Update psa arch tests version to v24.03_API1.6_CRYPTO_1.1.0
This involves adding 4 patches to fix issues in psa-arch-tests
one fixing a buffer overflow issue and another fixing RSA
public key format issue, one related to multiple possible
return values and one related to platform configuration.
Also this enforces tfm profile to be Large in order to be
able test all functionalities.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
Change-Id: Ia408d98301e304f9ef51c109633d742ae85918b9
(cherry picked from commit ece8c06630d16d1b9b89099f2c6fd9dbb88644a3)
diff --git a/tests_psa_arch/fetch_repo/0007-Fix_buffer_overflow_in_test_c06163c.patch b/tests_psa_arch/fetch_repo/0007-Fix_buffer_overflow_in_test_c06163c.patch
new file mode 100644
index 0000000..b49c3e0
--- /dev/null
+++ b/tests_psa_arch/fetch_repo/0007-Fix_buffer_overflow_in_test_c06163c.patch
@@ -0,0 +1,42 @@
+From 408f66b5b1e49dc0e2b7da6f9a5105d554fab7af Mon Sep 17 00:00:00 2001
+From: Waleed Elmelegy <waleed.elmelegy@arm.com>
+Date: Mon, 3 Mar 2025 16:23:11 +0000
+Subject: [PATCH] Fix buffer overflow in test_c061/63.c
+
+Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
+---
+ api-tests/dev_apis/crypto/test_c061/test_c061.c | 3 ++-
+ api-tests/dev_apis/crypto/test_c063/test_c063.c | 3 ++-
+ 2 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c061/test_c061.c b/api-tests/dev_apis/crypto/test_c061/test_c061.c
+index df8e3e9..de0ec00 100644
+--- a/api-tests/dev_apis/crypto/test_c061/test_c061.c
++++ b/api-tests/dev_apis/crypto/test_c061/test_c061.c
+@@ -98,7 +98,8 @@ int32_t psa_aead_finish_test(caller_security_t caller __UNUSED)
+
+ /* Finish encrypting a message in an AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_FINISH, &operation, output + length,
+- check1[i].output_size, &finish_length, tag, check1[i].tag_size, &tag_length);
++ check1[i].output_size > length ? check1[i].output_size-length : check1[i].output_size,
++ &finish_length, tag, check1[i].tag_size, &tag_length);
+ TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(9));
+
+ if (check1[i].expected_status != PSA_SUCCESS)
+diff --git a/api-tests/dev_apis/crypto/test_c063/test_c063.c b/api-tests/dev_apis/crypto/test_c063/test_c063.c
+index cee6741..56313ff 100644
+--- a/api-tests/dev_apis/crypto/test_c063/test_c063.c
++++ b/api-tests/dev_apis/crypto/test_c063/test_c063.c
+@@ -97,7 +97,8 @@ int32_t psa_aead_verify_test(caller_security_t caller __UNUSED)
+
+ /* Finish authenticating and decrypting a message in an AEAD operation */
+ status = val->crypto_function(VAL_CRYPTO_AEAD_VERIFY, &operation, output + length,
+- check1[i].output_size, &verify_length, check1[i].tag, check1[i].tag_length);
++ check1[i].output_size > length ? check1[i].output_size - length : check1[i].output_size,
++ &verify_length, check1[i].tag, check1[i].tag_length);
+ TEST_ASSERT_DUAL(status,
+ check1[i].expected_status[0],
+ check1[i].expected_status[1],
+--
+2.25.1
+
diff --git a/tests_psa_arch/fetch_repo/0008-Use-rsa_128_key_data-which-has-expected-formate.patch b/tests_psa_arch/fetch_repo/0008-Use-rsa_128_key_data-which-has-expected-formate.patch
new file mode 100644
index 0000000..897bf21
--- /dev/null
+++ b/tests_psa_arch/fetch_repo/0008-Use-rsa_128_key_data-which-has-expected-formate.patch
@@ -0,0 +1,25 @@
+From 1ed4fd6856aa6cd67b7dfbea82c1b775f0a450e1 Mon Sep 17 00:00:00 2001
+From: Stephan Koch <koch@oberon.ch>
+Date: Fri, 28 Jun 2024 18:18:55 +0200
+Subject: [PATCH] Use rsa_128_key_data which has expected format.
