_FILE"; then :; else
- echo "$PROJECT_NAME_FILE does not exist... Exiting..." >&2
- exit 1
- fi
-
- if in_mbedtls_repo || in_tf_psa_crypto_repo; then :; else
- echo "Must be run from Mbed TLS / TF-PSA-Crypto root" >&2
- exit 1
- fi
-}
-
-pre_initialize_variables () {
- if in_mbedtls_repo; then
- CONFIG_H='include/mbedtls/mbedtls_config.h'
- else
- CONFIG_H='drivers/builtin/include/mbedtls/mbedtls_config.h'
- fi
- CRYPTO_CONFIG_H='include/psa/crypto_config.h'
- CONFIG_TEST_DRIVER_H='tests/include/test/drivers/config_test_driver.h'
-
- # Files that are clobbered by some jobs will be backed up. Use a different
- # suffix from auxiliary scripts so that all.sh and auxiliary scripts can
- # independently decide when to remove the backup file.
- backup_suffix='.all.bak'
- # Files clobbered by config.py
- files_to_back_up="$CONFIG_H $CRYPTO_CONFIG_H $CONFIG_TEST_DRIVER_H"
- if in_mbedtls_repo; then
- # Files clobbered by in-tree cmake
- files_to_back_up="$files_to_back_up Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile"
- fi
-
- append_outcome=0
- MEMORY=0
- FORCE=0
- QUIET=0
- KEEP_GOING=0
-
- # Seed value used with the --release-test option.
- #
- # See also RELEASE_SEED in basic-build-test.sh. Debugging is easier if
- # both values are kept in sync. If you change the value here because it
- # breaks some tests, you'll definitely want to change it in
- # basic-build-test.sh as well.
- RELEASE_SEED=1
-
- # Specify character collation for regular expressions and sorting with C locale
- export LC_COLLATE=C
-
- : ${MBEDTLS_TEST_OUTCOME_FILE=}
- : ${MBEDTLS_TEST_PLATFORM="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
- export MBEDTLS_TEST_OUTCOME_FILE
- export MBEDTLS_TEST_PLATFORM
-
- # Default commands, can be overridden by the environment
- : ${OPENSSL:="openssl"}
- : ${OPENSSL_NEXT:="$OPENSSL"}
- : ${GNUTLS_CLI:="gnutls-cli"}
- : ${GNUTLS_SERV:="gnutls-serv"}
- : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build}
- : ${ARMC5_BIN_DIR:=/usr/bin}
- : ${ARMC6_BIN_DIR:=/usr/bin}
- : ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
- : ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
- : ${CLANG_LATEST:="clang-latest"}
- : ${CLANG_EARLIEST:="clang-earliest"}
- : ${GCC_LATEST:="gcc-latest"}
- : ${GCC_EARLIEST:="gcc-earliest"}
- # if MAKEFLAGS is not set add the -j option to speed up invocations of make
- if [ -z "${MAKEFLAGS+set}" ]; then
- export MAKEFLAGS="-j$(all_sh_nproc)"
- fi
- # if CC is not set, use clang by default (if present) to improve build times
- if [ -z "${CC+set}" ] && (type clang > /dev/null 2>&1); then
- export CC="clang"
- fi
-
- if [ -n "${OPENSSL_3+set}" ]; then
- export OPENSSL_NEXT="$OPENSSL_3"
- fi
-
- # Include more verbose output for failing tests run by CMake or make
- export CTEST_OUTPUT_ON_FAILURE=1
-
- # CFLAGS and LDFLAGS for Asan builds that don't use CMake
- # default to -O2, use -Ox _after_ this if you want another level
- ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
- # Normally, tests should use this compiler for ASAN testing
- ASAN_CC=clang
-
- # Platform tests have an allocation that returns null
- export ASAN_OPTIONS="allocator_may_return_null=1"
- export MSAN_OPTIONS="allocator_may_return_null=1"
-
- # Gather the list of available components. These are the functions
- # defined in this script whose name starts with "component_".
- ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
-
- # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
- # the commands set by the environment
-}
-
-setup_quiet_wrappers()
-{
- # Pick up "quiet" wrappers for make and cmake, which don't output very much
- # unless there is an error. This reduces logging overhead in the CI.
- #
- # Note that the cmake wrapper breaks unless we use an absolute path here.
- if [[ -e ${PWD}/tests/scripts/quiet ]]; then
- export PATH=${PWD}/tests/scripts/quiet:$PATH
- fi
-}
-
-# Test whether the component $1 is included in the command line patterns.
-is_component_included()
-{
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for pattern in $COMMAND_LINE_COMPONENTS; do
- set +f
- case ${1#component_} in $pattern) return 0;; esac
- done
- set +f
- return 1
-}
-
-usage()
-{
- cat <<EOF
-Usage: $0 [OPTION]... [COMPONENT]...
-Run mbedtls release validation tests.
-By default, run all tests. With one or more COMPONENT, run only those.
-COMPONENT can be the name of a component or a shell wildcard pattern.
-
-Examples:
- $0 "check_*"
- Run all sanity checks.
- $0 --no-armcc --except test_memsan
- Run everything except builds that require armcc and MemSan.
-
-Special options:
- -h|--help Print this help and exit.
- --list-all-components List all available test components and exit.
- --list-components List components supported on this platform and exit.
-
-General options:
- -q|--quiet Only output component names, and errors if any.
- -f|--force Force the tests to overwrite any modified files.
- -k|--keep-going Run all tests and report errors at the end.
- -m|--memory Additional optional memory tests.
- --append-outcome Append to the outcome file (if used).
- --arm-none-eabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-none-eabi
- (default: "${ARM_NONE_EABI_GCC_PREFIX}")
- --arm-linux-gnueabi-gcc-prefix=<string>
- Prefix for a cross-compiler for arm-linux-gnueabi
- (default: "${ARM_LINUX_GNUEABI_GCC_PREFIX}")
- --armcc Run ARM Compiler builds (on by default).
- --restore First clean up the build tree, restoring backed up
- files. Do not run any components unless they are
- explicitly specified.
- --error-test Error test mode: run a failing function in addition
- to any specified component. May be repeated.
- --except Exclude the COMPONENTs listed on the command line,
- instead of running only those.
- --no-append-outcome Write a new outcome file and analyze it (default).
- --no-armcc Skip ARM Compiler builds.
- --no-force Refuse to overwrite modified files (default).
- --no-keep-going Stop at the first error (default).
- --no-memory No additional memory tests (default).
- --no-quiet Print full output from components.
- --out-of-source-dir=<path> Directory used for CMake out-of-source build tests.
- --outcome-file=<path> File where test outcomes are written (not done if
- empty; default: \$MBEDTLS_TEST_OUTCOME_FILE).
- --random-seed Use a random seed value for randomized tests (default).
- -r|--release-test Run this script in release mode. This fixes the seed value to ${RELEASE_SEED}.
- -s|--seed Integer seed value to use for this test run.
-
-Tool path options:
- --armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
- --armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
- --clang-earliest=<Clang_earliest_path> Earliest version of clang available
- --clang-latest=<Clang_latest_path> Latest version of clang available
- --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
- --gcc-latest=<GCC_latest_path> Latest version of GCC available
- --gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
- --gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
- --openssl=<OpenSSL_path> OpenSSL executable to use for most tests.
- --openssl-next=<OpenSSL_path> OpenSSL executable to use for recent things like ARIA
-EOF
-}
-
-# Cleanup before/after running a component.
-# Remove built files as well as the cmake cache/config.
-# Does not remove generated source files.
-cleanup()
-{
- if in_mbedtls_repo; then
- command make clean
- fi
-
- # Remove CMake artefacts
- find . -name .git -prune -o \
- -iname CMakeFiles -exec rm -rf {} \+ -o \
- \( -iname cmake_install.cmake -o \
- -iname CTestTestfile.cmake -o \
- -iname CMakeCache.txt -o \
- -path './cmake/*.cmake' \) -exec rm -f {} \+
- # Remove Makefiles generated by in-tree CMake builds
- rm -f 3rdparty/Makefile 3rdparty/*/Makefile pkgconfig/Makefile framework/Makefile
- rm -f include/Makefile programs/!(fuzz)/Makefile
-
- # Remove any artifacts from the component_test_cmake_as_subdirectory test.
- rm -rf programs/test/cmake_subproject/build
- rm -f programs/test/cmake_subproject/Makefile
- rm -f programs/test/cmake_subproject/cmake_subproject
-
- # Remove any artifacts from the component_test_cmake_as_package test.
- rm -rf programs/test/cmake_package/build
- rm -f programs/test/cmake_package/Makefile
- rm -f programs/test/cmake_package/cmake_package
-
- # Remove any artifacts from the component_test_cmake_as_installed_package test.
- rm -rf programs/test/cmake_package_install/build
- rm -f programs/test/cmake_package_install/Makefile
- rm -f programs/test/cmake_package_install/cmake_package_install
-
- # Restore files that may have been clobbered by the job
- for x in $files_to_back_up; do
- if [[ -e "$x$backup_suffix" ]]; then
- cp -p "$x$backup_suffix" "$x"
- fi
- done
-}
-
-# Final cleanup when this script exits (except when exiting on a failure
-# in non-keep-going mode).
-final_cleanup () {
- cleanup
-
- for x in $files_to_back_up; do
- rm -f "$x$backup_suffix"
- done
-}
-
-# Executed on exit. May be redefined depending on command line options.
-final_report () {
- :
-}
-
-fatal_signal () {
- final_cleanup
- final_report $1
- trap - $1
- kill -$1 $$
-}
-
-trap 'fatal_signal HUP' HUP
-trap 'fatal_signal INT' INT
-trap 'fatal_signal TERM' TERM
-
-# Number of processors on this machine. Used as the default setting
-# for parallel make.
-all_sh_nproc ()
-{
- {
- nproc || # Linux
- sysctl -n hw.ncpuonline || # NetBSD, OpenBSD
- sysctl -n hw.ncpu || # FreeBSD
- echo 1
- } 2>/dev/null
-}
-
-msg()
-{
- if [ -n "${current_component:-}" ]; then
- current_section="${current_component#component_}: $1"
- else
- current_section="$1"
- fi
-
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- echo ""
- echo "******************************************************************"
- echo "* $current_section "
- printf "* "; date
- echo "******************************************************************"
-}
-
-armc6_build_test()
-{
- FLAGS="$1"
-
- msg "build: ARM Compiler 6 ($FLAGS)"
- make clean
- ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \
- WARNING_CFLAGS='-Werror -xc -std=c99' make lib
-
- msg "size: ARM Compiler 6 ($FLAGS)"
- "$ARMC6_FROMELF" -z library/*.o
-}
-
-err_msg()
-{
- echo "$1" >&2
-}
-
-check_tools()
-{
- for tool in "$@"; do
- if ! `type "$tool" >/dev/null 2>&1`; then
- err_msg "$tool not found!"
- exit 1
- fi
- done
-}
-
-pre_parse_command_line () {
- COMMAND_LINE_COMPONENTS=
- all_except=0
- error_test=0
- list_components=0
- restore_first=0
- no_armcc=
-
- # Note that legacy options are ignored instead of being omitted from this
- # list of options, so invocations that worked with previous version of
- # all.sh will still run and work properly.
- while [ $# -gt 0 ]; do
- case "$1" in
- --append-outcome) append_outcome=1;;
- --arm-none-eabi-gcc-prefix) shift; ARM_NONE_EABI_GCC_PREFIX="$1";;
- --arm-linux-gnueabi-gcc-prefix) shift; ARM_LINUX_GNUEABI_GCC_PREFIX="$1";;
- --armcc) no_armcc=;;
- --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
- --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
- --clang-earliest) shift; CLANG_EARLIEST="$1";;
- --clang-latest) shift; CLANG_LATEST="$1";;
- --error-test) error_test=$((error_test + 1));;
- --except) all_except=1;;
- --force|-f) FORCE=1;;
- --gcc-earliest) shift; GCC_EARLIEST="$1";;
- --gcc-latest) shift; GCC_LATEST="$1";;
- --gnutls-cli) shift; GNUTLS_CLI="$1";;
- --gnutls-legacy-cli) shift;; # ignored for backward compatibility
- --gnutls-legacy-serv) shift;; # ignored for backward compatibility
- --gnutls-serv) shift; GNUTLS_SERV="$1";;
- --help|-h) usage; exit;;
- --keep-going|-k) KEEP_GOING=1;;
- --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;;
- --list-components) list_components=1;;
- --memory|-m) MEMORY=1;;
- --no-append-outcome) append_outcome=0;;
- --no-armcc) no_armcc=1;;
- --no-force) FORCE=0;;
- --no-keep-going) KEEP_GOING=0;;
- --no-memory) MEMORY=0;;
- --no-quiet) QUIET=0;;
- --openssl) shift; OPENSSL="$1";;
- --openssl-next) shift; OPENSSL_NEXT="$1";;
- --outcome-file) shift; MBEDTLS_TEST_OUTCOME_FILE="$1";;
- --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";;
- --quiet|-q) QUIET=1;;
- --random-seed) unset SEED;;
- --release-test|-r) SEED=$RELEASE_SEED;;
- --restore) restore_first=1;;
- --seed|-s) shift; SEED="$1";;
- -*)
- echo >&2 "Unknown option: $1"
- echo >&2 "Run $0 --help for usage."
- exit 120
- ;;
- *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";;
- esac
- shift
- done
-
- # Exclude components that are not supported on this platform.
- SUPPORTED_COMPONENTS=
- for component in $ALL_COMPONENTS; do
- case $(type "support_$component" 2>&1) in
- *' function'*)
- if ! support_$component; then continue; fi;;
- esac
- SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component"
- done
-
- if [ $list_components -eq 1 ]; then
- printf '%s\n' $SUPPORTED_COMPONENTS
- exit
- fi
-
- # With no list of components, run everything.
- if [ -z "$COMMAND_LINE_COMPONENTS" ] && [ $restore_first -eq 0 ]; then
- all_except=1
- fi
-
- # --no-armcc is a legacy option. The modern way is --except '*_armcc*'.
- # Ignore it if components are listed explicitly on the command line.
- if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then
- COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*"
- fi
-
- # Error out if an explicitly requested component doesn't exist.
- if [ $all_except -eq 0 ]; then
- unsupported=0
- # Temporarily disable wildcard expansion so that $COMMAND_LINE_COMPONENTS
- # only does word splitting.
- set -f
- for component in $COMMAND_LINE_COMPONENTS; do
- set +f
- # If the requested name includes a wildcard character, don't
- # check it. Accept wildcard patterns that don't match anything.
- case $component in
- *[*?\[]*) continue;;
- esac
- case " $SUPPORTED_COMPONENTS " in
- *" $component "*) :;;
- *)
- echo >&2 "Component $component was explicitly requested, but is not known or not supported."
- unsupported=$((unsupported + 1));;
- esac
- done
- set +f
- if [ $unsupported -ne 0 ]; then
- exit 2
- fi
- fi
-
- # Build the list of components to run.
- RUN_COMPONENTS=
- for component in $SUPPORTED_COMPONENTS; do
- if is_component_included "$component"; [ $? -eq $all_except ]; then
- RUN_COMPONENTS="$RUN_COMPONENTS $component"
- fi
- done
-
- unset all_except
- unset no_armcc
-}
-
-pre_check_git () {
- if [ $FORCE -eq 1 ]; then
- rm -rf "$OUT_OF_SOURCE_DIR"
- git checkout-index -f -q $CONFIG_H
- cleanup
- else
-
- if [ -d "$OUT_OF_SOURCE_DIR" ]; then
- echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2
- echo "You can either delete this directory manually, or force the test by rerunning"
- echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR"
- exit 1
- fi
-
- if ! git diff --quiet "$CONFIG_H"; then
- err_msg "Warning - the configuration file '$CONFIG_H' has been edited. "
- echo "You can either delete or preserve your work, or force the test by rerunning the"
- echo "script as: $0 --force"
- exit 1
- fi
- fi
-}
-
-pre_restore_files () {
- # If the makefiles have been generated by a framework such as cmake,
- # restore them from git. If the makefiles look like modifications from
- # the ones checked into git, take care not to modify them. Whatever
- # this function leaves behind is what the script will restore before
- # each component.
- case "$(head -n1 Makefile)" in
- *[Gg]enerated*)
- git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
- ;;
- esac
-}
-
-pre_back_up () {
- for x in $files_to_back_up; do
- cp -p "$x" "$x$backup_suffix"
- done
-}
-
-pre_setup_keep_going () {
- failure_count=0 # Number of failed components
- last_failure_status=0 # Last failure status in this component
-
- # See err_trap
- previous_failure_status=0
- previous_failed_command=
- previous_failure_funcall_depth=0
- unset report_failed_command
-
- start_red=
- end_color=
- if [ -t 1 ]; then
- case "${TERM:-}" in
- *color*|cygwin|linux|rxvt*|screen|[Eex]term*)
- start_red=$(printf '\033[31m')
- end_color=$(printf '\033[0m')
- ;;
- esac
- fi
-
- # Keep a summary of failures in a file. We'll print it out at the end.
- failure_summary_file=$PWD/all-sh-failures-$$.log
- : >"$failure_summary_file"
-
- # Whether it makes sense to keep a component going after the specified
- # command fails (test command) or not (configure or build).
- # This function normally receives the failing simple command
- # ($BASH_COMMAND) as an argument, but if $report_failed_command is set,
- # this is passed instead.
- # This doesn't have to be 100% accurate: all failures are recorded anyway.
- # False positives result in running things that can't be expected to
- # work. False negatives result in things not running after something else
- # failed even though they might have given useful feedback.
- can_keep_going_after_failure () {
- case "$1" in
- "msg "*) false;;
- "cd "*) false;;
- "diff "*) true;;
- *make*[\ /]tests*) false;; # make tests, make CFLAGS=-I../tests, ...
- *test*) true;; # make test, tests/stuff, env V=v tests/stuff, ...
- *make*check*) true;;
- "grep "*) true;;
- "[ "*) true;;
- "! "*) true;;
- *) false;;
- esac
- }
-
- # This function runs if there is any error in a component.
- # It must either exit with a nonzero status, or set
- # last_failure_status to a nonzero value.
- err_trap () {
- # Save $? (status of the failing command). This must be the very
- # first thing, before $? is overridden.
- last_failure_status=$?
- failed_command=${report_failed_command-$BASH_COMMAND}
-
- if [[ $last_failure_status -eq $previous_failure_status &&
- "$failed_command" == "$previous_failed_command" &&
- ${#FUNCNAME[@]} == $((previous_failure_funcall_depth - 1)) ]]
- then
- # The same command failed twice in a row, but this time one level
- # less deep in the function call stack. This happens when the last
- # command of a function returns a nonzero status, and the function
- # returns that same status. Ignore the second failure.
- previous_failure_funcall_depth=${#FUNCNAME[@]}
- return
- fi
- previous_failure_status=$last_failure_status
- previous_failed_command=$failed_command
- previous_failure_funcall_depth=${#FUNCNAME[@]}
-
- text="$current_section: $failed_command -> $last_failure_status"
- echo "${start_red}^^^^$text^^^^${end_color}" >&2
- echo "$text" >>"$failure_summary_file"
-
- # If the command is fatal (configure or build command), stop this
- # component. Otherwise (test command) keep the component running
- # (run more tests from the same build).
- if ! can_keep_going_after_failure "$failed_command"; then
- exit $last_failure_status
- fi
- }
-
- final_report () {
- if [ $failure_count -gt 0 ]; then
- echo
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- echo "${start_red}FAILED: $failure_count components${end_color}"
- cat "$failure_summary_file"
- echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
- elif [ -z "${1-}" ]; then
- echo "SUCCESS :)"
- fi
- if [ -n "${1-}" ]; then
- echo "Killed by SIG$1."
- fi
- rm -f "$failure_summary_file"
- if [ $failure_count -gt 0 ]; then
- exit 1
- fi
- }
-}
-
-# record_status() and if_build_succeeded() are kept temporarily for backward
-# compatibility. Don't use them in new components.
-record_status () {
- "$@"
-}
-if_build_succeeded () {
- "$@"
-}
-
-# '! true' does not trigger the ERR trap. Arrange to trigger it, with
-# a reasonably informative error message (not just "$@").
-not () {
- if "$@"; then
- report_failed_command="! $*"
- false
- unset report_failed_command
- fi
-}
-
-pre_prepare_outcome_file () {
- case "$MBEDTLS_TEST_OUTCOME_FILE" in
- [!/]*) MBEDTLS_TEST_OUTCOME_FILE="$PWD/$MBEDTLS_TEST_OUTCOME_FILE";;
- esac
- if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ] && [ "$append_outcome" -eq 0 ]; then
- rm -f "$MBEDTLS_TEST_OUTCOME_FILE"
- fi
-}
-
-pre_print_configuration () {
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: $0 configuration"
- echo "MEMORY: $MEMORY"
- echo "FORCE: $FORCE"
- echo "MBEDTLS_TEST_OUTCOME_FILE: ${MBEDTLS_TEST_OUTCOME_FILE:-(none)}"
- echo "SEED: ${SEED-"UNSET"}"
- echo
- echo "OPENSSL: $OPENSSL"
- echo "OPENSSL_NEXT: $OPENSSL_NEXT"
- echo "GNUTLS_CLI: $GNUTLS_CLI"
- echo "GNUTLS_SERV: $GNUTLS_SERV"
- echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR"
- echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR"
-}
-
-# Make sure the tools we need are available.
-pre_check_tools () {
- # Build the list of variables to pass to output_env.sh.
- set env
-
- case " $RUN_COMPONENTS " in
- # Require OpenSSL and GnuTLS if running any tests (as opposed to
- # only doing builds). Not all tests run OpenSSL and GnuTLS, but this
- # is a good enough approximation in practice.
- *" test_"* | *" release_test_"*)
- # To avoid setting OpenSSL and GnuTLS for each call to compat.sh
- # and ssl-opt.sh, we just export the variables they require.
- export OPENSSL="$OPENSSL"
- export GNUTLS_CLI="$GNUTLS_CLI"
- export GNUTLS_SERV="$GNUTLS_SERV"
- # Avoid passing --seed flag in every call to ssl-opt.sh
- if [ -n "${SEED-}" ]; then
- export SEED
- fi
- set "$@" OPENSSL="$OPENSSL"
- set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV"
- check_tools "$OPENSSL" "$OPENSSL_NEXT" \
- "$GNUTLS_CLI" "$GNUTLS_SERV"
- ;;
- esac
-
- case " $RUN_COMPONENTS " in
- *_doxygen[_\ ]*) check_tools "doxygen" "dot";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_arm_none_eabi_gcc[_\ ]*) check_tools "${ARM_NONE_EABI_GCC_PREFIX}gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";;
- esac
-
- case " $RUN_COMPONENTS " in
- *" test_zeroize "*) check_tools "gdb";;
- esac
-
- case " $RUN_COMPONENTS " in
- *_armcc*)
- ARMC5_CC="$ARMC5_BIN_DIR/armcc"
- ARMC5_AR="$ARMC5_BIN_DIR/armar"
- ARMC5_FROMELF="$ARMC5_BIN_DIR/fromelf"
- ARMC6_CC="$ARMC6_BIN_DIR/armclang"
- ARMC6_AR="$ARMC6_BIN_DIR/armar"
- ARMC6_FROMELF="$ARMC6_BIN_DIR/fromelf"
- check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC5_FROMELF" \
- "$ARMC6_CC" "$ARMC6_AR" "$ARMC6_FROMELF";;
- esac
-
- # past this point, no call to check_tool, only printing output
- if [ $QUIET -eq 1 ]; then
- return
- fi
-
- msg "info: output_env.sh"
- case $RUN_COMPONENTS in
- *_armcc*)
- set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;;
- *) set "$@" RUN_ARMCC=0;;
- esac
- "$@" scripts/output_env.sh
-}
-
-pre_generate_files () {
- # since make doesn't have proper dependencies, remove any possibly outdate
- # file that might be around before generating fresh ones
- make neat
- if [ $QUIET -eq 1 ]; then
- make generated_files >/dev/null
- else
- make generated_files
- fi
-}
-
-clang_version () {
- if command -v clang > /dev/null ; then
- clang --version|grep version|sed -E 's#.*version ([0-9]+).*#\1#'
- else
- echo 0 # report version 0 for "no clang"
- fi
-}
-
-################################################################
-#### Helpers for components using libtestdriver1
-################################################################
-
-# How to use libtestdriver1
-# -------------------------
-#
-# 1. Define the list algorithms and key types to accelerate,
-# designated the same way as PSA_WANT_ macros but without PSA_WANT_.
-# Examples:
-# - loc_accel_list="ALG_JPAKE"
-# - loc_accel_list="ALG_FFDH KEY_TYPE_DH_KEY_PAIR KEY_TYPE_DH_PUBLIC_KEY"
-# 2. Make configurations changes for the driver and/or main libraries.
-# 2a. Call helper_libtestdriver1_adjust_config <base>, where the argument
-# can be either "default" to start with the default config, or a name
-# supported by scripts/config.py (for example, "full"). This selects
-# the base to use, and makes common adjustments.
-# 2b. If desired, adjust the PSA_WANT symbols in psa/crypto_config.h.
-# These changes affect both the driver and the main libraries.
-# (Note: they need to have the same set of PSA_WANT symbols, as that
-# determines the ABI between them.)
-# 2c. Adjust MBEDTLS_ symbols in mbedtls_config.h. This only affects the
-# main libraries. Typically, you want to disable the module(s) that are
-# being accelerated. You may need to also disable modules that depend
-# on them or options that are not supported with drivers.
-# 2d. On top of psa/crypto_config.h, the driver library uses its own config
-# file: tests/include/test/drivers/config_test_driver.h. You usually
-# don't need to edit it: using loc_extra_list (see below) is preferred.
-# However, when there's no PSA symbol for what you want to enable,
-# calling scripts/config.py on this file remains the only option.
-# 3. Build the driver library, then the main libraries, test, and programs.
-# 3a. Call helper_libtestdriver1_make_drivers "$loc_accel_list". You may
-# need to enable more algorithms here, typically hash algorithms when
-# accelerating some signature algorithms (ECDSA, RSAv2). This is done
-# by passing a 2nd argument listing the extra algorithms.
-# Example:
-# loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512"
-# helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
-# 3b. Call helper_libtestdriver1_make_main "$loc_accel_list". Any
-# additional arguments will be passed to make: this can be useful if
-# you don't want to build everything when iterating during development.
-# Example:
-# helper_libtestdriver1_make_main "$loc_accel_list" -C tests test_suite_foo
-# 4. Run the tests you want.
-
-# Adjust the configuration - for both libtestdriver1 and main library,
-# as they should have the same PSA_WANT macros.
-helper_libtestdriver1_adjust_config () {
- base_config=$1
- # Select the base configuration
- if [ "$base_config" != "default" ]; then
- scripts/config.py "$base_config"
- fi
-
- # Enable PSA-based config (necessary to use drivers)
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
-
- # Dynamic secure element support is a deprecated feature and needs to be disabled here.
- # This is done to have the same form of psa_key_attributes_s for libdriver and library.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # If threading is enabled on the normal build, then we need to enable it in the drivers as well,
- # otherwise we will end up running multithreaded tests without mutexes to protect them.
- if scripts/config.py get MBEDTLS_THREADING_C; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_C
- fi
-
- if scripts/config.py get MBEDTLS_THREADING_PTHREAD; then
- scripts/config.py -f "$CONFIG_TEST_DRIVER_H" set MBEDTLS_THREADING_PTHREAD
- fi
-}
-
-# When called with no parameter this function disables all builtin curves.
-# The function optionally accepts 1 parameter: a space-separated list of the
-# curves that should be kept enabled.
-helper_disable_builtin_curves () {
- allowed_list="${1:-}"
- scripts/config.py unset-all "MBEDTLS_ECP_DP_[0-9A-Z_a-z]*_ENABLED"
-
- for curve in $allowed_list; do
- scripts/config.py set $curve
- done
-}
-
-# Helper returning the list of supported elliptic curves from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating curves
-# in the following helpers.
