| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 1 | #!/usr/bin/env python3 | 
| Shaun Case | 0e7791f | 2021-12-20 21:14:10 -0800 | [diff] [blame] | 2 | """Run the PSA Crypto API compliance test suite. | 
| Bence Szépkúti | 19a124d | 2021-11-02 13:41:14 +0100 | [diff] [blame] | 3 | Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, | 
| Tom Cosgrove | 49f99bc | 2022-12-04 16:44:21 +0000 | [diff] [blame] | 4 | then compile and run the test suite. The clone is stored at <Mbed TLS root>/psa-arch-tests. | 
| Bence Szépkúti | 19a124d | 2021-11-02 13:41:14 +0100 | [diff] [blame] | 5 | Known defects in either the test suite or mbedtls - identified by their test number - are ignored, | 
|  | 6 | while unexpected failures AND successes are reported as errors, | 
|  | 7 | to help keep the list of known defects as up to date as possible. | 
|  | 8 | """ | 
| Bence Szépkúti | c2ca135 | 2021-11-02 14:01:08 +0100 | [diff] [blame] | 9 |  | 
|  | 10 | # Copyright The Mbed TLS Contributors | 
| Dave Rodgman | 0f2971a | 2023-11-03 12:04:52 +0000 | [diff] [blame] | 11 | # SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later | 
| Bence Szépkúti | c2ca135 | 2021-11-02 14:01:08 +0100 | [diff] [blame] | 12 |  | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 13 | import os | 
|  | 14 | import re | 
|  | 15 | import shutil | 
|  | 16 | import subprocess | 
|  | 17 | import sys | 
|  | 18 |  | 
| Bence Szépkúti | 7ccbea6 | 2021-11-09 21:30:43 +0100 | [diff] [blame] | 19 | # PSA Compliance tests we expect to fail due to known defects in Mbed TLS (or the test suite) | 
|  | 20 | # The test numbers correspond to the numbers used by the console output of the test suite. | 
|  | 21 | # Test number 2xx corresponds to the files in the folder | 
|  | 22 | # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 23 | EXPECTED_FAILURES = { | 
| Bence Szépkúti | 24ec529 | 2021-11-11 16:33:48 +0100 | [diff] [blame] | 24 | # Multipart AEAD is not supported in Mbed TLS 2.x. | 
|  | 25 | 252, 253, 254, 255, 256, 257, 258, 259, 260, 261, | 
| Bence Szépkúti | 7ccbea6 | 2021-11-09 21:30:43 +0100 | [diff] [blame] | 26 |  | 
|  | 27 | # psa_hash_suspend() and psa_hash_resume() are not supported. | 
|  | 28 | # - Tracked in issue #3274 | 
|  | 29 | 262, 263 | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 30 | } | 
| Bence Szépkúti | 355f805 | 2021-11-09 17:33:57 +0100 | [diff] [blame] | 31 |  | 
|  | 32 | # We currently use a fork of ARM-software/psa-arch-tests, with a couple of downstream patches | 
| Bence Szépkúti | d1c6420 | 2021-11-10 17:43:20 +0100 | [diff] [blame] | 33 | # that allow it to build with Mbed TLS 2, and fixes a couple of issues in the compliance test suite. | 
| Bence Szépkúti | 355f805 | 2021-11-09 17:33:57 +0100 | [diff] [blame] | 34 | # These fixes allow the tests numbered 216, 248 and 249 to complete successfully. | 
|  | 35 | # | 
|  | 36 | # Once all the fixes are upstreamed, this fork should be replaced with an upstream commit/tag. | 
| Bence Szépkúti | 340352a | 2021-11-09 22:13:46 +0100 | [diff] [blame] | 37 | # - Tracked in issue #5145 | 
| Bence Szépkúti | 355f805 | 2021-11-09 17:33:57 +0100 | [diff] [blame] | 38 | # | 
| Bence Szépkúti | d1c6420 | 2021-11-10 17:43:20 +0100 | [diff] [blame] | 39 | # Web URL: https://github.com/bensze01/psa-arch-tests/tree/fixes-for-mbedtls-2 | 
| Bence Szépkúti | 355f805 | 2021-11-09 17:33:57 +0100 | [diff] [blame] | 40 | PSA_ARCH_TESTS_REPO = 'https://github.com/bensze01/psa-arch-tests.git' | 
| Gilles Peskine | 3afb7c3 | 2022-05-17 17:23:09 +0200 | [diff] [blame] | 41 | PSA_ARCH_TESTS_REF = 'fix-5735-2.28' | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 42 |  | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 43 | #pylint: disable=too-many-branches,too-many-statements | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 44 | def main(): | 
|  | 45 | mbedtls_dir = os.getcwd() | 
|  | 46 |  | 
| Bence Szépkúti | ab796e6 | 2021-10-25 19:29:07 +0200 | [diff] [blame] | 47 | if not os.path.exists('library/libmbedcrypto.a'): | 
|  | 48 | subprocess.check_call(['make', '-C', 'library', 'libmbedcrypto.a']) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 49 |  | 
|  | 50 | psa_arch_tests_dir = 'psa-arch-tests' | 
