Merge pull request #9170 from eleuzi01/replace-mbedtls-md-can-sha224
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
diff --git a/Makefile b/Makefile
index 67ad0b7..74e328a 100644
--- a/Makefile
+++ b/Makefile
@@ -31,7 +31,10 @@
lib:
$(MAKE) -C library
-tests: lib mbedtls_test
+ifndef PSASIM
+tests: lib
+endif
+tests: mbedtls_test
$(MAKE) -C tests
mbedtls_test:
@@ -168,7 +171,10 @@
if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln
endif
-check: lib tests
+ifndef PSASIM
+check: lib
+endif
+check: tests
$(MAKE) -C tests check
test: check
diff --git a/framework b/framework
index 423e41e..29e8dce 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 423e41ec8044a797eca7ac3a36497963fc4e5606
+Subproject commit 29e8dce54a1041e22489f713cc8c44f700fafcec
diff --git a/library/cipher.c b/library/cipher.c
index 0683677..7f4c121 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -849,6 +849,9 @@
}
padding_len = input[input_len - 1];
+ if (padding_len == 0 || padding_len > input_len) {
+ return MBEDTLS_ERR_CIPHER_INVALID_PADDING;
+ }
*data_len = input_len - padding_len;
mbedtls_ct_condition_t bad = mbedtls_ct_uint_gt(padding_len, input_len);
diff --git a/scripts/common.make b/scripts/common.make
index ead1334..077ac6f 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -4,6 +4,8 @@
MBEDTLS_PATH := ..
endif
+PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim
+
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
@@ -26,19 +28,38 @@
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
+
+ifdef PSASIM
+LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
+ -L$(PSASIM_PATH)/client_libs \
+ -lpsaclient \
+ -lmbedtls$(SHARED_SUFFIX) \
+ -lmbedx509$(SHARED_SUFFIX) \
+ -lmbedcrypto$(SHARED_SUFFIX)
+else
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
+endif
include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
-ifndef SHARED
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a
+ifdef PSASIM
+MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \
+ $(PSASIM_PATH)/client_libs/libmbedx509.a \
+ $(PSASIM_PATH)/client_libs/libmbedtls.a \
+ $(PSASIM_PATH)/client_libs/libpsaclient.a
+else ifndef SHARED
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \
+ $(MBEDTLS_PATH)/library/libmbedx509.a \
+ $(MBEDTLS_PATH)/library/libmbedtls.a
else
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -126,10 +147,17 @@
endif
# Auxiliary modules used by tests and some sample programs
-MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
+MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/drivers/*.c \
))
+# Ignore PSA stubs when building for the client side of PSASIM (i.e.
+# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates.
+ifdef PSASIM
+MBEDTLS_CORE_TEST_OBJS := $(filter-out \
+ ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
+ )
+endif
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \
diff --git a/scripts/config.py b/scripts/config.py
index c53f9e7..8704bdb 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -396,6 +396,7 @@
self.default_path)
super().__init__()
self.filename = filename
+ self.inclusion_guard = None
self.current_section = 'header'
with open(filename, 'r', encoding='utf-8') as file:
self.templates = [self._parse_line(line) for line in file]
@@ -413,9 +414,11 @@
r'(?P<arguments>(?:\((?:\w|\s|,)*\))?)' +
r'(?P<separator>\s*)' +
r'(?P<value>.*)')
+ _ifndef_line_regexp = r'#ifndef (?P<inclusion_guard>\w+)'
_section_line_regexp = (r'\s*/?\*+\s*[\\@]name\s+SECTION:\s*' +
r'(?P<section>.*)[ */]*')
_config_line_regexp = re.compile(r'|'.join([_define_line_regexp,
+ _ifndef_line_regexp,
_section_line_regexp]))
def _parse_line(self, line):
"""Parse a line in mbedtls_config.h and return the corresponding template."""
@@ -426,10 +429,16 @@
elif m.group('section'):
self.current_section = m.group('section')
return line
+ elif m.group('inclusion_guard') and self.inclusion_guard is None:
+ self.inclusion_guard = m.group('inclusion_guard')
+ return line
else:
active = not m.group('commented_out')
name = m.group('name')
value = m.group('value')
+ if name == self.inclusion_guard and value == '':
+ # The file double-inclusion guard is not an option.
+ return line
template = (name,
m.group('indentation'),
m.group('define') + name +
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index f04f6b7..b03bce2 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -11,6 +11,7 @@
perl scripts\generate_visualc_files.pl || exit /b 1
python scripts\generate_psa_constants.py || exit /b 1
python framework\scripts\generate_bignum_tests.py || exit /b 1
+python framework\scripts\generate_config_tests.py || exit /b 1
python framework\scripts\generate_ecp_tests.py || exit /b 1
python framework\scripts\generate_psa_tests.py || exit /b 1
python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
diff --git a/tests/.gitignore b/tests/.gitignore
index 838ea69..870fa79 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -3,22 +3,24 @@
*.log
/test_suite*
-data_files/mpi_write
-data_files/hmac_drbg_seed
-data_files/ctr_drbg_seed
-data_files/entropy_seed
+/data_files/mpi_write
+/data_files/hmac_drbg_seed
+/data_files/ctr_drbg_seed
+/data_files/entropy_seed
-include/alt-extra/psa/crypto_platform_alt.h
-include/alt-extra/psa/crypto_struct_alt.h
-include/test/instrument_record_status.h
+/include/alt-extra/psa/crypto_platform_alt.h
+/include/alt-extra/psa/crypto_struct_alt.h
+/include/test/instrument_record_status.h
-src/libmbed*
+/src/libmbed*
-libtestdriver1/*
+/libtestdriver1/*
###START_GENERATED_FILES###
# Generated source files
/suites/*.generated.data
+/suites/test_suite_config.mbedtls_boolean.data
+/suites/test_suite_config.psa_boolean.data
/suites/test_suite_psa_crypto_storage_format.v[0-9]*.data
/suites/test_suite_psa_crypto_storage_format.current.data
/src/test_keys.h
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 62be14e..213578d 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -33,6 +33,18 @@
execute_process(
COMMAND
${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ --list-for-cmake
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ OUTPUT_VARIABLE
+ base_config_generated_data_files)
+string(REGEX REPLACE "[^;]*/" ""
+ base_config_generated_data_files "${base_config_generated_data_files}")
+
+execute_process(
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_ecp_tests.py
--list-for-cmake
WORKING_DIRECTORY
@@ -61,11 +73,15 @@
string(REGEX REPLACE "([^;]+)" "suites/\\1"
all_generated_data_files "${base_generated_data_files}")
set(bignum_generated_data_files "")
+set(config_generated_data_files "")
set(ecp_generated_data_files "")
set(psa_generated_data_files "")
foreach(file ${base_bignum_generated_data_files})
list(APPEND bignum_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
+foreach(file ${base_config_generated_data_files})
+ list(APPEND config_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
+endforeach()
foreach(file ${base_ecp_generated_data_files})
list(APPEND ecp_generated_data_files ${CMAKE_CURRENT_BINARY_DIR}/suites/${file})
endforeach()
@@ -94,6 +110,21 @@
)
add_custom_command(
OUTPUT
+ ${config_generated_data_files}
+ WORKING_DIRECTORY
+ ${CMAKE_CURRENT_SOURCE_DIR}/..