-helper_get_psa_curve_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(ECC_[0-9A-Z_a-z]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Helper returning the list of supported DH groups from CRYPTO_CONFIG_H,
-# without the "PSA_WANT_" prefix. This becomes handy for accelerating DH groups
-# in the following helpers.
-helper_get_psa_dh_group_list () {
- loc_list=""
- for item in $(sed -n 's/^#define PSA_WANT_\(DH_RFC7919_[0-9]*\).*/\1/p' <"$CRYPTO_CONFIG_H"); do
- loc_list="$loc_list $item"
- done
-
- echo "$loc_list"
-}
-
-# Get the list of uncommented PSA_WANT_KEY_TYPE_xxx_ from CRYPTO_CONFIG_H. This
-# is useful to easily get a list of key type symbols to accelerate.
-# The function accepts a single argument which is the key type: ECC, DH, RSA.
-helper_get_psa_key_type_list () {
- key_type="$1"
- loc_list=""
- for item in $(sed -n "s/^#define PSA_WANT_\(KEY_TYPE_${key_type}_[0-9A-Z_a-z]*\).*/\1/p" <"$CRYPTO_CONFIG_H"); do
- # Skip DERIVE for elliptic keys since there is no driver dispatch for
- # it so it cannot be accelerated.
- if [ "$item" != "KEY_TYPE_ECC_KEY_PAIR_DERIVE" ]; then
- loc_list="$loc_list $item"
- fi
- done
-
- echo "$loc_list"
-}
-
-# Build the drivers library libtestdriver1.a (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# 2. optional: a space-separate list of things to also support.
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_drivers () {
- loc_accel_flags=$( echo "$1 ${2-}" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- make CC=$ASAN_CC -C tests libtestdriver1.a CFLAGS=" $ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
-}
-
-# Build the main libraries, programs and tests,
-# linking to the drivers library (with ASan).
-#
-# Parameters:
-# 1. a space-separated list of things to accelerate;
-# *. remaining arguments if any are passed directly to make
-# (examples: lib, -C tests test_suite_xxx, etc.)
-# Here "things" are PSA_WANT_ symbols but with PSA_WANT_ removed.
-helper_libtestdriver1_make_main () {
- loc_accel_list=$1
- shift
-
- # we need flags both with and without the LIBTESTDRIVER1_ prefix
- loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
- loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
-}
-
-# Include the components from components.sh
-test_script_dir="${0%/*}"
-for file in "$test_script_dir"/components*.sh; do
- source $file
-done
-
-################################################################
-#### Termination
-################################################################
-
-post_report () {
- msg "Done, cleaning up"
- final_cleanup
-
- final_report
-}
-
-################################################################
-#### Run all the things
-################################################################
-
-# Function invoked by --error-test to test error reporting.
-pseudo_component_error_test () {
- msg "Testing error reporting $error_test_i"
- if [ $KEEP_GOING -ne 0 ]; then
- echo "Expect three failing commands."
- fi
- # If the component doesn't run in a subshell, changing error_test_i to an
- # invalid integer will cause an error in the loop that runs this function.
- error_test_i=this_should_not_be_used_since_the_component_runs_in_a_subshell
- # Expected error: 'grep non_existent /dev/null -> 1'
- grep non_existent /dev/null
- # Expected error: '! grep -q . tests/scripts/all.sh -> 1'
- not grep -q . "$0"
- # Expected error: 'make unknown_target -> 2'
- make unknown_target
- false "this should not be executed"
-}
-
-# Run one component and clean up afterwards.
-run_component () {
- current_component="$1"
- export MBEDTLS_TEST_CONFIGURATION="$current_component"
-
- # Unconditionally create a seedfile that's sufficiently long.
- # Do this before each component, because a previous component may
- # have messed it up or shortened it.
- local dd_cmd
- dd_cmd=(dd if=/dev/urandom of=./tests/seedfile bs=64 count=1)
- case $OSTYPE in
- linux*|freebsd*|openbsd*) dd_cmd+=(status=none)
- esac
- "${dd_cmd[@]}"
-
- # Run the component in a subshell, with error trapping and output
- # redirection set up based on the relevant options.
- if [ $KEEP_GOING -eq 1 ]; then
- # We want to keep running if the subshell fails, so 'set -e' must
- # be off when the subshell runs.
- set +e
- fi
- (
- if [ $QUIET -eq 1 ]; then
- # msg() will be silenced, so just print the component name here.
- echo "${current_component#component_}"
- exec >/dev/null
- fi
- if [ $KEEP_GOING -eq 1 ]; then
- # Keep "set -e" off, and run an ERR trap instead to record failures.
- set -E
- trap err_trap ERR
- fi
- # The next line is what runs the component
- "$@"
- if [ $KEEP_GOING -eq 1 ]; then
- trap - ERR
- exit $last_failure_status
- fi
- )
- component_status=$?
- if [ $KEEP_GOING -eq 1 ]; then
- set -e
- if [ $component_status -ne 0 ]; then
- failure_count=$((failure_count + 1))
- fi
- fi
-
- # Restore the build tree to a clean state.
- cleanup
- unset current_component
-}
-
-# Preliminary setup
-pre_check_environment
-pre_initialize_variables
-pre_parse_command_line "$@"
-
-setup_quiet_wrappers
-pre_check_git
-pre_restore_files
-pre_back_up
-
-build_status=0
-if [ $KEEP_GOING -eq 1 ]; then
- pre_setup_keep_going
-fi
-pre_prepare_outcome_file
-pre_print_configuration
-pre_check_tools
-cleanup
-if in_mbedtls_repo; then
- pre_generate_files
-fi
-
-# Run the requested tests.
-for ((error_test_i=1; error_test_i <= error_test; error_test_i++)); do
- run_component pseudo_component_error_test
-done
-unset error_test_i
-for component in $RUN_COMPONENTS; do
- run_component "component_$component"
-done
-
-# We're done.
-post_report
+main "$@"
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 72dba99..18c8bde 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -7,15 +7,286 @@
"""
import re
+import typing
import scripts_path # pylint: disable=unused-import
from mbedtls_framework import outcome_analysis
class CoverageTask(outcome_analysis.CoverageTask):
- # We'll populate IGNORED_TESTS soon. In the meantime, lack of coverage
- # is just a warning.
- outcome_analysis.FULL_COVERAGE_BY_DEFAULT = False
+ """Justify test cases that are never executed."""
+
+ @staticmethod
+ def _has_word_re(words: typing.Iterable[str],
+ exclude: typing.Optional[str] = None) -> typing.Pattern:
+ """Construct a regex that matches if any of the words appears.
+
+ The occurrence must start and end at a word boundary.
+
+ If exclude is specified, strings containing a match for that
+ regular expression will not match the returned pattern.
+ """
+ exclude_clause = r''
+ if exclude:
+ exclude_clause = r'(?!.*' + exclude + ')'
+ return re.compile(exclude_clause +
+ r'.*\b(?:' + r'|'.join(words) + r')\b.*',
+ re.DOTALL)
+
+ # generate_psa_tests.py generates test cases involving cryptographic
+ # mechanisms (key types, families, algorithms) that are declared but
+ # not implemented. Until we improve the Python scripts, ignore those
+ # test cases in the analysis.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9572
+ _PSA_MECHANISMS_NOT_IMPLEMENTED = [
+ r'CBC_MAC',
+ r'DETERMINISTIC_DSA',
+ r'DET_DSA',
+ r'DSA',
+ r'ECC_KEY_PAIR\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_KEY_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PAIR\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PAIR\(SECP_K1\) 225-bit',
+ r'ECC_PUBLIC_KEY\(BRAINPOOL_P_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUBLIC_KEY\(SECP_K1\) 225-bit',
+ r'ECC_PUB\(BP_R1\) (?:160|192|224|320)-bit',
+ r'ECC_PUB\(SECP_K1\) 225-bit',
+ r'ED25519PH',
+ r'ED448PH',
+ r'PEPPER',
+ r'PURE_EDDSA',
+ r'SECP_R2',
+ r'SECT_K1',
+ r'SECT_R1',
+ r'SECT_R2',
+ r'SHAKE256_512',
+ r'SHA_512_224',
+ r'SHA_512_256',
+ r'TWISTED_EDWARDS',
+ r'XTS',
+ ]
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE = \
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED)
+
+ IGNORED_TESTS = {
+ 'ssl-opt': [
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS client reconnect from same port: reconnect, nbio, valgrind',
+ # We don't have IPv6 in our CI environment.
+ # https://github.com/Mbed-TLS/mbedtls-test/issues/176
+ 'DTLS cookie: enabled, IPv6',
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/18887
+ 'DTLS fragmenting: 3d, openssl client, DTLS 1.2',
+ # We don't run ssl-opt.sh with Valgrind on the CI because
+ # it's extremely slow. We don't intend to change this.
+ 'DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)',
+ # It seems that we don't run `ssl-opt.sh` with
+ # `MBEDTLS_USE_PSA_CRYPTO` enabled but `MBEDTLS_SSL_ASYNC_PRIVATE`
+ # disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9581
+ 'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
+ 'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
+ ],
+ 'test_suite_config.mbedtls_boolean': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'Config: !MBEDTLS_CIPHER_PADDING_PKCS7',
+ # https://github.com/Mbed-TLS/mbedtls/issues/9583
+ 'Config: !MBEDTLS_ECP_NIST_OPTIM',
+ # MBEDTLS_ECP_NO_FALLBACK only affects builds using a partial
+ # alternative implementation of ECP arithmetic (with
+ # MBEDTLS_ECP_INTERNAL_ALT enabled). We don't test those builds.
+ # The configuration enumeration script skips xxx_ALT options
+ # but not MBEDTLS_ECP_NO_FALLBACK, so it appears in the report,
+ # but we don't care about it.
+ 'Config: MBEDTLS_ECP_NO_FALLBACK',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_ANTI_REPLAY',
+ # Missing coverage of test configurations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9585
+ 'Config: !MBEDTLS_SSL_DTLS_HELLO_VERIFY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: !MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED',
+ # We only test multithreading with pthreads.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9584
+ 'Config: !MBEDTLS_THREADING_PTHREAD',
+ # Built but not tested.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9587
+ 'Config: MBEDTLS_AES_USE_HARDWARE_ONLY',
+ # Untested platform-specific optimizations.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9588
+ 'Config: MBEDTLS_HAVE_SSE2',
+ # Obsolete configuration option, to be replaced by
+ # PSA entropy drivers.
+ # https://github.com/Mbed-TLS/mbedtls/issues/8150
+ 'Config: MBEDTLS_NO_PLATFORM_ENTROPY',
+ # Untested aspect of the platform interface.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9589
+ 'Config: MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
+ # In a client-server build, test_suite_config runs in the
+ # client configuration, so it will never report
+ # MBEDTLS_PSA_CRYPTO_SPM as enabled. That's ok.
+ 'Config: MBEDTLS_PSA_CRYPTO_SPM',
+ # We don't test on armv8 yet.
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
+ 'Config: MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY',
+ 'Config: MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY',
+ # We don't run test_suite_config when we test this.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9586
+ 'Config: MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND',
+ ],
+ 'test_suite_config.psa_boolean': [
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_ALG_HMAC',
+ # The DERIVE key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_DERIVE',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE',
+ 'Config: !PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT',
+ # We don't test with HMAC disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9591
+ 'Config: !PSA_WANT_KEY_TYPE_HMAC',
+ # The PASSWORD key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD',
+ # The PASSWORD_HASH key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_PASSWORD_HASH',
+ # The RAW_DATA key type is always enabled.
+ 'Config: !PSA_WANT_KEY_TYPE_RAW_DATA',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT',
+ 'Config: !PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_CBC_MAC',
+ # Algorithm declared but not supported.
+ 'Config: PSA_WANT_ALG_XTS',
+ # Family declared but not supported.
+ 'Config: PSA_WANT_ECC_SECP_K1_224',
+ # More granularity of key pair type enablement macros
+ # than we care to test.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9590
+ 'Config: PSA_WANT_KEY_TYPE_DH_KEY_PAIR_DERIVE',
+ 'Config: PSA_WANT_KEY_TYPE_ECC_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR',
+ 'Config: PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_DERIVE',
+ ],
+ 'test_suite_config.psa_combinations': [
+ # We don't test this unusual, but sensible configuration.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9592
+ 'Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA',
+ ],
+ 'test_suite_pkcs12': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBE Decrypt, (Invalid padding & PKCS7 padding disabled)',
+ 'PBE Encrypt, pad = 8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_pkcs5': [
+ # We never test with CBC/PKCS5/PKCS12 enabled but
+ # PKCS7 padding disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9580
+ 'PBES2 Decrypt (Invalid padding & PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=6 (PKCS7 padding disabled)',
+ 'PBES2 Encrypt, pad=8 (PKCS7 padding disabled)',
+ ],
+ 'test_suite_psa_crypto_generate_key.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for public keys for which we always test that
+ # psa_generate_key() returns PSA_ERROR_INVALID_ARGUMENT
+ # regardless of whether the specific key type is supported.
+ _has_word_re((mech
+ for mech in _PSA_MECHANISMS_NOT_IMPLEMENTED
+ if not mech.startswith('ECC_PUB')),
+ exclude=r'ECC_PUB'),
+ ],
+ 'test_suite_psa_crypto_metadata': [
+ # Algorithms declared but not supported.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9579
+ 'Asymmetric signature: Ed25519ph',
+ 'Asymmetric signature: Ed448ph',
+ 'Asymmetric signature: pure EdDSA',
+ 'Cipher: XTS',
+ 'MAC: CBC_MAC-3DES',
+ 'MAC: CBC_MAC-AES-128',
+ 'MAC: CBC_MAC-AES-192',
+ 'MAC: CBC_MAC-AES-256',
+ ],
+ 'test_suite_psa_crypto_not_supported.generated': [
+ # It is a bug that not-supported test cases aren't getting
+ # run for never-implemented key types.
+ # https://github.com/Mbed-TLS/mbedtls/issues/7915
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ # We never test with DH key support disabled but support
+ # for a DH group enabled. The dependencies of these test
+ # cases don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9574
+ re.compile(r'PSA \w+ DH_.*type not supported'),
+ # We only test partial support for DH with the 2048-bit group
+ # enabled and the other groups disabled.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9575
+ 'PSA generate DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_KEY_PAIR(RFC7919) 2048-bit group not supported',
+ 'PSA import DH_PUBLIC_KEY(RFC7919) 2048-bit group not supported',
+ ],
+ 'test_suite_psa_crypto_op_fail.generated': [
+ # Ignore mechanisms that are not implemented, except
+ # for test cases that assume the mechanism is not supported.
+ _has_word_re(_PSA_MECHANISMS_NOT_IMPLEMENTED,
+ exclude=(r'.*: !(?:' +
+ r'|'.join(_PSA_MECHANISMS_NOT_IMPLEMENTED) +
+ r')\b')),
+ # Incorrect dependency generation. To be fixed as part of the
+ # resolution of https://github.com/Mbed-TLS/mbedtls/issues/9167
+ # by forward-porting the commit
+ # "PSA test case generation: dependency inference class: operation fail"
+ # from https://github.com/Mbed-TLS/mbedtls/pull/9025 .
+ re.compile(r'.* with (?:DH|ECC)_(?:KEY_PAIR|PUBLIC_KEY)\(.*'),
+ # PBKDF2_HMAC is not in the default configuration, so we don't
+ # enable it in depends.py where we remove hashes.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9576
+ re.compile(r'PSA key_derivation PBKDF2_HMAC\(\w+\): !(?!PBKDF2_HMAC\Z).*'),
+
+ # We never test with the HMAC algorithm enabled but the HMAC
+ # key type disabled. Those dependencies don't really make sense.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9573
+ re.compile(r'.* !HMAC with HMAC'),
+ # There's something wrong with PSA_WANT_ALG_RSA_PSS_ANY_SALT
+ # differing from PSA_WANT_ALG_RSA_PSS.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9578
+ re.compile(r'PSA sign RSA_PSS_ANY_SALT.*!(?:MD|RIPEMD|SHA).*'),
+ ],
+ 'test_suite_psa_crypto_storage_format.current': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'test_suite_psa_crypto_storage_format.v0': [
+ PSA_MECHANISM_NOT_IMPLEMENTED_SEARCH_RE,
+ ],
+ 'tls13-misc': [
+ # Disabled due to OpenSSL bug.
+ # https://github.com/openssl/openssl/issues/10714
+ 'TLS 1.3 O->m: resumption',
+ # Disabled due to OpenSSL command line limitation.
+ # https://github.com/Mbed-TLS/mbedtls/issues/9582
+ 'TLS 1.3 m->O: resumption with early data',
+ ],
+ }
# The names that we give to classes derived from DriverVSReference do not
@@ -157,6 +428,8 @@
IGNORED_SUITES = [
# Modules replaced by drivers
'ecdsa', 'ecdh', 'ecjpake',
+ # Unit tests for the built-in implementation
+ 'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
@@ -197,6 +470,8 @@
IGNORED_SUITES = [
# Modules replaced by drivers
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
+ # Unit tests for the built-in implementation
+ 'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
@@ -237,6 +512,8 @@
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
+ # Unit tests for the built-in implementation
+ 'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
@@ -282,6 +559,8 @@
'ecp', 'ecdsa', 'ecdh', 'ecjpake', 'dhm',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
+ # Unit tests for the built-in implementation
+ 'psa_crypto_ecp',
]
IGNORED_TESTS = {
'ssl-opt': [
@@ -352,6 +631,8 @@
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
+ # Unit tests for the built-in implementation
+ 'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index 2060b9c..9dd98df 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -132,7 +132,7 @@
check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
-check framework/scripts/generate_test_keys.py tests/src/test_keys.h
+check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
check scripts/generate_driver_wrappers.py $library_dir/psa_crypto_driver_wrappers.h $library_dir/psa_crypto_driver_wrappers_no_static.c
# Additional checks for Mbed TLS only
@@ -140,8 +140,8 @@
check scripts/generate_errors.pl library/error.c
check scripts/generate_query_config.pl programs/test/query_config.c
check scripts/generate_features.pl library/version_features.c
- check scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
- check tests/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
+ check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+ check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
# generate_visualc_files enumerates source files (library/*.c). It doesn't
# care about their content, but the files must exist. So it must run after
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 5128dc8..3310cc6 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -243,7 +243,7 @@
])
all_macros["internal"] = self.parse_macros([
"library/*.h",
- "tests/include/test/drivers/*.h",
+ "framework/tests/include/test/drivers/*.h",
])
all_macros["private"] = self.parse_macros([
"library/*.c",
diff --git a/tests/scripts/components-basic-checks.sh b/tests/scripts/components-basic-checks.sh
index d28f3b3..7b60b49 100644
--- a/tests/scripts/components-basic-checks.sh
+++ b/tests/scripts/components-basic-checks.sh
@@ -106,6 +106,9 @@
# the test code and that's probably the most convenient way of achieving
# the test's goal.
echo "MBEDTLS_ASN1_WRITE_C" >> $expected
+ # No PSA equivalent - used in test_suite_psa_crypto to get some "known" size
+ # for raw key generation.
+ echo "MBEDTLS_CTR_DRBG_MAX_REQUEST" >> $expected
# No PSA equivalent - we should probably have one in the future.
echo "MBEDTLS_ECP_RESTARTABLE" >> $expected
# No PSA equivalent - needed by some init tests
@@ -157,6 +160,5 @@
./framework/scripts/test_generate_test_code.py 2>&1
msg "unit test: translate_ciphers.py"
- python3 -m unittest tests/scripts/translate_ciphers.py 2>&1
+ python3 -m unittest framework/scripts/translate_ciphers.py 2>&1
}
-
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 5badabb..a4b2323 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -18,7 +18,7 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
- armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
}
test_build_opt () {
@@ -56,7 +56,7 @@
component_test_clang_earliest_opt () {
scripts/config.py full
- test_build_opt 'full config' "$CLANG_EARLIEST" -O0
+ test_build_opt 'full config' "$CLANG_EARLIEST" -O2
}
support_test_clang_earliest_opt () {
@@ -74,7 +74,7 @@
component_test_gcc_earliest_opt () {
scripts/config.py full
- test_build_opt 'full config' "$GCC_EARLIEST" -O0
+ test_build_opt 'full config' "$GCC_EARLIEST" -O2
}
support_test_gcc_earliest_opt () {
@@ -83,20 +83,20 @@
component_build_mingw () {
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 lib programs
# note Make tests only builds the tests, but doesn't run them
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -maes -msse2 -mpclmul' WINDOWS_BUILD=1 tests
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 lib programs
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra -maes -msse2 -mpclmul' WINDOWS_BUILD=1 SHARED=1 tests
make WINDOWS_BUILD=1 clean
msg "build: Windows cross build - mingw64, make (Library only, default config without MBEDTLS_AESNI_C)" # ~ 30s
./scripts/config.py unset MBEDTLS_AESNI_C #
- make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
+ make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib
make WINDOWS_BUILD=1 clean
}
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index d2f7c22..e3096f3 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -31,6 +31,25 @@
make test
}
+component_test_crypto_with_static_key_slots() {
+ msg "build: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ scripts/config.py crypto_full
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE to a value that
+ # is enough to contain:
+ # - all RSA public keys up to 4096 bits (max of PSA_VENDOR_RSA_MAX_KEY_BITS).
+ # - RSA key pairs up to 1024 bits, but not 2048 or larger.
+ # - all FFDH key pairs and public keys up to 8192 bits (max of PSA_VENDOR_FFDH_MAX_KEY_BITS).
+ # - all EC key pairs and public keys up to 521 bits (max of PSA_VENDOR_ECC_MAX_CURVE_BITS).
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE 1212
+ # Disable the fully dynamic key store (default on) since it conflicts
+ # with the static behavior that we're testing here.
+ scripts/config.py unset MBEDTLS_PSA_KEY_STORE_DYNAMIC
+
+ msg "test: crypto full + MBEDTLS_PSA_STATIC_KEY_SLOTS"
+ make CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test
+}
+
# check_renamed_symbols HEADER LIB
# Check that if HEADER contains '#define MACRO ...' then MACRO is not a symbol
# name in LIB.
@@ -48,12 +67,74 @@
# We can only compile, not link, since our test and sample programs
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
# is active.
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
# version is not present.
echo "Checking for renamed symbols in the library"
- check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+ check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+}
+
+# The goal of this component is to build a configuration where:
+# - test code and libtestdriver1 can make use of calloc/free and
+# - core library (including PSA core) cannot use calloc/free.
+component_test_psa_crypto_without_heap() {
+ msg "crypto without heap: build libtestdriver1"
+ # Disable PSA features that cannot be accelerated and whose builtin support
+ # requires calloc/free.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_HKDF"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_PBKDF2_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_TLS12_"
+ # RSA key support requires ASN1 parse/write support for testing, but ASN1
+ # is disabled below.
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_KEY_TYPE_RSA_"
+ scripts/config.py -f $CRYPTO_CONFIG_H unset-all "^PSA_WANT_ALG_RSA_"
+ # DES requires built-in support for key generation (parity check) so it
+ # cannot be accelerated
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_KEY_TYPE_DES
+ # EC-JPAKE use calloc/free in PSA core
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+
+ # Accelerate all PSA features (which are still enabled in CRYPTO_CONFIG_H).
+ PSA_SYM_LIST=$(./scripts/config.py -f $CRYPTO_CONFIG_H get-all-enabled PSA_WANT)
+ loc_accel_list=$(echo $PSA_SYM_LIST | sed 's/PSA_WANT_//g')
+
+ helper_libtestdriver1_adjust_config crypto
+ helper_libtestdriver1_make_drivers "$loc_accel_list"
+
+ msg "crypto without heap: build main library"
+ # Disable all legacy MBEDTLS_xxx symbols.
+ scripts/config.py unset-all "^MBEDTLS_"
+ # Build the PSA core using the proper config file.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_C
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
+ # Enable fully-static key slots in PSA core.
+ scripts/config.py set MBEDTLS_PSA_STATIC_KEY_SLOTS
+ # Prevent PSA core from creating a copy of input/output buffers.
+ scripts/config.py set MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS
+ # Prevent PSA core from using CTR-DRBG or HMAC-DRBG for random generation.
+ scripts/config.py set MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
+ # Set calloc/free as null pointer functions. Calling them would crash
+ # the program so we can use this as a "sentinel" for being sure no module
+ # is making use of these functions in the library.
+ scripts/config.py set MBEDTLS_PLATFORM_C
+ scripts/config.py set MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py set MBEDTLS_PLATFORM_STD_CALLOC NULL
+ scripts/config.py set MBEDTLS_PLATFORM_STD_FREE NULL
+
+ helper_libtestdriver1_make_main "$loc_accel_list" lib
+
+ msg "crypto without heap: build test suites and helpers"
+ # Reset calloc/free functions to normal operations so that test code can
+ # freely use them.
+ scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_CALLOC
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_FREE
+ helper_libtestdriver1_make_main "$loc_accel_list" tests
+
+ msg "crypto without heap: test"
+ make test
}
# Get a list of library-wise undefined symbols and ensure that they only
@@ -79,6 +160,9 @@
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
scripts/config.py unset MBEDTLS_LMS_C
+ # Test hooks may rely on functions defined in test helpers, which would
+ # not be built here, leading to a spurious undefined symbol.
+ scripts/config.py unset MBEDTLS_TEST_HOOKS
make
@@ -100,6 +184,9 @@
# Dynamic secure element support is a deprecated feature and it is not
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
+ # Test hooks may rely on functions defined in test helpers, which would
+ # not be built here, leading to a spurious undefined symbol.
+ scripts/config.py unset MBEDTLS_TEST_HOOKS
# Since there is no crypto provider in this build it is not possible to
# build all the test executables and progrems due to missing PSA functions
@@ -740,7 +827,7 @@
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
- make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
+ make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/"
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
@@ -1680,7 +1767,7 @@
common_tfm_config
# Build crypto library
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ library/ecdsa.o
@@ -1714,7 +1801,7 @@
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
msg "build: TF-M config without p256m"
- make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
+ make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests
# Check that p256m was not built
not grep p256_ecdsa_ library/libmbedcrypto.a
@@ -1966,7 +2053,7 @@
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_ECDH -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator HMAC code is in place and ready to test.
@@ -1976,7 +2063,7 @@
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HMAC -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator HKDF code is in place and ready to test.
@@ -1988,7 +2075,7 @@
# Make sure to unset TLS1_3 since it requires HKDF_C and will not build properly without it.
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_HKDF -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator MD5 code is in place and ready to test.
@@ -2007,7 +2094,7 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_MD5 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RIPEMD160 code is in place and ready to test.
@@ -2026,7 +2113,7 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RIPEMD160 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA1 code is in place and ready to test.
@@ -2045,7 +2132,7 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_1 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA224 code is in place and ready to test.
@@ -2061,7 +2148,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_224 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA256 code is in place and ready to test.
@@ -2077,7 +2164,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_384
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_SHA_512
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_256 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA384 code is in place and ready to test.
@@ -2095,7 +2182,7 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_384 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator SHA512 code is in place and ready to test.
@@ -2114,7 +2201,7 @@
scripts/config.py unset MBEDTLS_LMS_C
scripts/config.py unset MBEDTLS_LMS_PRIVATE
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_SHA_512 -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2128,7 +2215,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2142,7 +2229,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2156,7 +2243,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PSS
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_OAEP -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2170,7 +2257,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_PKCS1V15_SIGN
scripts/config.py -f "$CRYPTO_CONFIG_H" unset PSA_WANT_ALG_RSA_OAEP
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_ALG_RSA_PSS -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2185,7 +2272,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# This should be renamed to test and updated once the accelerator RSA code is in place and ready to test.
@@ -2197,7 +2284,7 @@
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_ALG_RSA_PSS 1
scripts/config.py -f "$CRYPTO_CONFIG_H" set PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY 1
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../tests/include" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY -I../framework/tests/include" LDFLAGS="$ASAN_CFLAGS"
}
# Auxiliary function to build config for hashes with and without drivers
@@ -2393,7 +2480,7 @@
helper_libtestdriver1_make_main "$loc_accel_list"
# Make sure this was not re-enabled by accident (additive config)
- not grep mbedtls_des* library/des.o
+ not grep mbedtls_des library/des.o
# Run the tests
# -------------
@@ -2849,12 +2936,12 @@
msg "AESCE, build with default configuration."
