From a911b32e2f190ab6842664430f503bf5c20308c4 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Jun 2020 22:40:58 +0200
Subject: [PATCH 1/5] Fix dependency in AES GCM test case

The test case was never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_cipher.gcm.data | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/suites/test_suite_cipher.gcm.data b/tests/suites/test_suite_cipher.gcm.data
index 8d728bd06..a4cebd241 100644
--- a/tests/suites/test_suite_cipher.gcm.data
+++ b/tests/suites/test_suite_cipher.gcm.data
@@ -3,7 +3,7 @@ depends_on:MBEDTLS_CAMELLIA_C:MBEDTLS_GCM_C
 dec_empty_buf:MBEDTLS_CIPHER_CAMELLIA_128_GCM:0:0
 
 AES GCM Decrypt empty buffer
-depends_on:MBEDTLS_CIPHER_AES_128_GCM:MBEDTLS_GCM_C
+depends_on:MBEDTLS_AES_C:MBEDTLS_GCM_C
 dec_empty_buf:MBEDTLS_CIPHER_AES_128_GCM:0:0
 
 Aria GCM Decrypt empty buffer

From af9dbc9213265477a89bd2c6d44c7bf0423ab9bc Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Jun 2020 22:41:40 +0200
Subject: [PATCH 2/5] Fix dependency in PSA test cases

The test cases were never executed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto.data          | 2 +-
 tests/suites/test_suite_psa_crypto_metadata.data | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index 48bdbed94..2a0573d8b 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -574,7 +574,7 @@ depends_on:MBEDTLS_PK_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE
 raw_agreement_key_policy:PSA_KEY_USAGE_DERIVE:PSA_ALG_ECDH:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_CURVE_SECP_R1):"49c9a8c18c4b885638c431cf1df1c994131609b580d4fd43a0cab17db2f13eee":PSA_ALG_KEY_AGREEMENT(PSA_ALG_ECDH, PSA_ALG_HKDF(PSA_ALG_SHA_256))
 
 PSA key policy algorithm2: CTR, CBC
-depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC_NOPAD
+depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CTR:MBEDTLS_CIPHER_MODE_CBC
 key_policy_alg2:PSA_KEY_TYPE_AES:"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa":PSA_KEY_USAGE_ENCRYPT:PSA_ALG_CTR:PSA_ALG_CBC_NO_PADDING
 
 PSA key policy algorithm2: ECDH, ECDSA
diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index b771e5823..606fb58d2 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -155,7 +155,7 @@ depends_on:MBEDTLS_ARC4_C
 cipher_algorithm:PSA_ALG_ARC4:ALG_IS_STREAM_CIPHER
 
 Cipher: ChaCha20
-depends_on:MBEDTLS_CHACHA_C
+depends_on:MBEDTLS_CHACHA20_C
 cipher_algorithm:PSA_ALG_CHACHA20:ALG_IS_STREAM_CIPHER
 
 Cipher: CTR

From b20b873bffbbf8aa3ee75a3b79479295252e1a35 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Jun 2020 22:48:06 +0200
Subject: [PATCH 3/5] Remove metadata tests for features that are not
 implemented

The metadata tests depend on the corresponding feature because there
is no guarantee that the metadata is correct if the feature is
disabled. There are metadata test cases for some algorithms and key
types that are declared but not supported. These test cases are
present but can never run.

It is debatable whether having these test cases is a good thing in
case they become runnable in the future, or a bad thing because
they're dead code. We're working on detecting test cases that are
never executed for accidental reasons (e.g. typo in a dependency or
missing configuration on the CI), and having test cases that are
deliberately never executed messes this up. So remove these test
cases. If we do implement the corresponding feature, it'll be easy to
add the corresponding metadata test cases.

