Determine key types that are compatible with an algorithm based on
their names.
Key derivation and PAKE are not yet supported.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."
If that is not defined, do not attempt to include time.h.
A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.
Signed-off-by: Daniel Axtens <dja@axtens.net>
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The storage format comparison has a dual purpose: detect format changes that
lead to a loss of backward compatibility, and detect loss of test coverage.
For loss of backward compatibility, the read tests are the relevant ones.
For loss of test coverage, all generated test cases are potentially
relevant, but this script currently focuses on storage format (where a loss
of test coverage may be a symptom of a loss of backward compatibility).
Therefore, storage format test comparison now looks at manually written
storage format tests, but only if they're read tests.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Expand abi_check.py to look for backward incompatibilities not only in
the interface exposed to application code (and to some extent driver
code), but also to the interface exposed via the storage format, which
is relevant when upgrading Mbed TLS on a device with a PSA keystore.
Strictly speaking, the storage format checks look for regressions in
the automatically generated storage format test data. Incompatible
changes that are not covered by the generated tests will also not be
covered by the interface checker.
A known defect in this commit is that the --brief output is not brief
for storage format checks.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This way we can add other checks and only run a subset of all the
checks. The default remains to run all the checks.
I made separate options for API and ABI, but since we use the same
tool for both and it doesn't have an obvious way to check only API or
only ABI, the two options must be both enabled or both disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Changelog contents should be UTF-8 text files. So explicitly open all files as
UTF-8. This makes the script independent of the ambient locale (except with
respect to exception messages, but we can live with that).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Changelog contents should be UTF-8 text files. There's no need to be
binary-safe. So switch to using text strings in Python (str, not bytes). This
commit makes the following changes:
* Bytes literals (b'…') to string literals ('…').
* Subprocess output (which is all git information) is decoded as ascii.
* Inject text directly in exceptions rather than calling a decode method.
This is enough to make the script work as desired in a UTF-8 locale.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Passing arguments on the command line apparently didn't work due to quoting
issues. Use a temporary file instead.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.
This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Genertae test_suite_psa_crypto_generate_key.generated.data.
Use test_suite_psa_crypto_generate_key.function as a test function.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.
In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).
Changes in this commit:
* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
generate_psa_constant_names).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
They were recognized by a prior commit. In this commit, replace line
breaks (with optional comment continuation marker) by spaces.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Before this commit, definitions of error codes must match a strict pattern,
with a Doxygen comment following the definition on the same line and
starting with "/**<". Change how generate_errors.pl so that the Doxygen
comment can be before the definition instead of after, and doesn't have to
be on the same line.
Also allow spaces between "#" and "define", and allow Doxygen comments to
start with "/*!" rather than "/**". Starting with "///" or "//!" is not
supported.
This commit does not change the output of generate_errors.pl.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
Test keys with various persistence levels, enumerated from the
metadata tests.
For read-only keys, do not attempt to create or destroy the key
through the API, only to read a key that has been injected into
storage directly through filesystem access.
Do not test keys with a non-default location, since they require a
driver and we do not yet have a dependency mechanism to require the
presence of a driver for a specific location value.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
