-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch generate_psa_test.py to automatic dependencies for negative test cases #104
Switch generate_psa_test.py to automatic dependencies for negative test cases #104
Conversation
a8ec932
to
12f9495
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
Make the code that generates the test case be explicit about which usage(s) will be needed for key pairs (`PSA_WANT_KEY_TYPE_xxx_KEY_PAIR_uuu`). Allow more than one usage specifier. Do not systematically generalize BASIC to also include IMPORT and EXPORT: not all tests actually need this, and our test configurations don't try to have BASIC without IMPORT and EXPORT at the moment because we don't track those dependencies accurately in manually written tests anyway. Fix a bug whereby any usage other than BASIC or GENERATE led to the dependency being silently dropped. No change to the generated output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't always require all of BASIC, IMPORT and EXPORT. BASIC is always implied by any of the creation methods. * `KeyTypeNotSupported`: only does an IMPORT (or GENERATE) attempt. EXPORT is not needed. This reduces dependencies in `test_suite_psa_crypto_not_supported.generated.data`. * `OpFail`: only does an IMPORT, followed by a BASIC attempt. EXPORT is not needed. This reduces dependencies in `test_suite_psa_crypto_op_fail.generated.data`. * `StorageFormat`: only does an IMPORT for save (forward compatibility) tests, and only does an EXPORT for read (backward compatibility) tests. This reduces dependencies in `test_suite_psa_crypto_storage_format.current.data` and `test_suite_psa_crypto_storage_format.v0.data` respectively. Positive test cases that create and exercise a key are still potentially missing BASIC (which is implied) and EXPORT (which isn't) for exercising the key, but this is out of scope of this commit. The generated output has fewer test case dependencies as described above, with BASIC+IMPORT+EXPORT replaced by only one of IMPORT or EXPORT. Since we never test partial support for a key type with import or export disabled, this doesn't change which test cases are executed in each tested configuration. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `psa_test_case.TestCase`, add a method `assumes_not_supported` which allows using the automatic dependency calculation framework when the test case intends to run in configurations where one mechanism is not supported. Use `psa_test_case.TestCase` for not-supported test cases for key import and generation. No change to the generated output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In operation failure test cases, fix dependencies on DH or ECC groups, which were not spelled correctly and were missing the size suffix. This changes the dependencies of many test cases in `test_suite_psa_crypto_op_fail.generated.data` to no longer have a never-implemented symbol as a dependency. Thus more test cases will run. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Use the automatic dependency generation mechanism from `psa_test_case.TestCase` for operation failure test cases. But tweak them explicitly to preserve the same set of (not-quite-right) dependencies, to facilitate understanding and reviewing how the current series of commits gradually changes the generated dependencies. No changes to the generated output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In automatically generated PSA test cases with automatically inferred dependencies, we were systematically skipping test cases when a dependency mentions a mechanism that is not supported, even when that dependency is negated. Fix this. This causes more not-supported test cases to run. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
…anisms In `OpFail` test cases, remove the temporary hack whereby test cases were not skipped when they should be due to a mechanism being never implemented. This changes many test cases in `test_suite_psa_crypto_op_fail.generated.data` to be commented out with a "skipped because" reason instead of having a dependency on an algorithm or an ECC/DH group that is not implemented. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In `generate_psa_tests.py, `OpFail.make_test_case()` is only ever used with a single mechanism being not supported. Take advantage of that to simplify parts of the function. Call `psa_test_case.TestCase.assumes_not_supported()` instead of partly reinventing that wheel. No change to the generated output. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
ECDSA has two variants: deterministic (PSA_ALG_DETERMINISTIC_ECDSA) and randomized (PSA_ALG_ECDSA). The two variants are different for signature but identical for verification. Mbed TLS accepts either variant as the algorithm parameter for verification even when only the other variant is supported, so we need to handle this as a special case when generating not-supported test cases. In this commit, suppress generated test cases for operation failures due to unsupported ECDSA when exactly one of the two ECDSA variants is supported. This edge case will only be tested manually (done in mbedtls or TF-PSA-Crypto in the commit "Fix edge case with half-supported ECDSA (manual test cases)"). Changes to the generated output: in `test_suite_psa_crypto_op_fail.generated.data`, wherever one of `!PSA_WANT_ALG_DETERMINISTIC_ECDSA` or `!PSA_WANT_ALG_ECDSA` appears as a dependency, add the other one. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
12f9495
to
8141968
Compare
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
…-supported-negative-framework
4722b74
to
89cc06d
Compare
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The consuming PRs Mbed-TLS/mbedtls#9857, Mbed-TLS/TF-PSA-Crypto#157 and Mbed-TLS/mbedtls#9909 are approved and have passing CI (except for CI on the crypto PR, but that's because it needs the changes in the consuming mbedtls PR as well). Therefore I'm going ahead and merging this despite the failing CI. The consuming PR will need to be merged to fix the CI. We'll do that ASAP, they just need another round of submodule commit updates. |
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Catch up with Mbed-TLS/mbedtls-framework#104 = "Switch generate_psa_test.py to automatic dependencies for negative test cases" Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Refactor and fix the the automatic generation of not-supported and operation-failure test cases.
Fixes Mbed-TLS/mbedtls#9167. Fixes Mbed-TLS/mbedtls#7915.
There is one remaining bug with restartable signature which is fixed in the consuming branch.
This completes the forward port of Mbed-TLS/mbedtls#9025. The remaining commits to forward-port were 1ae57ec203a3abcecf6dd146743826d6ac26f25f, 764c2d301332dfd56980c9feeb60cf76328e2da6, 995d7d4c15406b0a115cadf3f5ec69becafdf20f and part of 9ffffab4d69f0be807a5b3b501b411222d221046. But the increasing divergence between 2.28 and 3.6+ required a different approach in several places.
Review recommendations
The commits are broken down in a way to make their impact on the generated files easy to understand.
To validate the claims in commit messages about the impact on the generated files, I use
mbedtls-trace-files.py
from Mbed-TLS/mbedtls-docs#23 combined with thediff-pairs
script attached here.diff-pairs.txt
From the
framework
subdirectory with this pull request checked out, with Mbed-TLS/mbedtls#9857 (3.6) checked out in the parent directory:Then for each
NN-SHA.diff
file, check that the content makes sense given the commit message for SHA.With https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/ checked out in the parent, the following invocation of
mbedtls-trace-files.py
works:PR checklist