+
+Signed-off-by: Stephan Koch <koch@oberon.ch>
+---
+ api-tests/dev_apis/crypto/test_c042/test_data.h | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c042/test_data.h b/api-tests/dev_apis/crypto/test_c042/test_data.h
+index ff038337..1972b945 100644
+--- a/api-tests/dev_apis/crypto/test_c042/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c042/test_data.h
+@@ -236,8 +236,8 @@ static const test_data check1[] = {
+ {
+ .test_desc = "Test psa_verify_hash - PSA_ALG_RSA_PSS_ANY_SALT\n",
+ .type = PSA_KEY_TYPE_RSA_PUBLIC_KEY,
+- .data = rsa_key_pair_public_key,
+- .data_length = 162,
++ .data = rsa_128_key_data,
++ .data_length = 140,
+ .usage_flags = PSA_KEY_USAGE_VERIFY_HASH,
+ .alg = PSA_ALG_RSA_PSS_ANY_SALT(PSA_ALG_SHA_256),
+ .hash = hash,
diff --git a/tests_psa_arch/fetch_repo/0009-Update-Musca-S1-B1-platform-configuration.patch b/tests_psa_arch/fetch_repo/0009-Update-Musca-S1-B1-platform-configuration.patch
new file mode 100644
index 0000000..b8b0f5e
--- /dev/null
+++ b/tests_psa_arch/fetch_repo/0009-Update-Musca-S1-B1-platform-configuration.patch
@@ -0,0 +1,79 @@
+From 11d2d1e770b37d0fd9bd68fc6274c6d5359380d3 Mon Sep 17 00:00:00 2001
+From: Waleed Elmelegy <waleed.elmelegy@arm.com>
+Date: Wed, 26 Mar 2025 16:11:55 +0000
+Subject: [PATCH] Update Musca S1/B1 platform configuration
+
+Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
+---
+ .../nspe/pal_crypto_config.h | 7 +++++++
+ .../nspe/pal_crypto_config.h | 15 +++++++++++++++
+ 2 files changed, 22 insertions(+)
+
+diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
+index 9518356..b6e39f8 100644
+--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_b1/nspe/pal_crypto_config.h
+@@ -66,6 +66,10 @@
+ #endif
+ #endif
+
++/* curves of size <255 are obsolete algorithms, should be disabled. */
++#undef ARCH_TEST_ECC_CURVE_SECP192R1
++#undef ARCH_TEST_ECC_CURVE_SECP224R1
++
+ /**
+ * \def ARCH_TEST_AES
+ *
+@@ -282,6 +286,9 @@
+ //#define ARCH_TEST_SHA3_384
+ //#define ARCH_TEST_SHA3_512
+
++// SHA224 is not in our scope of testing
++#undef ARCH_TEST_SHA224
++
+ /**
+ * \def ARCH_TEST_HKDF
+ *
+diff --git a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
+index 5adb08f..13a160d 100644
+--- a/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
++++ b/api-tests/platform/targets/tgt_dev_apis_tfm_musca_s1/nspe/pal_crypto_config.h
+@@ -66,6 +66,10 @@
+ #endif
+ #endif
+
++/* curves of size <255 are obsolete algorithms, should be disabled. */
++#undef ARCH_TEST_ECC_CURVE_SECP192R1
++#undef ARCH_TEST_ECC_CURVE_SECP224R1
++
+ /**
+ * \def ARCH_TEST_AES
+ *
+@@ -282,6 +286,9 @@
+ //#define ARCH_TEST_SHA3_384
+ //#define ARCH_TEST_SHA3_512
+
++// SHA224 is not in our scope of testing
++#undef ARCH_TEST_SHA224
++
+ /**
+ * \def ARCH_TEST_HKDF
+ *
+@@ -384,6 +391,14 @@
+ * Enable ECC support for asymmetric API.
+ */
+ //#define ARCH_TEST_ECC_ASYMMETRIC_API_SUPPORT
++
++/**
++ * \def ARCH_TEST_PBKDF2
++ *
++ * Enable the Password-based Key derivation functions - 2.
