From 60dec38390471dfe5a66a51e76a1022c065177dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Oct 2025 22:29:13 +0200 Subject: [PATCH 1/7] Update framework with psa_compliance.py bug fixes Signed-off-by: Gilles Peskine --- framework | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework b/framework index d80c4f9ec3..eabf862efe 160000 --- a/framework +++ b/framework @@ -1 +1 @@ -Subproject commit d80c4f9ec3a01c001778658023f82e40fdb51d40 +Subproject commit eabf862efe458edea693c333cc11466f461a1b45 From 18143ebd62c6a68b65861486fd0640efa9af3ff1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 30 Sep 2025 16:58:12 +0200 Subject: [PATCH 2/7] Improve docstring following the split Signed-off-by: Gilles Peskine --- tests/scripts/test_psa_compliance.py | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index ca50fc5c93..7cb4fd10f8 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -1,10 +1,14 @@ #!/usr/bin/env python3 """Run the PSA Crypto API compliance test suite. -Clone the repo and check out the commit specified by PSA_ARCH_TEST_REPO and PSA_ARCH_TEST_REF, -then compile and run the test suite. The clone is stored at /psa-arch-tests. -Known defects in either the test suite or Mbed TLS - identified by their test -number - are ignored, while unexpected failures AND successes are reported as errors, to help +Clone the psa-arch-tests repo and check out the specified commit. +The clone is stored at /psa-arch-tests. +Check out the commit specified by the calling script and apply patches if needed. +The patches are located at /scripts/data_files/psa-arch-tests/ . +Compile the library and the compliance tests and run the test suite. + +This script can specify a list of expected failures. +Unexpected failures and successes are reported as errors, to help keep the list of known defects as up to date as possible. """ From 7ce21b0f5eb9fcbfa5e2971d980983e8cee2be35 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Oct 2025 22:06:01 +0200 Subject: [PATCH 3/7] Fix stack buffer overflow in AEAD tests Without this patch, psa-arch-tests crashes on some platforms including our CI environment because libc detects a buffer overflow on the stack. This bug does not seem to be fixed upstream yet, so I will submit a fix. In the meantime, we'll need to carry the patch here. Signed-off-by: Gilles Peskine --- .../fix-aead-stack-buffer-overflow.patch | 45 +++++++++++++++++++ 1 file changed, 45 insertions(+) create mode 100644 scripts/data_files/psa-arch-tests/fix-aead-stack-buffer-overflow.patch diff --git a/scripts/data_files/psa-arch-tests/fix-aead-stack-buffer-overflow.patch b/scripts/data_files/psa-arch-tests/fix-aead-stack-buffer-overflow.patch new file mode 100644 index 0000000000..262dcc77d4 --- /dev/null +++ b/scripts/data_files/psa-arch-tests/fix-aead-stack-buffer-overflow.patch @@ -0,0 +1,45 @@ +commit 7b89b1c9dfe5f28edb631abb3763e4e12661a505 +Author: Gilles Peskine +Date: 2025-10-01 19:05:23 +0200 + + Fix stack buffer overflow in AEAD tests + + Pass the remaining buffer length to API functions, not the length of the + original buffer. + + Signed-off-by: Gilles Peskine + +diff --git a/api-tests/dev_apis/crypto/test_c061/test_c061.c b/api-tests/dev_apis/crypto/test_c061/test_c061.c +index df8e3e910..79ff154ac 100644 +--- a/api-tests/dev_apis/crypto/test_c061/test_c061.c ++++ b/api-tests/dev_apis/crypto/test_c061/test_c061.c +@@ -96,9 +96,11 @@ int32_t psa_aead_finish_test(caller_security_t caller __UNUSED) + BUFFER_SIZE, &length); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + ++ size_t remaining_output_size = check1[i].output_size > length ? check1[i].output_size - length : 0; ++ + /* Finish encrypting a message in an AEAD operation */ + status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output + length, +- check1[i].output_size, &finish_length, tag, check1[i].tag_size, &tag_length); ++ remaining_output_size, &finish_length, tag, check1[i].tag_size, &tag_length); + TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9)); + + if (check1[i].expected_status != PSA_SUCCESS) +diff --git a/api-tests/dev_apis/crypto/test_c063/test_c063.c b/api-tests/dev_apis/crypto/test_c063/test_c063.c +index cee674155..66211ae8e 100644 +--- a/api-tests/dev_apis/crypto/test_c063/test_c063.c ++++ b/api-tests/dev_apis/crypto/test_c063/test_c063.c +@@ -95,9 +95,11 @@ int32_t psa_aead_verify_test(caller_security_t caller __UNUSED) + BUFFER_SIZE, &length); + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(8)); + ++ size_t remaining_output_size = check1[i].output_size > length ? check1[i].output_size - length : 0; ++ + /* Finish authenticating and decrypting a message in an AEAD operation */ + status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output + length, +- check1[i].output_size, &verify_length, check1[i].tag, check1[i].tag_length); ++ remaining_output_size, &verify_length, check1[i].tag, check1[i].tag_length); + TEST_ASSERT_DUAL(status, + check1[i].expected_status[0], + check1[i].expected_status[1], From afa8900c7863316365bb76cb8b33aad43d91a8b6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Oct 2025 22:21:59 +0200 Subject: [PATCH 4/7] Expect failures from functions that are not implemented We don't implement `psa_key_derivation_verify_bytes()` and `psa_key_derivation_verify_key()` yet (the functions exist but they always return `PSA_ERROR_NOT_SUPPORTED`). Therefore, expect the tests for these functions to fail. These failures were previously undetected because psa-arch-tests was crashing due to a stack buffer overflow in AEAD tests. Signed-off-by: Gilles Peskine --- tests/scripts/test_psa_compliance.