+ COMMAND
+ ${MBEDTLS_PYTHON_EXECUTABLE}
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ --directory ${CMAKE_CURRENT_BINARY_DIR}/suites
+ DEPENDS
+ ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_config_tests.py
+ # Do not declare the configuration files as dependencies: they
+ # change too often in ways that don't affect the result
+ # ((un)commenting some options).
+ )
+ add_custom_command(
+ OUTPUT
${ecp_generated_data_files}
WORKING_DIRECTORY
${CMAKE_CURRENT_SOURCE_DIR}/..
@@ -142,6 +173,7 @@
# With this line, only 4 sub-makefiles include the above command, that reduces
# the risk of a race.
add_custom_target(test_suite_bignum_generated_data DEPENDS ${bignum_generated_data_files})
+add_custom_target(test_suite_config_generated_data DEPENDS ${config_generated_data_files})
add_custom_target(test_suite_ecp_generated_data DEPENDS ${ecp_generated_data_files})
add_custom_target(test_suite_psa_generated_data DEPENDS ${psa_generated_data_files})
# If SKIP_TEST_SUITES is not defined with -D, get it from the environment.
@@ -199,6 +231,10 @@
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
set(dependency test_suite_bignum_generated_data)
+ elseif(";${config_generated_data_names};" MATCHES ";${data_name};")
+ set(data_file
+ ${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
+ set(dependency test_suite_bignum_generated_data)
elseif(";${ecp_generated_data_names};" MATCHES ";${data_name};")
set(data_file
${CMAKE_CURRENT_BINARY_DIR}/suites/test_suite_${data_name}.data)
@@ -210,7 +246,11 @@
else()
set(data_file
${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data)
- set(dependency test_suite_bignum_generated_data test_suite_ecp_generated_data test_suite_psa_generated_data)
+ set(dependency
+ test_suite_bignum_generated_data
+ test_suite_config_generated_data
+ test_suite_ecp_generated_data
+ test_suite_psa_generated_data)
endif()
add_custom_command(
diff --git a/tests/Makefile b/tests/Makefile
index 7ab4d9c..21ddf13 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -17,7 +17,6 @@
LOCAL_CFLAGS += -Werror -DRECORD_PSA_STATUS_COVERAGE_LOG
endif
-.PHONY: generated_files
GENERATED_BIGNUM_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list || \
echo FAILED \
@@ -25,6 +24,17 @@
ifeq ($(GENERATED_BIGNUM_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_bignum_tests.py --list" failed)
endif
+GENERATED_DATA_FILES += $(GENERATED_BIGNUM_DATA_FILES)
+
+GENERATED_CONFIG_DATA_FILES := $(patsubst tests/%,%,$(shell \
+ $(PYTHON) ../framework/scripts/generate_config_tests.py --list || \
+ echo FAILED \
+))
+ifeq ($(GENERATED_CONFIG_DATA_FILES),FAILED)
+$(error "$(PYTHON) ../framework/scripts/generate_config_tests.py --list" failed)
+endif
+GENERATED_DATA_FILES += $(GENERATED_CONFIG_DATA_FILES)
+
GENERATED_ECP_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list || \
echo FAILED \
@@ -32,6 +42,8 @@
ifeq ($(GENERATED_ECP_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_ecp_tests.py --list" failed)
endif
+GENERATED_DATA_FILES += $(GENERATED_ECP_DATA_FILES)
+
GENERATED_PSA_DATA_FILES := $(patsubst tests/%,%,$(shell \
$(PYTHON) ../framework/scripts/generate_psa_tests.py --list || \
echo FAILED \
@@ -39,8 +51,13 @@
ifeq ($(GENERATED_PSA_DATA_FILES),FAILED)
$(error "$(PYTHON) ../framework/scripts/generate_psa_tests.py --list" failed)
endif
-GENERATED_FILES := $(GENERATED_PSA_DATA_FILES) $(GENERATED_ECP_DATA_FILES) $(GENERATED_BIGNUM_DATA_FILES)
-generated_files: $(GENERATED_FILES) src/test_keys.h src/test_certs.h
+GENERATED_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
+
+GENERATED_FILES = $(GENERATED_DATA_FILES)
+GENERATED_FILES += src/test_keys.h src/test_certs.h
+
+.PHONY: generated_files
+generated_files: $(GENERATED_FILES)
# generate_bignum_tests.py and generate_psa_tests.py spend more time analyzing
# inputs than generating outputs. Its inputs are the same no matter which files
@@ -48,7 +65,6 @@
# It's rare not to want all the outputs. So always generate all of its outputs.
# Use an intermediate phony dependency so that parallel builds don't run
# a separate instance of the recipe for each output file.
-.SECONDARY: generated_bignum_test_data generated_ecp_test_data generated_psa_test_data
$(GENERATED_BIGNUM_DATA_FILES): $(gen_file_dep) generated_bignum_test_data
generated_bignum_test_data: ../framework/scripts/generate_bignum_tests.py
generated_bignum_test_data: ../framework/scripts/mbedtls_framework/bignum_common.py
@@ -60,6 +76,23 @@
generated_bignum_test_data:
echo " Gen $(GENERATED_BIGNUM_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_bignum_tests.py
+.SECONDARY: generated_bignum_test_data
+
+# We deliberately omit the configuration files (mbedtls_config.h,
+# crypto_config.h) from the depenency list because during development
+# and on the CI, we often edit those in a way that doesn't change the
+# output, to comment out certain options, or even to remove certain
+# lines which do affect the output negatively (it will miss the
+# corresponding test cases).