++*/
++#define ARCH_TEST_PBKDF2
++
+ #include "pal_crypto_config_check.h"
+
+ #endif /* _PAL_CRYPTO_CONFIG_H_ */
+--
+2.25.1
+
diff --git a/tests_psa_arch/fetch_repo/0010-Add-multiple-expected-return-statuses-in-case-of-inv.patch b/tests_psa_arch/fetch_repo/0010-Add-multiple-expected-return-statuses-in-case-of-inv.patch
new file mode 100644
index 0000000..2a0a80a
--- /dev/null
+++ b/tests_psa_arch/fetch_repo/0010-Add-multiple-expected-return-statuses-in-case-of-inv.patch
@@ -0,0 +1,128 @@
+From e0210ad8109519e77785a2d1170d6b37e0e8ba3a Mon Sep 17 00:00:00 2001
+From: Waleed Elmelegy <waleed.elmelegy@arm.com>
+Date: Wed, 26 Mar 2025 15:53:13 +0000
+Subject: [PATCH] Add multiple expected return statuses in case of invalid
+ algorithm
+
+Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
+---
+ .../dev_apis/crypto/test_c041/test_c041.c | 7 +++++--
+ .../dev_apis/crypto/test_c041/test_data.h | 20 +++++++++----------
+ 2 files changed, 15 insertions(+), 12 deletions(-)
+
+diff --git a/api-tests/dev_apis/crypto/test_c041/test_c041.c b/api-tests/dev_apis/crypto/test_c041/test_c041.c
+index 0fe0ef5..0fceaba 100644
+--- a/api-tests/dev_apis/crypto/test_c041/test_c041.c
++++ b/api-tests/dev_apis/crypto/test_c041/test_c041.c
+@@ -77,9 +77,12 @@ int32_t psa_sign_hash_test(caller_security_t caller __UNUSED)
+ check1[i].signature,
+ check1[i].signature_size,
+ &get_signature_length);
+- TEST_ASSERT_EQUAL(status, check1[i].expected_status, TEST_CHECKPOINT_NUM(4));
++ TEST_ASSERT_DUAL(status,
++ check1[i].expected_status[0],
++ check1[i].expected_status[1],
++ TEST_CHECKPOINT_NUM(4));
+
+- if (check1[i].expected_status != PSA_SUCCESS)
++ if (check1[i].expected_status[0] != PSA_SUCCESS)
+ {
+ /* Destroy the key */
+ status = val->crypto_function(VAL_CRYPTO_DESTROY_KEY, key);
+diff --git a/api-tests/dev_apis/crypto/test_c041/test_data.h b/api-tests/dev_apis/crypto/test_c041/test_data.h
+index a7ae40f..ab63deb 100644
+--- a/api-tests/dev_apis/crypto/test_c041/test_data.h
++++ b/api-tests/dev_apis/crypto/test_c041/test_data.h
+@@ -30,7 +30,7 @@ typedef struct {
+ size_t signature_size;
+ const uint8_t *expected_signature;
+ size_t expected_signature_length;
+- psa_status_t expected_status;
++ psa_status_t expected_status[2];
+ } test_data;
+
+ static const test_data check1[] = {
+@@ -49,7 +49,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = signature_1,
+ .expected_signature_length = 128,
+- .expected_status = PSA_SUCCESS,
++ .expected_status = {PSA_SUCCESS,PSA_SUCCESS},
+ },
+ #endif
+
+@@ -68,7 +68,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = signature_2,
+ .expected_signature_length = 128,
+- .expected_status = PSA_SUCCESS,
++ .expected_status = {PSA_SUCCESS,PSA_SUCCESS},
+ },
+ #endif
+ #endif
+@@ -90,7 +90,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = signature_3,
+ .expected_signature_length = 64,
+- .expected_status = PSA_SUCCESS,
++ .expected_status = {PSA_SUCCESS,PSA_SUCCESS},
+ },
+ #endif
+ #endif
+@@ -110,7 +110,7 @@ static const test_data check1[] = {
+ .signature_size = 128,
+ .expected_signature = NULL,
+ .expected_signature_length = 0,
+- .expected_status = PSA_ERROR_INVALID_ARGUMENT,
++ .expected_status = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