The features that had metadata tests but no implementations were:

* SHA-512/256 and SHA-512/224 (hypothetical dependency: MBEDTLS_SHA512_256)
* DSA (hypothetical dependency: MBEDTLS_DSA_C)
* SHA-3 and HMAC-SHA-3 (hypothetical dependency: MBEDTLS_SHA3_C)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 .../test_suite_psa_crypto_metadata.data       | 72 -------------------
 1 file changed, 72 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 606fb58d2..96ce3a685 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -34,30 +34,6 @@ Hash: SHA-2 SHA-512
 depends_on:MBEDTLS_SHA512_C
 hash_algorithm:PSA_ALG_SHA_512:64
 
-Hash: SHA-2 SHA-512/224
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hash_algorithm:PSA_ALG_SHA_512_224:28
-
-Hash: SHA-2 SHA-512/256
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hash_algorithm:PSA_ALG_SHA_512_256:32
-
-Hash: SHA-3 SHA3-224
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_224:28
-
-Hash: SHA-3 SHA3-256
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_256:32
-
-Hash: SHA-3 SHA3-384
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_384:48
-
-Hash: SHA-3 SHA3-512
-depends_on:MBEDTLS_SHA3_C
-hash_algorithm:PSA_ALG_SHA3_512:64
-
 MAC: HMAC-MD2
 depends_on:MBEDTLS_MD2_C
 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_MD2 ):16:64
@@ -94,30 +70,6 @@ MAC: HMAC-SHA-512
 depends_on:MBEDTLS_SHA512_C
 hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512 ):64:128
 
-MAC: HMAC-SHA-512/224
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_224 ):28:128
-
-MAC: HMAC-SHA-512/256
-depends_on:MBEDTLS_SHA512_C:MBEDTLS_SHA512_256
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA_512_256 ):32:128
-
-MAC: HMAC-SHA3-224
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_224 ):28:144
-
-MAC: HMAC-SHA3-256
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_256 ):32:136
-
-MAC: HMAC-SHA3-384
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_384 ):48:104
-
-MAC: HMAC-SHA3-512
-depends_on:MBEDTLS_SHA3_C
-hmac_algorithm:PSA_ALG_HMAC( PSA_ALG_SHA3_512 ):64:72
-
 MAC: CBC_MAC-AES-128
 depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_C
 mac_algorithm:PSA_ALG_CBC_MAC:ALG_IS_BLOCK_CIPHER_MAC:16:PSA_KEY_TYPE_AES:128
@@ -206,14 +158,6 @@ Asymmetric signature: RSA PSS SHA-256
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_RSA_PSS( PSA_ALG_SHA_256 ):ALG_IS_RSA_PSS | ALG_IS_HASH_AND_SIGN
 
-Asymmetric signature: SHA-256 + randomized DSA SHA-256 using SHA-256
-depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C
-asymmetric_signature_algorithm:PSA_ALG_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA | ALG_IS_HASH_AND_SIGN
-
-Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#1]
-depends_on:MBEDTLS_DSA_C:MBEDTLS_SHA256_C:MBEDTLS_DSA_DETERMINISTIC
-asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_SHA_256 ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
-
 Asymmetric signature: randomized ECDSA (no hashing)
 depends_on:MBEDTLS_ECDSA_C
 asymmetric_signature_algorithm:PSA_ALG_ECDSA_ANY:ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
@@ -234,14 +178,6 @@ Asymmetric signature: RSA PSS with wildcard hash
 depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21
 asymmetric_signature_wildcard:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):ALG_IS_RSA_PSS
 
-Asymmetric signature: randomized DSA with wildcard hash
-depends_on:MBEDTLS_DSA_C
-asymmetric_signature_wildcard:PSA_ALG_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_RANDOMIZED_DSA
-
-Asymmetric signature: deterministic DSA with wildcard hash [#1]
-depends_on:MBEDTLS_DSA_C:MBEDTLS_DSA_DETERMINISTIC
-asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_DSA( PSA_ALG_ANY_HASH ):ALG_IS_DSA | ALG_IS_DETERMINISTIC_DSA | ALG_DSA_IS_DETERMINISTIC
-
 Asymmetric signature: randomized ECDSA with wildcard hash
 depends_on:MBEDTLS_ECDSA_C
 asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA
@@ -343,14 +279,6 @@ Key type: RSA key pair
 depends_on:MBEDTLS_RSA_C
 key_type:PSA_KEY_TYPE_RSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_RSA
 
-Key type: DSA public key
-depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_PUBLIC_KEY:KEY_TYPE_IS_PUBLIC_KEY | KEY_TYPE_IS_DSA
-
-Key type: DSA key pair
-depends_on:MBEDTLS_DSA_C
-key_type:PSA_KEY_TYPE_DSA_KEY_PAIR:KEY_TYPE_IS_KEY_PAIR | KEY_TYPE_IS_DSA
-
 ECC key family: SECP K1
 ecc_key_family:PSA_ECC_CURVE_SECP_K1
 