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
msg "AESCE, build AESCE only"
scripts/config.py set MBEDTLS_AESCE_C
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto"
}
support_build_aes_aesce_armcc () {
@@ -3084,7 +3171,7 @@
# test AESCE baremetal build
scripts/config.py set MBEDTLS_AESCE_C
msg "build: default config + BLOCK_CIPHER_NO_DECRYPT with AESCE"
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8-a+crypto -Werror -Wall -Wextra"
# Make sure we don't have mbedtls_xxx_setkey_dec in AES/ARIA/CAMELLIA
not grep mbedtls_aes_setkey_dec library/aes.o
@@ -3159,7 +3246,7 @@
scripts/config.py unset MBEDTLS_PSA_CRYPTO_CONFIG
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
- loc_cflags="${loc_cflags} -I../tests/include -O2"
+ loc_cflags="${loc_cflags} -I../framework/tests/include -O2"
make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
@@ -3195,13 +3282,13 @@
# Generate alternative versions of the substitutable headers with the
# same content except different include guards.
- make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
+ make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h
# Build the library and some programs.
# Don't build the fuzzers to avoid having to go through hoops to set
# a correct include path for programs/fuzz/Makefile.
- make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
- make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
+ make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
+ make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
# Check that we're getting the alternative include guards and not the
# original include guards.
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 559f353..feedbcf 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -219,7 +219,7 @@
component_build_baremetal () {
msg "build: make, baremetal config"
scripts/config.py baremetal
- make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
+ make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/"
}
support_build_baremetal () {
@@ -272,11 +272,11 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, clang, armv7-m thumb2"
- make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
msg "build: TF-M config, gcc native build"
make clean
- make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
+ make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe"
}
component_test_no_platform () {
diff --git a/tests/scripts/components-platform.sh b/tests/scripts/components-platform.sh
index b104428..a9f108f 100644
--- a/tests/scripts/components-platform.sh
+++ b/tests/scripts/components-platform.sh
@@ -149,49 +149,53 @@
scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ msg "clang, test aarch64 crypto instructions built"
+ grep -E 'aes[a-z]+\s*[qv]' library/aesce.s
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ msg "clang, test A32 crypto instructions built"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
msg "MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
-
- scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
-
- msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, aarch64"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
-
- msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, arm"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
-
- msg "no MBEDTLS_AES_USE_HARDWARE_ONLY, clang, thumb"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
-
- # test for presence of AES instructions
- scripts/config.py set MBEDTLS_AES_USE_HARDWARE_ONLY
- msg "clang, test A32 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
msg "clang, test T32 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
- msg "clang, test aarch64 crypto instructions built"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
- # test for absence of AES instructions
scripts/config.py unset MBEDTLS_AES_USE_HARDWARE_ONLY
+
+ msg "MBEDTLS_AES_USE_both, clang, aarch64"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ msg "clang, test aarch64 crypto instructions built"
+ grep -E 'aes[a-z]+\s*[qv]' library/aesce.s
+
+ msg "MBEDTLS_AES_USE_both, clang, arm"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ msg "clang, test A32 crypto instructions built"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
+
+ msg "MBEDTLS_AES_USE_both, clang, thumb"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ msg "clang, test T32 crypto instructions built"
+ grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
+
scripts/config.py unset MBEDTLS_AESCE_C
- msg "clang, test A32 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
- msg "clang, test T32 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.o
+
+ msg "no MBEDTLS_AESCE_C, clang, aarch64"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
msg "clang, test aarch64 crypto instructions not built"
- make -B library/aesce.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- not grep -E 'aes[a-z]+\s*[qv]' library/aesce.o
+ not grep -E 'aes[a-z]+\s*[qv]' library/aesce.s
+
+ msg "no MBEDTLS_AESCE_C, clang, arm"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm"
+ msg "clang, test A32 crypto instructions not built"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
+
+ msg "no MBEDTLS_AESCE_C, clang, thumb"
+ make -B library/aesce.o library/aesce.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb"
+ msg "clang, test T32 crypto instructions not built"
+ not grep -E 'aes[0-9a-z]+.[0-9]\s*[qv]' library/aesce.s
}
support_build_sha_armce () {
@@ -202,67 +206,59 @@
component_build_sha_armce () {
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
-
# Test variations of SHA256 Armv8 crypto extensions
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, aarch64"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test aarch64 crypto instructions built"
+ grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.s
+
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, arm"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm"
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY clang, test A32 crypto instructions built"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.s
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, thumb"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY clang, test T32 crypto instructions built"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.s
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY
scripts/config.py set MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, aarch64"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a+crypto"
+ msg "MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT clang, test aarch64 crypto instructions built"
+ grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.s
scripts/config.py unset MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT
# test the deprecated form of the config option
scripts/config.py set MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, arm"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -std=c99"
+
msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, thumb"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ make -B library/sha256.o library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb"
+ msg "MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT clang, test T32 crypto instructions built"
+ grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.s
scripts/config.py unset MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT
-
- # examine the disassembly for presence of SHA instructions
- for opt in MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_ONLY MBEDTLS_SHA256_USE_ARMV8_A_CRYPTO_IF_PRESENT; do
- scripts/config.py set ${opt}
- msg "${opt} clang, test A32 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
-
- msg "${opt} clang, test T32 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
-
- msg "${opt} clang, test aarch64 crypto instructions built"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
- scripts/config.py unset ${opt}
- done
-
-
# examine the disassembly for absence of SHA instructions
msg "clang, test A32 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72+crypto -marm -S"
- not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a72 -marm"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.s
msg "clang, test T32 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32+crypto -mthumb -S"
- not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.o
+ make -B library/sha256.s CC=clang CFLAGS="--target=arm-linux-gnueabihf -mcpu=cortex-a32 -mthumb"
+ not grep -E 'sha256[a-z0-9]+.32\s+[qv]' library/sha256.s
msg "clang, test aarch64 crypto instructions not built"
- make -B library/sha256.o CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a -S"
- not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.o
+ make -B library/sha256.s CC=clang CFLAGS="--target=aarch64-linux-gnu -march=armv8-a"
+ not grep -E 'sha256[a-z0-9]+\s+[qv]' library/sha256.s
}
component_test_m32_no_asm () {
@@ -345,6 +341,118 @@
esac
}
+component_test_arm_linux_gnueabi_gcc_arm5vte () {
+ # Mimic Debian armel port
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -march=arm5vte, default config" # ~4m
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" AR="${ARM_LINUX_GNUEABI_GCC_PREFIX}ar" CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1'
+
+ msg "test: main suites make, default config (out-of-box)" # ~7m 40s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_arm5vte () {
+ can_run_arm_linux_gnueabi
+}
+
+# The hard float ABI is not implemented for Thumb 1, so use gnueabi
+# Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
+component_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () {
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -O0, thumb 1, default config" # ~2m 10s
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O0 -mcpu=arm1136j-s -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~36m
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~10s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_thumb_1_opt_0 () {
+ can_run_arm_linux_gnueabi
+}
+
+component_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () {
+ msg "test: ${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc -Os, thumb 1, default config" # ~3m 10s
+ make CC="${ARM_LINUX_GNUEABI_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -mcpu=arm1136j-s -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~21m 10s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~2s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabi_gcc_thumb_1_opt_s () {
+ can_run_arm_linux_gnueabi
+}
+
+component_test_arm_linux_gnueabihf_gcc_armv7 () {
+ msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -O2, A32, default config" # ~4m 30s
+ make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2 -march=armv7-a -marm'
+
+ msg "test: main suites make, default config (out-of-box)" # ~3m 30s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabihf_gcc_armv7 () {
+ can_run_arm_linux_gnueabihf
+}
+
+component_test_arm_linux_gnueabihf_gcc_thumb_2 () {
+ msg "test: ${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc -Os, thumb 2, default config" # ~4m
+ make CC="${ARM_LINUX_GNUEABIHF_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -Os -march=armv7-a -mthumb'
+
+ msg "test: main suites make, default config (out-of-box)" # ~3m 40s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_arm_linux_gnueabihf_gcc_thumb_2 () {
+ can_run_arm_linux_gnueabihf
+}
+
+component_test_aarch64_linux_gnu_gcc () {
+ msg "test: ${AARCH64_LINUX_GNU_GCC_PREFIX}gcc -O2, default config" # ~3m 50s
+ make CC="${AARCH64_LINUX_GNU_GCC_PREFIX}gcc" CFLAGS='-std=c99 -Werror -Wextra -O2'
+
+ msg "test: main suites make, default config (out-of-box)" # ~1m 50s
+ make test
+
+ msg "selftest: make, default config (out-of-box)" # ~0s
+ programs/test/selftest
+
+ msg "program demos: make, default config (out-of-box)" # ~0s
+ tests/scripts/run_demos.py
+}
+
+support_test_aarch64_linux_gnu_gcc () {
+ # Minimum version of GCC for MBEDTLS_AESCE_C is 6.0
+ [ "$(gcc_version "${AARCH64_LINUX_GNU_GCC_PREFIX}gcc")" -ge 6 ] && can_run_aarch64_linux_gnu
+}
+
component_build_arm_none_eabi_gcc () {
msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1, baremetal+debug" # ~ 10s
scripts/config.py baremetal
@@ -435,8 +543,9 @@
}
component_build_armcc () {
- msg "build: ARM Compiler 5"
+ # Common configuration for all the builds below
scripts/config.py baremetal
+
# armc[56] don't support SHA-512 intrinsics
scripts/config.py unset MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT
@@ -453,46 +562,40 @@
scripts/config.py set MBEDTLS_HAVE_ASM
- make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib
-
- msg "size: ARM Compiler 5"
- "$ARMC5_FROMELF" -z library/*.o
-
# Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
# ARM Compiler 6 - Target ARMv7-A
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-a"
# ARM Compiler 6 - Target ARMv7-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m"
# ARM Compiler 6 - Target ARMv7-M+DSP
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv7-m+dsp"
# ARM Compiler 6 - Target ARMv8-A - AArch32
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8.2-a"
# ARM Compiler 6 - Target ARMv8-M
- armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
+ helper_armc6_build_test "-O1 --target=arm-arm-none-eabi -march=armv8-m.main"
# ARM Compiler 6 - Target Cortex-M0 - no optimisation
- armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target Cortex-M0
- armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+ helper_armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
# ARM Compiler 6 - Target ARMv8.2-A - AArch64
#
# Re-enable MBEDTLS_AESCE_C as this should be supported by the version of armclang
# that we have in our CI
scripts/config.py set MBEDTLS_AESCE_C
- armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
+ helper_armc6_build_test "-O1 --target=aarch64-arm-none-eabi -march=armv8.2-a+crypto"
}
support_build_armcc () {
- armc5_cc="$ARMC5_BIN_DIR/armcc"
armc6_cc="$ARMC6_BIN_DIR/armclang"
- (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
+ (check_tools "$armc6_cc" > /dev/null 2>&1)
}
# For timebeing, no VIA Padlock platform available.
diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index c9648aa..6f97096 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -12,7 +12,7 @@
skip_suites_without_constant_flow () {
# Skip the test suites that don't have any constant-flow annotations.
# This will need to be adjusted if we ever start declaring things as
- # secret from macros or functions inside tests/include or tests/src.
+ # secret from macros or functions inside framework/tests/include or framework/tests/src.
SKIP_TEST_SUITES=$(
git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
sed 's/test_suite_//; s/\.function$//' |
diff --git a/tests/scripts/generate_tls13_compat_tests.py b/tests/scripts/generate_tls13_compat_tests.py
deleted file mode 100755
index b9dcff4..0000000
--- a/tests/scripts/generate_tls13_compat_tests.py
+++ /dev/null
@@ -1,649 +0,0 @@
-#!/usr/bin/env python3
-
-# generate_tls13_compat_tests.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Generate TLSv1.3 Compat test cases
-
-"""
-
-import sys
-import os
-import argparse
-import itertools
-from collections import namedtuple
-
-# define certificates configuration entry
-Certificate = namedtuple("Certificate", ['cafile', 'certfile', 'keyfile'])
-# define the certificate parameters for signature algorithms
-CERTIFICATES = {
- 'ecdsa_secp256r1_sha256': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp256r1.key'),
- 'ecdsa_secp384r1_sha384': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp384r1.key'),
- 'ecdsa_secp521r1_sha512': Certificate('$DATA_FILES_PATH/test-ca2.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.crt',
- '$DATA_FILES_PATH/ecdsa_secp521r1.key'),
- 'rsa_pss_rsae_sha256': Certificate('$DATA_FILES_PATH/test-ca_cat12.crt',
- '$DATA_FILES_PATH/server2-sha256.crt',
- '$DATA_FILES_PATH/server2.key')
-}
-
-CIPHER_SUITE_IANA_VALUE = {
- "TLS_AES_128_GCM_SHA256": 0x1301,
- "TLS_AES_256_GCM_SHA384": 0x1302,
- "TLS_CHACHA20_POLY1305_SHA256": 0x1303,
- "TLS_AES_128_CCM_SHA256": 0x1304,
- "TLS_AES_128_CCM_8_SHA256": 0x1305
-}
-
-SIG_ALG_IANA_VALUE = {
- "ecdsa_secp256r1_sha256": 0x0403,
- "ecdsa_secp384r1_sha384": 0x0503,
- "ecdsa_secp521r1_sha512": 0x0603,
- 'rsa_pss_rsae_sha256': 0x0804,
-}
-
-NAMED_GROUP_IANA_VALUE = {
- 'secp256r1': 0x17,
- 'secp384r1': 0x18,
- 'secp521r1': 0x19,
- 'x25519': 0x1d,
- 'x448': 0x1e,
- # Only one finite field group to keep testing time within reasonable bounds.
- 'ffdhe2048': 0x100,
-}
-
-class TLSProgram:
- """
- Base class for generate server/client command.
- """
-
- # pylint: disable=too-many-arguments
- def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
- cert_sig_alg=None):
- self._ciphers = []
- self._sig_algs = []
- self._named_groups = []
- self._cert_sig_algs = []
- if ciphersuite:
- self.add_ciphersuites(ciphersuite)
- if named_group:
- self.add_named_groups(named_group)
- if signature_algorithm:
- self.add_signature_algorithms(signature_algorithm)
- if cert_sig_alg:
- self.add_cert_signature_algorithms(cert_sig_alg)
-
- # add_ciphersuites should not override by sub class
- def add_ciphersuites(self, *ciphersuites):
- self._ciphers.extend(
- [cipher for cipher in ciphersuites if cipher not in self._ciphers])
-
- # add_signature_algorithms should not override by sub class
- def add_signature_algorithms(self, *signature_algorithms):
- self._sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._sig_algs])
-
- # add_named_groups should not override by sub class
- def add_named_groups(self, *named_groups):
- self._named_groups.extend(
- [named_group for named_group in named_groups if named_group not in self._named_groups])
-
- # add_cert_signature_algorithms should not override by sub class
- def add_cert_signature_algorithms(self, *signature_algorithms):
- self._cert_sig_algs.extend(
- [sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
-
- # pylint: disable=no-self-use
- def pre_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def cmd(self):
- if not self._cert_sig_algs:
- self._cert_sig_algs = list(CERTIFICATES.keys())
- return self.pre_cmd()
-
- # pylint: disable=no-self-use
- def post_checks(self):
- return []
-
- # pylint: disable=no-self-use
- def pre_cmd(self):
- return ['false']
-
- # pylint: disable=unused-argument,no-self-use
- def hrr_post_checks(self, named_group):
- return []
-
-
-class OpenSSLBase(TLSProgram):
- """
- Generate base test commands for OpenSSL.
- """
-
- NAMED_GROUP = {
- 'secp256r1': 'P-256',
- 'secp384r1': 'P-384',
- 'secp521r1': 'P-521',
- 'x25519': 'X25519',
- 'x448': 'X448',
- 'ffdhe2048': 'ffdhe2048',
- }
-
- def cmd(self):
- ret = super().cmd()
-
- if self._ciphers:
- ciphersuites = ':'.join(self._ciphers)
- ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- signature_algorithms = ':'.join(signature_algorithms)
- ret += ["-sigalgs {signature_algorithms}".format(
- signature_algorithms=signature_algorithms)]
-
- if self._named_groups:
- named_groups = ':'.join(
- map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
- ret += ["-groups {named_groups}".format(named_groups=named_groups)]
-
- ret += ['-msg -tls1_3']
-
- return ret
-
- def pre_checks(self):
- ret = ["requires_openssl_tls1_3"]
-
- # ffdh groups require at least openssl 3.0
- ffdh_groups = ['ffdhe2048']
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret = ["requires_openssl_tls1_3_with_ffdh"]
-
- return ret
-
-
-class OpenSSLServ(OpenSSLBase):
- """
- Generate test commands for OpenSSL server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 ok"']
-
- def pre_cmd(self):
- ret = ['$O_NEXT_SRV_NO_CERT']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
- return ret
-
-
-class OpenSSLCli(OpenSSLBase):
- """
- Generate test commands for OpenSSL client.
- """
-
- def pre_cmd(self):
- return ['$O_NEXT_CLI_NO_CERT',
- '-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class GnuTLSBase(TLSProgram):
- """
- Generate base test commands for GnuTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': [
- 'AES-256-GCM',
- 'SHA384',
- 'AEAD'],
- 'TLS_AES_128_GCM_SHA256': [
- 'AES-128-GCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_CHACHA20_POLY1305_SHA256': [
- 'CHACHA20-POLY1305',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_SHA256': [
- 'AES-128-CCM',
- 'SHA256',
- 'AEAD'],
- 'TLS_AES_128_CCM_8_SHA256': [
- 'AES-128-CCM-8',
- 'SHA256',
- 'AEAD']}
-
- SIGNATURE_ALGORITHM = {
- 'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'],
- 'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'],
- 'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'],
- 'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']}
-
- NAMED_GROUP = {
- 'secp256r1': ['GROUP-SECP256R1'],
- 'secp384r1': ['GROUP-SECP384R1'],
- 'secp521r1': ['GROUP-SECP521R1'],
- 'x25519': ['GROUP-X25519'],
- 'x448': ['GROUP-X448'],
- 'ffdhe2048': ['GROUP-FFDHE2048'],
- }
-
- def pre_checks(self):
- return ["requires_gnutls_tls1_3",
- "requires_gnutls_next_no_ticket"]
-
- def cmd(self):
- ret = super().cmd()
-
- priority_string_list = []
-
- def update_priority_string_list(items, map_table):
- for item in items:
- for i in map_table[item]:
- if i not in priority_string_list:
- yield i
-
- if self._ciphers:
- priority_string_list.extend(update_priority_string_list(
- self._ciphers, self.CIPHER_SUITE))
- else:
- priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
-
- if self._sig_algs:
- signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
- priority_string_list.extend(update_priority_string_list(
- signature_algorithms, self.SIGNATURE_ALGORITHM))
- else:
- priority_string_list.append('SIGN-ALL')
-
-
- if self._named_groups:
- priority_string_list.extend(update_priority_string_list(
- self._named_groups, self.NAMED_GROUP))
- else:
- priority_string_list.append('GROUP-ALL')
-
- priority_string_list = ['NONE'] + \
- priority_string_list + ['VERS-TLS1.3']
-
- priority_string = ':+'.join(priority_string_list)
- priority_string += ':%NO_TICKETS'
-
- ret += ['--priority={priority_string}'.format(
- priority_string=priority_string)]
- return ret
-
-class GnuTLSServ(GnuTLSBase):
- """
- Generate test commands for GnuTLS server.
- """
-
- def pre_cmd(self):
- ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4']
-
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
- cert=cert, key=key)]
- return ret
-
- def post_checks(self):
- return ['-c "HTTP/1.0 200 OK"']
-
-
-class GnuTLSCli(GnuTLSBase):
- """
- Generate test commands for GnuTLS client.
- """
-
- def pre_cmd(self):
- return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share',
- '--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
-
-class MbedTLSBase(TLSProgram):
- """
- Generate base test commands for mbedTLS.
- """
-
- CIPHER_SUITE = {
- 'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384',
- 'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256',
- 'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256',
- 'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256',
- 'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
-
- def cmd(self):
- ret = super().cmd()
- ret += ['debug_level=4']
-
-
- if self._ciphers:
- ciphers = ','.join(
- map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
- ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
-
- if self._sig_algs + self._cert_sig_algs:
- ret += ['sig_algs={sig_algs}'.format(
- sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
-
- if self._named_groups:
- named_groups = ','.join(self._named_groups)
- ret += ["groups={named_groups}".format(named_groups=named_groups)]
- return ret
-
- #pylint: disable=missing-function-docstring
- def add_ffdh_group_requirements(self, requirement_list):
- if 'ffdhe2048' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe3072' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe4096' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe6144' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
- if 'ffdhe8192' in self._named_groups:
- requirement_list.append('requires_config_enabled PSA_WANT_DH_RFC7919_2048')
-
- def pre_checks(self):
- ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
- 'requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED']
-
- if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
- ret.append(
- 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
-
- ec_groups = ['secp256r1', 'secp384r1', 'secp521r1', 'x25519', 'x448']
- ffdh_groups = ['ffdhe2048', 'ffdhe3072', 'ffdhe4096', 'ffdhe6144', 'ffdhe8192']
-
- if any(x in ec_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_ECDH')
-
- if any(x in ffdh_groups for x in self._named_groups):
- ret.append('requires_config_enabled PSA_WANT_ALG_FFDH')
- self.add_ffdh_group_requirements(ret)
-
- return ret
-
-
-class MbedTLSServ(MbedTLSBase):
- """
- Generate test commands for mbedTLS server.
- """
-
- def cmd(self):
- ret = super().cmd()
- ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
- return ret
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_SRV_C'] + super().pre_checks()
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: {} ( id={:04d} )".format(
- self.CIPHER_SUITE[self._ciphers[0]],
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "received signature algorithm: 0x{:x}".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Certificate verification was skipped")
- return ['-s "{}"'.format(i) for i in check_strings]
-
- def pre_cmd(self):
- ret = ['$P_SRV']
- for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
- ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
- return ret
-
- def hrr_post_checks(self, named_group):
- return ['-s "HRR selected_group: {:s}"'.format(named_group)]
-
-
-class MbedTLSCli(MbedTLSBase):
- """
- Generate test commands for mbedTLS client.
- """
-
- def pre_cmd(self):
- return ['$P_CLI',
- 'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
-
- def pre_checks(self):
- return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks()
-
- def hrr_post_checks(self, named_group):
- ret = ['-c "received HelloRetryRequest message"']
- ret += ['-c "selected_group ( {:d} )"'.format(NAMED_GROUP_IANA_VALUE[named_group])]
- return ret
-
- def post_checks(self):
- check_strings = ["Protocol is TLSv1.3"]
- if self._ciphers:
- check_strings.append(
- "server hello, chosen ciphersuite: ( {:04x} ) - {}".format(
- CIPHER_SUITE_IANA_VALUE[self._ciphers[0]],
- self.CIPHER_SUITE[self._ciphers[0]]))
- if self._sig_algs:
- check_strings.append(
- "Certificate Verify: Signature algorithm ( {:04x} )".format(
- SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
-
- for named_group in self._named_groups:
- check_strings += ['NamedGroup: {named_group} ( {iana_value:x} )'.format(
- named_group=named_group,
- iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
-
- check_strings.append("Verifying peer X.509 certificate... ok")
- return ['-c "{}"'.format(i) for i in check_strings]
-
-
-SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ}
-CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
-
-
-def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
- """
- Generate test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
- client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
-
- server_object = SERVER_CLASSES[server](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
- client_object = CLIENT_CLASSES[client](ciphersuite=cipher,
- named_group=named_group,
- signature_algorithm=sig_alg,
- cert_sig_alg=sig_alg)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += ['-C "received HelloRetryRequest message"']
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
-
-
-def generate_hrr_compat_test(client=None, server=None,
- client_named_group=None, server_named_group=None,
- cert_sig_alg=None):
- """
- Generate Hello Retry Request test case with `ssl-opt.sh` format.
- """
- name = 'TLS 1.3 {client[0]}->{server[0]}: HRR {c_named_group} -> {s_named_group}'.format(
- client=client, server=server, c_named_group=client_named_group,
- s_named_group=server_named_group)
- server_object = SERVER_CLASSES[server](named_group=server_named_group,
- cert_sig_alg=cert_sig_alg)
-
- client_object = CLIENT_CLASSES[client](named_group=client_named_group,
- cert_sig_alg=cert_sig_alg)
- client_object.add_named_groups(server_named_group)
-
- cmd = ['run_test "{}"'.format(name),
- '"{}"'.format(' '.join(server_object.cmd())),
- '"{}"'.format(' '.join(client_object.cmd())),
- '0']
- cmd += server_object.post_checks()
- cmd += client_object.post_checks()
- cmd += server_object.hrr_post_checks(server_named_group)
- cmd += client_object.hrr_post_checks(server_named_group)
- prefix = ' \\\n' + (' '*9)
- cmd = prefix.join(cmd)
- return '\n'.join(server_object.pre_checks() +
- client_object.pre_checks() +
- [cmd])
-
-SSL_OUTPUT_HEADER = '''\
-# TLS 1.3 interoperability test cases (equivalent of compat.sh for TLS 1.3).
-#
-# Automatically generated by {cmd}. Do not edit!
-
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-'''
-DATA_FILES_PATH_VAR = '''
-DATA_FILES_PATH=../framework/data_files
-'''
-
-def main():
- """
- Main function of this program
- """
- parser = argparse.ArgumentParser()
-
- parser.add_argument('-o', '--output',
- default='tests/opt-testcases/tls13-compat.sh',
- help='Output file path (not used with -1)')
-
- parser.add_argument('-1', '--single', action='store_true',
- help='Print a single test case')
- # Single mode used to be the default.
- parser.add_argument('-a', '--generate-all-tls13-compat-tests',
- action='store_false', dest='single',
- help='Generate all test cases (negates -1) (default)')
-
- parser.add_argument('--list-ciphers', action='store_true',
- default=False, help='List supported ciphersuites')
-
- parser.add_argument('--list-sig-algs', action='store_true',
- default=False, help='List supported signature algorithms')
-
- parser.add_argument('--list-named-groups', action='store_true',
- default=False, help='List supported named groups')
-
- parser.add_argument('--list-servers', action='store_true',
- default=False, help='List supported TLS servers')
-
- parser.add_argument('--list-clients', action='store_true',
- default=False, help='List supported TLS Clients')
-
- parser.add_argument('server', choices=SERVER_CLASSES.keys(), nargs='?',
- default=list(SERVER_CLASSES.keys())[0],
- help='Choose TLS server program for test')
- parser.add_argument('client', choices=CLIENT_CLASSES.keys(), nargs='?',
- default=list(CLIENT_CLASSES.keys())[0],
- help='Choose TLS client program for test')
- parser.add_argument('cipher', choices=CIPHER_SUITE_IANA_VALUE.keys(), nargs='?',
- default=list(CIPHER_SUITE_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('sig_alg', choices=SIG_ALG_IANA_VALUE.keys(), nargs='?',
- default=list(SIG_ALG_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
- parser.add_argument('named_group', choices=NAMED_GROUP_IANA_VALUE.keys(), nargs='?',
- default=list(NAMED_GROUP_IANA_VALUE.keys())[0],
- help='Choose cipher suite for test')
-
- args = parser.parse_args()
-
- def get_all_test_cases():
- # Generate normal compat test cases
- for client, server, cipher, named_group, sig_alg in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- CIPHER_SUITE_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- SIG_ALG_IANA_VALUE.keys()):
- if server == 'mbedTLS' or client == 'mbedTLS':
- yield generate_compat_test(client=client, server=server,
- cipher=cipher, named_group=named_group,
- sig_alg=sig_alg)
-
-
- # Generate Hello Retry Request compat test cases
- for client, server, client_named_group, server_named_group in \
- itertools.product(CLIENT_CLASSES.keys(),
- SERVER_CLASSES.keys(),
- NAMED_GROUP_IANA_VALUE.keys(),
- NAMED_GROUP_IANA_VALUE.keys()):
-
- if (client == 'mbedTLS' or server == 'mbedTLS') and \
- client_named_group != server_named_group:
- yield generate_hrr_compat_test(client=client, server=server,
- client_named_group=client_named_group,
- server_named_group=server_named_group,
- cert_sig_alg="ecdsa_secp256r1_sha256")
-
- if not args.single:
- if args.output:
- with open(args.output, 'w', encoding="utf-8") as f:
- f.write(SSL_OUTPUT_HEADER.format(
- filename=os.path.basename(args.output),
- cmd=os.path.basename(sys.argv[0])))
- f.write(DATA_FILES_PATH_VAR)
- f.write('\n\n'.join(get_all_test_cases()))
- f.write('\n')
- else:
- print('\n\n'.join(get_all_test_cases()))
- return 0
-
- if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
- or args.list_servers or args.list_clients:
- if args.list_ciphers:
- print(*CIPHER_SUITE_IANA_VALUE.keys())
- if args.list_sig_algs:
- print(*SIG_ALG_IANA_VALUE.keys())
- if args.list_named_groups:
- print(*NAMED_GROUP_IANA_VALUE.keys())
- if args.list_servers:
- print(*SERVER_CLASSES.keys())
- if args.list_clients:
- print(*CLIENT_CLASSES.keys())
- return 0
-
- print(generate_compat_test(server=args.server, client=args.client, sig_alg=args.sig_alg,
- cipher=args.cipher, named_group=args.named_group))
- return 0
-
-
-if __name__ == "__main__":
- sys.exit(main())
diff --git a/tests/scripts/translate_ciphers.py b/tests/scripts/translate_ciphers.py
deleted file mode 100755
index 90514fc..0000000
--- a/tests/scripts/translate_ciphers.py
+++ /dev/null
@@ -1,180 +0,0 @@
-#!/usr/bin/env python3
-
-# translate_ciphers.py
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
-
-"""
-Translate standard ciphersuite names to GnuTLS, OpenSSL and Mbed TLS standards.