+$(GENERATED_CONFIG_DATA_FILES): $(gen_file_dep) generated_config_test_data
+generated_config_test_data: ../framework/scripts/generate_config_tests.py
+generated_config_test_data: ../scripts/config.py
+generated_config_test_data: ../framework/scripts/mbedtls_framework/test_case.py
+generated_config_test_data: ../framework/scripts/mbedtls_framework/test_data_generation.py
+generated_config_test_data:
+ echo " Gen $(GENERATED_CONFIG_DATA_FILES)"
+ $(PYTHON) ../framework/scripts/generate_config_tests.py
+.SECONDARY: generated_config_test_data
$(GENERATED_ECP_DATA_FILES): $(gen_file_dep) generated_ecp_test_data
generated_ecp_test_data: ../framework/scripts/generate_ecp_tests.py
@@ -70,6 +103,7 @@
generated_ecp_test_data:
echo " Gen $(GENERATED_ECP_DATA_FILES)"
$(PYTHON) ../framework/scripts/generate_ecp_tests.py
+.SECONDARY: generated_ecp_test_data
$(GENERATED_PSA_DATA_FILES): $(gen_file_dep) generated_psa_test_data
generated_psa_test_data: ../framework/scripts/generate_psa_tests.py
@@ -92,6 +126,7 @@
generated_psa_test_data:
echo " Gen $(GENERATED_PSA_DATA_FILES) ..."
$(PYTHON) ../framework/scripts/generate_psa_tests.py
+.SECONDARY: generated_psa_test_data
# A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be
@@ -99,7 +134,7 @@
DATA_FILES := $(wildcard suites/test_suite_*.data)
# Make sure that generated data files are included even if they don't
# exist yet when the makefile is parsed.
-DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_FILES))
+DATA_FILES += $(filter-out $(DATA_FILES),$(GENERATED_DATA_FILES))
APPS = $(basename $(subst suites/,,$(DATA_FILES)))
# Construct executable name by adding OS specific suffix $(EXEXT).
@@ -177,6 +212,7 @@
clean:
ifndef WINDOWS
+ $(MAKE) -C psa-client-server/psasim clean
rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h
rm -f src/test_keys.h src/test_certs.h
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 7306d8e..7393d81 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -11,7 +11,7 @@
#include "test/helpers.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
@@ -38,12 +38,15 @@
mbedtls_psa_crypto_free(); \
} \
while (0)
-#else /*MBEDTLS_PSA_CRYPTO_C */
+#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
+#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
+#define PSA_DONE() mbedtls_psa_crypto_free();
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() ((void) 0)
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@@ -313,7 +316,7 @@
} \
while (0)
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** \def USE_PSA_INIT
*
diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile
index 02b639f..ec6691f 100644
--- a/tests/psa-client-server/psasim/Makefile
+++ b/tests/psa-client-server/psasim/Makefile
@@ -1,11 +1,11 @@
CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
ifeq ($(DEBUG),1)
-CFLAGS += -DDEBUG -O0 -g
+override CFLAGS += -DDEBUG -O0 -g
endif
-LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls
-LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto
+CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto
+SERVER_LIBS := -Lserver_libs -lmbedcrypto
MBEDTLS_ROOT_PATH = ../../..
COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \
@@ -16,13 +16,14 @@
include/psa_manifest/pid.h \
include/psa_manifest/sid.h
-PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \
- src/psa_sim_crypto_client.c \
- src/psa_sim_serialise.c
+LIBPSACLIENT_SRC = src/psa_ff_client.c \
+ src/psa_sim_crypto_client.c \
+ src/psa_sim_serialise.c
+LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o)
-PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c
+PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c
-PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \
+PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \
$(wildcard src/aut_*.c)
PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
@@ -32,21 +33,28 @@
src/psa_sim_crypto_server.c \
src/psa_sim_serialise.c
-.PHONY: all clean libpsaclient libpsaserver
+.PHONY: all clean client_libs server_libs
all:
test/seedfile:
dd if=/dev/urandom of=./test/seedfile bs=64 count=1
-test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES)
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
+src/%.o: src/%.c $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@
-test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES)
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
+client_libs/libpsaclient: $(LIBPSACLIENT_OBJS)
+ mkdir -p client_libs
+ $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS)
-test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
+test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@
$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
tools/psa_autogen.py src/manifest.json
@@ -56,17 +64,18 @@
#
# Note: these rules assume that mbedtls_config.h is already configured by all.sh.
# If not using all.sh then the user must do it manually.
-libpsaclient libpsaserver:
+client_libs: client_libs/libpsaclient
+client_libs server_libs:
$(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a
mkdir -p $@
cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/
- $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean
-clean:
- rm -f test/psa_client_base test/psa_client_full test/psa_partition
+clean_server_intermediate_files:
rm -f $(PARTITION_SERVER_BOOTSTRAP)
- rm -rf libpsaclient libpsaserver
rm -rf include/psa_manifest
- rm -f test/psa_service_* test/psa_notify_*
- rm -f test/*.log
+
+clean: clean_server_intermediate_files
+ rm -f test/psa_client_base test/psa_client_full test/psa_server
+ rm -rf client_libs server_libs
+ rm -f test/psa_service_* test/psa_notify_* test/*.log
rm -f test/seedfile
diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c
index 0446e7a..b429c0b 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_hash.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c
@@ -89,6 +89,43 @@
mbedtls_printf("Multi-part hash operation successful!\n");
}
+ /* A bit of white-box testing: ensure that we can abort an operation more
+ * times than there are operation slots on the simulator server.
