In testcases in opt-testcases/tls13kex-modes.sh, check for the setting
of the failure flag MBEDTLS_X509_BADCERT_SKIP_VERIFY by looking for the
string "! Certificate verification was skipped" in the output in cases
where the key exchange is negotiated to use PSK.
Note that this check for output is only added to the success cases since
the negative tests fail before this string is printed.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Check that the message "! Certificate verification was skipped" is
present in the output when auth_mode=none. This indicates that the
certificate verify flag MBEDTLS_X509_BADCERT_SKIP_VERIFY was
correctly set.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Initialize the verify_result field in mbedtls_ssl_session_free().
Previously we were just zeroising the entire session object, which would
yield a default 'success' value if the same object were reused.
Test that this initialisation is actually happening by setting
verify_result manually to zero and calling mbedtls_ssl_session_free() on
the session before checking its value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Since we explicitly document the value 0xFFFFFFFF or -1u as representing
'result not available', we can use it as a sensible default value
without creating an API change. Use this value instead of introducing a
new verification result value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Write a testcase to get verify_result before we have performed a
handshake and make sure that it is initialised to a failure value.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add new field that tells if the corresponding group is supported or not
in the current build.
Test function "test_mbedtls_ssl_get_supported_group_list" is extended
to verify this new feature.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is already indirectly checked in 'test_mbedtls_tls_id_group_name_table'
because it's the last item of the list.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Check provided group_name also against the value returned from
mbedtls_ssl_get_curve_name_from_tls_id().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- let the macro be an initializer for the array of known TLS IDs, not
a variable declarator;
- last item's group name is NULL, not an empty string
- change then name of the macro from MBEDTLS_TLS_ID_GROUP_NAME_TABLE to
MBEDTLS_SSL_IANA_TLS_GROUPS_INFO
- define a new public structure "mbedtls_ssl_iana_tls_group_info_t" to
hold each element of the table and that can be used the go over the
list from user code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- adjust function name to mbedtls_ssl_get_fatal_alert
- fix missing property name changes for mbedtls_ssl_context
Signed-off-by: Nico Geyso <ng@gsmk.de>
This script was used in the past, but it has since been replaced with
other scripts and nowadays it's no more used anywhere.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Adjusted helper_block_cipher_no_decrypt_build_test to
cleanup the directory after all the tests have been
executed.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
build_psa_alt_headers will now generate the headers at
./tests/include/alt-dummy instead of
./framework/tests/include/alt-extra.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Update the previously modified component to use
consistent syntax:
* make -> cmake --build .
* make test -> ctest
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
The original make -C tests, contains a perl inliner
to generate the alt-headers. Replicated that logic in
sed regex.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Certain testing components require building with a specific subset of LDFLAGS,
such as `-O1`. This patch moves them to the default cmake invokation of `cmake .`
which is the equivalent of `cmake -D CMAKE_BUILD_TYPE:String=None .`
Also remove flags such as `-Werror` which are present in all configs.
Improve compilation flag granularity by disabling CMAKE_BUILD_TYPE defaults
and asserting test-specific flags manually.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Moved the following components to CMAKE_BUILD_TYPE:String=Release
and adjusted the include paths for cmake:
* component_build_psa_crypto_spm
* component_test_tfm_config_no_p256m
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
- By default all unspecified build-type components should be release
- CMAKE_BUILD_TYPE:String=Release enables the following
CFLAGS: "-O2 -Werror -Wall -Wextra"
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Paths for "not grep" should have been updated when the build system
switched from Makefile to CMake.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
A switch has recently been made from make to cmake to build these tests
but paths for "not grep" were not properly updated.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Switching to CMake build caused some failures due to the fact that:
- binary objects in tf-psa-crypto are not in the same location as before;
- header files from "<mbedtls-root>/include" are no more included when
building tf-psa-crypto ojects.
This commit fixes both problems.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is similar to the already existing "component_full_no_pkparse_pkwrite".
The biggest difference is that this new component starts from "full" config
instead of "crypto_full" because we want to test also some TLS modules,
in particular "test_suite_debug" where the new function
"mbedtls_pk_write_pubkey_psa" has been introduced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