-
-To test the translation functions run:
-python3 -m unittest translate_cipher.py
-"""
-
-import re
-import argparse
-import unittest
-
-class TestTranslateCiphers(unittest.TestCase):
- """
- Ensure translate_ciphers.py translates and formats ciphersuite names
- correctly
- """
- def test_translate_all_cipher_names(self):
- """
- Translate standard ciphersuite names to GnuTLS, OpenSSL and
- Mbed TLS counterpart. Use only a small subset of ciphers
- that exercise each step of the translation functions
- """
- ciphers = [
- ("TLS_ECDHE_ECDSA_WITH_NULL_SHA",
- "+ECDHE-ECDSA:+NULL:+SHA1",
- "ECDHE-ECDSA-NULL-SHA",
- "TLS-ECDHE-ECDSA-WITH-NULL-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
- "+ECDHE-ECDSA:+AES-128-GCM:+AEAD",
- "ECDHE-ECDSA-AES128-GCM-SHA256",
- "TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256"),
- ("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",
- "+DHE-RSA:+3DES-CBC:+SHA1",
- "EDH-RSA-DES-CBC3-SHA",
- "TLS-DHE-RSA-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_RSA_WITH_AES_256_CBC_SHA",
- "+RSA:+AES-256-CBC:+SHA1",
- "AES256-SHA",
- "TLS-RSA-WITH-AES-256-CBC-SHA"),
- ("TLS_PSK_WITH_3DES_EDE_CBC_SHA",
- "+PSK:+3DES-CBC:+SHA1",
- "PSK-3DES-EDE-CBC-SHA",
- "TLS-PSK-WITH-3DES-EDE-CBC-SHA"),
- ("TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
- None,
- "ECDHE-ECDSA-CHACHA20-POLY1305",
- "TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256"),
- ("TLS_ECDHE_ECDSA_WITH_AES_128_CCM",
- "+ECDHE-ECDSA:+AES-128-CCM:+AEAD",
- None,
- "TLS-ECDHE-ECDSA-WITH-AES-128-CCM"),
- ("TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384",
- None,
- "ECDHE-ARIA256-GCM-SHA384",
- "TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384"),
- ]
-
- for s, g_exp, o_exp, m_exp in ciphers:
-
- if g_exp is not None:
- g = translate_gnutls(s)
- self.assertEqual(g, g_exp)
-
- if o_exp is not None:
- o = translate_ossl(s)
- self.assertEqual(o, o_exp)
-
- if m_exp is not None:
- m = translate_mbedtls(s)
- self.assertEqual(m, m_exp)
-
-def translate_gnutls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the GnuTLS naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'\ATLS-', '+', s_cipher)
- s_cipher = s_cipher.replace("-WITH-", ":+")
- s_cipher = s_cipher.replace("-EDE", "")
-
- # SHA in Mbed TLS == SHA1 GnuTLS,
- # if the last 3 chars are SHA append 1
- if s_cipher[-3:] == "SHA":
- s_cipher = s_cipher+"1"
-
- # CCM or CCM-8 should be followed by ":+AEAD"
- # Replace "GCM:+SHAxyz" with "GCM:+AEAD"
- if "CCM" in s_cipher or "GCM" in s_cipher:
- s_cipher = re.sub(r"GCM-SHA\d\d\d", "GCM", s_cipher)
- s_cipher = s_cipher+":+AEAD"
-
- # Replace the last "-" with ":+"
- else:
- index = s_cipher.rindex("-")
- s_cipher = s_cipher[:index] + ":+" + s_cipher[index+1:]
-
- return s_cipher
-
-def translate_ossl(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return the OpenSSL naming convention
- """
-
- # Replace "_" with "-" to handle ciphersuite names based on Mbed TLS
- # naming convention
- s_cipher = s_cipher.replace("_", "-")
-
- s_cipher = re.sub(r'^TLS-', '', s_cipher)
- s_cipher = s_cipher.replace("-WITH", "")
-
- # Remove the "-" from "ABC-xyz"
- s_cipher = s_cipher.replace("AES-", "AES")
- s_cipher = s_cipher.replace("CAMELLIA-", "CAMELLIA")
- s_cipher = s_cipher.replace("ARIA-", "ARIA")
-
- # Remove "RSA" if it is at the beginning
- s_cipher = re.sub(r'^RSA-', r'', s_cipher)
-
- # For all circumstances outside of PSK
- if "PSK" not in s_cipher:
- s_cipher = s_cipher.replace("-EDE", "")
- s_cipher = s_cipher.replace("3DES-CBC", "DES-CBC3")
-
- # Remove "CBC" if it is not prefixed by DES
- s_cipher = re.sub(r'(?<!DES-)CBC-', r'', s_cipher)
-
- # ECDHE-RSA-ARIA does not exist in OpenSSL
- s_cipher = s_cipher.replace("ECDHE-RSA-ARIA", "ECDHE-ARIA")
-
- # POLY1305 should not be followed by anything
- if "POLY1305" in s_cipher:
- index = s_cipher.rindex("POLY1305")
- s_cipher = s_cipher[:index+8]
-
- # If DES is being used, Replace DHE with EDH
- if "DES" in s_cipher and "DHE" in s_cipher and "ECDHE" not in s_cipher:
- s_cipher = s_cipher.replace("DHE", "EDH")
-
- return s_cipher
-
-def translate_mbedtls(s_cipher):
- """
- Translate s_cipher from standard ciphersuite naming convention
- and return Mbed TLS ciphersuite naming convention
- """
-
- # Replace "_" with "-"
- s_cipher = s_cipher.replace("_", "-")
-
- return s_cipher
-
-def format_ciphersuite_names(mode, names):
- t = {"g": translate_gnutls,
- "o": translate_ossl,
- "m": translate_mbedtls
- }[mode]
- return " ".join(c + '=' + t(c) for c in names)
-
-def main(target, names):
- print(format_ciphersuite_names(target, names))
-
-if __name__ == "__main__":
- PARSER = argparse.ArgumentParser()
- PARSER.add_argument('target', metavar='TARGET', choices=['o', 'g', 'm'])
- PARSER.add_argument('names', metavar='NAMES', nargs='+')
- ARGS = PARSER.parse_args()
- main(ARGS.target, ARGS.names)
diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c
deleted file mode 100644
index c63bd0c..0000000
--- a/tests/src/asn1_helpers.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/** \file asn1_helpers.c
- *
- * \brief Helper functions for tests that manipulate ASN.1 data.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-#include <mbedtls/asn1.h>
-
-#include <test/asn1_helpers.h>
-
-int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd)
-{
- size_t len;
- size_t actual_bits;
- unsigned char msb;
- TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_INTEGER),
- 0);
-
- /* Check if the retrieved length doesn't extend the actual buffer's size.
- * It is assumed here, that end >= p, which validates casting to size_t. */
- TEST_ASSERT(len <= (size_t) (end - *p));
-
- /* Tolerate a slight departure from DER encoding:
- * - 0 may be represented by an empty string or a 1-byte string.
- * - The sign bit may be used as a value bit. */
- if ((len == 1 && (*p)[0] == 0) ||
- (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) {
- ++(*p);
- --len;
- }
- if (min_bits == 0 && len == 0) {
- return 1;
- }
- msb = (*p)[0];
- TEST_ASSERT(msb != 0);
- actual_bits = 8 * (len - 1);
- while (msb != 0) {
- msb >>= 1;
- ++actual_bits;
- }
- TEST_ASSERT(actual_bits >= min_bits);
- TEST_ASSERT(actual_bits <= max_bits);
- if (must_be_odd) {
- TEST_ASSERT(((*p)[len-1] & 1) != 0);
- }
- *p += len;
- return 1;
-exit:
- return 0;
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/tests/src/bignum_codepath_check.c b/tests/src/bignum_codepath_check.c
deleted file mode 100644
index b752d13..0000000
--- a/tests/src/bignum_codepath_check.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/** Support for path tracking in optionally safe bignum functions
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "test/bignum_codepath_check.h"
-#include "bignum_core_invasive.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-int mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
-
-void mbedtls_codepath_take_safe(void)
-{
- if (mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST) {
- mbedtls_codepath_check = MBEDTLS_MPI_IS_SECRET;
- }
-}
-
-void mbedtls_codepath_take_unsafe(void)
-{
- mbedtls_codepath_check = MBEDTLS_MPI_IS_PUBLIC;
-}
-
-void mbedtls_codepath_test_hooks_setup(void)
-{
- mbedtls_safe_codepath_hook = mbedtls_codepath_take_safe;
- mbedtls_unsafe_codepath_hook = mbedtls_codepath_take_unsafe;
-}
-
-void mbedtls_codepath_test_hooks_teardown(void)
-{
- mbedtls_safe_codepath_hook = NULL;
- mbedtls_unsafe_codepath_hook = NULL;
-}
-
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c
deleted file mode 100644
index 913f5e3..0000000
--- a/tests/src/bignum_helpers.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * \file bignum_helpers.c
- *
- * \brief This file contains the prototypes of helper functions for
- * bignum-related testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#include <test/bignum_helpers.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <mbedtls/bignum.h>
-#include <bignum_core.h>
-#include <bignum_mod.h>
-#include <bignum_mod_raw.h>
-
-#include <test/helpers.h>
-#include <test/macros.h>
-
-int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
- const char *input)
-{
- /* Sanity check */
- if (*pX != NULL) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
-
- size_t hex_len = strlen(input);
- size_t byte_len = (hex_len + 1) / 2;
- *plimbs = CHARS_TO_LIMBS(byte_len);
-
- /* A core bignum is not allowed to be empty. Forbid it as test data,
- * this way static analyzers have a chance of knowing we don't expect
- * the bignum functions to support empty inputs. */
- if (*plimbs == 0) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
-
- *pX = mbedtls_calloc(*plimbs, sizeof(**pX));
- if (*pX == NULL) {
- return MBEDTLS_ERR_MPI_ALLOC_FAILED;
- }
-
- unsigned char *byte_start = (unsigned char *) *pX;
- if (byte_len % sizeof(mbedtls_mpi_uint) != 0) {
- byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint);
- }
- if ((hex_len & 1) != 0) {
- /* mbedtls_test_unhexify wants an even number of hex digits */
- TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0);
- ++byte_start;
- ++input;
- --byte_len;
- }
- TEST_ASSERT(mbedtls_test_unhexify(byte_start,
- byte_len,
- input,
- &byte_len) == 0);
-
- mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs);
- return 0;
-
-exit:
- mbedtls_free(*pX);
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-}
-
-#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
-int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
- const char *s,
- mbedtls_mpi_mod_rep_selector int_rep)
-{
- mbedtls_mpi_uint *p = NULL;
- size_t limbs = 0;
- if (N->limbs != 0) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
- int ret = mbedtls_test_read_mpi_core(&p, &limbs, s);
- if (ret != 0) {
- return ret;
- }
-
- switch (int_rep) {
- case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
- break;
- case MBEDTLS_MPI_MOD_REP_OPT_RED:
- ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
- break;
- default:
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- break;
- }
- if (ret != 0) {
- mbedtls_free(p);
- }
- return ret;
-}
-
-void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N)
-{
- mbedtls_free((mbedtls_mpi_uint *) N->p);
- mbedtls_mpi_mod_modulus_free(N);
-}
-#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
-
-int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
-{
- int negative = 0;
- /* Always set the sign bit to -1 if the input has a minus sign, even for 0.
- * This creates an invalid representation, which mbedtls_mpi_read_string()
- * avoids but we want to be able to create that in test data. */
- if (s[0] == '-') {
- ++s;
- negative = 1;
- }
- /* mbedtls_mpi_read_string() currently retains leading zeros.
- * It always allocates at least one limb for the value 0. */
- if (s[0] == 0) {
- mbedtls_mpi_free(X);
- return 0;
- }
- int ret = mbedtls_mpi_read_string(X, 16, s);
- if (ret != 0) {
- return ret;
- }
- if (negative) {
- if (mbedtls_mpi_cmp_int(X, 0) == 0) {
- mbedtls_test_increment_case_uses_negative_0();
- }
- X->s = -1;
- }
- return 0;
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
deleted file mode 100644
index 76ec12a..0000000
--- a/tests/src/drivers/hash.c
+++ /dev/null
@@ -1,199 +0,0 @@
-/*
- * Test driver for hash entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_hash.h"
-
-#include "test/drivers/hash.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_hash.h"
-#endif
-
-mbedtls_test_driver_hash_hooks_t
- mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
-
-psa_status_t mbedtls_test_transparent_hash_compute(
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_compute(
- alg, input, input_length,
- hash, hash_size, hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_compute(
- alg, input, input_length,
- hash, hash_size, hash_length);
-#else
- (void) alg;
- (void) input;
- (void) input_length;
- (void) hash;
- (void) hash_size;
- (void) hash_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_setup(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_setup(operation, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_setup(operation, alg);
-#else
- (void) operation;
- (void) alg;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_clone(
- const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_clone(source_operation,
- target_operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_clone(source_operation, target_operation);
-#else
- (void) source_operation;
- (void) target_operation;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_update(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_update(
- operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_update(operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_finish(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_finish(
- operation, hash, hash_size, hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length);
-#else
- (void) operation;
- (void) hash;
- (void) hash_size;
- (void) hash_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
deleted file mode 100644
index 4561b6f..0000000
--- a/tests/src/drivers/platform_builtin_keys.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/** \file platform_builtin_keys.c
- *
- * \brief Test driver implementation of the builtin key support
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-
-#include <psa/crypto.h>
-#include <psa/crypto_extra.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <test/drivers/test_driver.h>
-#endif
-
-typedef struct {
- psa_key_id_t builtin_key_id;
- psa_key_lifetime_t lifetime;
- psa_drv_slot_number_t slot_number;
-} mbedtls_psa_builtin_key_description_t;
-
-static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- /* For testing, assign the AES builtin key slot to the boundary values.
- * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
-#else
- { 0, 0, 0 }
-#endif
-};
-
-psa_status_t mbedtls_psa_platform_get_builtin_key(
- mbedtls_svc_key_id_t key_id,
- psa_key_lifetime_t *lifetime,
- psa_drv_slot_number_t *slot_number)
-{
- psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id);
- const mbedtls_psa_builtin_key_description_t *builtin_key;
-
- for (size_t i = 0;
- i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) {
- builtin_key = &builtin_keys[i];
- if (builtin_key->builtin_key_id == app_key_id) {
- *lifetime = builtin_key->lifetime;
- *slot_number = builtin_key->slot_number;
- return PSA_SUCCESS;
- }
- }
-
- return PSA_ERROR_DOES_NOT_EXIST;
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
deleted file mode 100644
index 314ce83..0000000
--- a/tests/src/drivers/test_driver_aead.c
+++ /dev/null
@@ -1,462 +0,0 @@
-/*
- * Test driver for AEAD entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_aead.h"
-#include "psa_crypto_core.h"
-
-#include "test/drivers/aead.h"
-
-#include "mbedtls/constant_time.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_aead.h"
-#endif
-
-mbedtls_test_driver_aead_hooks_t
- mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
-
-psa_status_t mbedtls_test_transparent_aead_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_encrypt++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) nonce;
- (void) nonce_length;
- (void) additional_data;
- (void) additional_data_length;
- (void) plaintext;
- (void) plaintext_length;
- (void) ciphertext;
- (void) ciphertext_size;
- (void) ciphertext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_decrypt++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) nonce;
- (void) nonce_length;
- (void) additional_data;
- (void) additional_data_length;
- (void) ciphertext;
- (void) ciphertext_length;
- (void) plaintext;
- (void) plaintext_size;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_aead_hooks.hits_encrypt_setup++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation,
- (const libtestdriver1_psa_key_attributes_t
- *) attributes,
- key_buffer,
- key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer,
- key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_aead_hooks.hits_decrypt_setup++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation,
- (const libtestdriver1_psa_key_attributes_t
- *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer,
- key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_set_nonce(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length)
-{
- mbedtls_test_driver_aead_hooks.hits_set_nonce++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
-#else
- (void) operation;
- (void) nonce;
- (void) nonce_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_set_lengths(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_set_lengths++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length,
- plaintext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_set_lengths(operation, ad_length,
- plaintext_length);
-#else
- (void) operation;
- (void) ad_length;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_update_ad(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_aead_hooks.hits_update_ad++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_update_ad(operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_update(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_aead_hooks.hits_update++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_update(operation, input,
- input_length, output,
- output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_update(operation, input, input_length, output,
- output_size, output_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_finish(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length)
-{
- mbedtls_test_driver_aead_hooks.hits_finish++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext,
- ciphertext_size, ciphertext_length,
- tag, tag_size, tag_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size,
- ciphertext_length, tag, tag_size,
- tag_length);
-#else
- (void) operation;
- (void) ciphertext;
- (void) ciphertext_size;
- (void) ciphertext_length;
- (void) tag;
- (void) tag_size;
- (void) tag_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_verify(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length)
-{
- mbedtls_test_driver_aead_hooks.hits_verify++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
- uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
- size_t check_tag_length = 0;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_finish(operation,
- plaintext,
- plaintext_size,
- plaintext_length,
- check_tag,
- sizeof(check_tag),
- &check_tag_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_finish(operation,
- plaintext,
- plaintext_size,
- plaintext_length,
- check_tag,
- sizeof(check_tag),
- &check_tag_length);
-#else
- (void) operation;
- (void) plaintext;
- (void) plaintext_size;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
-
- if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
- if (tag_length != check_tag_length ||
- mbedtls_ct_memcmp(tag, check_tag, tag_length)
- != 0) {
- mbedtls_test_driver_aead_hooks.driver_status =
- PSA_ERROR_INVALID_SIGNATURE;
- }
- }
-
- mbedtls_platform_zeroize(check_tag, sizeof(check_tag));
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_abort(
- mbedtls_transparent_test_driver_aead_operation_t *operation)
-{
- mbedtls_test_driver_aead_hooks.hits_abort++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
deleted file mode 100644
index 4fc8c9d..0000000
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ /dev/null
@@ -1,181 +0,0 @@
-/*
- * Test driver for asymmetric encryption.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "mbedtls/rsa.h"
-#include "psa_crypto_rsa.h"
-#include "string.h"
-#include "test/drivers/asymmetric_encryption.h"
-#include "test/drivers/key_management.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#endif
-
-#define PSA_RSA_KEY_PAIR_MAX_SIZE \
- PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
-
-mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
- MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
-
-psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
-
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
-
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-/*
- * opaque versions
- */
-psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
- size_t unwrapped_key_length;
- psa_status_t status;
-
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- unwrapped_key, sizeof(unwrapped_key),
- &unwrapped_key_length);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
- return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_encrypt(
- attributes, unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
- size_t unwrapped_key_length;
- psa_status_t status;
-
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- unwrapped_key, sizeof(unwrapped_key),
- &unwrapped_key_length);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
- return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_decrypt(
- attributes, unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
deleted file mode 100644
index 2bc751a..0000000
--- a/tests/src/drivers/test_driver_cipher.c
+++ /dev/null
@@ -1,432 +0,0 @@
-/*
- * Test driver for cipher functions.
- * Currently only supports multi-part operations using AES-CTR.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_core.h"
-#include "mbedtls/cipher.h"
-
-#include "test/drivers/cipher.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_cipher.h"
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
- MBEDTLS_TEST_DRIVER_CIPHER_INIT;
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
- mbedtls_test_driver_cipher_hooks.hits_encrypt++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
- if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status_encrypt;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- /* Wiping the entire struct here, instead of member-by-member. This is
- * useful for the test suite, since it gives a chance of catching memory
- * corruption errors should the core not have allocated (enough) memory for
- * our context struct. */
- memset(operation, 0, sizeof(*operation));
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_length, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_encrypt_setup(
- operation, attributes, key, key_length, alg);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_length, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_decrypt_setup(
- operation, attributes, key, key_length, alg);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_abort(
- mbedtls_transparent_test_driver_cipher_operation_t *operation)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- libtestdriver1_mbedtls_psa_cipher_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- mbedtls_psa_cipher_abort(operation);
-#endif
-
- /* Wiping the entire struct here, instead of member-by-member. This is
- * useful for the test suite, since it gives a chance of catching memory
- * corruption errors should the core not have allocated (enough) memory for
- * our context struct. */
- memset(operation, 0, sizeof(*operation));
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_set_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
- mbedtls_test_driver_cipher_hooks.hits_set_iv++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
- if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status_set_iv;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_set_iv(
- operation, iv, iv_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_set_iv(operation, iv, iv_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_update(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_finish(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-/*
- * opaque versions, to do
- */
-psa_status_t mbedtls_test_opaque_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) iv;
- (void) iv_length;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- (void) operation;
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- (void) operation;
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_abort(
- mbedtls_opaque_test_driver_cipher_operation_t *operation)
-{
- (void) operation;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_set_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length)
-{
- (void) operation;
- (void) iv;
- (void) iv_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_update(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- (void) operation;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_finish(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- (void) operation;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
deleted file mode 100644
index 8471959..0000000
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/*
- * Test driver for key agreement functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_ffdh.h"
-
-#include "test/drivers/key_agreement.h"
-#include "test/drivers/test_driver.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/include/psa/crypto.h"
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
-#endif
-
-mbedtls_test_driver_key_agreement_hooks_t
- mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
-
-psa_status_t mbedtls_test_transparent_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length)
-{
- mbedtls_test_driver_key_agreement_hooks.hits++;
-
- if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_agreement_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output,
- mbedtls_test_driver_key_agreement_hooks.forced_output_length);
- *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length;
-
- return PSA_SUCCESS;
- }
-
- if (PSA_ALG_IS_ECDH(alg)) {
-#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH))
- return libtestdriver1_mbedtls_psa_key_agreement_ecdh(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, peer_key, peer_key_length,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
- return mbedtls_psa_key_agreement_ecdh(
- attributes,
- key_buffer, key_buffer_size,
- alg, peer_key, peer_key_length,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- if (PSA_ALG_IS_FFDH(alg)) {
-#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH))
- return libtestdriver1_mbedtls_psa_ffdh_key_agreement(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- peer_key, peer_key_length,
- key_buffer, key_buffer_size,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
- return mbedtls_psa_ffdh_key_agreement(
- attributes,
- peer_key,
- peer_key_length,
- key_buffer,
- key_buffer_size,
- shared_secret,
- shared_secret_size,
- shared_secret_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
-}
-
-psa_status_t mbedtls_test_opaque_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length)
-{
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
deleted file mode 100644
index 2a87899..0000000
--- a/tests/src/drivers/test_driver_key_management.c
+++ /dev/null
@@ -1,788 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- * Currently only supports generating and verifying ECC keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_rsa.h"
-#include "psa_crypto_ffdh.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/error.h"
-
-#include "test/drivers/key_management.h"
-#include "test/drivers/test_driver.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_key_management_hooks_t
- mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
-
-const uint8_t mbedtls_test_driver_aes_key[16] =
-{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
- 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
-const uint8_t mbedtls_test_driver_ecdsa_key[32] =
-{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
- 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
- 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
- 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
-const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
-{ 0x04,
- 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
- 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
- 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
- 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
- 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
- 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
- 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
- 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
-
-psa_status_t mbedtls_test_transparent_init(void)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- status = libtestdriver1_psa_crypto_init();
- if (status != PSA_SUCCESS) {
- return status;
- }
-#endif
-
- (void) status;
- return PSA_SUCCESS;
-}
-
-void mbedtls_test_transparent_free(void)
-{
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- libtestdriver1_mbedtls_psa_crypto_free();
-#endif
-
- return;
-}
-
-psa_status_t mbedtls_test_opaque_init(void)
-{
- return PSA_SUCCESS;
-}
-
-void mbedtls_test_opaque_free(void)
-{
- return;
-}
-
-/*
- * This macro returns the base size for the key context when SE does not
- * support storage. It is the size of the metadata that gets added to the
- * wrapped key. In its test functionality the metadata is just some padded
- * prefixing to the key.
- */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
- PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
-
-
-size_t mbedtls_test_opaque_size_function(
- const psa_key_type_t key_type,
- const size_t key_bits)
-{
- size_t key_buffer_size = 0;
-
- key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
- if (key_buffer_size == 0) {
- return 0;
- }
- /* Include spacing for base size overhead over the key size
- * */
- key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
- return key_buffer_size;
-}
-
-static size_t mbedtls_test_opaque_get_base_size()
-{
- return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
-}
-
-/*
- * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
- * clear key. It expects the clear and wrap buffers to be passed in.
- * key_length is the size of the clear key to be wrapped.
- * wrapped_key_buffer_size is the size of the output buffer wrap_key.
- * The argument wrapped_key_buffer_length is filled with the wrapped
- * key_size on success.
- * */
-static psa_status_t mbedtls_test_opaque_wrap_key(
- const uint8_t *key,
- size_t key_length,
- uint8_t *wrapped_key_buffer,
- size_t wrapped_key_buffer_size,
- size_t *wrapped_key_buffer_length)
-{
- size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
- uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
-
- if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- /* Write in the opaque pad prefix */
- memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
- wrapped_key_buffer += opaque_key_base_size;
- *wrapped_key_buffer_length = key_length + opaque_key_base_size;
-
- while (key_length--) {
- wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
- }
- return PSA_SUCCESS;
-}
-
-/*
- * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
- * and unwraps the wrapped key. It expects the clear and wrap buffers to be
- * passed in.
- * wrapped_key_length is the size of the wrapped key,
- * key_buffer_size is the size of the output buffer clear_key.
- * The argument key_buffer_length is filled with the unwrapped(clear)
- * key_size on success.