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index 7cb4fd10f8..e1cd99a780 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -28,6 +28,9 @@ # Test number 2xx corresponds to the files in the folder # psa-arch-tests/api-tests/dev_apis/crypto/test_c0xx EXPECTED_FAILURES = [ + # Tests for psa_key_derivation_verify_bytes() and + # psa_key_derivation_verify_key(). We don't implement these functions yet. + 267, 268, ] # type: List[int] if __name__ == '__main__': From 720fc3e50fc397714f8ebb70fb7256ec5b52d4b9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Oct 2025 22:18:30 +0200 Subject: [PATCH 5/7] Fix JPAKE test executed even when JPAKE is disabled Partial backport of 232fb5801273dbc97789cb9079f1168499e34a2a, first released in v25.08_API1.9_ADAC_1.0.2 . Signed-off-by: Gilles Peskine --- .../data_files/psa-arch-tests/test_c078.patch | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 scripts/data_files/psa-arch-tests/test_c078.patch diff --git a/scripts/data_files/psa-arch-tests/test_c078.patch b/scripts/data_files/psa-arch-tests/test_c078.patch new file mode 100644 index 0000000000..01d5d87786 --- /dev/null +++ b/scripts/data_files/psa-arch-tests/test_c078.patch @@ -0,0 +1,33 @@ +commit 7d7f86a3ac27dff664cc86140dbf69a29da87426 +Author: Gilles Peskine +Date: 2025-10-03 22:13:27 +0200 + + Fix JPAKE test executed even when JPAKE is disabled + + Partial backport of 232fb5801273dbc97789cb9079f1168499e34a2a, + first released in v25.08_API1.9_ADAC_1.0.2 . + + Signed-off-by: Gilles Peskine + +diff --git a/api-tests/dev_apis/crypto/test_c078/test_c078.c b/api-tests/dev_apis/crypto/test_c078/test_c078.c +index 70b956dd8..7f0c99240 100644 +--- a/api-tests/dev_apis/crypto/test_c078/test_c078.c ++++ b/api-tests/dev_apis/crypto/test_c078/test_c078.c +@@ -101,6 +101,7 @@ int32_t send_message_jpake(psa_pake_operation_t *from, psa_pake_operation_t *to, + + int32_t psa_pake_jpake_test(caller_security_t caller __UNUSED) + { ++#ifdef ARCH_TEST_JPAKE + uint8_t i = 0; + int32_t status; + psa_pake_operation_t user = PSA_PAKE_OPERATION_INIT; +@@ -307,4 +308,9 @@ int32_t psa_pake_jpake_test(caller_security_t caller __UNUSED) + TEST_ASSERT_EQUAL(status, PSA_SUCCESS, TEST_CHECKPOINT_NUM(60)); + + return VAL_STATUS_SUCCESS; ++ ++#else ++ val->print(PRINT_TEST, "No test available for the selected crypto configuration\n", 0); ++ return RESULT_SKIP(VAL_STATUS_NO_TESTS); ++#endif + } From 8f3b2aea0e8634ad337d34688e1b98f42a82d0ca Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 3 Oct 2025 22:25:53 +0200 Subject: [PATCH 6/7] Disable JPAKE in compliance tests There are memory errors in some PAKE tests that make psa-arch-tests crash. I am preparing patches for them, but until then, disable PAKE. Signed-off-by: Gilles Peskine --- .../psa-arch-tests/pal_crypto_config.patch | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/scripts/data_files/psa-arch-tests/pal_crypto_config.patch b/scripts/data_files/psa-arch-tests/pal_crypto_config.patch index 0093672726..98c9affb19 100644 --- a/scripts/data_files/psa-arch-tests/pal_crypto_config.patch +++ b/scripts/data_files/psa-arch-tests/pal_crypto_config.patch @@ -1,5 +1,5 @@ diff --git a/api-tests/platform/targets/tgt_dev_apis_stdc/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_stdc/nspe/pal_crypto_config.h -index dad40ec..8d19699 100644 +index dad40ec4b..91072b4fb 100644 --- a/api-tests/platform/targets/tgt_dev_apis_stdc/nspe/pal_crypto_config.h +++ b/api-tests/platform/targets/tgt_dev_apis_stdc/nspe/pal_crypto_config.h @@ -53,7 +53,7 @@ @@ -66,7 +66,15 @@ index dad40ec..8d19699 100644 /** * \def ARCH_TEST_ECC_ASYMMETRIC_API_SUPPORT -@@ -397,10 +397,10 @@ +@@ -390,17 +390,17 @@ + * + * Enable support for balanced PAKE: ECJPAKE algorithm + */ +-#define ARCH_TEST_JPAKE ++//#define ARCH_TEST_JPAKE + + /** + * \def ARCH_TEST_SPAKE2P * * Enable support for augmented PAKE: SPAKE2P algorithm */ From 85467a9836ac4faf139e01bc2109ac5f9696ea32 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 6 Oct 2025 12:06:34 +0200 Subject: [PATCH 7/7] Clarify that this is the "calling script" Signed-off-by: Gilles Peskine --- tests/scripts/test_psa_compliance.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/scripts/test_psa_compliance.py b/tests/scripts/test_psa_compliance.py index e1cd99a780..1c22daf073 100755 --- a/tests/scripts/test_psa_compliance.py +++ b/tests/scripts/test_psa_compliance.py @@ -3,7 +3,7 @@ Clone the psa-arch-tests repo and check out the specified commit. The clone is stored at /psa-arch-tests. -Check out the commit specified by the calling script and apply patches if needed. +Check out the commit specified in this script and apply patches if needed. The patches are located at /scripts/data_files/psa-arch-tests/ . Compile the library and the compliance tests and run the test suite.