+ */
+ for (int i = 0; i < 200; i++) {
+ /* This should be a no-op */
+ status = psa_hash_abort(&hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_abort failed\n");
+ goto cleanup;
+ }
+ }
+
+ /* Compute hash using multi-part operation using the same operation struct */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ goto cleanup;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed: %d\n", status);
+ goto cleanup;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ /* Don't use psa_hash_finish() when going to check against an expected result */
+ status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed: %d\n", status);
+ goto cleanup;
+ } else {
+ mbedtls_printf("Second multi-part hash operation successful!\n");
+ }
+
/* Clear local variables prior to one-shot hash demo */
memset(hash, 0, sizeof(hash));
hash_length = 0;
diff --git a/tests/psa-client-server/psasim/src/psa_ff_server.c b/tests/psa-client-server/psasim/src/psa_ff_server.c
index 7f97b9b..b106092 100644
--- a/tests/psa-client-server/psasim/src/psa_ff_server.c
+++ b/tests/psa-client-server/psasim/src/psa_ff_server.c
@@ -26,8 +26,6 @@
#define MAX_CLIENTS 128
#define MAX_MESSAGES 32
-#define SLEEP_US 1
-
struct connection {
uint32_t client;
void *rhandle;
@@ -104,9 +102,6 @@
uint32_t requested_version;
ssize_t len;
int idx;
-#if !defined(PSASIM_USE_USLEEP)
- const struct timespec ts_delay = { .tv_sec = 0, .tv_nsec = SLEEP_US * 1000 };
-#endif
if (timeout == PSA_POLL) {
INFO("psa_wait: Called in polling mode");
@@ -261,11 +256,6 @@
break;
} else {
/* There is no 'select' function in SysV to block on multiple queues, so busy-wait :( */
-#if defined(PSASIM_USE_USLEEP)
- usleep(SLEEP_US);
-#else /* PSASIM_USE_USLEEP */
- nanosleep(&ts_delay, NULL);
-#endif /* PSASIM_USE_USLEEP */
}
} while (timeout == PSA_BLOCK);
@@ -474,7 +464,7 @@
while (sofar < num_bytes) {
size_t sending = (num_bytes - sofar);
- if (sending >= MAX_FRAGMENT_SIZE) {
+ if (sending > (MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2))) {
sending = MAX_FRAGMENT_SIZE - (sizeof(size_t) * 2);
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
index 28dff38..4200f6c 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -44,7 +44,7 @@
invec.base = in_params;
invec.len = in_params_len;
- size_t max_receive = 8192;
+ size_t max_receive = 24576;
uint8_t *receive = malloc(max_receive);
if (receive == NULL) {
fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive);
@@ -119,6 +119,11 @@
void mbedtls_psa_crypto_free(void)
{
+ /* Do not try to close a connection that was never started.*/
+ if (handle == -1) {
+ return;
+ }
+
CLIENT_PRINT("Closing handle");
psa_close(handle);
handle = -1;
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
index 5259751..cab32c4 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
@@ -131,7 +131,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -375,7 +375,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -619,7 +619,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -736,7 +736,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -866,7 +866,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -977,7 +977,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -1062,7 +1062,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -1172,7 +1172,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -1277,7 +1277,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -1387,7 +1387,7 @@
ok = psasim_server_serialise_psa_aead_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -1760,7 +1760,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -1980,7 +1980,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -2200,7 +2200,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -2296,7 +2296,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -2410,7 +2410,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -2513,7 +2513,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -2623,7 +2623,7 @@
ok = psasim_server_serialise_psa_cipher_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -3436,7 +3436,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -3520,7 +3520,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- target_operation);
+ target_operation, 0);
if (!ok) {
goto fail;
}
@@ -3827,7 +3827,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -3929,7 +3929,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4014,7 +4014,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4103,7 +4103,7 @@
ok = psasim_server_serialise_psa_hash_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -4389,7 +4389,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -4567,7 +4567,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4664,7 +4664,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4757,7 +4757,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4860,7 +4860,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -4950,7 +4950,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5055,7 +5055,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5166,7 +5166,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5261,7 +5261,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5345,7 +5345,7 @@
ok = psasim_server_serialise_psa_key_derivation_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5420,7 +5420,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -5643,7 +5643,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -5754,7 +5754,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -5839,7 +5839,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -6030,7 +6030,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -6127,7 +6127,7 @@
ok = psasim_server_serialise_psa_mac_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -6589,7 +6589,7 @@
ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -6685,7 +6685,7 @@
ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -6873,7 +6873,7 @@
ok = psasim_server_serialise_psa_sign_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -7181,7 +7181,7 @@
ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 1);
if (!ok) {
goto fail;
}
@@ -7256,7 +7256,7 @@
ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
@@ -7436,7 +7436,7 @@
ok = psasim_server_serialise_psa_verify_hash_interruptible_operation_t(
&rpos, &rremain,
- operation);
+ operation, 0);
if (!ok) {
goto fail;
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index ac23807..dd2fe9e 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -349,7 +349,7 @@
invec.base = in_params;
invec.len = in_params_len;
- size_t max_receive = 8192;
+ size_t max_receive = 24576;
uint8_t *receive = malloc(max_receive);
if (receive == NULL) {
fprintf(stderr, "FAILED to allocate %u bytes\n", (unsigned) max_receive);
@@ -424,6 +424,11 @@
void mbedtls_psa_crypto_free(void)
{
+ /* Do not try to close a connection that was never started.*/
+ if (handle == -1) {
+ return;
+ }
+
CLIENT_PRINT("Closing handle");
psa_close(handle);
handle = -1;
@@ -745,11 +750,19 @@
my $server_specific = ($argtype =~ /^psa_\w+_operation_t/) ? "server_" : "";
+ my $completed = ""; # Only needed on server serialise calls
+ if (length($server_specific)) {
+ # On server serialisation, which is only for operation types,
+ # we need to mark the operation as completed (variously called
+ # terminated or inactive in psa/crypto.h) on certain calls.