- * */
-psa_status_t mbedtls_test_opaque_unwrap_key(
- const uint8_t *wrapped_key,
- size_t wrapped_key_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length)
-{
- /* Remove the pad prefix from the wrapped key */
- size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
- size_t clear_key_size;
-
- /* Check for underflow */
- if (wrapped_key_length < opaque_key_base_size) {
- return PSA_ERROR_DATA_CORRUPT;
- }
- clear_key_size = wrapped_key_length - opaque_key_base_size;
-
- wrapped_key += opaque_key_base_size;
- if (clear_key_size > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *key_buffer_length = clear_key_size;
- while (clear_key_size--) {
- key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
- }
- return PSA_SUCCESS;
-}
-
-psa_status_t mbedtls_test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length)
-{
- ++mbedtls_test_driver_key_management_hooks.hits;
- ++mbedtls_test_driver_key_management_hooks.hits_generate_key;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_management_hooks.forced_output_length >
- key_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length);
- *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
- && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_ecp_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
- return mbedtls_psa_ecp_generate_key(
- attributes, key, key_size, key_length);
-#endif
- } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_rsa_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- NULL, 0, /* We don't support custom e in the test driver yet */
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- return mbedtls_psa_rsa_generate_key(
- attributes,
- NULL, 0, /* We don't support custom e in the test driver yet */
- key, key_size, key_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
- && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_ffdh_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
- return mbedtls_psa_ffdh_generate_key(
- attributes, key, key_size, key_length);
-#endif
- }
-
- (void) attributes;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length)
-{
- (void) attributes;
- (void) key;
- (void) key_size;
- (void) key_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- psa_key_type_t type = psa_get_key_type(attributes);
-
- ++mbedtls_test_driver_key_management_hooks.hits;
- mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ecp_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return mbedtls_psa_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_rsa_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ffdh_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_ffdh_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- }
- (void) data;
- (void) data_length;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) key_buffer_length;
- (void) bits;
- (void) type;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-
-psa_status_t mbedtls_test_opaque_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type(attributes);
- /* This buffer will be used as an intermediate placeholder for
- * the clear key till we wrap it */
- uint8_t *key_buffer_temp;
-
- ++mbedtls_test_driver_key_management_hooks.hits;
- mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
- if (key_buffer_temp == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- *bits = PSA_BYTES_TO_BITS(data_length);
-
- status = psa_validate_unstructured_key_bit_size(type,
- *bits);
- if (status != PSA_SUCCESS) {
- goto exit;
- }
-
- if (data_length > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- /* Copy the key material accounting for opaque key padding. */
- memcpy(key_buffer_temp, data, data_length);
- *key_buffer_length = data_length;
- } else if (PSA_KEY_TYPE_IS_ECC(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_ecp_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- status = mbedtls_psa_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- goto exit;
- }
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_rsa_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- status = mbedtls_psa_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- goto exit;
- }
- } else {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
- status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
- key_buffer, key_buffer_size, key_buffer_length);
-exit:
- mbedtls_free(key_buffer_temp);
- return status;
-}
-
-psa_status_t mbedtls_test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- if (key_length == sizeof(psa_drv_slot_number_t)) {
- /* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
-
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- /* This is the ECDSA slot. Verify the key's attributes before
- * returning the private key. */
- if (psa_get_key_type(attributes) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 256) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) !=
- PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if ((psa_get_key_usage_flags(attributes) &
- PSA_KEY_USAGE_EXPORT) == 0) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_ecdsa_key,
- sizeof(mbedtls_test_driver_ecdsa_key));
- *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
- return PSA_SUCCESS;
-
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
- /* This is the AES slot. Verify the key's attributes before
- * returning the key. */
- if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 128) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if ((psa_get_key_usage_flags(attributes) &
- PSA_KEY_USAGE_EXPORT) == 0) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_aes_key,
- sizeof(mbedtls_test_driver_aes_key));
- *data_length = sizeof(mbedtls_test_driver_aes_key);
- return PSA_SUCCESS;
-
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
- } else {
- /* This buffer will be used as an intermediate placeholder for
- * the opaque key till we unwrap the key into key_buffer */
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type(attributes);
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
- PSA_KEY_TYPE_IS_RSA(type) ||
- PSA_KEY_TYPE_IS_ECC(type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- data, data_size, data_length);
- return status;
- }
- }
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- ++mbedtls_test_driver_key_management_hooks.hits;
- ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_management_hooks.forced_output_length >
- data_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length);
- *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- psa_key_type_t key_type = psa_get_key_type(attributes);
-
- if (PSA_KEY_TYPE_IS_ECC(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ecp_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return mbedtls_psa_ecp_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_rsa_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_rsa_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
- return mbedtls_psa_ffdh_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- }
-
- (void) key_buffer;
- (void) key_buffer_size;
- (void) key_type;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- if (key_length != sizeof(psa_drv_slot_number_t)) {
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type(attributes);
- uint8_t *key_buffer_temp;
-
- key_buffer_temp = mbedtls_calloc(1, key_length);
- if (key_buffer_temp == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(key_type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- key_buffer_temp, key_length, data_length);
- if (status == PSA_SUCCESS) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- status = mbedtls_psa_ecp_export_public_key(
- attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- key_buffer_temp, key_length, data_length);
- if (status == PSA_SUCCESS) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- status = mbedtls_psa_rsa_export_public_key(
- attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- } else {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void) key;
- (void) key_type;
- }
- mbedtls_free(key_buffer_temp);
- return status;
- }
-
- /* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- /* This is the ECDSA slot. Verify the key's attributes before
- * returning the public key. */
- if (psa_get_key_type(attributes) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 256) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) !=
- PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
- sizeof(mbedtls_test_driver_ecdsa_pubkey));
- *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
- return PSA_SUCCESS;
-
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-}
-
-/* The opaque test driver exposes two built-in keys when builtin key support is
- * compiled in.
- * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
- * key which allows CTR mode.
- * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
- * private key which allows ECDSA sign & verify.
- * The key buffer format for these is the raw format of psa_drv_slot_number_t
- * (i.e. for an actual driver this would mean 'builtin_key_size' =
- * sizeof(psa_drv_slot_number_t)).
- */
-psa_status_t mbedtls_test_opaque_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
-{
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
- psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(attributes, 128);
- psa_set_key_usage_flags(
- attributes,
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_EXPORT);
- psa_set_key_algorithm(attributes, PSA_ALG_CTR);
-
- if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *((psa_drv_slot_number_t *) key_buffer) =
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
- *key_buffer_length = sizeof(psa_drv_slot_number_t);
- return PSA_SUCCESS;
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- psa_set_key_type(
- attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
- psa_set_key_bits(attributes, 256);
- psa_set_key_usage_flags(
- attributes,
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_EXPORT);
- psa_set_key_algorithm(
- attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
-
- if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *((psa_drv_slot_number_t *) key_buffer) =
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
- *key_buffer_length = sizeof(psa_drv_slot_number_t);
- return PSA_SUCCESS;
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-}
-
-psa_status_t mbedtls_test_opaque_copy_key(
- psa_key_attributes_t *attributes,
- const uint8_t *source_key, size_t source_key_length,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
-{
- /* This is a case where the opaque test driver emulates an SE without storage.
- * With that all key context is stored in the wrapped buffer.
- * So no additional house keeping is necessary to reference count the
- * copied keys. This could change when the opaque test driver is extended
- * to support SE with storage, or to emulate an SE without storage but
- * still holding some slot references */
- if (source_key_length > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(key_buffer, source_key, source_key_length);
- *key_buffer_length = source_key_length;
- (void) attributes;
- return PSA_SUCCESS;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
deleted file mode 100644
index 9f8120b..0000000
--- a/tests/src/drivers/test_driver_mac.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/*
- * Test driver for MAC entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_mac.h"
-
-#include "test/drivers/mac.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_mac.h"
-#endif
-
-mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
- MBEDTLS_TEST_DRIVER_MAC_INIT;
-
-psa_status_t mbedtls_test_transparent_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_compute(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg,
- input, input_length,
- mac, mac_size, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_compute(
- attributes, key_buffer, key_buffer_size, alg,
- input, input_length,
- mac, mac_size, mac_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_sign_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_sign_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_sign_setup(
- operation, attributes, key_buffer, key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_verify_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_verify_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_verify_setup(
- operation, attributes, key_buffer, key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_update(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_update(
- operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_update(
- operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_sign_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length);
-#else
- (void) operation;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_verify_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length);
-#else
- (void) operation;
- (void) mac;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_sign_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_verify_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_update(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_sign_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_verify_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) mac;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
deleted file mode 100644
index a0b6c1c..0000000
--- a/tests/src/drivers/test_driver_pake.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/*
- * Test driver for MAC entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_pake.h"
-
-#include "test/drivers/pake.h"
-#include "string.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_pake.h"
-#endif
-
-mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
- MBEDTLS_TEST_DRIVER_PAKE_INIT;
-
-
-psa_status_t mbedtls_test_transparent_pake_setup(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- const psa_crypto_driver_pake_inputs_t *inputs)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.setup++;
-
- if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_setup_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_setup(
- operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_setup(
- operation, inputs);
-#else
- (void) operation;
- (void) inputs;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_output(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.output++;
-
- if (mbedtls_test_driver_pake_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_pake_hooks.forced_output,
- mbedtls_test_driver_pake_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_pake_hooks.forced_output_length;
-
- return mbedtls_test_driver_pake_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_output(
- operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_output(
- operation, step, output, output_size, output_length);
-#else
- (void) operation;
- (void) step;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_input(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.input++;
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_input(
- operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
- input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_input(
- operation, step, input, input_length);
-#else
- (void) operation;
- (void) step;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.implicit_key++;
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_get_implicit_key(
- operation, output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_get_implicit_key(
- operation, output, output_size, output_length);
-#else
- (void) operation;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_abort(
- mbedtls_transparent_test_driver_pake_operation_t *operation)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.abort++;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_abort(
- operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_abort(
- operation);
-#else
- (void) operation;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
-
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS &&
- mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- }
-
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
deleted file mode 100644
index 4fca5d1..0000000
--- a/tests/src/drivers/test_driver_signature.c
+++ /dev/null
@@ -1,404 +0,0 @@
-/*
- * Test driver for signature functions.
- * Currently supports signing and verifying precalculated hashes, using
- * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_hash.h"
-#include "psa_crypto_rsa.h"
-#include "mbedtls/ecp.h"
-
-#include "test/drivers/hash.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/hash.h"
-
-#include "mbedtls/ecdsa.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_hash.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-
-psa_status_t sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
- PSA_ALG_IS_RSA_PSS(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
- return libtestdriver1_mbedtls_psa_rsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return mbedtls_psa_rsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
- if (PSA_ALG_IS_ECDSA(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
- return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return mbedtls_psa_ecdsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
- PSA_ALG_IS_RSA_PSS(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
- return libtestdriver1_mbedtls_psa_rsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return mbedtls_psa_rsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
- if (PSA_ALG_IS_ECDSA(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
- return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return mbedtls_psa_ecdsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t hash_length;
- uint8_t hash[PSA_HASH_MAX_SIZE];
-
- ++mbedtls_test_driver_signature_sign_hooks.hits;
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_sign_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length);
- *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
-
- return PSA_SUCCESS;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#else
- (void) input;
- (void) input_length;
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return sign_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t hash_length;
- uint8_t hash[PSA_HASH_MAX_SIZE];
-
- ++mbedtls_test_driver_signature_verify_hooks.hits;
-
- if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_verify_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#else
- (void) input;
- (void) input_length;
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return verify_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) signature;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length)
-{
- ++mbedtls_test_driver_signature_sign_hooks.hits;
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_sign_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length);
- *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- return sign_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length)
-{
- ++mbedtls_test_driver_signature_verify_hooks.hits;
-
- if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_verify_hooks.forced_status;
- }
-
- return verify_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c
deleted file mode 100644
index c0bfde5..0000000
--- a/tests/src/fake_external_rng_for_test.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/** \file fake_external_rng_for_test.c
- *
- * \brief Helper functions to test PSA crypto functionality.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/fake_external_rng_for_test.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#include <test/random.h>
-#include <psa/crypto.h>
-
-static int test_insecure_external_rng_enabled = 0;
-
-void mbedtls_test_enable_insecure_external_rng(void)
-{
- test_insecure_external_rng_enabled = 1;
-}
-
-void mbedtls_test_disable_insecure_external_rng(void)
-{
- test_insecure_external_rng_enabled = 0;
-}
-
-psa_status_t mbedtls_psa_external_get_random(
- mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) context;
-
- if (!test_insecure_external_rng_enabled) {
- return PSA_ERROR_INSUFFICIENT_ENTROPY;
- }
-
- /* This implementation is for test purposes only!
- * Use the libc non-cryptographic random generator. */
- mbedtls_test_rnd_std_rand(NULL, output, output_size);
- *output_length = output_size;
- return PSA_SUCCESS;
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
deleted file mode 100644
index db50296..0000000
--- a/tests/src/helpers.c
+++ /dev/null
@@ -1,720 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/constant_flow.h>
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include <psa/crypto.h>
-#include <test/psa_crypto_helpers.h>
-#endif
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
-#include <test/psa_memory_poisoning_wrappers.h>
-#endif
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-#include <test/bignum_codepath_check.h>
-#endif
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*----------------------------------------------------------------------------*/
-/* Static global variables */
-
-#if defined(MBEDTLS_PLATFORM_C)
-static mbedtls_platform_context platform_ctx;
-#endif
-
-static mbedtls_test_info_t mbedtls_test_info;
-
-#ifdef MBEDTLS_THREADING_C
-mbedtls_threading_mutex_t mbedtls_test_info_mutex;
-#endif /* MBEDTLS_THREADING_C */
-
-/*----------------------------------------------------------------------------*/
-/* Mbedtls Test Info accessors
- *
- * NOTE - there are two types of accessors here: public accessors and internal
- * accessors. The public accessors have prototypes in helpers.h and lock
- * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors,
- * which are expected to be used from this module *only*, do not lock the mutex.
- * These are designed to be called from within public functions which already
- * hold the mutex. The main reason for this difference is the need to set
- * multiple test data values atomically (without releasing the mutex) to prevent
- * race conditions. */
-
-mbedtls_test_result_t mbedtls_test_get_result(void)
-{
- mbedtls_test_result_t result;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- result = mbedtls_test_info.result;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return result;
-}
-
-static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test,
- int line_no, const char *filename)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.result = result;
- mbedtls_test_info.test = test;
- mbedtls_test_info.line_no = line_no;
- mbedtls_test_info.filename = filename;
-}
-
-const char *mbedtls_test_get_test(void)
-{
- const char *test;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- test = mbedtls_test_info.test;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return test;
-}
-const char *mbedtls_get_test_filename(void)
-{
- const char *filename;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* It should be ok just to pass back the pointer here, as it is going to
- * be a pointer into non changing data. */
- filename = mbedtls_test_info.filename;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return filename;
-}
-
-int mbedtls_test_get_line_no(void)
-{
- int line_no;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- line_no = mbedtls_test_info.line_no;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return line_no;
-}
-
-void mbedtls_test_increment_step(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- ++mbedtls_test_info.step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-unsigned long mbedtls_test_get_step(void)
-{
- unsigned long step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- step = mbedtls_test_info.step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return step;
-}
-
-static void mbedtls_test_reset_step_internal(void)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.step = (unsigned long) (-1);
-}
-
-void mbedtls_test_set_step(unsigned long step)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_info.step = step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_get_line1(char *line)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-static void mbedtls_test_set_line1_internal(const char *line)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- if (line == NULL) {
- memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH);
- } else {
- memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH);
- }
-}
-
-void mbedtls_test_get_line2(char *line)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-static void mbedtls_test_set_line2_internal(const char *line)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- if (line == NULL) {
- memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH);
- } else {
- memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH);
- }
-}
-
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-const char *mbedtls_test_get_mutex_usage_error(void)
-{
- const char *usage_error;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- usage_error = mbedtls_test_info.mutex_usage_error;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return usage_error;
-}
-
-void mbedtls_test_set_mutex_usage_error(const char *msg)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) {
- mbedtls_test_info.mutex_usage_error = msg;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-unsigned mbedtls_test_get_case_uses_negative_0(void)
-{
- unsigned test_case_uses_negative_0 = 0;
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
- test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return test_case_uses_negative_0;
-}
-
-static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.case_uses_negative_0 = uses;
-}
-
-void mbedtls_test_increment_case_uses_negative_0(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- ++mbedtls_test_info.case_uses_negative_0;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#ifdef MBEDTLS_TEST_MUTEX_USAGE
-mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void)
-{
- return &mbedtls_test_info_mutex;
-}
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-/*----------------------------------------------------------------------------*/
-/* Helper Functions */
-
-int mbedtls_test_platform_setup(void)
-{
- int ret = 0;
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
- mbedtls_poison_test_hooks_setup();
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
- /* Make sure that injected entropy is present. Otherwise
- * psa_crypto_init() will fail. This is not necessary for test suites
- * that don't use PSA, but it's harmless (except for leaving a file
- * behind). */
- ret = mbedtls_test_inject_entropy_restore();
- if (ret != 0) {
- return ret;
- }
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
- ret = mbedtls_platform_setup(&platform_ctx);
-#endif /* MBEDTLS_PLATFORM_C */
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_init(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
- mbedtls_codepath_test_hooks_setup();
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-
- return ret;
-}
-
-void mbedtls_test_platform_teardown(void)
-{
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
- mbedtls_poison_test_hooks_teardown();
-#endif
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_free(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
-#if defined(MBEDTLS_PLATFORM_C)
- mbedtls_platform_teardown(&platform_ctx);
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
- mbedtls_codepath_test_hooks_teardown();
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-}
-
-int mbedtls_test_ascii2uc(const char c, unsigned char *uc)
-{
- if ((c >= '0') && (c <= '9')) {
- *uc = c - '0';
- } else if ((c >= 'a') && (c <= 'f')) {
- *uc = c - 'a' + 10;
- } else if ((c >= 'A') && (c <= 'F')) {
- *uc = c - 'A' + 10;
- } else {
- return -1;
- }
-
- return 0;
-}
-
-static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we have already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename);
- }
-}
-
-void mbedtls_test_fail(const char *test, int line_no, const char *filename)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_fail_internal(test, line_no, filename);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_skip(const char *test, int line_no, const char *filename)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_info_reset(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0);
- mbedtls_test_reset_step_internal();
- mbedtls_test_set_line1_internal(NULL);
- mbedtls_test_set_line2_internal(NULL);
-
-#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_test_set_case_uses_negative_0_internal(0);
-#endif
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-int mbedtls_test_equal(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 == value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, as we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %lld",
- value1, (long long) value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %lld",
- value2, (long long) value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 <= value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %llu",
- value1, value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %llu",
- value2, value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
- long long value1, long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 <= value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %lld",
- (unsigned long long) value1, value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %lld",
- (unsigned long long) value2, value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_unhexify(unsigned char *obuf,
- size_t obufmax,
- const char *ibuf,
- size_t *len)
-{
- unsigned char uc, uc2;
-
- *len = strlen(ibuf);
-
- /* Must be even number of bytes. */
- if ((*len) & 1) {
- return -1;
- }
- *len /= 2;
-
- if ((*len) > obufmax) {
- return -1;
- }
-
- while (*ibuf != 0) {
- if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) {
- return -1;
- }
-
- if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) {
- return -1;
- }
-
- *(obuf++) = (uc << 4) | uc2;
- }
-
- return 0;
-}
-
-void mbedtls_test_hexify(unsigned char *obuf,
- const unsigned char *ibuf,
- int len)
-{
- unsigned char l, h;
-
- while (len != 0) {
- h = *ibuf / 16;
- l = *ibuf % 16;
-
- if (h < 10) {
- *obuf++ = '0' + h;
- } else {
- *obuf++ = 'a' + h - 10;
- }
-
- if (l < 10) {
- *obuf++ = '0' + l;
- } else {
- *obuf++ = 'a' + l - 10;
- }
-
- ++ibuf;
- len--;
- }
-}
-
-unsigned char *mbedtls_test_zero_alloc(size_t len)
-{
- void *p;
- size_t actual_len = (len != 0) ? len : 1;
-
- p = mbedtls_calloc(1, actual_len);
- TEST_HELPER_ASSERT(p != NULL);
-
- memset(p, 0x00, actual_len);
-
- return p;
-}
-
-unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen)
-{
- unsigned char *obuf;
- size_t len;
-
- *olen = strlen(ibuf) / 2;
-
- if (*olen == 0) {
- return mbedtls_test_zero_alloc(*olen);
- }
-
- obuf = mbedtls_calloc(1, *olen);
- TEST_HELPER_ASSERT(obuf != NULL);
- TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0);
-
- return obuf;
-}
-
-int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
- uint32_t a_len, uint32_t b_len)
-{
- int ret = 0;
- uint32_t i = 0;
-
- if (a_len != b_len) {
- return -1;
- }
-
- for (i = 0; i < a_len; i++) {
- if (a[i] != b[i]) {
- ret = -1;
- break;
- }
- }
- return ret;
-}
-
-#if defined(MBEDTLS_TEST_HOOKS)
-void mbedtls_test_err_add_check(int high, int low,
- const char *file, int line)
-{
- /* Error codes are always negative (a value of zero is a success) however
- * their positive opposites can be easier to understand. The following
- * examples given in comments have been made positive for ease of
- * understanding. The structure of an error code is such:
- *
- * shhhhhhhhlllllll
- *
- * s = sign bit.
- * h = high level error code (includes high level module ID (bits 12..14)
- * and module-dependent error code (bits 7..11)).
- * l = low level error code.
- */
- if (high > -0x1000 && high != 0) {
- /* high < 0001000000000000
- * No high level module ID bits are set.
- */
- mbedtls_test_fail("'high' is not a high-level error code",
- line, file);
- } else if (high < -0x7F80) {
- /* high > 0111111110000000
- * Error code is greater than the largest allowed high level module ID.
- */
- mbedtls_test_fail("'high' error code is greater than 15 bits",
- line, file);
- } else if ((high & 0x7F) != 0) {
- /* high & 0000000001111111
- * Error code contains low level error code bits.
- */
- mbedtls_test_fail("'high' contains a low-level error code",
- line, file);
- } else if (low < -0x007F) {
- /* low > 0000000001111111
- * Error code contains high or module level error code bits.
- */
- mbedtls_test_fail("'low' error code is greater than 7 bits",
- line, file);
- } else if (low > 0) {
- mbedtls_test_fail("'low' error code is greater than zero",
- line, file);
- }
-}
-#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
deleted file mode 100644
index 197fd41..0000000
--- a/tests/src/psa_crypto_helpers.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/** \file psa_crypto_helpers.c
- *
- * \brief Helper functions to test PSA crypto functionality.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <psa_crypto_slot_management.h>
-#include <test/psa_crypto_helpers.h>
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include <mbedtls/ctr_drbg.h>
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-
-#include <psa_crypto_storage.h>
-
-static mbedtls_svc_key_id_t key_ids_used_in_test[9];
-static size_t num_key_ids_used;
-
-int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)
-{
- size_t i;
- if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) >
- PSA_MAX_PERSISTENT_KEY_IDENTIFIER) {
- /* Don't touch key id values that designate non-key files. */
- return 1;
- }
- for (i = 0; i < num_key_ids_used; i++) {
- if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) {
- return 1;
- }
- }
- if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) {
- return 0;
- }
- key_ids_used_in_test[num_key_ids_used] = key_id;
- ++num_key_ids_used;
- return 1;
-}
-
-void mbedtls_test_psa_purge_key_storage(void)
-{
- size_t i;
- for (i = 0; i < num_key_ids_used; i++) {
- psa_destroy_persistent_key(key_ids_used_in_test[i]);
- }
- num_key_ids_used = 0;
-}
-
-void mbedtls_test_psa_purge_key_cache(void)
-{
- size_t i;
- for (i = 0; i < num_key_ids_used; i++) {
- psa_purge_key(key_ids_used_in_test[i]);
- }
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-const char *mbedtls_test_helper_is_psa_leaking(void)
-{
- mbedtls_psa_stats_t stats;
-
- mbedtls_psa_get_stats(&stats);
-
- /* Some volatile slots may be used for internal purposes. Generally
- * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point,
- * but in some cases we might have less, e.g. if a code path calls
- * PSA_DONE more than once, or if there has only been a partial or
- * failed initialization. */
- if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) {
- return "A volatile slot has not been closed properly.";
- }
- if (stats.persistent_slots != 0) {
- return "A persistent slot has not been closed properly.";
- }
- if (stats.external_slots != 0) {
- return "An external slot has not been closed properly.";
- }
- if (stats.half_filled_slots != 0) {
- return "A half-filled slot has not been cleared properly.";
- }
- if (stats.locked_slots != 0) {
- return "Some slots are still marked as locked.";
- }
-
- return NULL;
-}
-
-#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
-/** Name of the file where return statuses are logged by #RECORD_STATUS. */
-#define STATUS_LOG_FILE_NAME "statuses.log"
-
-psa_status_t mbedtls_test_record_status(psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr)
-{
- /* We open the log file on first use.
- * We never close the log file, so the record_status feature is not
- * compatible with resource leak detectors such as Asan.
