As TF-PSA-Crypto is now a seperate repository, the license does not need
to be checked alongside Mbed TLS and instead has a seperate check.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
- prevent the file from being called directly from the command line;
- allow to pass in the default requirement file so that each repo
can specify its own version.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and
randomized (PSA_ALG_ECDSA). The two variants are different for signature but
identical for verification. Mbed TLS accepts either variant as the algorithm
parameter for verification even when only the other variant is supported,
so we need to handle this as a special case when generating not-supported
test cases.
In this commit, suppress generated test cases for operation failures due to
unsupported ECDSA when exactly one of the two ECDSA variants is supported.
This edge case will only be tested manually (done in mbedtls or
TF-PSA-Crypto in the commit
"Fix edge case with half-supported ECDSA (manual test cases)").
Changes to the generated output: in
`test_suite_psa_crypto_op_fail.generated.data`, wherever one of
`!PSA_WANT_ALG_DETERMINISTIC_ECDSA` or `!PSA_WANT_ALG_ECDSA` appears as a
dependency, add the other one.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `generate_psa_tests.py, `OpFail.make_test_case()` is only ever used with
a single mechanism being not supported. Take advantage of that to simplify
parts of the function. Call `psa_test_case.TestCase.assumes_not_supported()`
instead of partly reinventing that wheel.
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `OpFail` test cases, remove the temporary hack whereby test cases were
not skipped when they should be due to a mechanism being never implemented.
This changes many test cases in
`test_suite_psa_crypto_op_fail.generated.data` to be commented out with a
"skipped because" reason instead of having a dependency on an algorithm or
an ECC/DH group that is not implemented.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In automatically generated PSA test cases with automatically inferred
dependencies, we were systematically skipping test cases when a dependency
mentions a mechanism that is not supported, even when that dependency is
negated. Fix this.
This causes more not-supported test cases to run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use the automatic dependency generation mechanism from
`psa_test_case.TestCase` for operation failure test cases. But tweak them
explicitly to preserve the same set of (not-quite-right) dependencies, to
facilitate understanding and reviewing how the current series of commits
gradually changes the generated dependencies.
No changes to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In operation failure test cases, fix dependencies on DH or ECC groups, which
were not spelled correctly and were missing the size suffix.
This changes the dependencies of many test cases in
`test_suite_psa_crypto_op_fail.generated.data` to no longer have a
never-implemented symbol as a dependency. Thus more test cases will run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `psa_test_case.TestCase`, add a method `assumes_not_supported` which
allows using the automatic dependency calculation framework when the test
case intends to run in configurations where one mechanism is not supported.
Use `psa_test_case.TestCase` for not-supported test cases for key import and
generation.
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't always require all of BASIC, IMPORT and EXPORT.
BASIC is always implied by any of the creation methods.
* `KeyTypeNotSupported`: only does an IMPORT (or GENERATE) attempt. EXPORT is
not needed. This reduces dependencies in
`test_suite_psa_crypto_not_supported.generated.data`.
* `OpFail`: only does an IMPORT, followed by a BASIC attempt. EXPORT is not
needed. This reduces dependencies in
`test_suite_psa_crypto_op_fail.generated.data`.
* `StorageFormat`: only does an IMPORT for save (forward compatibility)
tests, and only does an EXPORT for read (backward compatibility) tests.
This reduces dependencies in
`test_suite_psa_crypto_storage_format.current.data` and
`test_suite_psa_crypto_storage_format.v0.data` respectively.
Positive test cases that create and exercise a key are still potentially
missing BASIC (which is implied) and EXPORT (which isn't) for exercising the
key, but this is out of scope of this commit.
The generated output has fewer test case dependencies as described above,
with BASIC+IMPORT+EXPORT replaced by only one of IMPORT or EXPORT. Since we
never test partial support for a key type with import or export disabled,
this doesn't change which test cases are executed in each tested
configuration.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make the code that generates the test case be explicit about which usage(s)
will be needed for key pairs (`PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_uuu`). Allow
more than one usage specifier.
Do not systematically generalize BASIC to also include IMPORT and EXPORT:
not all tests actually need this, and our test configurations don't try to
have BASIC without IMPORT and EXPORT at the moment because we don't track
those dependencies accurately in manually written tests anyway.
Fix a bug whereby any usage other than BASIC or GENERATE led to the
dependency being silently dropped.
No change to the generated output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The following files are moved to the framework repo (deleted here):
scripts/assemble_changelog.py
tests/scripts/check-doxy-blocks.pl
tests/scripts/check-python-files.sh
tests/scripts/doxygen.sh
scripts/apidoc_full.sh
tests/scripts/recursion.pl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The following files are added (imported) from the main Mbed TLS repo:
scripts/assemble_changelog.py
scripts/check-doxy-blocks.pl
scripts/check-python-files.sh
scripts/doxygen.sh
scripts/apidoc_full.sh
scripts/recursion.pl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit updates the framework submodule to include commits relevant
to running TF-PSA-Crypto using CMake build system.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes a duplicate variable MBEDTLS_FRAMEWORK_ROOT_DIR as
it is now previously defined as FRAMEWORK.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit replaces the relative Mbed TLS out of source build path with
a more generic named absolute out of source build path for both Mbed TLS
and TF-PSA-Crypto.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit removes unnecessary directory changes as the commands for
components run in subshells which do not affect the main scripts
directory.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit reverts changing the directory to the out of source
directory, enabling tests which require source code to run. Tests that
require building TF-PSA-Crypto will have to change directory to
OUT_OF_SOURCE_DIR.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Valerio Setti