+ $completed = ($name =~ /_(abort|finish|hash_verify)$/) ? ", 1" : ", 0";
+ }
+
print $fh <<EOF;
ok = psasim_${server_specific}serialise_${argtype}(
&rpos, &rremain,
- $argname);
+ $argname$completed);
if (!ok) {
goto fail;
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
index e655e07..92ecdd2 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
@@ -936,7 +936,8 @@
int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos,
size_t *remaining,
- psa_hash_operation_t *operation)
+ psa_hash_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -946,6 +947,13 @@
ssize_t slot = operation - hash_operations;
+ if (completed) {
+ memset(&hash_operations[slot],
+ 0,
+ sizeof(psa_hash_operation_t));
+ hash_operation_handles[slot] = 0;
+ }
+
client_operation.handle = hash_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1031,7 +1039,8 @@
int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos,
size_t *remaining,
- psa_aead_operation_t *operation)
+ psa_aead_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1041,6 +1050,13 @@
ssize_t slot = operation - aead_operations;
+ if (completed) {
+ memset(&aead_operations[slot],
+ 0,
+ sizeof(psa_aead_operation_t));
+ aead_operation_handles[slot] = 0;
+ }
+
client_operation.handle = aead_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1162,7 +1178,8 @@
int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
- psa_mac_operation_t *operation)
+ psa_mac_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1172,6 +1189,13 @@
ssize_t slot = operation - mac_operations;
+ if (completed) {
+ memset(&mac_operations[slot],
+ 0,
+ sizeof(psa_mac_operation_t));
+ mac_operation_handles[slot] = 0;
+ }
+
client_operation.handle = mac_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1257,7 +1281,8 @@
int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
- psa_cipher_operation_t *operation)
+ psa_cipher_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1267,6 +1292,13 @@
ssize_t slot = operation - cipher_operations;
+ if (completed) {
+ memset(&cipher_operations[slot],
+ 0,
+ sizeof(psa_cipher_operation_t));
+ cipher_operation_handles[slot] = 0;
+ }
+
client_operation.handle = cipher_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1352,7 +1384,8 @@
int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
- psa_key_derivation_operation_t *operation)
+ psa_key_derivation_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1362,6 +1395,13 @@
ssize_t slot = operation - key_derivation_operations;
+ if (completed) {
+ memset(&key_derivation_operations[slot],
+ 0,
+ sizeof(psa_key_derivation_operation_t));
+ key_derivation_operation_handles[slot] = 0;
+ }
+
client_operation.handle = key_derivation_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1447,7 +1487,8 @@
int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
- psa_sign_hash_interruptible_operation_t *operation)
+ psa_sign_hash_interruptible_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1457,6 +1498,13 @@
ssize_t slot = operation - sign_hash_interruptible_operations;
+ if (completed) {
+ memset(&sign_hash_interruptible_operations[slot],
+ 0,
+ sizeof(psa_sign_hash_interruptible_operation_t));
+ sign_hash_interruptible_operation_handles[slot] = 0;
+ }
+
client_operation.handle = sign_hash_interruptible_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -1542,7 +1590,8 @@
int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
- psa_verify_hash_interruptible_operation_t *operation)
+ psa_verify_hash_interruptible_operation_t *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -1552,6 +1601,13 @@
ssize_t slot = operation - verify_hash_interruptible_operations;
+ if (completed) {
+ memset(&verify_hash_interruptible_operations[slot],
+ 0,
+ sizeof(psa_verify_hash_interruptible_operation_t));
+ verify_hash_interruptible_operation_handles[slot] = 0;
+ }
+
client_operation.handle = verify_hash_interruptible_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
index f85faad..f60e371 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
@@ -664,12 +664,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_hash_operation_t(uint8_t **pos,
size_t *remaining,
- psa_hash_operation_t *value);
+ psa_hash_operation_t *value,
+ int completed);
/** Deserialise a `psa_hash_operation_t` from a buffer on the server side.
*
@@ -750,12 +753,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_aead_operation_t(uint8_t **pos,
size_t *remaining,
- psa_aead_operation_t *value);
+ psa_aead_operation_t *value,
+ int completed);
/** Deserialise a `psa_aead_operation_t` from a buffer on the server side.
*
@@ -879,12 +885,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_mac_operation_t(uint8_t **pos,
size_t *remaining,
- psa_mac_operation_t *value);
+ psa_mac_operation_t *value,
+ int completed);
/** Deserialise a `psa_mac_operation_t` from a buffer on the server side.
*
@@ -965,12 +974,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_cipher_operation_t(uint8_t **pos,
size_t *remaining,
- psa_cipher_operation_t *value);
+ psa_cipher_operation_t *value,
+ int completed);
/** Deserialise a `psa_cipher_operation_t` from a buffer on the server side.
*
@@ -1051,12 +1063,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_key_derivation_operation_t(uint8_t **pos,
size_t *remaining,
- psa_key_derivation_operation_t *value);
+ psa_key_derivation_operation_t *value,
+ int completed);
/** Deserialise a `psa_key_derivation_operation_t` from a buffer on the server side.
*
@@ -1137,12 +1152,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_sign_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
- psa_sign_hash_interruptible_operation_t *value);
+ psa_sign_hash_interruptible_operation_t *value,
+ int completed);
/** Deserialise a `psa_sign_hash_interruptible_operation_t` from a buffer on the server side.
*
@@ -1223,12 +1241,15 @@
* \param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \param value The value to serialise into the buffer.
+ * \param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
*
* \return \c 1 on success ("okay"), \c 0 on error.
*/
int psasim_server_serialise_psa_verify_hash_interruptible_operation_t(uint8_t **pos,
size_t *remaining,
- psa_verify_hash_interruptible_operation_t *value);
+ psa_verify_hash_interruptible_operation_t *value,
+ int completed);
/** Deserialise a `psa_verify_hash_interruptible_operation_t` from a buffer on the server side.
*
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
index 81808ca..75e6cd0 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
@@ -158,11 +158,15 @@
my $type_d = $type;
$type_d =~ s/ /_/g;
+ if (length($server) && $type !~ /^psa_(\w+)_operation_t$/) {
+ die("$0: declare_server_serialise: $type: not supported\n");
+ }
+
my $server_side = (length($server)) ? " on the server side" : "";
my $ptr = (length($server)) ? "*" : "";
- return align_declaration(<<EOF);
+ my $code = <<EOF;
/** Serialise $an `$type` into a buffer${server_side}.
*
@@ -171,13 +175,29 @@
* \\param remaining[in,out] Pointer to a `size_t` holding number of bytes
* remaining in the buffer.
* \\param value The value to serialise into the buffer.
+EOF
+
+ $code .= <<EOF if length($server);
+ * \\param completed Non-zero if the operation is now completed (set by
+ * finish and abort calls).
+EOF
+
+ my $value_sep = (length($server)) ? "," : ");";
+
+ $code .= <<EOF;
*
* \\return \\c 1 on success ("okay"), \\c 0 on error.