- */
- static FILE *log;
- if (log == NULL) {
- log = fopen(STATUS_LOG_FILE_NAME, "a");
- }
- fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr);
- return status;
-}
-#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
-
-psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
-{
- psa_key_usage_t updated_usage = usage_flags;
-
- if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
- updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
- }
-
- if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
- updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
-
- return updated_usage;
-}
-
-int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
-{
- const char *msg = mbedtls_test_helper_is_psa_leaking();
- if (msg == NULL) {
- return 0;
- } else {
- mbedtls_test_fail(msg, line_no, filename);
- return 1;
- }
-}
-
-uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
-{
- uint64_t result = 0;
- TEST_LE_U(bin_string->len, 8);
- for (size_t i = 0; i < bin_string->len; i++) {
- result = result << 8 | bin_string->x[i];
- }
-exit:
- return result; /* returns 0 if len > 8 */
-}
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-
-#include <mbedtls/entropy.h>
-#include <psa_crypto_its.h>
-
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
-{
- size_t actual_len = 0;
- psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
- 0, len, buf, &actual_len);
- if (status != 0) {
- return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- }
- if (actual_len != len) {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
- return 0;
-}
-
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
-{
- psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
- len, buf, 0);
- if (status != 0) {
- return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- }
- return 0;
-}
-
-int mbedtls_test_inject_entropy_restore(void)
-{
- unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- for (size_t i = 0; i < sizeof(buf); i++) {
- buf[i] = (unsigned char) i;
- }
- psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
- /* It's ok if the file was just created, or if it already exists. */
- if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
- return status;
- }
- return PSA_SUCCESS;
-}
-
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c
deleted file mode 100644
index 81d7f4b..0000000
--- a/tests/src/psa_crypto_stubs.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/** \file psa_crypto_stubs.c
- *
- * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
- * MBEDTLS_PSA_CRYPTO_C is disabled.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-
-psa_status_t psa_generate_random(uint8_t *output,
- size_t output_size)
-{
- (void) output;
- (void) output_size;
-
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- (void) key;
- (void) data;
- (void) data_size;
- (void) data_length;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- (void) key;
- (void) data;
- (void) data_size;
- (void) data_length;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
- psa_key_attributes_t *attributes)
-{
- (void) key;
- (void) attributes;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
-{
- (void) operation;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- mbedtls_svc_key_id_t *key)
-{
- (void) attributes;
- (void) data;
- (void) data_length;
- (void) key;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
deleted file mode 100644
index 937bd45..0000000
--- a/tests/src/psa_exercise_key.c
+++ /dev/null
@@ -1,1335 +0,0 @@
-/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
- * and can do what it is supposed to do.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <test/psa_exercise_key.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <mbedtls/asn1.h>
-#include <psa/crypto.h>
-
-#include <test/asn1_helpers.h>
-#include <psa_crypto_slot_management.h>
-#include <test/psa_crypto_helpers.h>
-
-#if defined(MBEDTLS_PK_C)
-#include <pk_internal.h>
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include <mbedtls/ecp.h>
-#endif
-#if defined(MBEDTLS_RSA_C)
-#include <rsa_internal.h>
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime)
-{
- return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE;
-}
-#endif
-
-static int check_key_attributes_sanity(mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- int ok = 0;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_lifetime_t lifetime;
- mbedtls_svc_key_id_t id;
- psa_key_type_t type;
- size_t bits;
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
- lifetime = psa_get_key_lifetime(&attributes);
- id = psa_get_key_id(&attributes);
- type = psa_get_key_type(&attributes);
- bits = psa_get_key_bits(&attributes);
-
- /* Persistence */
- if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
- TEST_ASSERT(
- (PSA_KEY_ID_VOLATILE_MIN <=
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
- (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <=
- PSA_KEY_ID_VOLATILE_MAX));
- } else {
- TEST_ASSERT(
- (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
- (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX));
- }
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- /* MBEDTLS_PSA_CRYPTO_SE_C does not support thread safety. */
- if (key_destroyable == 0) {
- /* randomly-generated 64-bit constant, should never appear in test data */
- psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
- status = psa_get_key_slot_number(&attributes, &slot_number);
- if (lifetime_is_dynamic_secure_element(lifetime)) {
- /* Mbed TLS currently always exposes the slot number to
- * applications. This is not mandated by the PSA specification
- * and may change in future versions. */
- TEST_EQUAL(status, 0);
- TEST_ASSERT(slot_number != 0xec94d4a5058a1a21);
- } else {
- TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
- }
- }
-#endif
-
- /* Type and size */
- TEST_ASSERT(type != 0);
- TEST_ASSERT(bits != 0);
- TEST_ASSERT(bits <= PSA_MAX_KEY_BITS);
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- TEST_ASSERT(bits % 8 == 0);
- }
-
- /* MAX macros concerning specific key types */
- if (PSA_KEY_TYPE_IS_ECC(type)) {
- TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS);
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
- TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS);
- }
- TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE);
-
- ok = 1;
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- return ok;
-}
-
-static int exercise_mac_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- const unsigned char input[] = "foo";
- unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 };
- size_t mac_length = sizeof(mac);
- psa_status_t status = PSA_SUCCESS;
- /* Convert wildcard algorithm to exercisable algorithm */
- if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
- alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg));
- }
-
- if (usage & PSA_KEY_USAGE_SIGN_HASH) {
- status = psa_mac_sign_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_mac_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_mac_update(&operation,
- input, sizeof(input)));
- PSA_ASSERT(psa_mac_sign_finish(&operation,
- mac, sizeof(mac),
- &mac_length));
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_mac_verify_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_mac_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_mac_update(&operation,
- input, sizeof(input)));
- TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length),
- verify_status);
- }
-
- return 1;
-
-exit:
- psa_mac_abort(&operation);
- return 0;
-}
-
-static int exercise_cipher_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 };
- size_t iv_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- const unsigned char plaintext[16] = "Hello, world...";
- unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- unsigned char decrypted[sizeof(ciphertext)];
- size_t part_length;
- psa_status_t status = PSA_SUCCESS;
-
- PSA_ASSERT(psa_get_key_attributes(key, &attributes));
- key_type = psa_get_key_type(&attributes);
- iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
-
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_cipher_encrypt_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_cipher_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- if (iv_length != 0) {
- PSA_ASSERT(psa_cipher_generate_iv(&operation,
- iv, sizeof(iv),
- &iv_length));
- }
- PSA_ASSERT(psa_cipher_update(&operation,
- plaintext, sizeof(plaintext),
- ciphertext, sizeof(ciphertext),
- &ciphertext_length));
- PSA_ASSERT(psa_cipher_finish(&operation,
- ciphertext + ciphertext_length,
- sizeof(ciphertext) - ciphertext_length,
- &part_length));
- ciphertext_length += part_length;
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- int maybe_invalid_padding = 0;
- if (!(usage & PSA_KEY_USAGE_ENCRYPT)) {
- maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg);
- }
- status = psa_cipher_decrypt_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_cipher_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- if (iv_length != 0) {
- PSA_ASSERT(psa_cipher_set_iv(&operation,
- iv, iv_length));
- }
- PSA_ASSERT(psa_cipher_update(&operation,
- ciphertext, ciphertext_length,
- decrypted, sizeof(decrypted),
- &part_length));
- status = psa_cipher_finish(&operation,
- decrypted + part_length,
- sizeof(decrypted) - part_length,
- &part_length);
- /* For a stream cipher, all inputs are valid. For a block cipher,
- * if the input is some arbitrary data rather than an actual
- ciphertext, a padding error is likely. */
- if (maybe_invalid_padding) {
- TEST_ASSERT(status == PSA_SUCCESS ||
- status == PSA_ERROR_INVALID_PADDING);
- } else {
- PSA_ASSERT(status);
- }
- }
-
- return 1;
-
-exit:
- psa_cipher_abort(&operation);
- psa_reset_key_attributes(&attributes);
- return 0;
-}
-
-static int exercise_aead_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 };
- size_t nonce_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- unsigned char plaintext[16] = "Hello, world...";
- unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- size_t plaintext_length = sizeof(ciphertext);
- psa_status_t status = PSA_SUCCESS;
-
- /* Convert wildcard algorithm to exercisable algorithm */
- if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
- alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg));
- }
-
- PSA_ASSERT(psa_get_key_attributes(key, &attributes));
- key_type = psa_get_key_type(&attributes);
- nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg);
-
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_aead_encrypt(key, alg,
- nonce, nonce_length,
- NULL, 0,
- plaintext, sizeof(plaintext),
- ciphertext, sizeof(ciphertext),
- &ciphertext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_ENCRYPT ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_aead_decrypt(key, alg,
- nonce, nonce_length,
- NULL, 0,
- ciphertext, ciphertext_length,
- plaintext, sizeof(plaintext),
- &plaintext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
-
- return 1;
-
-exit:
- psa_reset_key_attributes(&attributes);
- return 0;
-}
-
-static int can_sign_or_verify_message(psa_key_usage_t usage,
- psa_algorithm_t alg)
-{
- /* Sign-the-unspecified-hash algorithms can only be used with
- * {sign,verify}_hash, not with {sign,verify}_message. */
- if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
- return 0;
- }
- return usage & (PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE);
-}
-
-static int exercise_signature_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- /* If the policy allows signing with any hash, just pick one. */
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH &&
- usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) {
-#if defined(KNOWN_SUPPORTED_HASH_ALG)
- hash_alg = KNOWN_SUPPORTED_HASH_ALG;
- alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
-#else
- TEST_FAIL("No hash algorithm for hash-and-sign testing");
-#endif
- }
- psa_status_t status = PSA_SUCCESS;
-
- if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) &&
- PSA_ALG_IS_SIGN_HASH(alg)) {
- unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
- size_t payload_length = 16;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
- size_t signature_length = sizeof(signature);
-
- /* Some algorithms require the payload to have the size of
- * the hash encoded in the algorithm. Use this input size
- * even for algorithms that allow other input sizes. */
- if (hash_alg != 0) {
- payload_length = PSA_HASH_LENGTH(hash_alg);
- }
-
- if (usage & PSA_KEY_USAGE_SIGN_HASH) {
- status = psa_sign_hash(key, alg,
- payload, payload_length,
- signature, sizeof(signature),
- &signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_verify_hash(key, alg,
- payload, payload_length,
- signature, signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
- }
-
- if (can_sign_or_verify_message(usage, alg)) {
- unsigned char message[256] = "Hello, world...";
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
- size_t message_length = 16;
- size_t signature_length = sizeof(signature);
-
- if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
- status = psa_sign_message(key, alg,
- message, message_length,
- signature, sizeof(signature),
- &signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_verify_message(key, alg,
- message, message_length,
- signature, signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] =
- "Hello, world...";
- unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] =
- "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- size_t plaintext_length = 16;
- psa_status_t status = PSA_SUCCESS;
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_asymmetric_encrypt(key, alg,
- plaintext, plaintext_length,
- NULL, 0,
- ciphertext, sizeof(ciphertext),
- &ciphertext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- status = psa_asymmetric_decrypt(key, alg,
- ciphertext, ciphertext_length,
- NULL, 0,
- plaintext, sizeof(plaintext),
- &plaintext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == PSA_SUCCESS ||
- ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 &&
- (status == PSA_ERROR_INVALID_ARGUMENT ||
- status == PSA_ERROR_INVALID_PADDING)));
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char *input1, size_t input1_length,
- const unsigned char *input2, size_t input2_length,
- size_t capacity, int key_destroyable)
-{
- PSA_ASSERT(psa_key_derivation_setup(operation, alg));
- psa_status_t status = PSA_SUCCESS;
- if (PSA_ALG_IS_HKDF(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length));
- } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) {
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length));
- } else if (PSA_ALG_IS_TLS12_PRF(alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- input2, input2_length));
- } else if (PSA_ALG_IS_PBKDF2(alg)) {
- PSA_ASSERT(psa_key_derivation_input_integer(operation,
- PSA_KEY_DERIVATION_INPUT_COST,
- 1U));
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input2,
- input2_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_PASSWORD,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- input1, input1_length));
- } else {
- TEST_FAIL("Key derivation algorithm not supported");
- }
-
- if (capacity != SIZE_MAX) {
- PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity));
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-
-static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- unsigned char input1[] = "Input 1";
- size_t input1_length = sizeof(input1);
- unsigned char input2[] = "Input 2";
- size_t input2_length = sizeof(input2);
- unsigned char output[1];
- size_t capacity = sizeof(output);
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
- input1, input1_length,
- input2, input2_length,
- capacity, key_destroyable)) {
- goto exit;
- }
-
- psa_status_t status = psa_key_derivation_output_bytes(&operation,
- output,
- capacity);
- if (key_destroyable && status == PSA_ERROR_BAD_STATE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- } else {
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- }
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-/* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
-psa_status_t mbedtls_test_psa_key_agreement_with_self(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key, int key_destroyable)
-{
- psa_key_type_t private_key_type;
- psa_key_type_t public_key_type;
- size_t key_bits;
- uint8_t *public_key = NULL;
- size_t public_key_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return PSA_SUCCESS;
- }
- PSA_ASSERT(status);
-
- private_key_type = psa_get_key_type(&attributes);
- key_bits = psa_get_key_bits(&attributes);
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- TEST_CALLOC(public_key, public_key_length);
- status = psa_export_public_key(key, public_key, public_key_length,
- &public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- PSA_ASSERT(status);
-
- status = psa_key_derivation_key_agreement(
- operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
- public_key, public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(public_key);
- return status;
-}
-
-/* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
-psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
- psa_algorithm_t alg,
- mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- psa_key_type_t private_key_type;
- psa_key_type_t public_key_type;
- size_t key_bits;
- uint8_t *public_key = NULL;
- size_t public_key_length;
- uint8_t output[1024];
- size_t output_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return PSA_SUCCESS;
- }
- PSA_ASSERT(status);
-
- private_key_type = psa_get_key_type(&attributes);
- key_bits = psa_get_key_bits(&attributes);
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- TEST_CALLOC(public_key, public_key_length);
- status = psa_export_public_key(key,
- public_key, public_key_length,
- &public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- PSA_ASSERT(status);
-
- status = psa_raw_key_agreement(alg, key,
- public_key, public_key_length,
- output, sizeof(output), &output_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- if (status == PSA_SUCCESS) {
- TEST_ASSERT(output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type,
- key_bits));
- TEST_ASSERT(output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
- }
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(public_key);
- return status;
-}
-
-static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- int ok = 0;
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- /* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
- PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key,
- key_destroyable));
- }
- ok = 1;
-
-exit:
- return ok;
-}
-
-static int exercise_key_agreement_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- unsigned char input[1] = { 0 };
- unsigned char output[1];
- int ok = 0;
- psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
- psa_status_t expected_key_agreement_status = PSA_SUCCESS;
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- /* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
- PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
- if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SEED,
- input, sizeof(input)));
- }
-
- if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- input, sizeof(input)));
- }
-
- /* For HKDF_EXPAND input secret may fail as secret size may not match
- to expected PRK size. In practice it means that key bits must match
- hash length. Otherwise test should fail with INVALID_ARGUMENT. */
- if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- }
- PSA_ASSERT(status);
- size_t key_bits = psa_get_key_bits(&attributes);
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
-
- if (PSA_BITS_TO_BYTES(key_bits) != PSA_HASH_LENGTH(hash_alg)) {
- expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key,
- key_destroyable),
- expected_key_agreement_status);
-
- if (expected_key_agreement_status != PSA_SUCCESS) {
- return 1;
- }
-
- if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
- input, sizeof(input)));
- } else if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- input, sizeof(input)));
- }
- PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
- output,
- sizeof(output)));
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- }
- ok = 1;
-
-exit:
- return ok;
-}
-
-int mbedtls_test_psa_exported_key_sanity_check(
- psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length)
-{
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits));
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
- } else
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- uint8_t *p = (uint8_t *) exported;
- const uint8_t *end = exported + exported_length;
- size_t len;
- /* RSAPrivateKey ::= SEQUENCE {
- * version INTEGER, -- must be 0
- * modulus INTEGER, -- n
- * publicExponent INTEGER, -- e
- * privateExponent INTEGER, -- d
- * prime1 INTEGER, -- p
- * prime2 INTEGER, -- q
- * exponent1 INTEGER, -- d mod (p-1)
- * exponent2 INTEGER, -- d mod (q-1)
- * coefficient INTEGER, -- (inverse of q) mod p
- * }
- */
- TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED), 0);
- TEST_EQUAL(len, end - p);
- if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
- goto exit;
- }
- /* Require d to be at least half the size of n. */
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) {
- goto exit;
- }
- /* Require p and q to be at most half the size of n, rounded up. */
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- TEST_EQUAL(p - end, 0);
-
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
- } else
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
- if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
- /* Just the secret value */
- TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
-
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
- } else
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
- uint8_t *p = (uint8_t *) exported;
- const uint8_t *end = exported + exported_length;
- size_t len;
- /* RSAPublicKey ::= SEQUENCE {
- * modulus INTEGER, -- n
- * publicExponent INTEGER } -- e
- */
- TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED),
- 0);
- TEST_EQUAL(len, end - p);
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
- goto exit;
- }
- TEST_EQUAL(p - end, 0);
-
-
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- } else
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
- if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
-
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
-
- if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) {
- /* The representation of an ECC Montgomery public key is
- * the raw compressed point */
- TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length);
- } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) {
- /* The representation of an ECC Edwards public key is
- * the raw compressed point */
- TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length);
- } else {
- /* The representation of an ECC Weierstrass public key is:
- * - The byte 0x04;
- * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - where m is the bit size associated with the curve.
- */
- TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
- TEST_EQUAL(exported[0], 4);
- }
- } else
- if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) {
- TEST_ASSERT(exported_length ==
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- } else {
- (void) exported;
- TEST_FAIL("Sanity check not implemented for this key type");
- }
-
-#if defined(MBEDTLS_DES_C)
- if (type == PSA_KEY_TYPE_DES) {
- /* Check the parity bits. */
- unsigned i;
- for (i = 0; i < bits / 8; i++) {
- unsigned bit_count = 0;
- unsigned m;
- for (m = 1; m <= 0x100; m <<= 1) {
- if (exported[i] & m) {
- ++bit_count;
- }
- }
- TEST_ASSERT(bit_count % 2 != 0);
- }
- }
-#endif
-
- return 1;
-
-exit:
- return 0;
-}
-
-static int exercise_export_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- int key_destroyable)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t *exported = NULL;
- size_t exported_size = 0;
- size_t exported_length = 0;
- int ok = 0;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
-
- exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type(&attributes),
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_key(key, exported, exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- } else if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
- !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
- TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
- ok = 1;
- goto exit;
- }
- PSA_ASSERT(status);
- ok = mbedtls_test_psa_exported_key_sanity_check(
- psa_get_key_type(&attributes), psa_get_key_bits(&attributes),
- exported, exported_length);
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(exported);
- return ok;
-}
-
-static int exercise_export_public_key(mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t public_type;
- uint8_t *exported = NULL;
- size_t exported_size = 0;
- size_t exported_length = 0;
- int ok = 0;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
- if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) {
- exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type(&attributes),
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_public_key(key, exported,
- exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- }
- TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
- ok = 1;
- goto exit;
- }
-
- public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
- psa_get_key_type(&attributes));
- exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_public_key(key, exported,
- exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- }
- PSA_ASSERT(status);
- ok = mbedtls_test_psa_exported_key_sanity_check(
- public_type, psa_get_key_bits(&attributes),
- exported, exported_length);
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(exported);
- return ok;
-}
-
-int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- int ok = 0;
-
- if (!check_key_attributes_sanity(key, key_destroyable)) {
- return 0;
- }
-
- if (alg == 0) {
- ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
- } else if (PSA_ALG_IS_MAC(alg)) {
- ok = exercise_mac_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_CIPHER(alg)) {
- ok = exercise_cipher_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_AEAD(alg)) {
- ok = exercise_aead_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_SIGN(alg)) {
- ok = exercise_signature_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
- ok = exercise_asymmetric_encryption_key(key, usage, alg,
- key_destroyable);
- } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
- ok = exercise_key_derivation_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
- ok = exercise_raw_key_agreement_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
- ok = exercise_key_agreement_key(key, usage, alg, key_destroyable);
- } else {
- TEST_FAIL("No code to exercise this category of algorithm");
- }
-
- ok = ok && exercise_export_key(key,
- usage,
- key_destroyable);
- ok = ok && exercise_export_public_key(key,
- key_destroyable);
-
-exit:
- return ok;
-}
-
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
- psa_algorithm_t alg)
-{
- if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) {
- if (PSA_ALG_IS_SIGN_HASH(alg)) {
- if (PSA_ALG_SIGN_GET_HASH(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
- } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
-
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_HASH :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
- } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) ||
- PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
- } else if (PSA_ALG_IS_KEY_DERIVATION(alg) ||
- PSA_ALG_IS_KEY_AGREEMENT(alg)) {
- return PSA_KEY_USAGE_DERIVE;
- } else {
- return 0;
- }
-
-}
-
-int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg)
-{
- /* Reject algorithms that we know are not supported. Default to
- * attempting exercise, so that if an algorithm is missing from this
- * function, the result will be a test failure and not silently
- * omitting exercise. */
-#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
- if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PSS)
- if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT)
- if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_ECDSA)
- if (PSA_ALG_IS_ECDSA(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
- if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_ECDH)
- if (PSA_ALG_IS_ECDH(alg)) {
- return 0;
- }
-#endif
- (void) alg;
- return 1;
-}
-
-#if defined(MBEDTLS_PK_C)
-int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key,
- const mbedtls_pk_context *pk)
-{
- psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT;
- int ok = 0;
-
- PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes));
- psa_key_type_t psa_type = psa_get_key_type(&psa_attributes);
- mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
-
- TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) ||
- PSA_KEY_TYPE_IS_KEY_PAIR(psa_type));
- TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk));
-
- uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
- const uint8_t *pk_public = NULL;
- size_t pk_public_length = 0;
-
- switch (pk_type) {
-#if defined(MBEDTLS_RSA_C)
- case MBEDTLS_PK_RSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type));
- const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
- uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer);
- uint8_t *cursor = end;
- TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa,
- pk_public_buffer, &cursor));
- pk_public = cursor;
- pk_public_length = end - pk_public;
- break;
-#endif
-
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type));
- TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family);
- pk_public = pk->pub_raw;
- pk_public_length = pk->pub_raw_len;
- break;
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
-#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes)));
- const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
- TEST_EQUAL(mbedtls_ecp_write_public_key(
- ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length,
- pk_public_buffer, sizeof(pk_public_buffer)), 0);
- pk_public = pk_public_buffer;
- break;
-#endif /* MBEDTLS_PK_HAVE_ECC_KEYS && !MBEDTLS_PK_USE_PSA_EC_DATA */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- case MBEDTLS_PK_OPAQUE:
- PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes));
- psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes);
- TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type),
- PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type));
- PSA_ASSERT(psa_export_public_key(psa_key,
- pk_public_buffer,
- sizeof(pk_public_buffer),
- &pk_public_length));
- pk_public = pk_public_buffer;
- break;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- default:
- TEST_FAIL("pk type not supported");
- }
-
- uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
- size_t psa_public_length = 0;
- PSA_ASSERT(psa_export_public_key(psa_key,
- psa_public, sizeof(psa_public),
- &psa_public_length));
- TEST_MEMORY_COMPARE(pk_public, pk_public_length,
- psa_public, psa_public_length);
-
- ok = 1;
-
-exit:
- psa_reset_key_attributes(&psa_attributes);
- psa_reset_key_attributes(&pk_attributes);
- return ok;
-}
-#endif /* MBEDTLS_PK_C */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_memory_poisoning_wrappers.c b/tests/src/psa_memory_poisoning_wrappers.c
deleted file mode 100644
index 7b48c7c..0000000
--- a/tests/src/psa_memory_poisoning_wrappers.c
+++ /dev/null
@@ -1,32 +0,0 @@
-/** Helper functions for memory poisoning in tests.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#include <test/memory.h>
-#include <test/psa_memory_poisoning_wrappers.h>
-
-#include "psa_crypto_invasive.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-void mbedtls_poison_test_hooks_setup(void)
-{
- psa_input_pre_copy_hook = mbedtls_test_memory_unpoison;
- psa_input_post_copy_hook = mbedtls_test_memory_poison;
- psa_output_pre_copy_hook = mbedtls_test_memory_unpoison;
- psa_output_post_copy_hook = mbedtls_test_memory_poison;
-}
-
-void mbedtls_poison_test_hooks_teardown(void)
-{
- psa_input_pre_copy_hook = NULL;
- psa_input_post_copy_hook = NULL;
- psa_output_pre_copy_hook = NULL;
- psa_output_post_copy_hook = NULL;
-}
-
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C &&
- MBEDTLS_TEST_MEMORY_CAN_POISON */
diff --git a/tests/src/random.c b/tests/src/random.c
deleted file mode 100644
index d041f36..0000000
--- a/tests/src/random.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * \file random.c
- *
- * \brief This file contains the helper functions to generate random numbers
- * for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/*
- * for arc4random_buf() from <stdlib.h>
- */
-#if defined(__NetBSD__)
-#define _NETBSD_SOURCE 1
-#elif defined(__OpenBSD__)
-#define _BSD_SOURCE 1
-#endif
-
-#include <test/macros.h>
-#include <test/random.h>
-#include <string.h>
-
-#include <mbedtls/entropy.h>
-#include <alignment.h>
-
-int mbedtls_test_rnd_std_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
-#if !defined(__OpenBSD__) && !defined(__NetBSD__)
- size_t i;
-
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- for (i = 0; i < len; ++i) {
- output[i] = rand();
- }
-#else
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- arc4random_buf(output, len);
-#endif /* !OpenBSD && !NetBSD */
-
- return 0;
-}
-
-int mbedtls_test_rnd_zero_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- memset(output, 0, len);
-
- return 0;
-}
-
-int mbedtls_test_rnd_buffer_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state;
- size_t use_len;
-
- if (rng_state == NULL) {
- return mbedtls_test_rnd_std_rand(NULL, output, len);
- }
-
- use_len = len;
- if (len > info->length) {
- use_len = info->length;
- }
-
- if (use_len) {
- memcpy(output, info->buf, use_len);
- info->buf += use_len;
- info->length -= use_len;
- }
-
- if (len - use_len > 0) {
- if (info->fallback_f_rng != NULL) {
- return info->fallback_f_rng(info->fallback_p_rng,
- output + use_len,
- len - use_len);
- } else {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
- }
-
- return 0;
-}
-
-int mbedtls_test_rnd_pseudo_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- mbedtls_test_rnd_pseudo_info *info =
- (mbedtls_test_rnd_pseudo_info *) rng_state;
- uint32_t i, *k, sum, delta = 0x9E3779B9;
- unsigned char result[4], *out = output;
-
- if (rng_state == NULL) {
- return mbedtls_test_rnd_std_rand(NULL, output, len);
- }
-
- k = info->key;
-
- while (len > 0) {
- size_t use_len = (len > 4) ? 4 : len;
- sum = 0;
-
- for (i = 0; i < 32; i++) {
- info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5))
- + info->v1) ^ (sum + k[sum & 3]);
- sum += delta;
- info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5))
- + info->v0) ^ (sum + k[(sum>>11) & 3]);
- }
-
- MBEDTLS_PUT_UINT32_BE(info->v0, result, 0);
- memcpy(out, result, use_len);
- len -= use_len;
- out += 4;
- }
-
- return 0;
-}
diff --git a/tests/src/test_memory.c b/tests/src/test_memory.c
deleted file mode 100644
index ac9dde6..0000000
--- a/tests/src/test_memory.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * \file memory.c
- *
- * \brief Helper functions related to testing memory management.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <test/memory.h>
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-#include <sanitizer/asan_interface.h>
-#include <stdint.h>
-#endif
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-_Thread_local unsigned int mbedtls_test_memory_poisoning_count = 0;
-
-static void align_for_asan(const unsigned char **p_ptr, size_t *p_size)
-{
- uintptr_t start = (uintptr_t) *p_ptr;
- uintptr_t end = start + (uintptr_t) *p_size;
- /* ASan can only poison regions with 8-byte alignment, and only poisons a
- * region if it's fully within the requested range. We want to poison the
- * whole requested region and don't mind a few extra bytes. Therefore,
- * align start down to an 8-byte boundary, and end up to an 8-byte
- * boundary. */
- start = start & ~(uintptr_t) 7;
- end = (end + 7) & ~(uintptr_t) 7;
- *p_ptr = (const unsigned char *) start;
- *p_size = end - start;
-}
-
-void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size)
-{
- if (mbedtls_test_memory_poisoning_count == 0) {
- return;
- }
- if (size == 0) {
- return;
- }
- align_for_asan(&ptr, &size);
- __asan_poison_memory_region(ptr, size);
-}
-
-void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size)
-{
- if (size == 0) {
- return;
- }
- align_for_asan(&ptr, &size);
- __asan_unpoison_memory_region(ptr, size);
-}
-#endif /* Memory poisoning */
diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c
deleted file mode 100644
index c1686c2..0000000
--- a/tests/src/threading_helpers.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/** Mutex usage verification framework. */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/threading_helpers.h>
-#include <test/macros.h>
-
-#include "mbedtls/threading.h"
-
-#if defined(MBEDTLS_THREADING_C)
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-
-static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)(
- void *), void *thread_data)
-{
- if (thread == NULL || thread_func == NULL) {
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
- }
-
- if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) {
- return MBEDTLS_ERR_THREADING_THREAD_ERROR;
- }
-
- return 0;
-}
-
-static int threading_thread_join_pthread(mbedtls_test_thread_t *thread)
-{
- if (thread == NULL) {
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
- }
-
- if (pthread_join(thread->thread, NULL) != 0) {
- return MBEDTLS_ERR_THREADING_THREAD_ERROR;
- }
-
- return 0;
-}
-
-int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
- void *thread_data) = threading_thread_create_pthread;
-int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread;
-
-#endif /* MBEDTLS_THREADING_PTHREAD */
-
-#if defined(MBEDTLS_THREADING_ALT)
-
-static int threading_thread_create_fail(mbedtls_test_thread_t *thread,
- void *(*thread_func)(void *),
- void *thread_data)
-{
- (void) thread;
- (void) thread_func;
- (void) thread_data;
-
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
-}
-
-static int threading_thread_join_fail(mbedtls_test_thread_t *thread)
-{
- (void) thread;
-
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
-}
-
-int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
- void *thread_data) = threading_thread_create_fail;
-int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail;
-
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-
-#include "mbedtls/threading.h"
-
-/** Mutex usage verification framework.
- *
- * The mutex usage verification code below aims to detect bad usage of
- * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely
- * about the use of the mutex itself, not about checking whether the mutex
- * correctly protects whatever it is supposed to protect.
- *
- * The normal usage of a mutex is:
- * ```
- * digraph mutex_states {
- * "UNINITIALIZED"; // the initial state
- * "IDLE";
- * "FREED";
- * "LOCKED";
- * "UNINITIALIZED" -> "IDLE" [label="init"];
- * "FREED" -> "IDLE" [label="init"];
- * "IDLE" -> "LOCKED" [label="lock"];
- * "LOCKED" -> "IDLE" [label="unlock"];
- * "IDLE" -> "FREED" [label="free"];
- * }
- * ```
- *
- * All bad transitions that can be unambiguously detected are reported.
- * An attempt to use an uninitialized mutex cannot be detected in general
- * since the memory content may happen to denote a valid state. For the same
- * reason, a double init cannot be detected.
- * All-bits-zero is the state of a freed mutex, which is distinct from an
- * initialized mutex, so attempting to use zero-initialized memory as a mutex
- * without calling the init function is detected.
