Turn functions that generate test cases into methods of the generator class.
Functions that used to take an API argument are now implemented in the
generic class, and API-specific functions are now methods of the
corresponding API-specific concrete class.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The `read_file_lines` context manager supported either text or binary
streams, based on a parameter passed to the constructor. But the type
annotation on the iterator claimed that all lines were text. The version of
mypy that we use on the CI was happy with that, but modern versions are not.
The advantage of `read_file_lines` over built-in functions is better
tracking of line numbers. We never took advantage of this in our code with
binary streams. Change the one place where `read_file_lines` was used with a
binary stream to use built-in functions instead, and specialize
`read_file_lines` to text streams.
This fixes a legitimate complaint of modern mypy on `macro_collectory.py`.
There was no runtime bug: the behavior was correct, only the type
annotations were wrong.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When building Mbed TLS with test drivers, "psa_crypto_mldsa.h" is not on the
include path. Rather than get it on, which seems complicated and is not
desirable in the long term, arrange to do without this header. We just need
to define the macro PSA_ALG_IS_ML_DSA, and its behavior is defined by the
PSA Crypto API specification so pretty much set in stone.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When TF-PSA-Crypto has pure ML-DSA, we need to handle it in the test driver
for signatures. But we must not try to reference ML-DSA identifiers in
TF-PSA-Crypto branches where they don't exist yet, even though the
compilation option already exists (which notably includes the TF-PSA-Crypto
1.1.0 release).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We don't support ML-DSA in libtestdriver1 yet, because it's a copy of the
`builtin` driver but ML-DSA is provided by the `pqcp` driver. This means
that we can't test “driver-only” ML-DSA builds, but it should be possible to
enable ML-DSA in a build that dispatches through the test driver. This is
currently impossible because pure ML-DSA is not a sign-the-hash algorithm,
but the code in the test driver for signatures assumes that all signature
algorithms are sign-the-hash. Fix this in a minimal way by making the test
driver activate the fallback mechanism of driver dispatch when the algorithm
is pure ML-DSA. (Don't do this for all algorithms that are not sign-the-hash,
because in general, we do want the test driver to fail if it's given an
algorithm that it doesn't support.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Include `"test_common.h"` as the first thing in C files, and
`<test/build_info.h>` as the first thing in header files.
This requires moving `<test/test_common.h>` to its intended location
`"test_common.h"`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The header `test_common.h` contains two kinds of things:
* Things to do at the beginning of individual C files. Specifically,
defining macros that notify system headers about what we want from them.
Keep those in `test_common.h`, which will subsequently be moved out of
the include directory.
* Things to do at the beginning of every header. In particular, read the
library configuration. Move them to a new header `build_info.h`,
which is the only one intended to be included from headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
We were missing `mbedtls_framework/code_wrapper/*.py` because we were not
traversing the directory recursively.
Also improve the comment explaining the duplicate-code workaround for code
that's being moved between files in different repositories.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move a bunch of files from `scripts` and `mbedtls/scripts` to the framework.
The following files will be added (moved from Mbed TLS `development`):
* `scripts/ecp_comb_table.py`
* `scripts/massif_max.pl`
* `tests/scripts/audit-validity-dates.py` (moved to `scripts/`)
* `tests/scripts/gen_ctr_drbg.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_decrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_gcm_encrypt.pl` (moved to `scripts/`)
* `tests/scripts/gen_pkcs1_v21_sign_verify.pl` (moved to `scripts/`)
* `tests/scripts/generate-afl-tests.sh` (moved to `scripts/`)
* `tests/scripts/generate_server9_bad_saltlen.py` (moved to `scripts/`)
* `tests/scripts/run-metatests.sh` (moved to `scripts/`)
* `tests/scripts/run_demos.py` (moved to `scripts/`)
* `tests/scripts/test_config_script.py` (moved to `scripts/`)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tests using randomized signatures were currently randomized. We need the
output of the script to be reproducible, so this won't do.
Force randomized signatures to use a specific RNG which is reset before
constructing each test case. This way, the script's output is reproducible.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This lets us define things that we want to have everywhere in test code. In
particular, this lets us define platform-specific symbols that influence
what system headers declare. This also takes care of including the library
configuration.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since Mbed TLS 3.6.0, all officially supported versions of Visual Studio
a printf function family that is sufficiently compliant to C99 for our
purposes, in particular supporting `%zu` for `size_t`. The only platform
without `%zu` that we semi-officially support is older versions of MinGW,
still used in our CI. MinGW provides either a Windows legacy printf or a
standards-compliant printf depending on the value of
`__USE_MINGW_ANSI_STDIO` when compiling each C file. Force the use of the
compliant version. Don't rely on `MBEDTLS_PRINTF_SIZET`, which is defined in
`<mbedtls/debug.h>` and no longer considers the Windows legacy version in
Mbed TLS >= 4.1.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Support check and always-update mode. Update-if-needed mode falls back to
always-update mode because test_data_generation.py doesn't support
update-if-needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
As part of a long-term unification effort of generation scripts, add an
option for test generators to list oudated targets without writing to files.
This corresponds to functionality that the new generate_files_helper module
offers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A new utility to give a common interface to committed generated files.
For the time being, this module is only intended for committed generated
files, and `make_generated_files_common.py` is only intended for non-committed
generated files. The two may be unified at some point in the future.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a directory for scripts that are useful to maintainers, and may be
invoked as part of the CI, but are not part of the normal build.
These scripts may require a recent Python version and may require additional
third-party modules, unlike user-facing scripts where we try to minimize
requirements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Gilles Peskine