From 7eefa22fb16f4048c60cb22e556c7567609d8cbf Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Jun 2020 22:54:47 +0200
Subject: [PATCH 4/5] Fix copypasta in test case descriptions

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/suites/test_suite_psa_crypto_metadata.data | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/suites/test_suite_psa_crypto_metadata.data b/tests/suites/test_suite_psa_crypto_metadata.data
index 96ce3a685..f8889833b 100644
--- a/tests/suites/test_suite_psa_crypto_metadata.data
+++ b/tests/suites/test_suite_psa_crypto_metadata.data
@@ -166,7 +166,7 @@ Asymmetric signature: SHA-256 + randomized ECDSA
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA | ALG_IS_HASH_AND_SIGN
 
-Asymmetric signature: SHA-256 + deterministic DSA using SHA-256 [#2]
+Asymmetric signature: SHA-256 + deterministic ECDSA using SHA-256
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_SHA256_C
 asymmetric_signature_algorithm:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_SHA_256 ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC | ALG_IS_HASH_AND_SIGN
 
@@ -182,7 +182,7 @@ Asymmetric signature: randomized ECDSA with wildcard hash
 depends_on:MBEDTLS_ECDSA_C
 asymmetric_signature_wildcard:PSA_ALG_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_RANDOMIZED_ECDSA
 
-Asymmetric signature: deterministic DSA with wildcard hash [#2]
+Asymmetric signature: deterministic ECDSA with wildcard hash
 depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC
 asymmetric_signature_wildcard:PSA_ALG_DETERMINISTIC_ECDSA( PSA_ALG_ANY_HASH ):ALG_IS_ECDSA | ALG_IS_DETERMINISTIC_ECDSA | ALG_ECDSA_IS_DETERMINISTIC
 

From 0d7216511fe90abaf1c1293f829a45a8c6e0ab72 Mon Sep 17 00:00:00 2001
From: Gilles Peskine <Gilles.Peskine@arm.com>
Date: Fri, 26 Jun 2020 23:35:53 +0200
Subject: [PATCH 5/5] Fix erroneous skip of test cases for disabled
 ciphersuites

Test cases that force a specific ciphersuites are only executed if
this ciphersuite is enabled. But there are test cases (for RC4) whose
goal is to check that the ciphersuite is not used. These test cases
must run even if (or only if) the ciphersuite is disable, so add an
exception for these test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
---
 tests/ssl-opt.sh | 41 ++++++++++++++++++++++++++++++-----------
 1 file changed, 30 insertions(+), 11 deletions(-)

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 8d28b63c3..5864a87a7 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -241,6 +241,33 @@ requires_ciphersuite_enabled() {
     fi
 }
 
+# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...]
+# If CMD (call to a TLS client or server program) requires a specific
+# ciphersuite, arrange to only run the test case if this ciphersuite is
+# enabled. As an exception, do run the test case if it expects a ciphersuite
+# mismatch.
+maybe_requires_ciphersuite_enabled() {
+    case "$1" in
+        *\ force_ciphersuite=*) :;;
+        *) return;; # No specific required ciphersuite
+    esac
+    ciphersuite="${1##*\ force_ciphersuite=}"
+    ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}"
+    shift
+
+    case "$*" in
+        *"-s SSL - The server has no ciphersuites in common"*)
+            # This test case expects a ciphersuite mismatch, so it doesn't
+            # require the ciphersuite to be enabled.
+            ;;
+        *)
+            requires_ciphersuite_enabled "$ciphersuite"
+            ;;
+    esac
+
+    unset ciphersuite
+}
+
 # skip next test if OpenSSL doesn't support FALLBACK_SCSV
 requires_openssl_with_fallback_scsv() {
     if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
@@ -658,17 +685,9 @@ run_test() {
        requires_config_enabled MBEDTLS_FS_IO
     fi
 
-    # Check if server forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
-
-    # Check if client forces ciphersuite
-    FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
-    if [ ! -z "$FORCE_CIPHERSUITE" ]; then
-       requires_ciphersuite_enabled $FORCE_CIPHERSUITE
-    fi
+    # If the client or serve requires a ciphersuite, check that it's enabled.
+    maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@"
+    maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@"
 
     # should we skip?
     if [ "X$SKIP_NEXT" = "XYES" ]; then