- *
- * The framework attempts to detect missing calls to init and free by counting
- * calls to init and free. If there are more calls to init than free, this
- * means that a mutex is not being freed somewhere, which is a memory leak
- * on platforms where a mutex consumes resources other than the
- * mbedtls_threading_mutex_t object itself. If there are more calls to free
- * than init, this indicates a missing init, which is likely to be detected
- * by an attempt to lock the mutex as well. A limitation of this framework is
- * that it cannot detect scenarios where there is exactly the same number of
- * calls to init and free but the calls don't match. A bug like this is
- * unlikely to happen uniformly throughout the whole test suite though.
- *
- * If an error is detected, this framework will report what happened and the
- * test case will be marked as failed. Unfortunately, the error report cannot
- * indicate the exact location of the problematic call. To locate the error,
- * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
- */
-enum value_of_mutex_state_field {
- /* Potential values for the state field of mbedtls_threading_mutex_t.
- * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
- * compatibility with threading_mutex_init_pthread() and
- * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
- * value. */
- MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free
- MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock
- MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock
-};
-
-typedef struct {
- void (*init)(mbedtls_threading_mutex_t *);
- void (*free)(mbedtls_threading_mutex_t *);
- int (*lock)(mbedtls_threading_mutex_t *);
- int (*unlock)(mbedtls_threading_mutex_t *);
-} mutex_functions_t;
-static mutex_functions_t mutex_functions;
-
-/**
- * The mutex used to guard live_mutexes below and access to the status variable
- * in every mbedtls_threading_mutex_t.
- * Note that we are not reporting any errors when locking and unlocking this
- * mutex. This is for a couple of reasons:
- *
- * 1. We have no real way of reporting any errors with this mutex - we cannot
- * report it back to the caller, as the failure was not that of the mutex
- * passed in. We could fail the test, but again this would indicate a problem
- * with the test code that did not exist.
- *
- * 2. Any failure to lock is unlikely to be intermittent, and will thus not
- * give false test results - the overall result would be to turn off the
- * testing. This is not a situation that is likely to happen with normal
- * testing and we still have TSan to fall back on should this happen.
- */
-mbedtls_threading_mutex_t mbedtls_test_mutex_mutex;
-
-/**
- * The total number of calls to mbedtls_mutex_init(), minus the total number
- * of calls to mbedtls_mutex_free().
- *
- * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset
- * to 0 after each test case.
- */
-static int live_mutexes;
-
-static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
- const char *msg)
-{
- (void) mutex;
-
- mbedtls_test_set_mutex_usage_error(msg);
- mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
- /* Don't mark the test as failed yet. This way, if the test fails later
- * for a functional reason, the test framework will report the message
- * and location for this functional reason. If the test passes,
- * mbedtls_test_mutex_usage_check() will mark it as failed. */
-}
-
-static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex)
-{
- /* If we attempt to run tests on this mutex then we are going to run into a
- * couple of problems:
- * 1. If any test on this mutex fails, we are going to deadlock when
- * reporting that failure, as we already hold the mutex at that point.
- * 2. Given the 'global' position of the initialization and free of this
- * mutex, it will be shown as leaked on the first test run. */
- if (mutex == mbedtls_test_get_info_mutex()) {
- return 0;
- }
-
- return 1;
-}
-
-static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
-{
- mutex_functions.init(mutex);
-
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- mutex->state = MUTEX_IDLE;
- ++live_mutexes;
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-}
-
-static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
-{
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
-
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
- break;
- case MUTEX_IDLE:
- mutex->state = MUTEX_FREED;
- --live_mutexes;
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "free without unlock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- mutex_functions.free(mutex);
-}
-
-static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
-{
- /* Lock the passed in mutex first, so that the only way to change the state
- * is to hold the passed in and internal mutex - otherwise we create a race
- * condition. */
- int ret = mutex_functions.lock(mutex);
-
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "lock without init");
- break;
- case MUTEX_IDLE:
- if (ret == 0) {
- mutex->state = MUTEX_LOCKED;
- }
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "double lock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- return ret;
-}
-
-static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
-{
- /* Lock the internal mutex first and change state, so that the only way to
- * change the state is to hold the passed in and internal mutex - otherwise
- * we create a race condition. */
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "unlock without init");
- break;
- case MUTEX_IDLE:
- mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
- break;
- case MUTEX_LOCKED:
- mutex->state = MUTEX_IDLE;
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- return mutex_functions.unlock(mutex);
-}
-
-void mbedtls_test_mutex_usage_init(void)
-{
- mutex_functions.init = mbedtls_mutex_init;
- mutex_functions.free = mbedtls_mutex_free;
- mutex_functions.lock = mbedtls_mutex_lock;
- mutex_functions.unlock = mbedtls_mutex_unlock;
- mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init;
- mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
- mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
- mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
-
- mutex_functions.init(&mbedtls_test_mutex_mutex);
-}
-
-void mbedtls_test_mutex_usage_check(void)
-{
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- if (live_mutexes != 0) {
- /* A positive number (more init than free) means that a mutex resource
- * is leaking (on platforms where a mutex consumes more than the
- * mbedtls_threading_mutex_t object itself). The (hopefully) rare
- * case of a negative number means a missing init somewhere. */
- mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
- live_mutexes = 0;
- mbedtls_test_set_mutex_usage_error("missing free");
- }
- if (mbedtls_test_get_mutex_usage_error() != NULL &&
- mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) {
- /* Functionally, the test passed. But there was a mutex usage error,
- * so mark the test as failed after all. */
- mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
- }
- mbedtls_test_set_mutex_usage_error(NULL);
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
-}
-
-void mbedtls_test_mutex_usage_end(void)
-{
- mbedtls_mutex_init = mutex_functions.init;
- mbedtls_mutex_free = mutex_functions.free;
- mbedtls_mutex_lock = mutex_functions.lock;
- mbedtls_mutex_unlock = mutex_functions.unlock;
-
- mutex_functions.free(&mbedtls_test_mutex_mutex);
-}
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-#endif /* MBEDTLS_THREADING_C */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 3315ba2..2750fa9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -989,6 +989,14 @@
fi
}
+# Skip the next test if called by all.sh in a component with MSan
+# (which we also call MemSan) or Valgrind.
+not_with_msan_or_valgrind() {
+ case "_${MBEDTLS_TEST_CONFIGURATION:-}_" in
+ *_msan_*|*_memsan_*|*_valgrind_*) SKIP_NEXT="YES";;
+ esac
+}
+
# skip the next test if valgrind is in use
not_with_valgrind() {
if [ "$MEMCHECK" -gt 0 ]; then
@@ -14339,6 +14347,14 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
+# Tests using FFDH with a large prime take a long time to run with a memory
+# sanitizer. GnuTLS <=3.8.1 has a hard-coded timeout and gives up after
+# 30s (since 3.8.1, it can be configured with --timeout). We've observed
+# 8192-bit FFDH test cases failing intermittently on heavily loaded CI
+# executors (https://github.com/Mbed-TLS/mbedtls/issues/9742),
+# when using MSan. As a workaround, skip them.
+# Also skip 6144-bit FFDH to have a bit of safety margin.
+not_with_msan_or_valgrind
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
"$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
@@ -14359,6 +14375,7 @@
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_6144
+not_with_msan_or_valgrind
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
"$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
@@ -14380,6 +14397,7 @@
requires_gnutls_tls1_3
requires_gnutls_next_no_ticket
requires_gnutls_next_disable_tls13_compat
+not_with_msan_or_valgrind
client_needs_more_time 4
run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
"$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
@@ -14401,6 +14419,7 @@
requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
requires_config_enabled PSA_WANT_ALG_FFDH
requires_config_enabled PSA_WANT_DH_RFC7919_8192
+not_with_msan_or_valgrind
client_needs_more_time 4
run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
"$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 3d2b8a1..36f1476 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -212,28 +212,22 @@
int output_size, int result)
{
mbedtls_mpi X;
- unsigned char buf[1000];
- size_t buflen;
-
- memset(buf, 0x00, 1000);
-
mbedtls_mpi_init(&X);
+ unsigned char *buf = NULL;
- TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- buflen = mbedtls_mpi_size(&X);
- if (buflen > (size_t) output_size) {
- buflen = (size_t) output_size;
- }
+ TEST_CALLOC(buf, output_size);
- TEST_ASSERT(mbedtls_mpi_write_binary(&X, buf, buflen) == result);
+ TEST_EQUAL(mbedtls_mpi_write_binary(&X, buf, output_size), result);
+
if (result == 0) {
-
- TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
- buflen, input_A->len) == 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x,
+ output_size, input_A->len), 0);
}
exit:
+ mbedtls_free(buf);
mbedtls_mpi_free(&X);
}
/* END_CASE */
@@ -243,28 +237,22 @@
int output_size, int result)
{
mbedtls_mpi X;
- unsigned char buf[1000];
- size_t buflen;
-
- memset(buf, 0x00, 1000);
-
mbedtls_mpi_init(&X);
+ unsigned char *buf = NULL;
- TEST_ASSERT(mbedtls_test_read_mpi(&X, input_X) == 0);
+ TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- buflen = mbedtls_mpi_size(&X);
- if (buflen > (size_t) output_size) {
- buflen = (size_t) output_size;
- }
+ TEST_CALLOC(buf, output_size);
- TEST_ASSERT(mbedtls_mpi_write_binary_le(&X, buf, buflen) == result);
+ TEST_EQUAL(mbedtls_mpi_write_binary_le(&X, buf, output_size), result);
+
if (result == 0) {
-
- TEST_ASSERT(mbedtls_test_hexcmp(buf, input_A->x,
- buflen, input_A->len) == 0);
+ TEST_EQUAL(mbedtls_test_hexcmp(buf, input_A->x,
+ output_size, input_A->len), 0);
}
exit:
+ mbedtls_free(buf);
mbedtls_mpi_free(&X);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index c16c689..2e3ff1e 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -92,7 +92,10 @@
mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448B952FBBEF93F89286BA330E62528B151EAC265CC8CE3038519D09E148AF89288E91F48B41ACAD55D9DC5E2B18097C106BE4CE132721BF6359EAF403E7FF90623E8866EE5C192320418DAA682F144ADEDF84F25DE11F49D1FE009D374109"
Base test mbedtls_mpi_write_binary #1
-mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
+mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"000000000941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":100:0
+
+Test mbedtls_mpi_write_binary #1 (Buffer is larger)
+mpi_write_binary:"123123123123123123123123123":"000123123123123123123123123123":15:0
Test mbedtls_mpi_write_binary #1 (Buffer just fits)
mpi_write_binary:"123123123123123123123123123":"0123123123123123123123123123":14:0
@@ -100,8 +103,17 @@
Test mbedtls_mpi_write_binary #2 (Buffer too small)
mpi_write_binary:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+Test mbedtls_mpi_write_binary: nonzero to NULL
+mpi_write_binary:"01":"":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+Test mbedtls_mpi_write_binary: 0 to NULL
+mpi_write_binary:"00":"":0:0
+
Base test mbedtls_mpi_write_binary_le #1
-mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
+mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d37410900000000":100:0
+
+Test mbedtls_mpi_write_binary_le #1 (Buffer is larger)
+mpi_write_binary_le:"123123123123123123123123123":"233112233112233112233112230100":15:0
Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
mpi_write_binary_le:"123123123123123123123123123":"2331122331122331122331122301":14:0
@@ -109,6 +121,12 @@
Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
mpi_write_binary_le:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+Test mbedtls_mpi_write_binary_le: nonzero to NULL
+mpi_write_binary_le:"01":"":0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+
+Test mbedtls_mpi_write_binary_le: 0 to NULL
+mpi_write_binary_le:"00":"":0:0
+
Base test mbedtls_mpi_read_file #1
mpi_read_file:"../framework/data_files/mpi_16":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index dbb313b..798be77 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -79,11 +79,11 @@
void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[32];
int ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
memset(key, 0x2A, sizeof(key));
TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
@@ -101,6 +101,7 @@
void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@@ -110,7 +111,6 @@
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_CALLOC_OR_SKIP(add, add_len);
memset(key, 0, sizeof(key));
@@ -146,6 +146,7 @@
int res)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
unsigned char key[16];
unsigned char msg[10];
unsigned char iv[14];
@@ -155,7 +156,6 @@
int decrypt_ret;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
memset(key, 0, sizeof(key));
memset(msg, 0, sizeof(msg));
@@ -191,6 +191,7 @@
data_t *add, data_t *result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
uint8_t *tag_buf = NULL;
@@ -207,7 +208,6 @@
TEST_CALLOC(tag_buf, expected_tag_len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
@@ -248,11 +248,11 @@
data_t *msg, data_t *iv, data_t *result)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
@@ -277,6 +277,7 @@
data_t *expected_msg)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t n1, n1_add;
const size_t expected_msg_len = msg->len - expected_tag_len;
@@ -290,7 +291,6 @@
}
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
@@ -343,6 +343,7 @@
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
uint8_t *io_msg_buf = NULL;
@@ -379,7 +380,6 @@
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
key->x, key->len * 8), 0);
/* Test with input == output */
@@ -430,6 +430,7 @@
{
unsigned char iv[13];
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
size_t iv_len, expected_tag_len;
size_t n1, n1_add;
@@ -460,7 +461,6 @@
iv_len = sizeof(iv);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
/* Test with input == output */
TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
@@ -507,6 +507,7 @@
data_t *result, data_t *tag)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
@@ -514,7 +515,6 @@
TEST_EQUAL(msg->len, result->len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
@@ -547,10 +547,10 @@
data_t *tag)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
@@ -577,9 +577,12 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
+
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -600,9 +603,9 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -622,11 +625,11 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@@ -651,10 +654,13 @@
data_t *key, data_t *iv, data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -680,9 +686,9 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -706,13 +712,16 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t add_second_buffer[2];
+ /* This test can't be run with empty additional data */
+ TEST_LE_U(1, add->len);
+
add_second_buffer[0] = add->x[add->len - 1];
add_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for msg length and tag length. They are not a part of this test
@@ -735,11 +744,14 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -765,11 +777,14 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is not a part of this test
@@ -801,11 +816,11 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -834,15 +849,18 @@
data_t *add)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
size_t olen;
uint8_t msg_second_buffer[2];
+ /* This test can't be run with an empty message */
+ TEST_LE_U(1, msg->len);
+
msg_second_buffer[0] = msg->x[msg->len - 1];
msg_second_buffer[1] = 0xAB; // some magic value
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded value for tag length. It is a not a part of this test
@@ -869,10 +887,10 @@
data_t *key, data_t *iv)
{
mbedtls_ccm_context ctx;
+ mbedtls_ccm_init(&ctx);
uint8_t *output = NULL;
BLOCK_CIPHER_PSA_INIT();
- mbedtls_ccm_init(&ctx);
TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
// use hardcoded values for add length, msg length and tag length.
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index 3127365..2f985ba 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -4,7 +4,7 @@
* Functional testing of functions in the constant_time module.
*
* The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC
- * (see tests/include/test/constant_flow.h) so that running the tests
+ * (see framework/tests/include/test/constant_flow.h) so that running the tests
* under MSan or Valgrind will detect a non-constant-time implementation.
*/
diff --git a/tests/suites/test_suite_ctr_drbg.function b/tests/suites/test_suite_ctr_drbg.function
index 9fa55a7..78a63ea 100644
--- a/tests/suites/test_suite_ctr_drbg.function
+++ b/tests/suites/test_suite_ctr_drbg.function
@@ -363,14 +363,14 @@
* as this was the value used when the expected answers were calculated. */
const size_t entropy_len = 48;
+ mbedtls_ctr_drbg_context ctx;
+ mbedtls_ctr_drbg_init(&ctx);
+
AES_PSA_INIT();
TEST_CALLOC(threads, sizeof(mbedtls_test_thread_t) * thread_count);
memset(out, 0, sizeof(out));
- mbedtls_ctr_drbg_context ctx;
- mbedtls_ctr_drbg_init(&ctx);
-
test_offset_idx = 0;
/* Need to set a non-default fixed entropy len, to ensure same output across
diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function
index f16a6d4..d9ff802 100644
--- a/tests/suites/test_suite_ecdsa.function
+++ b/tests/suites/test_suite_ecdsa.function
@@ -196,13 +196,12 @@
{
mbedtls_ecp_group grp;
mbedtls_mpi d, r, s, r_check, s_check;
-
- MD_PSA_INIT();
-
mbedtls_ecp_group_init(&grp);
mbedtls_mpi_init(&d); mbedtls_mpi_init(&r); mbedtls_mpi_init(&s);
mbedtls_mpi_init(&r_check); mbedtls_mpi_init(&s_check);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_ecp_group_load(&grp, id) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&d, d_str) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&r_check, r_str) == 0);
@@ -235,13 +234,13 @@
unsigned char sig[200];
size_t sig_len, i;
- MD_PSA_INIT();
-
mbedtls_ecdsa_init(&ctx);
memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
memset(hash, 0, sizeof(hash));
memset(sig, 0x2a, sizeof(sig));
+ MD_PSA_INIT();
+
/* generate signing key */
TEST_ASSERT(mbedtls_ecdsa_genkey(&ctx, id,
&mbedtls_test_rnd_pseudo_rand,
@@ -300,13 +299,13 @@
unsigned char sig[200];
size_t sig_len, i;
- MD_PSA_INIT();
-
mbedtls_ecdsa_init(&ctx);
memset(&rnd_info, 0x00, sizeof(mbedtls_test_rnd_pseudo_info));
memset(hash, 0, sizeof(hash));
memset(sig, 0x2a, sizeof(sig));
+ MD_PSA_INIT();
+
/* prepare material for signature */
TEST_ASSERT(mbedtls_test_rnd_pseudo_rand(&rnd_info,
hash, sizeof(hash)) == 0);
@@ -436,12 +435,12 @@
unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
size_t slen;
- MD_PSA_INIT();
-
mbedtls_ecdsa_restart_init(&rs_ctx);
mbedtls_ecdsa_init(&ctx);
memset(sig, 0, sizeof(sig));
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_ecp_group_load(&ctx.grp, id) == 0);
TEST_ASSERT(mbedtls_test_read_mpi(&ctx.d, d_str) == 0);
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 177e09a..7f73195 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -102,6 +102,7 @@
void ecjpake_invalid_param()
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
unsigned char buf[42] = { 0 };
size_t const len = sizeof(buf);
mbedtls_ecjpake_role invalid_role = (mbedtls_ecjpake_role) 42;
@@ -110,8 +111,6 @@
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_EQUAL(MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
mbedtls_ecjpake_setup(&ctx,
invalid_role,
@@ -139,13 +138,13 @@
void read_bad_md(data_t *msg)
{
mbedtls_ecjpake_context corrupt_ctx;
+ mbedtls_ecjpake_init(&corrupt_ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
int any_role = MBEDTLS_ECJPAKE_CLIENT;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&corrupt_ctx);
TEST_ASSERT(mbedtls_ecjpake_setup(&corrupt_ctx, any_role,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -164,13 +163,12 @@
void read_round_one(int role, data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, role,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -187,13 +185,12 @@
void read_round_two_cli(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_CLIENT,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
@@ -216,13 +213,12 @@
void read_round_two_srv(data_t *msg, int ref_ret)
{
mbedtls_ecjpake_context ctx;
+ mbedtls_ecjpake_init(&ctx);
const unsigned char *pw = NULL;
const size_t pw_len = 0;
MD_PSA_INIT();
- mbedtls_ecjpake_init(&ctx);
-
TEST_ASSERT(mbedtls_ecjpake_setup(&ctx, MBEDTLS_ECJPAKE_SERVER,
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw,
pw_len) == 0);
diff --git a/tests/suites/test_suite_hmac_drbg.function b/tests/suites/test_suite_hmac_drbg.function
index 0a50c6c..fbe1b03 100644
--- a/tests/suites/test_suite_hmac_drbg.function
+++ b/tests/suites/test_suite_hmac_drbg.function
@@ -41,8 +41,6 @@
size_t default_entropy_len;
size_t expected_consumed_entropy = 0;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
memset(buf, 0, sizeof(buf));
memset(out, 0, sizeof(out));
@@ -50,6 +48,8 @@
entropy.len = sizeof(buf);
entropy.p = buf;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
if (mbedtls_md_get_size(md_info) <= 20) {
@@ -129,11 +129,10 @@
{
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
+ mbedtls_hmac_drbg_init(&ctx);
MD_PSA_INIT();
- mbedtls_hmac_drbg_init(&ctx);
-
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -159,12 +158,12 @@
mbedtls_hmac_drbg_context ctx;
size_t i;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
memset(buf, 0, sizeof(buf));
memset(out, 0, sizeof(out));
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
TEST_ASSERT(mbedtls_hmac_drbg_seed_buf(&ctx, md_info, buf, sizeof(buf)) == 0);
@@ -194,13 +193,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -244,13 +243,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
@@ -279,13 +278,13 @@
const mbedtls_md_info_t *md_info;
mbedtls_hmac_drbg_context ctx;
- MD_PSA_INIT();
-
mbedtls_hmac_drbg_init(&ctx);
p_entropy.p = entropy->x;
p_entropy.len = entropy->len;
+ MD_PSA_INIT();
+
md_info = mbedtls_md_info_from_type(md_alg);
TEST_ASSERT(md_info != NULL);
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index 2a885e2..4e62154 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -21,10 +21,10 @@
const int *md_type_ptr;
const mbedtls_md_info_t *info;
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
unsigned char out[MBEDTLS_MD_MAX_SIZE] = { 0 };
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
/*
* Test that mbedtls_md_list() only returns valid MDs.
@@ -87,13 +87,13 @@
void md_null_args()
{
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
#if defined(MBEDTLS_MD_C)
const mbedtls_md_info_t *info = mbedtls_md_info_from_type(*(mbedtls_md_list()));
#endif
unsigned char buf[1] = { 0 };
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
TEST_EQUAL(0, mbedtls_md_get_size(NULL));
#if defined(MBEDTLS_MD_C)
@@ -245,12 +245,11 @@
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
-
- MD_PSA_INIT();
-
mbedtls_md_init(&ctx);
mbedtls_md_init(&ctx_copy);
+ MD_PSA_INIT();
+
halfway = src_len / 2;
md_info = mbedtls_md_info_from_type(md_type);
@@ -291,13 +290,12 @@
unsigned char output[MBEDTLS_MD_MAX_SIZE] = { 0 };
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx, ctx_copy;
+ mbedtls_md_init(&ctx);
+ mbedtls_md_init(&ctx_copy);
int halfway;
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
- mbedtls_md_init(&ctx_copy);
-
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 0));
@@ -363,12 +361,11 @@
unsigned char output[MBEDTLS_MD_MAX_SIZE] = { 0 };
const mbedtls_md_info_t *md_info = NULL;
mbedtls_md_context_t ctx;
+ mbedtls_md_init(&ctx);
int halfway;
MD_PSA_INIT();
- mbedtls_md_init(&ctx);
-
md_info = mbedtls_md_info_from_type(md_type);
TEST_ASSERT(md_info != NULL);
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function
index 413dc55..091cbd1 100644
--- a/tests/suites/test_suite_pem.function
+++ b/tests/suites/test_suite_pem.function
@@ -66,6 +66,7 @@
char *pwd, int res, data_t *out)
{
mbedtls_pem_context ctx;
+ mbedtls_pem_init(&ctx);
int ret;
size_t use_len = 0;
size_t pwd_len = strlen(pwd);
@@ -73,8 +74,6 @@
MD_PSA_INIT();
- mbedtls_pem_init(&ctx);
-
ret = mbedtls_pem_read_buffer(&ctx, header, footer, (unsigned char *) data,
(unsigned char *) pwd, pwd_len, &use_len);
TEST_ASSERT(ret == res);
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index 6261979..a15d5d7 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -14,18 +14,18 @@
{
unsigned char output[256];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, E;
-
- MD_PSA_INIT();
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
memset(output, 0x00, sizeof(output));
@@ -66,17 +66,16 @@
{
unsigned char output[64];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
size_t output_len;
mbedtls_test_rnd_pseudo_info rnd_info;
mbedtls_mpi N, P, Q, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
((void) seed);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
- mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
-
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -131,19 +130,19 @@
{
unsigned char output[512];
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_test_rnd_buf_info info;
mbedtls_mpi N, P, Q, E;
-
- MD_PSA_INIT();
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
+ mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
info.fallback_f_rng = mbedtls_test_rnd_std_rand;
info.fallback_p_rng = NULL;
info.buf = rnd_buf->x;
info.length = rnd_buf->len;
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
- mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
+ MD_PSA_INIT();
+
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -196,13 +195,13 @@
char *salt, data_t *result_str, int result)
{
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_mpi N, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
((void) salt);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, hash) == 0);
@@ -236,12 +235,12 @@
int result_full)
{
mbedtls_rsa_context ctx;
+ mbedtls_rsa_init(&ctx);
mbedtls_mpi N, E;
+ mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
MD_PSA_INIT();
- mbedtls_mpi_init(&N); mbedtls_mpi_init(&E);
- mbedtls_rsa_init(&ctx);
TEST_ASSERT(mbedtls_rsa_set_padding(&ctx,
MBEDTLS_RSA_PKCS_V21, ctx_hash) == 0);
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 1442749..b25a796 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -51,23 +51,23 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_2048_aes256.pem":"testkey":0
Parse RSA Key #14 (4096-bit, DES Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_des.pem":"testkey":0
Parse RSA Key #15 (4096-bit, 3DES Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_3des.pem":"testkey":0
Parse RSA Key #16 (4096-bit, AES-128 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes128.pem":"testkey":0
Parse RSA Key #17 (4096-bit, AES-192 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes192.pem":"testkey":0
Parse RSA Key #18 (4096-bit, AES-256 Encrypted)
-depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
+depends_on:MBEDTLS_MD_CAN_MD5:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs1_4096_aes256.pem":"testkey":0
Parse RSA Key #19 (PKCS#8 wrapped)
@@ -99,15 +99,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #22 (PKCS#8 encrypted SHA1-3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #22.1 (PKCS#8 encrypted SHA1-3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #22.2 (PKCS#8 encrypted SHA1-3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER)
@@ -119,7 +119,7 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der":"PolarSSLTest":0
Parse RSA Key #25 (PKCS#8 encrypted SHA1-3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES)
@@ -147,15 +147,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #28 (PKCS#8 encrypted SHA1-2DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSSLTest":0
Parse RSA Key #28.1 (PKCS#8 encrypted SHA1-2DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER)
@@ -167,7 +167,7 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der":"PolarSSLTest":0
Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der":"PolarSSLTest":0
Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES)
@@ -195,15 +195,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0
Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER)
@@ -231,15 +231,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0
Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES)
@@ -267,15 +267,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0
Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER)
@@ -303,15 +303,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0
Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA1:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #50 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224)
@@ -339,15 +339,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #52 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #52.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #52.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #53 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER)
@@ -375,15 +375,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #55 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTest":0
Parse RSA Key #55.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #55.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #56 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224)
@@ -411,15 +411,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #58 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTest":0
Parse RSA Key #58.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #58.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #59 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER)
@@ -447,15 +447,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #61 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTest":0
Parse RSA Key #61.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #61.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA224 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA224:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha224.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #62 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256)
@@ -483,15 +483,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #64 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #64.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #64.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #65 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER)
@@ -519,15 +519,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #67 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTest":0
Parse RSA Key #68.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #68.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #69 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256)
@@ -555,15 +555,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #71 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTest":0
Parse RSA Key #71.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #71.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #72 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER)
@@ -591,15 +591,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #74 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTest":0
Parse RSA Key #74.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #74.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA256 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha256.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #75 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384)
@@ -627,15 +627,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #77 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #77.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #77.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #78 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER)
@@ -663,15 +663,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #80 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTest":0
Parse RSA Key #80.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #80.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #81 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384)
@@ -699,15 +699,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #83 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTest":0
Parse RSA Key #83.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #83.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #84 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER)
@@ -735,15 +735,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #87 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTest":0
Parse RSA Key #87.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #87.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA384 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA384:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha384.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #88 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512)
@@ -771,15 +771,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #90 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #90.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #90.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #91 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER)
@@ -807,15 +807,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #93 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTest":0
Parse RSA Key #93.1 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #93.2 (PKCS#8 encrypted v2 PBKDF2 3DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #94 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512)
@@ -843,15 +843,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #96 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTest":0
Parse RSA Key #96.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #96.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #97 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER)
@@ -879,15 +879,15 @@
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTest":0
Parse RSA Key #99.1 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, wrong PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #99.2 (PKCS#8 encrypted v2 PBKDF2 DES hmacWithSHA512 DER, 4096-bit, no PW)
-depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C
+depends_on:MBEDTLS_DES_C:MBEDTLS_MD_CAN_SHA512:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_parse_keyfile_rsa:"../framework/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des_sha512.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT
Parse RSA Key #99.3 (PKCS#8 encrypted v2 PBKDF2 AES-128-CBC hmacWithSHA384, 2048-bit)
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index 63ff092..942dae3 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -114,10 +114,10 @@
void pk_parse_keyfile_rsa(char *key_file, char *password, int result)
{
mbedtls_pk_context ctx;
+ mbedtls_pk_init(&ctx);
int res;
char *pwd = password;
- mbedtls_pk_init(&ctx);
MD_PSA_INIT();
if (strcmp(pwd, "NULL") == 0) {
@@ -161,9 +161,9 @@
void pk_parse_public_keyfile_rsa(char *key_file, int result)
{
mbedtls_pk_context ctx;
+ mbedtls_pk_init(&ctx);
int res;
- mbedtls_pk_init(&ctx);
MD_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index b1fb73b..62c3e8d 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -7,11 +7,11 @@
pk_write_pubkey_check:"../framework/data_files/server1.pubkey.der":TEST_DER
Public key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.pem":TEST_PEM
Public key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_pubkey_check:"../framework/data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
@@ -63,11 +63,11 @@
pk_write_key_check:"../framework/data_files/server1.key.der":TEST_DER
Private key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../framework/data_files/rsa4096_prv.pem":TEST_PEM
Private key write check RSA 4096 (DER)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_key_check:"../framework/data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
@@ -131,7 +131,7 @@
pk_write_public_from_private:"../framework/data_files/server1.key.der":"../framework/data_files/server1.pubkey.der"
Derive public key RSA 4096
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
pk_write_public_from_private:"../framework/data_files/rsa4096_prv.der":"../framework/data_files/rsa4096_pub.der"
Derive public key EC 192 bits
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index 735c125..491bc48 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,7 @@
#include "pk_internal.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "mbedtls/base64.h"
#include "psa/crypto_sizes.h"
typedef enum {
@@ -73,6 +74,7 @@
unsigned char *check_buf = NULL;
unsigned char *start_buf;
size_t buf_len, check_buf_len;
+ int expected_result;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
mbedtls_svc_key_id_t opaque_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
@@ -109,6 +111,17 @@
start_buf = buf;
buf_len = check_buf_len;
+ if (is_der) {
+ expected_result = MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
+ } else {
+ expected_result = MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL;
+ }
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
@@ -127,6 +140,12 @@
TEST_EQUAL(mbedtls_pk_setup_opaque(&key, opaque_id), 0);
start_buf = buf;
buf_len = check_buf_len;
+ /* Intentionally pass a wrong size for the provided output buffer and check
+ * that the writing functions fails as expected. */
+ for (size_t i = 1; i < buf_len; i++) {
+ TEST_EQUAL(pk_write_any_key(&key, &start_buf, &i, is_public_key,
+ is_der), expected_result);
+ }
TEST_EQUAL(pk_write_any_key(&key, &start_buf, &buf_len, is_public_key,
is_der), 0);
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 4149fdb..bbf7575 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -7170,7 +7170,7 @@