*/
int psasim_${server}serialise_$type_d(uint8_t **pos,
size_t *remaining,
- $type ${ptr}value);
+ $type ${ptr}value$value_sep
EOF
+
+ $code .= <<EOF if length($server);
+ int completed);
+EOF
+
+ return align_declaration($code);
}
sub declare_deserialise
@@ -543,7 +563,8 @@
int psasim_server_serialise_$type_d(uint8_t **pos,
size_t *remaining,
- $type *operation)
+ $type *operation,
+ int completed)
{
psasim_operation_t client_operation;
@@ -553,6 +574,13 @@
ssize_t slot = operation - ${t}_operations;
+ if (completed) {
+ memset(&${t}_operations[slot],
+ 0,
+ sizeof($type_d));
+ ${t}_operation_handles[slot] = 0;
+ }
+
client_operation.handle = ${t}_operation_handles[slot];
memcpy(*pos, &client_operation, sizeof(client_operation));
@@ -619,7 +647,7 @@
if ($type =~ /^psa_(\w+)_operation_t$/) {
$t = $1;
} else {
- die("$0: define_server_serialise: $type: not supported\n");
+ die("$0: define_server_deserialise: $type: not supported\n");
}
my $type_d = $type;
@@ -1123,8 +1151,8 @@
EOF
}
-# Horrible way to align first, second and third lines of function signature to
-# appease uncrustify (these are the 2nd-4th lines of code, indices 1, 2 and 3)
+# Horrible way to align first few lines of function signature to appease
+# uncrustify (these are usually the 2nd-4th lines of code, indices 1, 2 and 3)
#
sub align_signature
{
@@ -1132,13 +1160,17 @@
my @code = split(/\n/, $code);
+ my $i = 1;
# Find where the ( is
- my $idx = index($code[1], "(");
+ my $idx = index($code[$i], "(");
die("can't find (") if $idx < 0;
my $indent = " " x ($idx + 1);
- $code[2] =~ s/^\s+/$indent/;
- $code[3] =~ s/^\s+/$indent/;
+
+ do {
+ # Indent each line up until the one that ends with )
+ $code[++$i] =~ s/^\s+/$indent/;
+ } while $code[$i] !~ /\)$/;
return join("\n", @code) . "\n";
}
@@ -1163,8 +1195,10 @@
die("can't find (") if $idx < 0;
my $indent = " " x ($idx + 1);
- $code[$i + 1] =~ s/^\s+/$indent/;
- $code[$i + 2] =~ s/^\s+/$indent/;
+ do {
+ # Indent each line up until the one with the ; on it
+ $code[++$i] =~ s/^\s+/$indent/;
+ } while ($code[$i] !~ /;/);
return join("\n", @code) . "\n";
}
diff --git a/tests/psa-client-server/psasim/test/kill_server.sh b/tests/psa-client-server/psasim/test/kill_server.sh
new file mode 100755
index 0000000..7aba5a3
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/kill_server.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+pkill psa_server || true
+
+# Remove temporary files and logs
+rm -f psa_notify_*
+rm -f psa_service_*
+rm -f psa_server.log
+
+# Remove all IPCs
+ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh
index 7c1011e..ac9c4c8 100755
--- a/tests/psa-client-server/psasim/test/run_test.sh
+++ b/tests/psa-client-server/psasim/test/run_test.sh
@@ -1,13 +1,13 @@
#!/bin/bash
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
# This is a simple bash script that tests psa_client/psa_server interaction.
# This script is automatically executed when "make run" is launched by the
# "psasim" root folder. The script can also be launched manually once
# binary files are built (i.e. after "make test" is executed from the "psasim"
# root folder).
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
@@ -16,26 +16,10 @@
CLIENT_BIN=$1
shift
-function clean_run() {
- rm -f psa_notify_*
- pkill psa_partition || true
- pkill psa_client || true
- ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
-}
+ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
-# The server creates some local files when it starts up so we can wait for this
-# event as signal that the server is ready so that we can start client(s).
-function wait_for_server_startup() {
- while [ ! -f ./psa_notify_* ]; do
- sleep 0.1
- done
-}
-
-clean_run
-
-./psa_partition &
-wait_for_server_startup
+./start_server.sh
./$CLIENT_BIN "$@"
# Kill server once client exited
-pkill psa_partition
+pkill psa_server
diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh
new file mode 100755
index 0000000..fcc8a97
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/start_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+# The server creates some local files when it starts up so we can wait for this
+# event as signal that the server is ready so that we can start client(s).
+function wait_for_server_startup() {
+ while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do
+ sleep 0.1
+ done
+}
+
+$(dirname "$0")/kill_server.sh
+
+$(dirname "$0")/psa_server &
+wait_for_server_startup
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3bff3a8..de74f97 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -217,6 +217,8 @@
# defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
+ PSASIM_PATH='tests/psa-client-server/psasim/'
+
# Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment
}
@@ -356,6 +358,24 @@
done
}
+# This is a helper function to be used in psasim builds. It is meant to clean
+# up the library's workspace after the server build and before the client
+# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
+# already copied to psasim folder at this point.
+helper_psasim_cleanup_before_client() {
+ # Clean up library files
+ make -C library clean
+ # Clean up intermediate files that were used to build the server
+ make -C $PSASIM_PATH clean_server_intermediate_files
+ # Restore files that were backup before building library files. This
+ # includes $CONFIG_H and $CRYPTO_CONFIG_H.
+ for x in $files_to_back_up; do
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
+ done
+}
+
# Final cleanup when this script exits (except when exiting on a failure
# in non-keep-going mode).
final_cleanup () {
@@ -948,11 +968,11 @@
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
}
-# $1: target which can be "client" or "server"
-helper_crypto_client_build() {
+# Set some default values $CONFIG_H in order to build server or client sides
+# in PSASIM. There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_config() {
TARGET=$1
- shift
- TARGET_LIB=libpsa$TARGET
if [ "$TARGET" == "client" ]; then
scripts/config.py full
@@ -976,8 +996,23 @@
# Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
fi
+}
- make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+# Helper to build the libraries for client/server in PSASIM. If the server is
+# being built, then it builds also the final executable.
+# There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_build() {
+ TARGET=$1
+ shift
+ TARGET_LIB=${TARGET}_libs
+
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+
+ # Build also the server application after its libraries have been built.
+ if [ "$TARGET" == "server" ]; then
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
+ fi
}
################################################################
@@ -1037,6 +1072,24 @@
echo "$loc_list"
}
+# Helper function for controlling (start & stop) the psasim server.
+helper_psasim_server() {
+ OPERATION=$1
+ if [ "$OPERATION" == "start" ]; then
+ (
+ cd tests
+ msg "start server"
+ psa-client-server/psasim/test/start_server.sh
+ )
+ else
+ (
+ cd tests
+ msg "terminate server and cleanup"
+ psa-client-server/psasim//test/kill_server.sh
+ )
+ fi
+}
+
################################################################
#### Basic checks
################################################################
@@ -1349,68 +1402,6 @@
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
-# Get a list of library-wise undefined symbols and ensure that they only
-# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
-# This function is a common helper used by both:
-# - component_test_default_psa_crypto_client_without_crypto_provider
-# - component_build_full_psa_crypto_client_without_crypto_provider.
-common_check_mbedtls_missing_symbols() {
- nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
- nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
- comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
- not grep mbedtls_ linking_errors.txt
-
- rm sym_def.txt sym_undef.txt linking_errors.txt
-}
-
-component_test_default_psa_crypto_client_without_crypto_provider () {
- msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
- scripts/config.py unset MBEDTLS_LMS_C
-
- make
-
- msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- common_check_mbedtls_missing_symbols
-
- msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- make test
-}
-
-component_build_full_psa_crypto_client_without_crypto_provider () {
- msg "build: full config - PSA_CRYPTO_C"
-
- # Use full config which includes USE_PSA and CRYPTO_CLIENT.