+ },
+
+ {
+@@ -126,7 +126,7 @@ static const test_data check1[] = {
+ .signature_size = 127,
+ .expected_signature = signature_1,
+ .expected_signature_length = 128,
+- .expected_status = PSA_ERROR_BUFFER_TOO_SMALL,
++ .expected_status = {PSA_ERROR_BUFFER_TOO_SMALL,PSA_ERROR_BUFFER_TOO_SMALL}
+ },
+ #endif
+
+@@ -143,7 +143,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = NULL,
+ .expected_signature_length = 0,
+- .expected_status = PSA_ERROR_INVALID_ARGUMENT,
++ .expected_status = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_NOT_SUPPORTED}
+ },
+ #endif
+
+@@ -162,7 +162,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = NULL,
+ .expected_signature_length = 0,
+- .expected_status = PSA_ERROR_INVALID_ARGUMENT,
++ .expected_status = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
+ },
+ #endif
+ #endif
+@@ -183,7 +183,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = NULL,
+ .expected_signature_length = 0,
+- .expected_status = PSA_ERROR_NOT_PERMITTED,
++ .expected_status = {PSA_ERROR_NOT_PERMITTED,PSA_ERROR_NOT_PERMITTED},
+ },
+ #endif
+
+@@ -202,7 +202,7 @@ static const test_data check1[] = {
+ .signature_size = BUFFER_SIZE,
+ .expected_signature = NULL,
+ .expected_signature_length = 0,
+- .expected_status = PSA_ERROR_INVALID_ARGUMENT,
++ .expected_status = {PSA_ERROR_INVALID_ARGUMENT,PSA_ERROR_INVALID_ARGUMENT},
+ },
+ #endif
+ #endif
+--
+2.25.1
+
diff --git a/tests_psa_arch/fetch_repo/CMakeLists.txt b/tests_psa_arch/fetch_repo/CMakeLists.txt
index 48d17ee..4dbbb27 100644
--- a/tests_psa_arch/fetch_repo/CMakeLists.txt
+++ b/tests_psa_arch/fetch_repo/CMakeLists.txt
@@ -8,7 +8,7 @@
#-------------------------------------------------------------------------------
set(PSA_ARCH_TESTS_PATH "DOWNLOAD" CACHE PATH "Path to PSA arch test repository used for SPE build")
-set(PSA_ARCH_TESTS_VERSION "v23.06_API1.5_ADAC_EAC" CACHE STRING "The version of PSA arch tests to use")
+set(PSA_ARCH_TESTS_VERSION "v24.03_API1.6_CRYPTO_1.1.0" CACHE STRING "The version of PSA arch tests to use")
fetch_remote_library(
LIB_NAME psa_arch_tests
diff --git a/tests_psa_arch/spe/config/check_config.cmake b/tests_psa_arch/spe/config/check_config.cmake
index cc1e444..b259fad 100644
--- a/tests_psa_arch/spe/config/check_config.cmake
+++ b/tests_psa_arch/spe/config/check_config.cmake
@@ -18,7 +18,5 @@
tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_INTERNAL_TRUSTED_STORAGE)
tfm_invalid_config(TEST_PSA_API STREQUAL "STORAGE" AND NOT TFM_PARTITION_PROTECTED_STORAGE)
# PSA Arch crypto test intends to test all PSA crypto APIs. Therefore PSA Arch crypto test
-# cannot support to test TF-M Profile Medium, Profile Medium-ARoT-less and Profile Small.
-tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND TFM_PROFILE STREQUAL "profile_medium")
-tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND TFM_PROFILE STREQUAL "profile_medium_arotless")
-tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND TFM_PROFILE STREQUAL "profile_small")
+# are required to use TF-M Profile profile_large.
+tfm_invalid_config(TEST_PSA_API STREQUAL "CRYPTO" AND NOT (TFM_PROFILE STREQUAL "profile_large"))
\ No newline at end of file