Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Switch generate_psa_test.py to automatic dependencies for positive test cases #122

Merged
merged 3 commits into from
Jan 9, 2025
Merged

Switch generate_psa_test.py to automatic dependencies for positive test cases #122

merged 3 commits into from
Jan 9, 2025

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Dec 17, 2024
edited
Loading

Mostly happening in the framework, see Mbed-TLS/mbedtls-framework#83.

Also remove all mentions of PSA_WANT_ECC_SECP_K1_224 (secp224k1 was never supported in PSA, but there were traces of it due to it being supported in the legacy API). It was simpler than fixing everything to keep all the scripts happy.

PR checklist

@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most) needs-ci Needs to pass CI tests labels Dec 17, 2024
This was referenced Dec 17, 2024
Merged
Merged
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa-storage-test-cases-never-supported-positive-crypto branch from 9e3869a to 2a10619 Compare December 18, 2024 10:50
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Dec 20, 2024
Open
@gilles-peskine-arm gilles-peskine-arm added needs-work needs-ci Needs to pass CI tests and removed needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review needs-ci Needs to pass CI tests needs-work labels Dec 24, 2024
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa-storage-test-cases-never-supported-positive-crypto branch 2 times, most recently from fe3cb7b to 5eb6b15 Compare January 2, 2025 12:55
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review and removed needs-ci Needs to pass CI tests labels Jan 2, 2025
davidhorstmann-arm
davidhorstmann-arm previously approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

waleed-elmelegy-arm
waleed-elmelegy-arm previously approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@waleed-elmelegy-arm waleed-elmelegy-arm left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just need a rebase.

@waleed-elmelegy-arm waleed-elmelegy-arm removed needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review labels Jan 8, 2025
@gilles-peskine-arm
Declare the new Python module used by generate_psa_tests.py
f7bffce 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
crypto_config.h: Don't list mechanisms that are not implemented
740cbd0 
Don't list mechanisms that are not implemented in
`include/psa/crypto_config.h`, even commented out. Uncommenting them
wouldn't help anyway: they don't work. Having them listed, even commented
out, causes `find_dependencies_not_implemented()` in `psa_test_case.py` to
consider those mechanisms to be implemented, and thus causes
`generate_psa_tests.py` to generate test cases that cannot be executed.

The affected mechanisms are:

* `PSA_ALG_CBC_MAC` (`PSA_WANT_ALG_CBC_MAC`)
* `PSA_ALG_XTS` (`PSA_WANT_ALG_XTS`)
* `PSA_ECC_FAMILY_SECP_K1` 224-bit (`PSA_WANT_ECC_SECP_K1_224`)

Also remove the affected mechanisms from configuration adjustment files,
since that is code that can never be triggered.

There were already no generated test cases for SECP224K1 because
`PSA_WANT_ECC_SECP_K1_224` was already detected as a dependency that cannot
be implemented, because that is not a valid size: PSA defines SECP224K1 as
225-bit, and `crypto_knowledge.py` follows suite, so `generate_psa_tests.py`
saw `PSA_WANT_ECC_SECP_K1_225` in its enumeration but skipped it because it
was never mentioned in `crypto_config.h`.

This causes generated PSA tests to no longer include positive test cases for
`PSA_ALG_CBC_MAC` and `PSA_ALG_XTS`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm
Remove more traces of secp244k1
32c82f0 
Remove all code guarded by `PSA_WANT_ECC_SECP_K1_224`, which is not and will
not be implemented. (It would be K1_225 anyway, but we don't intend to
implement it anyway.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
@gilles-peskine-arm gilles-peskine-arm force-pushed the psa-storage-test-cases-never-supported-positive-crypto branch from 5eb6b15 to 32c82f0 Compare January 8, 2025 15:49
@gilles-peskine-arm
Copy link
Contributor Author

I've rebased this and the consuming mbedtls PR to catch up with the framework updates. The framework repository now has the needed content so a framework submodule update is no longer necessary here.

@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members needs-ci Needs to pass CI tests labels Jan 8, 2025
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Jan 8, 2025
Merged
5 tasks
@gilles-peskine-arm
Copy link
Contributor Author

The CI has glitched. In any case it would have failed in check_names, like the previous iterations, because the secp224k1 removal here needs to be combined with some secp224k1 removal in mbedtls. The consuming PR Mbed-TLS/mbedtls#9841 should pass.

davidhorstmann-arm
davidhorstmann-arm approved these changes Jan 8, 2025
View reviewed changes
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rebase LGTM, thanks!

@gilles-peskine-arm gilles-peskine-arm removed the needs-ci Needs to pass CI tests label Jan 8, 2025
@bensze01 bensze01 merged commit c78da5a into Mbed-TLS:development Jan 9, 2025
1 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidhorstmann-arm davidhorstmann-arm davidhorstmann-arm approved these changes

@waleed-elmelegy-arm waleed-elmelegy-arm waleed-elmelegy-arm approved these changes

Assignees
No one assigned
Labels
needs-review Every commit must be reviewed by at least two team members priority-high High priority - will be reviewed soon size-xs Estimated task size: extra small (a few hours at most)
Projects
No open projects
Roadmap Board for Mbed TLS
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@gilles-peskine-arm @davidhorstmann-arm @waleed-elmelegy-arm @bensze01