- scripts/config.py full
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- # Dynamic secure element support is a deprecated feature and it is not
- # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # Since there is no crypto provider in this build it is not possible to
- # build all the test executables and progrems due to missing PSA functions
- # at link time. Therefore we will just build libraries and we'll check
- # that symbols of interest are there.
- make lib
-
- msg "check missing symbols: full config - PSA_CRYPTO_C"
-
- common_check_mbedtls_missing_symbols
-
- # Ensure that desired functions are included into the build (extend the
- # following list as required).
- grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
- grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
- grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
-}
-
component_test_no_rsa_key_pair_generation() {
msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@@ -6029,20 +6020,16 @@
}
component_test_psasim() {
- msg "build library for server"
+ msg "build server library and application"
scripts/config.py crypto
- helper_crypto_client_build server
+ helper_psasim_config server
+ helper_psasim_build server
- msg "build server"
- make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition
-
- # cleanup() will restore some backed-up files which include $CONFIG_H and
- # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this
- # point.
- cleanup
+ helper_psasim_cleanup_before_client
msg "build library for client"
- helper_crypto_client_build client
+ helper_psasim_config client
+ helper_psasim_build client
msg "build basic psasim client"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
@@ -6057,6 +6044,38 @@
make -C tests/psa-client-server/psasim clean
}
+component_test_suite_with_psasim()
+{
+ msg "build server library and application"
+ helper_psasim_config server
+ # Modify server's library configuration here (if needed)
+ helper_psasim_build server
+
+ helper_psasim_cleanup_before_client
+
+ msg "build client library"
+ helper_psasim_config client
+ # PAKE functions are still unsupported from PSASIM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ helper_psasim_build client
+
+ msg "build test suites"
+ make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
+
+ helper_psasim_server start
+
+ # psasim takes an extremely long execution time on some test suites so we
+ # exclude them from the list.
+ SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
+ export SKIP_TEST_SUITES
+
+ msg "run test suites"
+ make PSASIM=1 test
+
+ helper_psasim_server kill
+}
+
################################################################
#### Termination
################################################################
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index eb24694..f8147d1 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -160,10 +160,10 @@
# don't issue an error if they're skipped with drivers,
# but issue an error if they're not (means we have a bad entry).
ignored = False
- if full_test_suite in ignored_tests:
- for str_or_re in ignored_tests[full_test_suite]:
- if name_matches_pattern(test_string, str_or_re):
- ignored = True
+ for str_or_re in (ignored_tests.get(full_test_suite, []) +
+ ignored_tests.get(test_suite, [])):
+ if name_matches_pattern(test_string, str_or_re):
+ ignored = True
if not ignored and not suite_case in driver_outcomes.successes:
results.error("PASS -> SKIP/FAIL: {}", suite_case)
@@ -242,6 +242,9 @@
'psa_crypto_low_hash.generated', # testing the builtins
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -265,6 +268,10 @@
'psa_crypto_low_hash.generated',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
+ re.compile(r'.*\bMBEDTLS_MD_C\b')
+ ],
'test_suite_md': [
# Builtin HMAC is not supported in the accelerate component.
re.compile('.*HMAC.*'),
@@ -304,6 +311,12 @@
'cipher',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
+ re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
+ ],
# PEM decryption is not supported so far.
# The rest of PEM (write, unencrypted read) works though.
'test_suite_pem': [
@@ -357,6 +370,9 @@
'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -397,6 +413,10 @@
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -436,6 +456,11 @@
'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -485,6 +510,13 @@
# provide), even with MBEDTLS_USE_PSA_CRYPTO.
re.compile(r'PSK callback:.*\bdhe-psk\b.*'),
],
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED\b.*'),
+ re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -523,6 +555,9 @@
'component_driver': 'test_psa_crypto_config_accel_ffdh',
'ignored_suites': ['dhm'],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_DHM_C\b.*'),
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -545,6 +580,15 @@
'bignum.generated', 'bignum.misc',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'),
+ re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'),
+ re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*')
+ ],
+ 'test_suite_config.crypto_combinations': [
+ 'Config: ECC: Weierstrass curves only',
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -570,6 +614,10 @@
'pk', 'pkwrite', 'pkparse'
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
+ re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
+ ],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
@@ -611,6 +659,10 @@
'cipher.camellia',
],
'ignored_tests': {
+ 'test_suite_config': [
+ re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'),
+ re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
+ ],
'test_suite_cmac': [
# Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled,
# but these are not available in the accelerated component.
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index e740f33..09c850a 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -129,6 +129,7 @@
# These checks are common to Mbed TLS and TF-PSA-Crypto
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
check framework/scripts/generate_bignum_tests.py $(framework/scripts/generate_bignum_tests.py --list)
+check framework/scripts/generate_config_tests.py $(framework/scripts/generate_config_tests.py --list)
check framework/scripts/generate_ecp_tests.py $(framework/scripts/generate_ecp_tests.py --list)
check framework/scripts/generate_psa_tests.py $(framework/scripts/generate_psa_tests.py --list)
check framework/scripts/generate_test_keys.py tests/src/test_keys.h
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 937bd45..b223276 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -11,7 +11,7 @@
#include <test/macros.h>
#include <test/psa_exercise_key.h>
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <mbedtls/asn1.h>
#include <psa/crypto.h>
@@ -1332,4 +1332,4 @@
}
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index aca4150..8e49d2d 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -549,6 +549,10 @@
/* encode length number of bytes from inbuf */
TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
+ if (0 != ret) {
+ /* Check output parameter is set to the least-harmful value on error */
+ TEST_ASSERT(0 == outlen);
+ }
/* done */
exit:
@@ -826,6 +830,10 @@
total_len += outlen;
TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
&outlen));
+ if (0 != finish_result) {
+ /* Check output parameter is set to the least-harmful value on error */
+ TEST_ASSERT(0 == outlen);
+ }
total_len += outlen;
#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||
diff --git a/tests/suites/test_suite_config.crypto_combinations.data b/tests/suites/test_suite_config.crypto_combinations.data
new file mode 100644
index 0000000..d3287d2
--- /dev/null
+++ b/tests/suites/test_suite_config.crypto_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of low-level crypto options
+
+Config: ECC: Weierstrass curves only
+depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:!MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:
+
+Config: ECC: Montgomery curves only
+depends_on:!MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED:MBEDTLS_ECP_MONTGOMERY_ENABLED
+pass:
diff --git a/tests/suites/test_suite_config.function b/tests/suites/test_suite_config.function
new file mode 100644
index 0000000..9e9dd01
--- /dev/null
+++ b/tests/suites/test_suite_config.function
@@ -0,0 +1,14 @@
+/* BEGIN_HEADER */
+
+/* END_HEADER */
+
+/* BEGIN_CASE */
+/* This test case always passes. It is intended solely for configuration
+ * reporting in the outcome file. Write test cases using this function
+ * with dependencies to record in which configurations the dependencies