| Bence Szépkúti | eda2fb9 | 2021-11-02 14:06:40 +0100 | [diff] [blame] | 51 | os.makedirs(psa_arch_tests_dir, exist_ok=True) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 52 | try: | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 53 | os.chdir(psa_arch_tests_dir) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 54 |  | 
| Bence Szépkúti | bd66d18 | 2021-11-03 11:32:51 +0100 | [diff] [blame] | 55 | # Reuse existing local clone | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 56 | subprocess.check_call(['git', 'init']) | 
|  | 57 | subprocess.check_call(['git', 'fetch', PSA_ARCH_TESTS_REPO, PSA_ARCH_TESTS_REF]) | 
|  | 58 | subprocess.check_call(['git', 'checkout', 'FETCH_HEAD']) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 59 |  | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 60 | build_dir = 'api-tests/build' | 
|  | 61 | try: | 
|  | 62 | shutil.rmtree(build_dir) | 
|  | 63 | except FileNotFoundError: | 
|  | 64 | pass | 
|  | 65 | os.mkdir(build_dir) | 
|  | 66 | os.chdir(build_dir) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 67 |  | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 68 | #pylint: disable=bad-continuation | 
|  | 69 | subprocess.check_call([ | 
|  | 70 | 'cmake', '..', | 
|  | 71 | '-GUnix Makefiles', | 
|  | 72 | '-DTARGET=tgt_dev_apis_stdc', | 
|  | 73 | '-DTOOLCHAIN=HOST_GCC', | 
|  | 74 | '-DSUITE=CRYPTO', | 
| Bence Szépkúti | 1dbaaba | 2021-11-10 17:44:37 +0100 | [diff] [blame] | 75 | '-DMISSING_CRYPTO_1_0=1', | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 76 | '-DPSA_CRYPTO_LIB_FILENAME={}/library/libmbedcrypto.a'.format(mbedtls_dir), | 
|  | 77 | '-DPSA_INCLUDE_PATHS={}/include'.format(mbedtls_dir) | 
|  | 78 | ]) | 
|  | 79 | subprocess.check_call(['cmake', '--build', '.']) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 80 |  | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 81 | proc = subprocess.Popen(['./psa-arch-tests-crypto'], | 
|  | 82 | bufsize=1, stdout=subprocess.PIPE, universal_newlines=True) | 
|  | 83 |  | 
|  | 84 | test_re = re.compile( | 
|  | 85 | '^TEST: (?P<test_num>[0-9]*)|' | 
|  | 86 | '^TEST RESULT: (?P<test_result>FAILED|PASSED)' | 
|  | 87 | ) | 
|  | 88 | test = -1 | 
|  | 89 | unexpected_successes = set(EXPECTED_FAILURES) | 
|  | 90 | expected_failures = [] | 
|  | 91 | unexpected_failures = [] | 
|  | 92 | for line in proc.stdout: | 
|  | 93 | print(line, end='') | 
|  | 94 | match = test_re.match(line) | 
|  | 95 | if match is not None: | 
|  | 96 | groupdict = match.groupdict() | 
|  | 97 | test_num = groupdict['test_num'] | 
|  | 98 | if test_num is not None: | 
|  | 99 | test = int(test_num) | 
|  | 100 | elif groupdict['test_result'] == 'FAILED': | 
|  | 101 | try: | 
|  | 102 | unexpected_successes.remove(test) | 
|  | 103 | expected_failures.append(test) | 
|  | 104 | print('Expected failure, ignoring') | 
|  | 105 | except KeyError: | 
|  | 106 | unexpected_failures.append(test) | 
|  | 107 | print('ERROR: Unexpected failure') | 
|  | 108 | elif test in unexpected_successes: | 
|  | 109 | print('ERROR: Unexpected success') | 
|  | 110 | proc.wait() | 
|  | 111 |  | 
|  | 112 | print() | 
|  | 113 | print('***** test_psa_compliance.py report ******') | 
|  | 114 | print() | 
|  | 115 | print('Expected failures:', ', '.join(str(i) for i in expected_failures)) | 
|  | 116 | print('Unexpected failures:', ', '.join(str(i) for i in unexpected_failures)) | 
|  | 117 | print('Unexpected successes:', ', '.join(str(i) for i in sorted(unexpected_successes))) | 
|  | 118 | print() | 
|  | 119 | if unexpected_successes or unexpected_failures: | 
|  | 120 | if unexpected_successes: | 
|  | 121 | print('Unexpected successes encountered.') | 
|  | 122 | print('Please remove the corresponding tests from ' | 
|  | 123 | 'EXPECTED_FAILURES in tests/scripts/compliance_test.py') | 
|  | 124 | print() | 
|  | 125 | print('FAILED') | 
|  | 126 | return 1 | 
|  | 127 | else: | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 128 | print('SUCCESS') | 
|  | 129 | return 0 | 
|  | 130 | finally: | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 131 | os.chdir(mbedtls_dir) | 
| Bence Szépkúti | 9f84911 | 2021-10-19 15:05:36 +0200 | [diff] [blame] | 132 |  | 
|  | 133 | if __name__ == '__main__': | 
| Bence Szépkúti | 559f1ce | 2021-11-02 13:48:39 +0100 | [diff] [blame] | 134 | sys.exit(main()) |