Include `"test_common.h"` as the first thing in C files, and
`<test/build_info.h>` as the first thing in header files.
This requires moving `<test/test_common.h>` to its intended location
`"test_common.h"`.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The header `test_common.h` contains two kinds of things:
* Things to do at the beginning of individual C files. Specifically,
defining macros that notify system headers about what we want from them.
Keep those in `test_common.h`, which will subsequently be moved out of
the include directory.
* Things to do at the beginning of every header. In particular, read the
library configuration. Move them to a new header `build_info.h`,
which is the only one intended to be included from headers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Tests using randomized signatures were currently randomized. We need the
output of the script to be reproducible, so this won't do.
Force randomized signatures to use a specific RNG which is reset before
constructing each test case. This way, the script's output is reproducible.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This lets us define things that we want to have everywhere in test code. In
particular, this lets us define platform-specific symbols that influence
what system headers declare. This also takes care of including the library
configuration.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Since Mbed TLS 3.6.0, all officially supported versions of Visual Studio
a printf function family that is sufficiently compliant to C99 for our
purposes, in particular supporting `%zu` for `size_t`. The only platform
without `%zu` that we semi-officially support is older versions of MinGW,
still used in our CI. MinGW provides either a Windows legacy printf or a
standards-compliant printf depending on the value of
`__USE_MINGW_ANSI_STDIO` when compiling each C file. Force the use of the
compliant version. Don't rely on `MBEDTLS_PRINTF_SIZET`, which is defined in
`<mbedtls/debug.h>` and no longer considers the Windows legacy version in
Mbed TLS >= 4.1.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Support check and always-update mode. Update-if-needed mode falls back to
always-update mode because test_data_generation.py doesn't support
update-if-needed.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
As part of a long-term unification effort of generation scripts, add an
option for test generators to list oudated targets without writing to files.
This corresponds to functionality that the new generate_files_helper module
offers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
A new utility to give a common interface to committed generated files.
For the time being, this module is only intended for committed generated
files, and `make_generated_files_common.py` is only intended for non-committed
generated files. The two may be unified at some point in the future.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Create a directory for scripts that are useful to maintainers, and may be
invoked as part of the CI, but are not part of the normal build.
These scripts may require a recent Python version and may require additional
third-party modules, unlike user-facing scripts where we try to minimize
requirements.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
`TextChangelogFormat.version_title_text` never worked: it's missing a
parameter in the call to `re.sub`. Fortunately it's unused, so just remove it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
XOF operations are not available on every branch, so their serialization
code needs to be compiled conditionally on the availability of the type.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use NIST test vectors. I copied the first test case for each parameter set.
For ML-KEM and ML-DSA, I did it manually. For SLH-DSA, I used the following
Python script:
```
<gen-val/json-files/SLH-DSA-keyGen-FIPS205/internalProjection.json python -c '
import json, re, sys
data = json.load(sys.stdin)
types = {family: {} for family in ["SHA2_F", "SHA2_S", "SHAKE_F", "SHAKE_S"]}
for group in data["testGroups"]:
t = group["tests"][0]
m = re.match(r"SLH-DSA-(\w+)-([0-9]+)(\w+)", group["parameterSet"])
type = m.group(1) + "_" + m.group(3).upper()
size = m.group(2)
prv = t["skSeed"] + t["skPrf"] + t["pkSeed"] + t["pk"]
pub = t["pkSeed"] + t["pk"]
types[type][size] = (prv, pub)
for type in sorted(types.keys()):
print("")
print(f" # https://github.com/usnistgov/ACVP-Server/blob/v1.1.0.41/gen-val/json-files/SLH-DSA-keyGen-FIPS205/internalProjection.json")
print(f" \x27SLH_DSA(PSA_SLH_FAMILY_{type})\x27: {{")
for size in sorted(types[type].keys()):
entry = types[type][size]
print(f" {size}: (\"{entry[0]}\",")
print(f" \"{entry[1]}\"),")
print(f" }},")
'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Define the necessary new categories (key wrap, key encapsulation, XOF).
This completes the list of mechanisms in the PSA Crypto API version 1.4,
except for PAKE that are more challenging (family parametrization, need to
find sample keys in `asymmetric_key_data.py`), and except for the PQC
extension.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add generated files that are no longer checked in.
Remove obsolete things (including things now covered at the framework root).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The files are now generated during the build. Stop having them in version
control.
As formerly in Mbed TLS, `make clean` doesn't remove
configuration-independent target-independent generated files, but the new
target `make neat` does.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Gilles Peskine