# and not expected to be raised any time soon) is less than the maximum
# output from HKDF-SHA512 (255*64 = 16320 bytes).
PSA key derivation: largest possible key
-depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512
+depends_on:PSA_WANT_ALG_HKDF:PSA_WANT_ALG_SHA_512:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(PSA_MAX_KEY_BITS)
derive_key:PSA_ALG_HKDF(PSA_ALG_SHA_512):"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b":"000102030405060708090a0b0c":"f0f1f2f3f4f5f6f7f8f9":PSA_KEY_TYPE_RAW_DATA:PSA_MAX_KEY_BITS:PSA_SUCCESS:1
PSA key derivation: key too large
@@ -7414,12 +7414,15 @@
generate_key:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0
PSA generate key: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
generate_key:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0
PSA generate key: raw data, 65528 bits (large key, ok if it fits)
+depends_on:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= PSA_BITS_TO_BYTES(65528)
generate_key:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1
PSA generate key: raw data, 65536 bits (not supported)
@@ -7490,6 +7493,17 @@
depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE
generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_VENDOR_RSA_MAX_KEY_BITS+8:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+# Following 2 tests are meant to be tested from the component_test_crypto_with_static_key_slots()
+# test component. There MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is intentionally set to a value
+# that is OK for all public RSA key bit sizes, but only valid up to 2048 bits for key pairs.
+PSA generate key: RSA, key pair size does not fit in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:!MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096:PSA_VENDOR_RSA_MAX_KEY_BITS>=4096
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:4096:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ERROR_NOT_SUPPORTED:0
+
+PSA generate key: RSA, key pair size fits in static key buffer
+depends_on:PSA_WANT_ALG_RSA_PKCS1V15_CRYPT:PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE:MBEDTLS_PSA_STATIC_KEY_SLOTS:MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048:PSA_VENDOR_RSA_MAX_KEY_BITS>=2048
+generate_key:PSA_KEY_TYPE_RSA_KEY_PAIR:2048:PSA_KEY_USAGE_EXPORT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_SUCCESS:0
+
PSA generate key: ECC, SECP256R1, good
depends_on:PSA_WANT_ALG_ECDSA:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE:PSA_WANT_ECC_SECP_R1_256
generate_key:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):256:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH:PSA_ALG_ECDSA_ANY:PSA_SUCCESS:0
@@ -7655,15 +7669,15 @@
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:9:PSA_KEY_USAGE_EXPORT:0:PSA_ERROR_INVALID_ARGUMENT:0:8:5
PSA concurrent key generation: raw data, (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8 bits
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE >= (2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:(2 * MBEDTLS_CTR_DRBG_MAX_REQUEST + 1) * 8:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:0:8:5
PSA concurrent key generation: raw data, 65528 bits (large key, ok if it fits)
-depends_on:MBEDTLS_THREADING_PTHREAD
+depends_on:MBEDTLS_THREADING_PTHREAD:MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE > PSA_BITS_TO_BYTES(65528)
concurrently_generate_keys:PSA_KEY_TYPE_RAW_DATA:65528:PSA_KEY_USAGE_EXPORT:0:PSA_SUCCESS:1:8:5
PSA concurrent key generation: raw data, 65536 bits (not supported)
@@ -7859,9 +7873,7 @@
depends_on:PSA_WANT_ECC_SECP_K1_192
ecc_conversion_functions:MBEDTLS_ECP_DP_SECP192K1:PSA_ECC_FAMILY_SECP_K1:192
-ECP group ID <-> PSA family - SECP224K1
-depends_on:PSA_WANT_ECC_SECP_K1_224
-ecc_conversion_functions:MBEDTLS_ECP_DP_SECP224K1:PSA_ECC_FAMILY_SECP_K1:224
+# No test case for SECP224K1, which is not implemented in the PSA API.
ECP group ID <-> PSA family - SECP256K1
depends_on:PSA_WANT_ECC_SECP_K1_256
@@ -7876,4 +7888,3 @@
ECP group ID <-> PSA family - Wrong values
ecc_conversion_functions_fail
-
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 2e513ea..94bf28b 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -1236,7 +1236,7 @@
}
#endif /* MBEDTLS_ECP_RESTARTABLE */
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
static int rsa_test_e(mbedtls_svc_key_id_t key,
size_t bits,
const data_t *e_arg)
@@ -1639,7 +1639,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: !MBEDTLS_PSA_STATIC_KEY_SLOTS*/
/* Construct and attempt to import a large unstructured key. */
void import_large_key(int type_arg, int byte_size_arg,
int expected_status_arg)
@@ -10246,7 +10246,7 @@
TEST_EQUAL(psa_get_key_type(&got_attributes), type);
TEST_EQUAL(psa_get_key_bits(&got_attributes), bits);
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
+#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE) && defined(MBEDTLS_ASN1_PARSE_C)
if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
TEST_ASSERT(rsa_test_e(key, bits, custom_data));
}
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 84611fa..49b1c15 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -6,13 +6,14 @@
size_t pake_expected_hit_count = 0;
int pake_in_driver = 0;
+#if defined(PSA_WANT_ALG_JPAKE) && \
+ defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
+ defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
+
/* The only two JPAKE user/peer identifiers supported for the time being. */
static const uint8_t jpake_server_id[] = { 's', 'e', 'r', 'v', 'e', 'r' };
static const uint8_t jpake_client_id[] = { 'c', 'l', 'i', 'e', 'n', 't' };
-#if defined(PSA_WANT_ALG_JPAKE) && \
- defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC) && \
- defined(PSA_WANT_ECC_SECP_R1_256) && defined(PSA_WANT_ALG_SHA_256)
static void ecjpake_do_round(psa_algorithm_t alg, unsigned int primitive,
psa_pake_operation_t *server,
psa_pake_operation_t *client,
@@ -437,6 +438,11 @@
mbedtls_mpi_init(&D);
mbedtls_mpi_init(&C);
mbedtls_mpi_init(&X);
+#else /* MBEDTLS_BIGNUM_C */
+ (void) alg;
+ (void) private_exponent;
+ (void) input_data;
+ (void) buf;
#endif /* MBEDTLS_BIGNUM_C */
int ok = 0;
@@ -843,7 +849,7 @@
{
psa_key_lifetime_t lifetime =
PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( \
- PSA_KEY_PERSISTENCE_DEFAULT, location);
+ PSA_KEY_PERSISTENCE_VOLATILE, location);
mbedtls_svc_key_id_t id = mbedtls_svc_key_id_make(owner_id_arg, id_arg);
psa_status_t force_status = force_status_arg;
psa_status_t expected_status = expected_status_arg;
diff --git a/tests/suites/test_suite_psa_crypto_ecp.data b/tests/suites/test_suite_psa_crypto_ecp.data
new file mode 100644
index 0000000..ffb7a7b
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_ecp.data
@@ -0,0 +1,82 @@
+ECC generate: unknown family (0)
+generate_key:0:256:64:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: unknown family (0xff)
+generate_key:0xff:256:64:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 bad bit-size (0)
+generate_key:PSA_ECC_FAMILY_SECP_R1:0:64:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 bad bit-size (512)
+generate_key:PSA_ECC_FAMILY_SECP_R1:512:64:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 bad bit-size (528)
+generate_key:PSA_ECC_FAMILY_SECP_R1:528:64:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 256-bit not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+generate_key:PSA_ECC_FAMILY_SECP_R1:256:32:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 384-bit not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384
+generate_key:PSA_ECC_FAMILY_SECP_R1:384:48:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 521-bit not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
+generate_key:PSA_ECC_FAMILY_SECP_R1:521:66:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_K1 256-bit not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256
+generate_key:PSA_ECC_FAMILY_SECP_K1:256:32:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: Curve25519 not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:255:32:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: Curve448 not supported
+depends_on:!MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:448:56:PSA_ERROR_NOT_SUPPORTED
+
+ECC generate: SECP_R1 256-bit, size=31, too small
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+generate_key:PSA_ECC_FAMILY_SECP_R1:256:31:PSA_ERROR_BUFFER_TOO_SMALL
+
+ECC generate: SECP_R1 256-bit, size=32, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+generate_key:PSA_ECC_FAMILY_SECP_R1:256:32:PSA_SUCCESS
+
+ECC generate: SECP_R1 256-bit, size=33, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256
+generate_key:PSA_ECC_FAMILY_SECP_R1:256:33:PSA_SUCCESS
+
+ECC generate: SECP_R1 521-bit, size=65, too small
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
+generate_key:PSA_ECC_FAMILY_SECP_R1:521:65:PSA_ERROR_BUFFER_TOO_SMALL
+
+ECC generate: SECP_R1 521-bit, size=66, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521
+generate_key:PSA_ECC_FAMILY_SECP_R1:521:66:PSA_SUCCESS
+
+ECC generate: Curve25519, size=31, too small
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:255:31:PSA_ERROR_BUFFER_TOO_SMALL
+
+ECC generate: Curve25519, size=32, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:255:32:PSA_SUCCESS
+
+ECC generate: Curve25519, size=33, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:255:33:PSA_SUCCESS
+
+ECC generate: Curve448, size=55, too small
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:448:55:PSA_ERROR_BUFFER_TOO_SMALL
+
+ECC generate: Curve448, size=56, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:448:56:PSA_SUCCESS
+
+ECC generate: Curve448, size=57, ok
+depends_on:MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448
+generate_key:PSA_ECC_FAMILY_MONTGOMERY:448:57:PSA_SUCCESS
diff --git a/tests/suites/test_suite_psa_crypto_ecp.function b/tests/suites/test_suite_psa_crypto_ecp.function
new file mode 100644
index 0000000..38ea0ba
--- /dev/null
+++ b/tests/suites/test_suite_psa_crypto_ecp.function
@@ -0,0 +1,165 @@
+/* BEGIN_HEADER */
+/* Unit tests for internal functions for built-in ECC mechanisms. */
+#include <psa/crypto.h>
+
+#include "psa_crypto_ecp.h"
+
+#if defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
+/*
+ * Check if a buffer is all-0 bytes:
+ * return 1 if it is,
+ * 0 if it isn't.
+ *
+ * TODO: we use this in multiple test suites. Move it to framework/tests/src.
+ */
+static int buffer_is_all_zero(const uint8_t *buf, size_t size)
+{
+ for (size_t i = 0; i < size; i++) {
+ if (buf[i] != 0) {
+ return 0;
+ }
+ }
+ return 1;
+}
+
+typedef struct {
+ unsigned bit_bot; /* lowest non-forced bit */
+ unsigned bit_top; /* highest non-forced bit */
+} ecc_private_key_stats_t;
+
+/* Do some sanity checks on an ECC private key. This is not intended to be
+ * a full validity check, just to catch some potential mistakes. */
+static int check_ecc_private_key(psa_ecc_family_t family, size_t bits,
+ const uint8_t *key, size_t key_length,
+ ecc_private_key_stats_t *stats)
+{
+ int ok = 0;
+
+ /* Check the expected length (same calculation for all curves). */
+ TEST_EQUAL(PSA_BITS_TO_BYTES(bits), key_length);
+
+ /* All-bits zero is invalid and means no key material was copied to the
+ * output buffer, or a grave RNG pluming failure. */
+ TEST_ASSERT(!buffer_is_all_zero(key, key_length));
+
+ /* Check the top byte of the value for non-byte-aligned curve sizes.
+ * This is a partial endianness check. */
+ if (bits % 8 != 0) {
+ /* All supported non-byte-aligned curve sizes are for Weierstrass
+ * curves with a big-endian representation. */
+ uint8_t top_byte = key[0];
+ uint8_t mask = 0xff << (bits & 8);
+ TEST_EQUAL(top_byte & mask, 0);
+ }
+
+ /* Check masked bits on Curve25519 and Curve448 scalars.
+ * See RFC 7748 \S4.1 (we expect the "decoded" form here). */
+#if defined(MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255)
+ if (family == PSA_ECC_FAMILY_MONTGOMERY && bits == 255) {
+ TEST_EQUAL(key[0] & 0xf8, key[0]);
+ TEST_EQUAL(key[31] & 0xc0, 0x40);
+ }
+#endif /* MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 */
+#if defined(MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448)
+ if (family == PSA_ECC_FAMILY_MONTGOMERY && bits == 448) {
+ TEST_EQUAL(key[0] & 0xfc, key[0]);
+ TEST_EQUAL(key[55] & 0x80, 0x80);
+ }
+#endif /* MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 */
+
+ /* Don't bother to check that the value is in the exact permitted range
+ * (1 to p-1 for Weierstrass curves, 2^{n-1} to p-1 for Montgomery curves).
+ * We would need to bring in bignum machinery, and on most curves
+ * the probability of a number being out of range is negligible.
+ */
+
+ /* Collect statistics on random-valued bits */
+ /* Defaults for big-endian numbers */
+ uint8_t bit_bot_mask = 0x01;
+ size_t bit_bot_index = key_length - 1;
+ uint8_t bit_top_mask = (bits % 8 == 0 ? 0x80 : 1 << (bits % 8 - 1));
+ size_t bit_top_index = 0;
+ if (family == PSA_ECC_FAMILY_MONTGOMERY) {
+ bit_bot_index = 0;
+ bit_top_index = key_length - 1;
+ if (bits == 255) {
+ bit_bot_mask = 0x08;
+ bit_top_mask = 0x20;
+ } else {
+ bit_bot_mask = 0x04;
+ bit_top_mask = 0x40;
+ }
+ }
+ if (key[bit_bot_index] & bit_bot_mask) {
+ ++stats->bit_bot;
+ }
+ if (key[bit_top_index] & bit_top_mask) {
+ ++stats->bit_top;
+ }
+
+ ok = 1;
+exit:
+ return ok;
+}
+#endif
+
+/* END_HEADER */
+
+/* BEGIN_DEPENDENCIES
+ * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY
+ * END_DEPENDENCIES
+ */
+
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE */
+void generate_key(int family_arg, int bits_arg,
+ int output_size_arg,
+ psa_status_t expected_status)
+{
+ psa_ecc_family_t family = family_arg;
+ size_t bits = bits_arg;
+ size_t output_size = output_size_arg;
+
+ uint8_t *output = NULL;
+ size_t output_length = SIZE_MAX;
+ psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_KEY_PAIR(family));
+ psa_set_key_bits(&attributes, bits);
+ ecc_private_key_stats_t stats = { 0, 0 };
+
+ PSA_INIT();
+ TEST_CALLOC(output, output_size);
+
+ /* In success cases, run multiple iterations so that we can make
+ * statistical observations. */
+ unsigned iteration_count = expected_status == PSA_SUCCESS ? 256 : 1;
+ for (unsigned i = 0; i < iteration_count; i++) {
+ mbedtls_test_set_step(i);
+ TEST_EQUAL(mbedtls_psa_ecp_generate_key(&attributes,
+ output, output_size,
+ &output_length),
+ expected_status);
+ if (expected_status == PSA_SUCCESS) {
+ TEST_LE_U(output_length, output_size);
+ TEST_ASSERT(check_ecc_private_key(family, bits,
+ output, output_length,
+ &stats));
+ }
+ }
+
+ if (expected_status == PSA_SUCCESS) {
+ /* For selected bits, check that we saw the values 0 and 1 each
+ * at least some minimum number of times. The iteration count and
+ * the minimum are chosen so that a random failure is unlikely
+ * to more than cryptographic levels. */
+ unsigned const min_times = 10;
+ TEST_LE_U(min_times, stats.bit_bot);
+ TEST_LE_U(stats.bit_bot, iteration_count - min_times);
+ TEST_LE_U(min_times, stats.bit_top);
+ TEST_LE_U(stats.bit_top, iteration_count - min_times);
+ }
+
+exit:
+ PSA_DONE();
+ mbedtls_free(output);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_low_hash.function b/tests/suites/test_suite_psa_crypto_low_hash.function
index 6dabcef..eaeef79 100644
--- a/tests/suites/test_suite_psa_crypto_low_hash.function
+++ b/tests/suites/test_suite_psa_crypto_low_hash.function
@@ -18,7 +18,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_BUILTIN_HASH
+ * depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_BUILTIN_HASH
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_psa_crypto_memory.function b/tests/suites/test_suite_psa_crypto_memory.function
index 55c0092..50539e8 100644
--- a/tests/suites/test_suite_psa_crypto_memory.function
+++ b/tests/suites/test_suite_psa_crypto_memory.function
@@ -107,7 +107,10 @@
exit:
mbedtls_free(local_input.buffer);
- mbedtls_free(input);
+
+ if (local_input.buffer != input) {
+ mbedtls_free(input);
+ }
}
/* END_CASE */
@@ -243,7 +246,7 @@
TEST_CALLOC(buffer_copy_for_comparison, local_output.length);
memcpy(buffer_copy_for_comparison, local_output.buffer, local_output.length);
- psa_crypto_local_output_free(&local_output);
+ TEST_EQUAL(psa_crypto_local_output_free(&local_output), PSA_SUCCESS);
TEST_ASSERT(local_output.buffer == NULL);
TEST_EQUAL(local_output.length, 0);
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index efaaba5..5788742 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -1,14 +1,16 @@
/* BEGIN_HEADER */
#include <psa/crypto.h>
+#include <psa_crypto_storage.h>
#include <test/psa_crypto_helpers.h>
#include <test/psa_exercise_key.h>
#include <psa_crypto_its.h>
-#define TEST_FLAG_EXERCISE 0x00000001
-#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_EXERCISE 0x00000001
+#define TEST_FLAG_READ_ONLY 0x00000002
+#define TEST_FLAG_OVERSIZED_KEY 0x00000004
/** Write a key with the given attributes and key material to storage.
* Test that it has the expected representation.
@@ -158,6 +160,12 @@
/* Prime the storage with a key file. */
PSA_ASSERT(psa_its_set(uid, representation->len, representation->x, 0));
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_EQUAL(psa_get_key_attributes(key_id, &actual_attributes), PSA_ERROR_DATA_INVALID);
+ ok = 1;
+ goto exit;
+ }
+
/* Check that the injected key exists and looks as expected. */
PSA_ASSERT(psa_get_key_attributes(key_id, &actual_attributes));
TEST_ASSERT(mbedtls_svc_key_id_equal(key_id,
@@ -281,6 +289,7 @@
mbedtls_svc_key_id_t key_id = mbedtls_svc_key_id_make(0, 1);
psa_storage_uid_t uid = 1;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
+ uint8_t *custom_key_data = NULL, *custom_storage_data = NULL;
PSA_INIT();
TEST_USES_KEY_ID(key_id);
@@ -293,6 +302,23 @@
psa_set_key_algorithm(&attributes, alg);
psa_set_key_enrollment_algorithm(&attributes, alg2);
+ /* Create a persistent key which is intentionally larger than the specified
+ * bit size. */
+ if (flags & TEST_FLAG_OVERSIZED_KEY) {
+ TEST_CALLOC(custom_key_data, PSA_BITS_TO_BYTES(bits));
+ memset(custom_key_data, 0xAA, PSA_BITS_TO_BYTES(bits));
+ material->len = PSA_BITS_TO_BYTES(bits);
+ material->x = custom_key_data;
+
+ /* 36 bytes are the overhead of psa_persistent_key_storage_format */
+ TEST_CALLOC(custom_storage_data, PSA_BITS_TO_BYTES(bits) + 36);
+ representation->len = PSA_BITS_TO_BYTES(bits) + 36;
+ representation->x = custom_storage_data;
+
+ psa_format_key_data_for_storage(custom_key_data, PSA_BITS_TO_BYTES(bits),
+ &attributes, custom_storage_data);
+ }
+
/* Test that we can use a key with the given representation. This
* guarantees backward compatibility with keys that were stored by
* past versions of Mbed TLS. */
@@ -300,6 +326,8 @@
uid, representation, flags));
exit:
+ mbedtls_free(custom_key_data);
+ mbedtls_free(custom_storage_data);
psa_reset_key_attributes(&attributes);
PSA_DONE();
}
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.misc.data b/tests/suites/test_suite_psa_crypto_storage_format.misc.data
index 48e3804..359053e 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.misc.data
+++ b/tests/suites/test_suite_psa_crypto_storage_format.misc.data
@@ -9,3 +9,9 @@
PSA storage save: AES-GCM+CTR
depends_on:PSA_WANT_KEY_TYPE_AES
key_storage_save:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_AES:128:PSA_KEY_USAGE_EXPORT | PSA_KEY_USAGE_ENCRYPT:PSA_ALG_GCM:PSA_ALG_CTR:"404142434445464748494a4b4c4d4e4f":"505341004b45590000000000010000000024800001010000000250050010c00410000000404142434445464748494a4b4c4d4e4f"
+
+# Create a persistent key which is larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+# so that when psa_get_key_attributes() tries to load it from the storage it will fail.
+PSA storage read: key larger than MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
+depends_on:PSA_WANT_KEY_TYPE_RAW_DATA:MBEDTLS_PSA_STATIC_KEY_SLOTS
+key_storage_read:PSA_KEY_LIFETIME_PERSISTENT:PSA_KEY_TYPE_RAW_DATA:PSA_BYTES_TO_BITS(MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE + 1):PSA_KEY_USAGE_EXPORT:PSA_ALG_NONE:PSA_ALG_NONE:"":"":TEST_FLAG_OVERSIZED_KEY
diff --git a/tests/suites/test_suite_psa_crypto_util.data b/tests/suites/test_suite_psa_crypto_util.data
index c84a836..a0ec9fd 100644
--- a/tests/suites/test_suite_psa_crypto_util.data
+++ b/tests/suites/test_suite_psa_crypto_util.data
@@ -1,3 +1,12 @@
+# mbedtls_ecdsa_der_to_raw() doesn't accept a null output buffer,
+# even with otherwise invalid paramters,
+# so we pass it a (non-null) buffer of length 1.
+ECDSA Raw -> DER, 0bit
+ecdsa_raw_to_der:0:"":"00":MBEDTLS_ERR_ASN1_INVALID_DATA
+
+ECDSA DER -> Raw, 0bit
+ecdsa_der_to_raw:0:"":"":MBEDTLS_ERR_ASN1_INVALID_DATA
+
ECDSA Raw -> DER, 256bit, Success
depends_on:PSA_VENDOR_ECC_MAX_CURVE_BITS >= 256
ecdsa_raw_to_der:256:"11111111111111111111111111111111111111111111111111111111111111112222222222222222222222222222222222222222222222222222222222222222":"30440220111111111111111111111111111111111111111111111111111111111111111102202222222222222222222222222222222222222222222222222222222222222222":0
diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function
index 155b8e7..b58b22f 100644
--- a/tests/suites/test_suite_random.function
+++ b/tests/suites/test_suite_random.function
@@ -22,7 +22,9 @@
void random_twice_with_ctr_drbg()
{
mbedtls_entropy_context entropy;
+ mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_context drbg;
+ mbedtls_ctr_drbg_init(&drbg);
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
@@ -34,8 +36,6 @@
/* First round */
- mbedtls_entropy_init(&entropy);
- mbedtls_ctr_drbg_init(&drbg);
TEST_EQUAL(0, mbedtls_ctr_drbg_seed(&drbg,
mbedtls_entropy_func, &entropy,
NULL, 0));
@@ -73,7 +73,9 @@
void random_twice_with_hmac_drbg(int md_type)
{
mbedtls_entropy_context entropy;
+ mbedtls_entropy_init(&entropy);
mbedtls_hmac_drbg_context drbg;
+ mbedtls_hmac_drbg_init(&drbg);
unsigned char output1[OUTPUT_SIZE];
unsigned char output2[OUTPUT_SIZE];
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
@@ -81,8 +83,6 @@
MD_PSA_INIT();
/* First round */
- mbedtls_entropy_init(&entropy);
- mbedtls_hmac_drbg_init(&drbg);
TEST_EQUAL(0, mbedtls_hmac_drbg_seed(&drbg, md_info,
mbedtls_entropy_func, &entropy,
NULL, 0));
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 670e06b..cc71a4e 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"3.6.1"
+check_compiletime_version:"3.6.2"
Check runtime library version
-check_runtime_version:"3.6.1"
+check_runtime_version:"3.6.2"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index 2762b0f..81816fe 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -287,21 +287,24 @@
int cert_type)
{
mbedtls_pk_context key;
+ mbedtls_pk_init(&key);
+
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
psa_key_attributes_t key_attr = PSA_KEY_ATTRIBUTES_INIT;
+
mbedtls_x509write_csr req;
+ mbedtls_x509write_csr_init(&req);
+
unsigned char buf[4096];
int ret;
size_t pem_len = 0;
const char *subject_name = "C=NL,O=PolarSSL,CN=PolarSSL Server 1";
mbedtls_test_rnd_pseudo_info rnd_info;
- mbedtls_x509write_csr_init(&req);
MD_OR_USE_PSA_INIT();
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
- mbedtls_pk_init(&key);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL,
mbedtls_test_rnd_std_rand, NULL) == 0);