+ * are met. */
+void pass()
+{
+ goto exit;
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_config.psa_combinations.data b/tests/suites/test_suite_config.psa_combinations.data
new file mode 100644
index 0000000..1035af2
--- /dev/null
+++ b/tests/suites/test_suite_config.psa_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of PSA options
+
+Config: PSA_WANT_ALG_ECDSA without PSA_WANT_ALG_DETERMINISTIC_ECDSA
+depends_on:PSA_WANT_ALG_ECDSA:!PSA_WANT_ALG_DETERMINISTIC_ECDSA
+pass:
+
+Config: PSA_WANT_ALG_DETERMINSTIC_ECDSA without PSA_WANT_ALG_ECDSA
+depends_on:PSA_WANT_ALG_DETERMINISTIC_ECDSA:!PSA_WANT_ALG_ECDSA
+pass:
diff --git a/tests/suites/test_suite_config.tls_combinations.data b/tests/suites/test_suite_config.tls_combinations.data
new file mode 100644
index 0000000..cbc57d6
--- /dev/null
+++ b/tests/suites/test_suite_config.tls_combinations.data
@@ -0,0 +1,9 @@
+# Interesting combinations of TLS options
+
+Config: TLS 1.2 without TLS 1.3
+depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3
+pass:
+
+Config: TLS 1.3 without TLS 1.2
+depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
+pass:
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 70e7bad..982be3c 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -59,7 +59,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -86,7 +86,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -98,7 +98,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -122,7 +122,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -134,7 +134,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -158,7 +158,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -211,7 +211,7 @@
struct buffer_data buffer;
mbedtls_mpi val;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -239,6 +239,6 @@
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
index 293287a..c81501c 100644
--- a/tests/suites/test_suite_lmots.function
+++ b/tests/suites/test_suite_lmots.function
@@ -37,6 +37,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -48,6 +49,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -60,6 +62,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -71,6 +74,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -137,6 +142,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lmots_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -149,6 +155,8 @@
size_t exported_pub_key_size;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
+
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -192,6 +200,7 @@
exit:
mbedtls_lmots_public_free(&ctx);
mbedtls_free(exported_pub_key);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -202,6 +211,7 @@
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -217,6 +227,7 @@
exit:
mbedtls_lmots_private_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -233,6 +244,7 @@
memset(sig, 0x7E, sizeof(sig));
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -242,5 +254,6 @@
exit:
mbedtls_lmots_private_free(&ctx);
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
index 7116f61..377efcd 100644
--- a/tests/suites/test_suite_lms.function
+++ b/tests/suites/test_suite_lms.function
@@ -17,6 +17,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -38,6 +39,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -50,6 +52,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -71,6 +74,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -139,6 +144,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -151,6 +157,7 @@
unsigned char *exported_pub_key = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -194,5 +201,6 @@
exit:
mbedtls_free(exported_pub_key);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 2bc3848..6911265 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -95,11 +95,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
@@ -147,15 +147,15 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
@@ -195,11 +195,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
@@ -235,11 +235,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
@@ -283,11 +283,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
@@ -295,7 +295,7 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 8ac8dbe..4bccffa 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -45,7 +45,7 @@
#define MBEDTLS_TEST_PK_PSA_SIGN
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
/* Pick an elliptic curve that's supported by PSA. Note that the curve is
* not guaranteed to be supported by the ECP module.
*
@@ -153,7 +153,7 @@
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
#endif
-#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
/* Always define the macros so that we can use them in test data. */
#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY)
@@ -220,7 +220,7 @@
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
psa_key_type_t type, psa_key_usage_t usage,
psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
@@ -239,7 +239,7 @@
return status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** Setup the provided PK context.
*
@@ -305,7 +305,7 @@
return ret;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/** Create a PSA key of the desired type and properties.
*
* - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
@@ -465,7 +465,7 @@
exit:
return ok;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -499,7 +499,7 @@
FROM_PAIR = 1
} from_pair_t;
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
{
@@ -567,9 +567,9 @@
exit:
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Create a new PSA key which will contain only the public part of the private
* key which is provided in input. For this new key:
* - Type is the public counterpart of the private key.
@@ -636,7 +636,7 @@
psa_reset_key_attributes(&new_attr);
return new_key_id;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -1753,7 +1753,7 @@
TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
PSA_KEY_USAGE_ENCRYPT,
@@ -1762,7 +1762,7 @@
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id),
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Test signature */
#if SIZE_MAX > UINT_MAX
@@ -2107,7 +2107,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes(int pk_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2155,7 +2155,11 @@
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+#else /* MBEDTLS_PSA_CRYPTO_C */
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0);
if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) {
@@ -2170,7 +2174,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2218,7 +2222,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes_fail(int pk_type, int from_pair,
int usage_arg,
int expected_ret)
@@ -2244,7 +2248,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void pk_import_into_psa_lifetime(int from_opaque,
int from_persistent, /* when from opaque */
int from_exportable, /* when from opaque */
@@ -2395,7 +2399,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_import_into_psa_fail(int pk_type, int from_pair,
int type_arg, int bits_arg,
int expected_ret)
@@ -2490,7 +2494,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_from_psa_fail(void)
{
mbedtls_pk_context pk_ctx;
@@ -2535,7 +2539,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
void pk_copy_from_psa_builtin_fail()
{
mbedtls_pk_context pk_ctx;
@@ -2558,7 +2562,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
int key_alg_arg)
{
@@ -2645,7 +2649,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg)
{
psa_key_type_t key_type = key_type_arg;
diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function
index c933cb7..bc7adb4 100644
--- a/tests/suites/test_suite_psa_crypto_attributes.function
+++ b/tests/suites/test_suite_psa_crypto_attributes.function
@@ -20,6 +20,8 @@
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
+ USE_PSA_INIT();
+
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
@@ -56,6 +58,8 @@
TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
TEST_EQUAL(psa_get_key_type(&attributes), 0);
TEST_EQUAL(psa_get_key_bits(&attributes), 0);
+
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 20167fd..c7c72f4 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
* END_DEPENDENCIES
*/
@@ -35,7 +35,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */
void hmac(int alg_arg, char *input, data_t *expected_mac)
{
psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index c96b4ad..b4d3451 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -561,11 +561,11 @@
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 840af7d..8125e58 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3297,7 +3297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };