Merge pull request #9778 from waleed-elmelegy-arm/add-iop-export-pub-key-headers
Add header and documentation for interruptible ECC export public-key
diff --git a/CMakeLists.txt b/CMakeLists.txt
index a7f92f5..64d95dc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -13,7 +13,7 @@
# - MBEDTLS_TARGET_PREFIX: CMake targets are designed to be alterable by calling
# CMake in order to avoid target name clashes, via the use of
# MBEDTLS_TARGET_PREFIX. The value of this variable is prefixed to the
-# mbedtls, mbedx509, mbedcrypto and apidoc targets.
+# mbedtls, mbedx509, tfpsacrypto and mbedtls-apidoc targets.
#
# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
@@ -100,14 +100,6 @@
option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
-set(mbedcrypto_target "${MBEDTLS_TARGET_PREFIX}mbedcrypto")
-if (USE_STATIC_MBEDTLS_LIBRARY)
- set(mbedcrypto_static_target ${mbedcrypto_target})
-endif()
-if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
- string(APPEND mbedcrypto_static_target "_static")
-endif()
-
# Warning string - created as a list for compatibility with CMake 2.8
set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
@@ -328,6 +320,27 @@
endif(MBEDTLS_FATAL_WARNINGS)
endfunction(set_msvc_base_compile_options)
+function(set_config_files_compile_definitions target)
+ # Pass-through MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE,
+ # TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
+ if(TF_PSA_CRYPTO_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}")
+ endif()
+ if(TF_PSA_CRYPTO_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}")
+ endif()
+endfunction(set_config_files_compile_definitions)
+
if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
set(CMAKE_CXX_STANDARD 11)
set(CMAKE_CXX_STANDARD_REQUIRED ON)
@@ -348,18 +361,48 @@
add_subdirectory(include)
+set(TF_PSA_CRYPTO_TARGET_PREFIX ${MBEDTLS_TARGET_PREFIX} CACHE STRING "")
+set(TF_PSA_CRYPTO_FATAL_WARNINGS ${MBEDTLS_FATAL_WARNINGS} CACHE BOOL "")
+set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY} CACHE BOOL "")
+set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY} CACHE BOOL "")
add_subdirectory(tf-psa-crypto)
+set(tfpsacrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto")
+if (USE_STATIC_MBEDTLS_LIBRARY)
+ set(tfpsacrypto_static_target ${tfpsacrypto_target})
+endif()
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+ string(APPEND tfpsacrypto_static_target "_static")
+endif()
+
+set(tf_psa_crypto_library_targets
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}everest
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}p256m)
+
+if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
+ list(APPEND tf_psa_crypto_library_targets
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto_static
+ ${TF_PSA_CRYPTO_TARGET_PREFIX}builtin_static)
+endif()
+
+foreach(target IN LISTS tf_psa_crypto_library_targets)
+ if(NOT TARGET ${target})
+ message(FATAL_ERROR "TF-PSA-Crypto target ${target} does not exist.")
+ endif()
+endforeach(target)
+
add_subdirectory(library)
add_subdirectory(pkgconfig)
#
-# The C files in tests/src directory contain test code shared among test suites
+# The C files in framework/tests/src directory contain test code shared among test suites
# and programs. This shared test code is compiled and linked to test suites and
# programs objects as a set of compiled objects. The compiled objects are NOT
# built into a library that the test suite and program objects would link
-# against as they link against the mbedcrypto, mbedx509 and mbedtls libraries.
+# against as they link against the tfpsacrypto, mbedx509 and mbedtls libraries.
# The reason is that such library is expected to have mutual dependencies with
# the aforementioned libraries and that there is as of today no portable way of
# handling such dependencies (only toolchain specific solutions).
@@ -369,59 +412,12 @@
# to define the test executables.
#
if(ENABLE_TESTING OR ENABLE_PROGRAMS)
- file(GLOB MBEDTLS_TEST_FILES
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
- add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
- set_base_compile_options(mbedtls_test)
- if(GEN_FILES)
- add_custom_command(
- OUTPUT
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h
- WORKING_DIRECTORY
- ${CMAKE_CURRENT_SOURCE_DIR}/tests
- COMMAND
- "${MBEDTLS_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
- "--output"
- "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h"
- DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
- )
- add_custom_target(test_keys_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_keys.h)
- add_custom_command(
- OUTPUT
- ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h
- WORKING_DIRECTORY
- ${CMAKE_CURRENT_SOURCE_DIR}/tests
- COMMAND
- "${MBEDTLS_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
- "--output"
- "${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h"
- DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
- )
- add_custom_target(test_certs_header DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_certs.h)
- add_dependencies(mbedtls_test test_keys_header test_certs_header)
- endif()
- target_include_directories(mbedtls_test
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/everest/include
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/core
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src)
- # Request C11, needed for memory poisoning tests
- set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
-
file(GLOB MBEDTLS_TEST_HELPER_FILES
${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
set_base_compile_options(mbedtls_test_helpers)
target_include_directories(mbedtls_test_helpers
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/include
@@ -431,19 +427,7 @@
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/builtin/src
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tf-psa-crypto/drivers/everest/include)
- # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
- if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(mbedtls_test
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
- target_compile_definitions(mbedtls_test_helpers
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
- endif()
- if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(mbedtls_test
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
- target_compile_definitions(mbedtls_test_helpers
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
- endif()
+ set_config_files_compile_definitions(mbedtls_test_helpers)
endif()
if(ENABLE_PROGRAMS)
@@ -453,7 +437,7 @@
add_subdirectory(programs)
endif()
-ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}apidoc
+ADD_CUSTOM_TARGET(${MBEDTLS_TARGET_PREFIX}mbedtls-apidoc
COMMAND doxygen mbedtls.doxyfile
WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
@@ -463,8 +447,7 @@
add_subdirectory(tests)
# additional convenience targets for Unix only
- if(UNIX)
-
+ if(UNIX AND (NOT MBEDTLS_AS_SUBPROJECT))
# For coverage testing:
# 1. Build with:
# cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make
@@ -483,7 +466,7 @@
COMMAND rm -f memcheck.log
COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
)
- endif(UNIX)
+ endif()
# Make scripts needed for testing available in an out-of-source build.
if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
diff --git a/ChangeLog b/ChangeLog
index b691a0f..1c48958 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2416,9 +2416,9 @@
fit into the record buffer. Previously, such extensions were silently
dropped. As a consequence, the TLS handshake now fails when the output
buffer is not large enough to hold the ClientHello.
- * The unit tests now rely on header files in tests/include/test and source
- files in tests/src. When building with make or cmake, the files in
- tests/src are compiled and the resulting object linked into each test
+ * The unit tests now rely on header files in framework/tests/include/test and source
+ files in framework/tests/src. When building with make or cmake, the files in
+ framework/tests/src are compiled and the resulting object linked into each test
executable.
* The ECP module, enabled by `MBEDTLS_ECP_C`, now depends on
`MBEDTLS_CTR_DRBG_C` or `MBEDTLS_HMAC_DRBG_C` for some side-channel
diff --git a/Makefile b/Makefile
index 1b480f5..ebe8492 100644
--- a/Makefile
+++ b/Makefile
@@ -222,8 +222,8 @@
tf-psa-crypto/drivers/*/*/*/*.c \
tf-psa-crypto/drivers/*/*/*/*/*.c \
programs/*/*.[hc] \
- tests/include/*/*.h tests/include/*/*/*.h \
- tests/src/*.c tests/src/*/*.c \
+ framework/tests/include/*/*.h framework/tests/include/*/*/*.h \
+ framework/tests/src/*.c framework/tests/src/*/*.c \
tests/suites/*.function \
tf-psa-crypto/tests/suites/*.function \
)
@@ -241,5 +241,5 @@
cscope -bq -u -Iinclude -Ilibrary -Itf-psa-crypto/core \
-Itf-psa-crypto/include \
-Itf-psa-crypto/drivers/builtin/src \
- $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Itests/include $(C_SOURCE_FILES)
+ $(patsubst %,-I%,$(wildcard tf-psa-crypto/drivers/*/include)) -Iframework/tests/include $(C_SOURCE_FILES)
.PHONY: cscope global
diff --git a/README.md b/README.md
index 7ca0e8e..dbee4a8 100644
--- a/README.md
+++ b/README.md
@@ -40,7 +40,7 @@
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
-The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`.
+The Make and CMake build systems create three libraries: libmbedcrypto/libtfpsacrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto/libtfpsacrypto, and libmbedx509 depends on libmbedcrypto/libtfpsacrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`.
### Tool versions
@@ -200,7 +200,7 @@
If prompted, set `MbedTLS_DIR` to `${YOUR_MBEDTLS_INSTALL_DIR}/cmake`. This
creates the following targets:
-- `MbedTLS::mbedcrypto` (Crypto library)
+- `MbedTLS::tfpsacrypto` (Crypto library)
- `MbedTLS::mbedtls` (TLS library)
- `MbedTLS::mbedx509` (X509 library)
@@ -210,7 +210,7 @@
target_link_libraries(xyz
PUBLIC MbedTLS::mbedtls
- MbedTLS::mbedcrypto
+ MbedTLS::tfpsacrypto
MbedTLS::mbedx509)
This will link the Mbed TLS libraries to your library or application, and add
diff --git a/docs/architecture/psa-crypto-implementation-structure.md b/docs/architecture/psa-crypto-implementation-structure.md
index 0954602..ada29d1 100644
--- a/docs/architecture/psa-crypto-implementation-structure.md
+++ b/docs/architecture/psa-crypto-implementation-structure.md
@@ -78,7 +78,7 @@
* [ ] PSA Crypto API draft, if not already done — [PSA standardization](#psa-standardization)
* [ ] `include/psa/crypto_values.h` or `include/psa/crypto_extra.h` — [New functions and macros](#new-functions-and-macros)
-* [ ] `include/psa/crypto_config.h`, `tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols)
+* [ ] `include/psa/crypto_config.h`, `framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` — [Preprocessor symbols](#preprocessor-symbols)
* Occasionally `library/check_crypto_config.h` — [Preprocessor symbols](#preprocessor-symbols)
* [ ] `include/mbedtls/config_psa.h` — [Preprocessor symbols](#preprocessor-symbols)
* [ ] `library/psa_crypto.c`, `library/psa_crypto_*.[hc]` — [Implementation of the mechanisms](#implementation-of-the-mechanisms)
@@ -128,7 +128,7 @@
* If `MBEDTLS_PSA_CRYPTO_CONFIG` is disabled: based on the available mechanisms in Mbed TLS, deduced from `mbedtls/mbedtls_config.h` by code in `include/mbedtls/config_psa.h`.
* if `MBEDTLS_PSA_CRYPTO_CONFIG` is enabled: in the application configuration file `include/psa/crypto_config.h` (or `MBEDTLS_PSA_CRYPTO_CONFIG_FILE`, plus `MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE`), with code in `include/mbedtls/config_psa.h` deducing the necessary underlying `MBEDTLS_xxx` symbols.
* For transparent keys (keys that are not in a secure element), the feature is implemented by Mbed TLS if `MBEDTLS_PSA_BUILTIN_ttt_xxx` is defined, and by an accelerator driver if `MBEDTLS_PSA_ACCEL_ttt_xxx` is defined. `MBEDTLS_PSA_BUILTIN_ttt_xxx` constants are set in `include/mbedtls/config_psa.h` based on the application requests `PSA_WANT_ttt_xxx` and the accelerator driver declarations `MBEDTLS_PSA_ACCEL_ttt_xxx`.
-* For the testing of the driver dispatch code, `tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols.
+* For the testing of the driver dispatch code, `framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` sets additional `MBEDTLS_PSA_ACCEL_xxx` symbols.
For more details, see *[Conditional inclusion of cryptographic mechanism through the PSA API in Mbed TLS](../proposed/psa-conditional-inclusion-c.html)*.
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md
index 5fc5e18..370eb9d 100644
--- a/docs/architecture/testing/driver-interface-test-strategy.md
+++ b/docs/architecture/testing/driver-interface-test-strategy.md
@@ -132,8 +132,8 @@
We have test drivers that are enabled by `PSA_CRYPTO_DRIVER_TEST` (not present
in the usual config files, must be defined on the command line or in a custom
-config file). Those test drivers are implemented in `tests/src/drivers/*.c`
-and their API is declared in `tests/include/test/drivers/*.h`.
+config file). Those test drivers are implemented in `framework/tests/src/drivers/*.c`
+and their API is declared in `framework/tests/include/test/drivers/*.h`.
We have two test driver registered: `mbedtls_test_opaque_driver` and
`mbedtls_test_transparent_driver`. These are described in
@@ -212,7 +212,7 @@
The renaming process for `libtestdriver1` is implemented as a few Perl regexes
applied to a copy of the library code, see the `libtestdriver1.a` target in
`tests/Makefile`. Another modification that's done to this copy is appending
-`tests/include/test/drivers/crypto_config_test_driver_extension.h` to
+`framework/tests/include/test/drivers/crypto_config_test_driver_extension.h` to
`psa/crypto_config.h`. This file reverses the `ACCEL`/`BUILTIN` macros so that
`libtestdriver1` includes as built-in what the main `libmbedcrypto.a` will
have accelerated; see that file's initial comment for details. See also
diff --git a/docs/psa-driver-example-and-guide.md b/docs/psa-driver-example-and-guide.md
index a5e9b16..8222322 100644
--- a/docs/psa-driver-example-and-guide.md
+++ b/docs/psa-driver-example-and-guide.md
@@ -43,7 +43,7 @@
- C header files defining the types required by the driver description. The names of these header files are declared in the driver description file.
- An object file compiled for the target platform defining the functions required by the driver description. Implementations may allow drivers to be provided as source files and compiled with the core instead of being pre-compiled.
-The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `tests/src/drivers`.
+The Mbed TLS driver tests for the aforementioned entry points provide examples of how these deliverables can be implemented. For sample driver description JSON files, see [`mbedtls_test_transparent_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json) or [`mbedtls_test_opaque_driver.json`](https://github.com/Mbed-TLS/mbedtls/blob/development/scripts/data_files/driver_jsons/mbedtls_test_transparent_driver.json). The header file required by the driver description is [`test_driver.h`](https://github.com/Mbed-TLS/mbedtls/blob/development/framework/tests/include/test/drivers/test_driver.h). As Mbed TLS tests are built from source, there is no object file for the test driver. However, the source for the test driver can be found under `framework/tests/src/drivers`.
### Process for Entry Points where auto-generation is not implemented
diff --git a/framework b/framework
index 3867faa..69d19dc 160000
--- a/framework
+++ b/framework
@@ -1 +1 @@
-Subproject commit 3867faaaaa59ce3d2dad2c2053a7d3de9b59d358
+Subproject commit 69d19dc84b7445964598ceb6e7b096e4e4d4f29e
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 1e09d31..c6ee8eb 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -156,7 +156,7 @@
set_base_compile_options(${mbedx509_static_target})
target_compile_options(${mbedx509_static_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedx509_static_target} PROPERTIES OUTPUT_NAME mbedx509)
- target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${mbedcrypto_static_target})
+ target_link_libraries(${mbedx509_static_target} PUBLIC ${libs} ${tfpsacrypto_static_target})
add_library(${mbedtls_static_target} STATIC ${src_tls})
set_base_compile_options(${mbedtls_static_target})
@@ -170,7 +170,7 @@
set_base_compile_options(${mbedx509_target})
target_compile_options(${mbedx509_target} PRIVATE ${LIBS_C_FLAGS})
set_target_properties(${mbedx509_target} PROPERTIES VERSION 4.0.0 SOVERSION 7)
- target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
+ target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${tfpsacrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
set_base_compile_options(${mbedtls_target})
@@ -192,15 +192,7 @@
PRIVATE ${MBEDTLS_DIR}/library/
${MBEDTLS_DIR}/tf-psa-crypto/core
${MBEDTLS_DIR}/tf-psa-crypto/drivers/builtin/src)
- # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
- if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
- endif()
- if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
- endif()
+ set_config_files_compile_definitions(${target})
install(
TARGETS ${target}
EXPORT MbedTLSTargets
@@ -216,3 +208,27 @@
if(USE_STATIC_MBEDTLS_LIBRARY AND USE_SHARED_MBEDTLS_LIBRARY)
add_dependencies(${lib_target} ${mbedx509_static_target} ${mbedtls_static_target})
endif()
+
+foreach(target IN LISTS tf_psa_crypto_library_targets)
+ get_target_property(target_type ${target} TYPE)
+ if (target_type STREQUAL STATIC_LIBRARY)
+ add_custom_command(
+ TARGET ${mbedtls_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_FILE:${target}> ${CMAKE_BINARY_DIR}/library)
+ else()
+ add_custom_command(
+ TARGET ${mbedtls_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_FILE:${target}>
+ ${CMAKE_BINARY_DIR}/library/$<TARGET_FILE_NAME:${target}>)
+ add_custom_command(
+ TARGET ${mbedtls_target}
+ POST_BUILD
+ COMMAND ${CMAKE_COMMAND}
+ ARGS -E copy $<TARGET_LINKER_FILE:${target}>
+ ${CMAKE_BINARY_DIR}/library/$<TARGET_LINKER_FILE_NAME:${target}>)
+ endif()
+endforeach(target)
diff --git a/pkgconfig/mbedcrypto.pc.in b/pkgconfig/mbedcrypto.pc.in
index b35afc1..28b9716 100644
--- a/pkgconfig/mbedcrypto.pc.in
+++ b/pkgconfig/mbedcrypto.pc.in
@@ -7,4 +7,4 @@
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
Version: @PROJECT_VERSION@
Cflags: -I"${includedir}"
-Libs: -L"${libdir}" -lmbedcrypto
+Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m
diff --git a/programs/aes/CMakeLists.txt b/programs/aes/CMakeLists.txt
index b6dde71..08bf095 100644
--- a/programs/aes/CMakeLists.txt
+++ b/programs/aes/CMakeLists.txt
@@ -4,10 +4,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/cipher/CMakeLists.txt b/programs/cipher/CMakeLists.txt
index 7d4e452..3bc1a9e 100644
--- a/programs/cipher/CMakeLists.txt
+++ b/programs/cipher/CMakeLists.txt
@@ -4,10 +4,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt
index 44fff9a..baa5ad9 100644
--- a/programs/fuzz/CMakeLists.txt
+++ b/programs/fuzz/CMakeLists.txt
@@ -28,7 +28,7 @@
foreach(exe IN LISTS executables_no_common_c executables_with_common_c)
- set(exe_sources ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ set(exe_sources ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
if(NOT FUZZINGENGINE_LIB)
list(APPEND exe_sources onefile.c)
endif()
@@ -41,7 +41,8 @@
add_executable(${exe} ${exe_sources})
set_base_compile_options(${exe})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if (NOT FUZZINGENGINE_LIB)
target_link_libraries(${exe} ${libs})
diff --git a/programs/hash/CMakeLists.txt b/programs/hash/CMakeLists.txt
index c27c4e7..3eabb97 100644
--- a/programs/hash/CMakeLists.txt
+++ b/programs/hash/CMakeLists.txt
@@ -6,10 +6,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/pkey/CMakeLists.txt b/programs/pkey/CMakeLists.txt
index 9caec87..34987c3 100644
--- a/programs/pkey/CMakeLists.txt
+++ b/programs/pkey/CMakeLists.txt
@@ -5,10 +5,10 @@
add_dependencies(${programs_target} ${executables_mbedtls})
foreach(exe IN LISTS executables_mbedtls)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${mbedtls_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
set(executables_mbedcrypto
@@ -34,10 +34,10 @@
add_dependencies(${programs_target} ${executables_mbedcrypto})
foreach(exe IN LISTS executables_mbedcrypto)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables_mbedtls} ${executables_mbedcrypto}
diff --git a/programs/psa/CMakeLists.txt b/programs/psa/CMakeLists.txt
index 707de43..3c20a70 100644
--- a/programs/psa/CMakeLists.txt
+++ b/programs/psa/CMakeLists.txt
@@ -28,10 +28,10 @@
endif()
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
target_include_directories(psa_constant_names PRIVATE ${CMAKE_CURRENT_BINARY_DIR})
diff --git a/programs/random/CMakeLists.txt b/programs/random/CMakeLists.txt
index a83bf9e..d7c0782 100644
--- a/programs/random/CMakeLists.txt
+++ b/programs/random/CMakeLists.txt
@@ -5,10 +5,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/ssl/CMakeLists.txt b/programs/ssl/CMakeLists.txt
index 6919a8e..23faf71 100644
--- a/programs/ssl/CMakeLists.txt
+++ b/programs/ssl/CMakeLists.txt
@@ -38,11 +38,12 @@
${CMAKE_CURRENT_SOURCE_DIR}/../test/query_config.h
${CMAKE_CURRENT_BINARY_DIR}/../test/query_config.c)
endif()
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>
${extra_sources})
set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
if(exe STREQUAL "ssl_client2" OR exe STREQUAL "ssl_server2")
if(GEN_FILES)
add_dependencies(${exe} generate_query_config_c)
@@ -53,9 +54,10 @@
endforeach()
if(THREADS_FOUND)
- add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(ssl_pthread_server ssl_pthread_server.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(ssl_pthread_server)
- target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(ssl_pthread_server PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
+ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
target_link_libraries(ssl_pthread_server ${libs} ${CMAKE_THREAD_LIBS_INIT})
list(APPEND executables ssl_pthread_server)
endif(THREADS_FOUND)
diff --git a/programs/test/CMakeLists.txt b/programs/test/CMakeLists.txt
index 83bc9bf..99dcd4a 100644
--- a/programs/test/CMakeLists.txt
+++ b/programs/test/CMakeLists.txt
@@ -34,7 +34,7 @@
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/drivers/builtin/include)
- target_link_libraries(cpp_dummy_build ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_link_libraries(cpp_dummy_build ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
endif()
if(USE_SHARED_MBEDTLS_LIBRARY AND
@@ -82,11 +82,11 @@
${CMAKE_CURRENT_SOURCE_DIR}/query_config.h
${CMAKE_CURRENT_BINARY_DIR}/query_config.c)
endif()
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>
${extra_sources})
set_base_compile_options(${exe})
target_include_directories(${exe}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
target_include_directories(${exe}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/core)
@@ -102,7 +102,7 @@
if (${exe_index} GREATER -1)
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
else()
- target_link_libraries(${exe} ${mbedcrypto_target} ${CMAKE_THREAD_LIBS_INIT})
+ target_link_libraries(${exe} ${tfpsacrypto_target} ${CMAKE_THREAD_LIBS_INIT})
endif()
endforeach()
diff --git a/programs/test/cmake_package/CMakeLists.txt b/programs/test/cmake_package/CMakeLists.txt
index f498cf9..85270bc 100644
--- a/programs/test/cmake_package/CMakeLists.txt
+++ b/programs/test/cmake_package/CMakeLists.txt
@@ -35,4 +35,4 @@
add_executable(cmake_package cmake_package.c)
target_link_libraries(cmake_package
- MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
+ MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_package_install/CMakeLists.txt b/programs/test/cmake_package_install/CMakeLists.txt
index 6937af4..f10109e 100644
--- a/programs/test/cmake_package_install/CMakeLists.txt
+++ b/programs/test/cmake_package_install/CMakeLists.txt
@@ -38,4 +38,4 @@
add_executable(cmake_package_install cmake_package_install.c)
target_link_libraries(cmake_package_install
- MbedTLS::mbedcrypto MbedTLS::mbedtls MbedTLS::mbedx509)
+ MbedTLS::tfpsacrypto MbedTLS::mbedtls MbedTLS::mbedx509)
diff --git a/programs/test/cmake_subproject/CMakeLists.txt b/programs/test/cmake_subproject/CMakeLists.txt
index 78bd5e7..7acdcc3 100644
--- a/programs/test/cmake_subproject/CMakeLists.txt
+++ b/programs/test/cmake_subproject/CMakeLists.txt
@@ -14,7 +14,7 @@
# Link against all the Mbed TLS libraries. Verifies that the targets have been
# created using the specified prefix
set(libs
- subproject_test_mbedcrypto
+ subproject_test_tfpsacrypto
subproject_test_mbedx509
subproject_test_mbedtls
)
diff --git a/programs/test/dlopen.c b/programs/test/dlopen.c
index f241254..3a0f37d 100644
--- a/programs/test/dlopen.c
+++ b/programs/test/dlopen.c
@@ -19,7 +19,8 @@
#define SO_SUFFIX ".so"
#endif
-#define CRYPTO_SO_FILENAME "libmbedcrypto" SO_SUFFIX
+#define MBEDCRYPTO_SO_FILENAME "libmbedcrypto" SO_SUFFIX
+#define TFPSACRYPTO_SO_FILENAME "libtfpsacrypto" SO_SUFFIX
#define X509_SO_FILENAME "libmbedx509" SO_SUFFIX
#define TLS_SO_FILENAME "libmbedtls" SO_SUFFIX
@@ -73,8 +74,16 @@
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_MD_C)
- void *crypto_so = dlopen(CRYPTO_SO_FILENAME, RTLD_NOW);
- CHECK_DLERROR("dlopen", CRYPTO_SO_FILENAME);
+ const char *crypto_so_filename = NULL;
+ void *crypto_so = dlopen(MBEDCRYPTO_SO_FILENAME, RTLD_NOW);
+ if (dlerror() == NULL) {
+ crypto_so_filename = MBEDCRYPTO_SO_FILENAME;
+ } else {
+ crypto_so = dlopen(TFPSACRYPTO_SO_FILENAME, RTLD_NOW);
+ CHECK_DLERROR("dlopen", TFPSACRYPTO_SO_FILENAME);
+ crypto_so_filename = TFPSACRYPTO_SO_FILENAME;
+ }
+
const int *(*md_list)(void) =
dlsym(crypto_so, "mbedtls_md_list");
CHECK_DLERROR("dlsym", "mbedtls_md_list");
@@ -83,9 +92,9 @@
;
}
mbedtls_printf("dlopen(%s): %u hashes\n",
- CRYPTO_SO_FILENAME, n);
+ crypto_so_filename, n);
dlclose(crypto_so);
- CHECK_DLERROR("dlclose", CRYPTO_SO_FILENAME);
+ CHECK_DLERROR("dlclose", crypto_so_filename);
#endif /* MBEDTLS_MD_C */
return 0;
diff --git a/programs/test/metatest.c b/programs/test/metatest.c
index d876e9a..f39cb54 100644
--- a/programs/test/metatest.c
+++ b/programs/test/metatest.c
@@ -261,7 +261,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
TEST_ASSERT(mbedtls_mutex_lock(&mutex) == 0);
@@ -277,7 +277,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
TEST_ASSERT(mbedtls_mutex_unlock(&mutex) == 0);
@@ -293,7 +293,7 @@
mbedtls_threading_mutex_t mutex;
memset(&mutex, 0, sizeof(mutex));
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_free(&mutex);
@@ -307,7 +307,7 @@
mbedtls_threading_mutex_t mutex;
mbedtls_mutex_init(&mutex);
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_init(&mutex);
@@ -323,7 +323,7 @@
mbedtls_mutex_init(&mutex);
mbedtls_mutex_free(&mutex);
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
mbedtls_mutex_free(&mutex);
@@ -338,7 +338,7 @@
mbedtls_mutex_init(&mutex);
#endif
/* This mutex usage error is detected by our test framework's mutex usage
- * verification framework. See tests/src/threading_helpers.c. Other
+ * verification framework. See framework/tests/src/threading_helpers.c. Other
* threading implementations (e.g. pthread without our instrumentation)
* might consider this normal usage. */
}
@@ -361,7 +361,7 @@
* - "msan": triggers MSan (Memory Sanitizer).
* - "pthread": requires MBEDTLS_THREADING_PTHREAD and MBEDTLS_TEST_HOOKS,
* which enables MBEDTLS_TEST_MUTEX_USAGE internally in the test
- * framework (see tests/src/threading_helpers.c).
+ * framework (see framework/tests/src/threading_helpers.c).
*/
const char *platform;
diff --git a/programs/util/CMakeLists.txt b/programs/util/CMakeLists.txt
index ac713dc..ae1b467 100644
--- a/programs/util/CMakeLists.txt
+++ b/programs/util/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- ${mbedcrypto_target}
+ ${tfpsacrypto_target}
${mbedx509_target}
)
@@ -10,10 +10,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
install(TARGETS ${executables}
diff --git a/programs/x509/CMakeLists.txt b/programs/x509/CMakeLists.txt
index a31bada..1c91461 100644
--- a/programs/x509/CMakeLists.txt
+++ b/programs/x509/CMakeLists.txt
@@ -13,10 +13,10 @@
add_dependencies(${programs_target} ${executables})
foreach(exe IN LISTS executables)
- add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(${exe} ${exe}.c $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(${exe})
target_link_libraries(${exe} ${libs} ${CMAKE_THREAD_LIBS_INIT})
- target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include)
+ target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include)
endforeach()
target_link_libraries(cert_app ${mbedtls_target})
diff --git a/scripts/common.make b/scripts/common.make
index 9c7fd73..b3d028f 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -24,6 +24,7 @@
LDFLAGS ?=
LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
+ -I$(MBEDTLS_PATH)/framework/tests/include \
-I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tf-psa-crypto/include \
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
@@ -150,18 +151,19 @@
# Auxiliary modules used by tests and some sample programs
MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
- ${MBEDTLS_TEST_PATH}/src/*.c \
- ${MBEDTLS_TEST_PATH}/src/drivers/*.c \
+ ${MBEDTLS_PATH}/framework/tests/src/*.c \
+ ${MBEDTLS_PATH}/framework/tests/src/drivers/*.c \
))
# Ignore PSA stubs when building for the client side of PSASIM (i.e.
# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates.
ifdef PSASIM
MBEDTLS_CORE_TEST_OBJS := $(filter-out \
- ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
+ ${MBEDTLS_PATH}/framework/tests/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
)
endif
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
+ ${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \
))
diff --git a/scripts/generate_visualc_files.pl b/scripts/generate_visualc_files.pl
index d48b2b2..76a6c32 100755
--- a/scripts/generate_visualc_files.pl
+++ b/scripts/generate_visualc_files.pl
@@ -28,10 +28,12 @@
my $tls_source_dir = 'library';
my $crypto_core_source_dir = 'tf-psa-crypto/core';
my $crypto_source_dir = 'tf-psa-crypto/drivers/builtin/src';
-my $test_source_dir = 'tests/src';
-my $test_header_dir = 'tests/include/test';
-my $test_drivers_header_dir = 'tests/include/test/drivers';
-my $test_drivers_source_dir = 'tests/src/drivers';
+my $tls_test_source_dir = 'tests/src';
+my $tls_test_header_dir = 'tests/include/test';
+my $test_source_dir = 'framework/tests/src';
+my $test_header_dir = 'framework/tests/include/test';
+my $test_drivers_header_dir = 'framework/tests/include/test/drivers';
+my $test_drivers_source_dir = 'framework/tests/src/drivers';
my @thirdparty_header_dirs = qw(
tf-psa-crypto/drivers/everest/include/everest
@@ -54,6 +56,7 @@
tf-psa-crypto/drivers/everest/include/everest/vs2013
tf-psa-crypto/drivers/everest/include/everest/kremlib
tests/include
+ framework/tests/include
);
my $include_directories = join(';', map {"../../$_"} @include_directories);
@@ -114,8 +117,10 @@
&& -d $crypto_core_source_dir
&& -d $crypto_source_dir
&& -d $test_source_dir
+ && -d $tls_test_source_dir
&& -d $test_drivers_source_dir
&& -d $test_header_dir
+ && -d $tls_test_header_dir
&& -d $test_drivers_header_dir
&& -d $programs_dir;
}
@@ -270,6 +275,7 @@
$drivers_builtin_header_dir,
$psa_header_dir,
$test_header_dir,
+ $tls_test_header_dir,
$test_drivers_header_dir,
$tls_source_dir,
$crypto_core_source_dir,
@@ -282,6 +288,7 @@
$crypto_core_source_dir,
$crypto_source_dir,
$test_source_dir,
+ $tls_test_source_dir,
$test_drivers_source_dir,
@thirdparty_source_dirs,
);
diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 735cc7d..4612cc2 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat
@@ -27,6 +27,6 @@
python framework\scripts\generate_config_tests.py --directory tf-psa-crypto\tests\suites tests\suites\test_suite_config.psa_boolean.data || exit /b 1
python framework\scripts\generate_ecp_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
python framework\scripts\generate_psa_tests.py --directory tf-psa-crypto\tests\suites || exit /b 1
-python framework\scripts\generate_test_keys.py --output tests\src\test_keys.h || exit /b 1
+python framework\scripts\generate_test_keys.py --output framework\tests\src\test_keys.h || exit /b 1
python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1
python framework\scripts\generate_tls13_compat_tests.py || exit /b 1
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index eba6c51..402b8cb 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -1,6 +1,5 @@
set(libs
${mbedtls_target}
- ${everest_target}
${CMAKE_THREAD_LIBS_INIT}
)
@@ -155,7 +154,7 @@
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c
- $<TARGET_OBJECTS:mbedtls_test>
+ $<TARGET_OBJECTS:tf_psa_crypto_test>
$<TARGET_OBJECTS:mbedtls_test_helpers>)
set_base_compile_options(test_suite_${data_name})
target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS})
@@ -167,6 +166,7 @@
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../tf-psa-crypto/drivers/builtin/src)
diff --git a/tests/Makefile b/tests/Makefile
index c6d8e2c..69d4dc6 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -57,7 +57,7 @@
GENERATED_CRYPTO_DATA_FILES += $(GENERATED_PSA_DATA_FILES)
GENERATED_FILES = $(GENERATED_DATA_FILES) $(GENERATED_CRYPTO_DATA_FILES)
-GENERATED_FILES += src/test_keys.h src/test_certs.h
+GENERATED_FILES += ../framework/tests/src/test_keys.h src/test_certs.h
# Generated files needed to (fully) run ssl-opt.sh
.PHONY: ssl-opt
@@ -172,7 +172,7 @@
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_cert_macros.py --output $@
-src/test_keys.h: ../framework/scripts/generate_test_keys.py
+../framework/tests/src/test_keys.h: ../framework/scripts/generate_test_keys.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_test_keys.py --output $@
@@ -181,16 +181,21 @@
# Explicitly depend on this header because on a clean copy of the source tree,
# it doesn't exist yet and must be generated as part of the build, and
# therefore the wildcard enumeration above doesn't include it.
-TEST_OBJS_DEPS += include/test/instrument_record_status.h
+TEST_OBJS_DEPS += ../framework/tests/include/test/instrument_record_status.h
endif
-TEST_OBJS_DEPS += src/test_certs.h src/test_keys.h
+TEST_OBJS_DEPS += src/test_certs.h ../framework/tests/src/test_keys.h
-# Rule to compile common test C files in src folder
-src/%.o : src/%.c $(TEST_OBJS_DEPS)
+# Rule to compile common test C files in framework
+../framework/tests/src/%.o : ../framework/tests/src/%.c $(TEST_OBJS_DEPS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
-src/drivers/%.o : src/drivers/%.c
+../framework/tests/src/drivers/%.o : ../framework/tests/src/drivers/%.c
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+
+# Rule to compile common test C files in src folder
+src/%.o : src/%.c $(TEST_OBJS_DEPS)
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
@@ -248,7 +253,9 @@
LOCAL_CRYPTO_CFLAGS = $(patsubst -I./include, -I../../tests/include, $(patsubst -I../%,-I../../%, $(LOCAL_CFLAGS)))
LOCAL_CRYPTO_LDFLAGS = $(patsubst -L../library, -L../../library, \
$(patsubst -L../tests/%, -L../../tests/%, \
- $(patsubst ./src/%,../../tests/src/%, $(LOCAL_LDFLAGS))))
+ $(patsubst ./src/%,../../tests/src/%, \
+ $(patsubst ../framework/tests/src/%,../../framework/tests/src/%, \
+ $(LOCAL_LDFLAGS)))))
$(CRYPTO_BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
echo " CC $<"
cd ../tf-psa-crypto/tests && $(CC) $(LOCAL_CRYPTO_CFLAGS) $(CFLAGS) $(subst $(EXEXT),,$(@F)).c $(LOCAL_CRYPTO_LDFLAGS) $(LDFLAGS) -o $(@F)
@@ -258,9 +265,10 @@
$(MAKE) -C psa-client-server/psasim clean
rm -rf $(BINARIES) *.c *.datax
rm -rf $(CRYPTO_BINARIES) ../tf-psa-crypto/tests/*.c ../tf-psa-crypto/tests/*.datax
- rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed*
- rm -f include/test/instrument_record_status.h
- rm -f include/alt-extra/*/*_alt.h
+ rm -f src/*.o src/test_helpers/*.o src/libmbed*
+ rm -f ../framework/tests/src/*.o ../framework/tests/src/drivers/*.o
+ rm -f ../framework/tests/include/test/instrument_record_status.h
+ rm -f ../framework/tests/include/alt-extra/*/*_alt.h
rm -rf libtestdriver1
rm -rf libpsaclient libpsaserver
rm -f ../library/libtestdriver1.a
@@ -272,10 +280,11 @@
if exist ../tf-psa-crypto/tests/*.exe del /Q /F ../tf-psa-crypto/tests/*.exe
if exist ../tf-psa-crypto/tests/*.datax del /Q /F ../tf-psa-crypto/tests/*.datax
if exist src/*.o del /Q /F src/*.o
- if exist src/drivers/*.o del /Q /F src/drivers/*.o
if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o
if exist src/libmbed* del /Q /F src/libmbed*
- if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
+ if exist ../framework/tests/src/*.o del /Q /F ../framework/tests/src/*.o
+ if exist ../framework/tests/src/drivers/*.o del /Q /F ../framework/tests/src/drivers/*.o
+ if exist ../framework/tests/include/test/instrument_record_status.h del /Q /F ../framework/tests/include/test/instrument_record_status.h
endif
# Test suites caught by SKIP_TEST_SUITES are built but not executed.
@@ -285,11 +294,11 @@
test: check
# Generate variants of some headers for testing
-include/alt-extra/%_alt.h: ../include/%.h
+../framework/tests/include/alt-extra/%_alt.h: ../include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
-include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h
+../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
-include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h
+../framework/tests/include/alt-extra/%_alt.h: ../tf-psa-crypto/drivers/builtin/include/%.h
perl -p -e 's/^(# *(define|ifndef) +\w+_)H\b/$${1}ALT_H/' $< >$@
# Generate test library
@@ -330,16 +339,16 @@
cp -Rf ../scripts ./libtestdriver1
# Set the test driver base (minimal) configuration.
- cp ./include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
+ cp ../framework/tests/include/test/drivers/config_test_driver.h ./libtestdriver1/include/mbedtls/mbedtls_config.h
# Set the PSA cryptography configuration for the test library.
# It is set from the copied include/psa/crypto_config.h of the Mbed TLS
# library the test library is intended to be linked with extended by
- # ./include/test/drivers/crypto_config_test_driver_extension.h to
+ # ../framework/tests/include/test/drivers/crypto_config_test_driver_extension.h to
# mirror the PSA_ACCEL_* macros.
mv ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak
head -n -1 ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h.bak > ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
- cat ./include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
+ cat ../framework/tests/include/test/drivers/crypto_config_test_driver_extension.h >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
echo "#endif /* PSA_CRYPTO_CONFIG_H */" >> ./libtestdriver1/tf-psa-crypto/include/psa/crypto_config.h
# Prefix MBEDTLS_* PSA_* symbols with LIBTESTDRIVER1_ as well as
@@ -356,7 +365,7 @@
cp ./libtestdriver1/library/libmbedcrypto.a ../library/libtestdriver1.a
ifdef RECORD_PSA_STATUS_COVERAGE_LOG
-include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile
+../framework/tests/include/test/instrument_record_status.h: ../tf-psa-crypto/include/psa/crypto.h Makefile
echo " Gen $@"
sed <../tf-psa-crypto/include/psa/crypto.h >$@ -n 's/^psa_status_t \([A-Za-z0-9_]*\)(.*/#define \1(...) RECORD_STATUS("\1", \1(__VA_ARGS__))/p'
endif
diff --git a/tests/include/alt-extra/psa/crypto.h b/tests/include/alt-extra/psa/crypto.h
deleted file mode 100644
index 005f3ae..0000000
--- a/tests/include/alt-extra/psa/crypto.h
+++ /dev/null
@@ -1,7 +0,0 @@
-/* The goal of the include/alt-extra directory is to test what happens
- * if certain files come _after_ the normal include directory.
- * Make sure that if the alt-extra directory comes before the normal
- * directory (so we wouldn't be achieving our test objective), the build
- * will fail.
- */
-#error "The normal include directory must come first in the include path"
diff --git a/tests/include/baremetal-override/time.h b/tests/include/baremetal-override/time.h
deleted file mode 100644
index 0a44275..0000000
--- a/tests/include/baremetal-override/time.h
+++ /dev/null
@@ -1,6 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#error "time.h included in a configuration without MBEDTLS_HAVE_TIME"
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
deleted file mode 100644
index fdf3a2d..0000000
--- a/tests/include/spe/crypto_spe.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- *
- */
-
-/**
- * \file crypto_spe.h
- *
- * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
- * enabled, this header is included by all .c files in Mbed TLS that
- * use PSA Crypto function names. This avoids duplication of symbols
- * between TF-M and Mbed TLS.
- *
- * \note This file should be included before including any PSA Crypto headers
- * from Mbed TLS.
- */
-
-#ifndef CRYPTO_SPE_H
-#define CRYPTO_SPE_H
-
-#define PSA_FUNCTION_NAME(x) mbedcrypto__ ## x
-
-#define psa_crypto_init \
- PSA_FUNCTION_NAME(psa_crypto_init)
-#define psa_key_derivation_get_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_get_capacity)
-#define psa_key_derivation_set_capacity \
- PSA_FUNCTION_NAME(psa_key_derivation_set_capacity)
-#define psa_key_derivation_input_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_input_bytes)
-#define psa_key_derivation_output_bytes \
- PSA_FUNCTION_NAME(psa_key_derivation_output_bytes)
-#define psa_key_derivation_input_key \
- PSA_FUNCTION_NAME(psa_key_derivation_input_key)
-#define psa_key_derivation_output_key \
- PSA_FUNCTION_NAME(psa_key_derivation_output_key)
-#define psa_key_derivation_setup \
- PSA_FUNCTION_NAME(psa_key_derivation_setup)
-#define psa_key_derivation_abort \
- PSA_FUNCTION_NAME(psa_key_derivation_abort)
-#define psa_key_derivation_key_agreement \
- PSA_FUNCTION_NAME(psa_key_derivation_key_agreement)
-#define psa_raw_key_agreement \
- PSA_FUNCTION_NAME(psa_raw_key_agreement)
-#define psa_generate_random \
- PSA_FUNCTION_NAME(psa_generate_random)
-#define psa_aead_encrypt \
- PSA_FUNCTION_NAME(psa_aead_encrypt)
-#define psa_aead_decrypt \
- PSA_FUNCTION_NAME(psa_aead_decrypt)
-#define psa_open_key \
- PSA_FUNCTION_NAME(psa_open_key)
-#define psa_close_key \
- PSA_FUNCTION_NAME(psa_close_key)
-#define psa_import_key \
- PSA_FUNCTION_NAME(psa_import_key)
-#define psa_destroy_key \
- PSA_FUNCTION_NAME(psa_destroy_key)
-#define psa_get_key_attributes \
- PSA_FUNCTION_NAME(psa_get_key_attributes)
-#define psa_reset_key_attributes \
- PSA_FUNCTION_NAME(psa_reset_key_attributes)
-#define psa_export_key \
- PSA_FUNCTION_NAME(psa_export_key)
-#define psa_export_public_key \
- PSA_FUNCTION_NAME(psa_export_public_key)
-#define psa_purge_key \
- PSA_FUNCTION_NAME(psa_purge_key)
-#define psa_copy_key \
- PSA_FUNCTION_NAME(psa_copy_key)
-#define psa_cipher_operation_init \
- PSA_FUNCTION_NAME(psa_cipher_operation_init)
-#define psa_cipher_generate_iv \
- PSA_FUNCTION_NAME(psa_cipher_generate_iv)
-#define psa_cipher_set_iv \
- PSA_FUNCTION_NAME(psa_cipher_set_iv)
-#define psa_cipher_encrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_encrypt_setup)
-#define psa_cipher_decrypt_setup \
- PSA_FUNCTION_NAME(psa_cipher_decrypt_setup)
-#define psa_cipher_update \
- PSA_FUNCTION_NAME(psa_cipher_update)
-#define psa_cipher_finish \
- PSA_FUNCTION_NAME(psa_cipher_finish)
-#define psa_cipher_abort \
- PSA_FUNCTION_NAME(psa_cipher_abort)
-#define psa_hash_operation_init \
- PSA_FUNCTION_NAME(psa_hash_operation_init)
-#define psa_hash_setup \
- PSA_FUNCTION_NAME(psa_hash_setup)
-#define psa_hash_update \
- PSA_FUNCTION_NAME(psa_hash_update)
-#define psa_hash_finish \
- PSA_FUNCTION_NAME(psa_hash_finish)
-#define psa_hash_verify \
- PSA_FUNCTION_NAME(psa_hash_verify)
-#define psa_hash_abort \
- PSA_FUNCTION_NAME(psa_hash_abort)
-#define psa_hash_clone \
- PSA_FUNCTION_NAME(psa_hash_clone)
-#define psa_hash_compute \
- PSA_FUNCTION_NAME(psa_hash_compute)
-#define psa_hash_compare \
- PSA_FUNCTION_NAME(psa_hash_compare)
-#define psa_mac_operation_init \
- PSA_FUNCTION_NAME(psa_mac_operation_init)
-#define psa_mac_sign_setup \
- PSA_FUNCTION_NAME(psa_mac_sign_setup)
-#define psa_mac_verify_setup \
- PSA_FUNCTION_NAME(psa_mac_verify_setup)
-#define psa_mac_update \
- PSA_FUNCTION_NAME(psa_mac_update)
-#define psa_mac_sign_finish \
- PSA_FUNCTION_NAME(psa_mac_sign_finish)
-#define psa_mac_verify_finish \
- PSA_FUNCTION_NAME(psa_mac_verify_finish)
-#define psa_mac_abort \
- PSA_FUNCTION_NAME(psa_mac_abort)
-#define psa_sign_hash \
- PSA_FUNCTION_NAME(psa_sign_hash)
-#define psa_verify_hash \
- PSA_FUNCTION_NAME(psa_verify_hash)
-#define psa_asymmetric_encrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_encrypt)
-#define psa_asymmetric_decrypt \
- PSA_FUNCTION_NAME(psa_asymmetric_decrypt)
-#define psa_generate_key \
- PSA_FUNCTION_NAME(psa_generate_key)
-
-#endif /* CRYPTO_SPE_H */
diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h
deleted file mode 100644
index 6d267b6..0000000
--- a/tests/include/test/arguments.h
+++ /dev/null
@@ -1,26 +0,0 @@
-/**
- * \file arguments.h
- *
- * \brief Manipulation of test arguments.
- *
- * Much of the code is in host_test.function, to be migrated here later.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_ARGUMENTS_H
-#define TEST_ARGUMENTS_H
-
-#include "mbedtls/build_info.h"
-#include <stdint.h>
-#include <stdlib.h>
-
-typedef union {
- size_t len;
- intmax_t sint;
-} mbedtls_test_argument_t;
-
-#endif /* TEST_ARGUMENTS_H */
diff --git a/tests/include/test/asn1_helpers.h b/tests/include/test/asn1_helpers.h
deleted file mode 100644
index 2eb9171..0000000
--- a/tests/include/test/asn1_helpers.h
+++ /dev/null
@@ -1,38 +0,0 @@
-/** Helper functions for tests that manipulate ASN.1 data.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef ASN1_HELPERS_H
-#define ASN1_HELPERS_H
-
-#include "test/helpers.h"
-
-/** Skip past an INTEGER in an ASN.1 buffer.
- *
- * Mark the current test case as failed in any of the following conditions:
- * - The buffer does not start with an ASN.1 INTEGER.
- * - The integer's size or parity does not match the constraints expressed
- * through \p min_bits, \p max_bits and \p must_be_odd.
- *
- * \param p Upon entry, `*p` points to the first byte of the
- * buffer to parse.
- * On successful return, `*p` points to the first byte
- * after the parsed INTEGER.
- * On failure, `*p` is unspecified.
- * \param end The end of the ASN.1 buffer.
- * \param min_bits Fail the test case if the integer does not have at
- * least this many significant bits.
- * \param max_bits Fail the test case if the integer has more than
- * this many significant bits.
- * \param must_be_odd Fail the test case if the integer is even.
- *
- * \return \c 0 if the test failed, otherwise 1.
- */
-int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd);
-
-#endif /* ASN1_HELPERS_H */
diff --git a/tests/include/test/bignum_codepath_check.h b/tests/include/test/bignum_codepath_check.h
deleted file mode 100644
index 3d72be1..0000000
--- a/tests/include/test/bignum_codepath_check.h
+++ /dev/null
@@ -1,94 +0,0 @@
-/** Support for path tracking in optionally safe bignum functions
- *
- * The functions are called when an optionally safe path is taken and logs it with a single
- * variable. This variable is at any time in one of three states:
- * - MBEDTLS_MPI_IS_TEST: No optionally safe path has been taken since the last reset
- * - MBEDTLS_MPI_IS_SECRET: Only safe paths were teken since the last reset
- * - MBEDTLS_MPI_IS_PUBLIC: At least one unsafe path has been taken since the last reset
- *
- * Use a simple global variable to track execution path. Making it work with multithreading
- * isn't worth the effort as multithreaded tests add little to no value here.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef BIGNUM_CODEPATH_CHECK_H
-#define BIGNUM_CODEPATH_CHECK_H
-
-#include "bignum_core.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-
-extern int mbedtls_codepath_check;
-
-/**
- * \brief Setup the codepath test hooks used by optionally safe bignum functions to signal
- * the path taken.
- */
-void mbedtls_codepath_test_hooks_setup(void);
-
-/**
- * \brief Teardown the codepath test hooks used by optionally safe bignum functions to
- * signal the path taken.
- */
-void mbedtls_codepath_test_hooks_teardown(void);
-
-/**
- * \brief Reset the state of the codepath to the initial state.
- */
-static inline void mbedtls_codepath_reset(void)
-{
- mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
-}
-
-/** Check the codepath taken and fail if it doesn't match.
- *
- * When a function returns with an error, it can do so before reaching any interesting codepath. The
- * same can happen if a parameter to the function is zero. In these cases we need to allow
- * the codepath tracking variable to still have its initial "not set" value.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param path The expected codepath.
- * This expression may be evaluated multiple times.
- * \param ret The expected return value.
- * \param E The MPI parameter that can cause shortcuts.
- */
-#define ASSERT_BIGNUM_CODEPATH(path, ret, E) \
- do { \
- if ((ret) != 0 || (E).n == 0) { \
- TEST_ASSERT(mbedtls_codepath_check == (path) || \
- mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
- } else { \
- TEST_EQUAL(mbedtls_codepath_check, (path)); \
- } \
- } while (0)
-
-/** Check the codepath taken and fail if it doesn't match.
- *
- * When a function returns with an error, it can do so before reaching any interesting codepath. In
- * this case we need to allow the codepath tracking variable to still have its
- * initial "not set" value.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param path The expected codepath.
- * This expression may be evaluated multiple times.
- * \param ret The expected return value.
- */
-#define ASSERT_RSA_CODEPATH(path, ret) \
- do { \
- if ((ret) != 0) { \
- TEST_ASSERT(mbedtls_codepath_check == (path) || \
- mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST); \
- } else { \
- TEST_EQUAL(mbedtls_codepath_check, (path)); \
- } \
- } while (0)
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-
-#endif /* BIGNUM_CODEPATH_CHECK_H */
diff --git a/tests/include/test/bignum_helpers.h b/tests/include/test/bignum_helpers.h
deleted file mode 100644
index a5e49cb..0000000
--- a/tests/include/test/bignum_helpers.h
+++ /dev/null
@@ -1,98 +0,0 @@
-/**
- * \file bignum_helpers.h
- *
- * \brief This file contains the prototypes of helper functions for
- * bignum-related testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_BIGNUM_HELPERS_H
-#define TEST_BIGNUM_HELPERS_H
-
-#include <mbedtls/build_info.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include <mbedtls/bignum.h>
-#include <bignum_mod.h>
-
-/** Allocate and populate a core MPI from a test case argument.
- *
- * This function allocates exactly as many limbs as necessary to fit
- * the length of the input. In other words, it preserves leading zeros.
- *
- * The limb array is allocated with mbedtls_calloc() and must later be
- * freed with mbedtls_free().
- *
- * \param[in,out] pX The address where a pointer to the allocated limb
- * array will be stored.
- * \c *pX must be null on entry.
- * On exit, \c *pX is null on error or if the number
- * of limbs is 0.
- * \param[out] plimbs The address where the number of limbs will be stored.
- * \param[in] input The test argument to read.
- * It is interpreted as a hexadecimal representation
- * of a non-negative integer.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
- const char *input);
-
-/** Read a modulus from a hexadecimal string.
- *
- * This function allocates exactly as many limbs as necessary to fit
- * the length of the input. In other words, it preserves leading zeros.
- *
- * The limb array is allocated with mbedtls_calloc() and must later be
- * freed with mbedtls_free(). You can do that by calling
- * mbedtls_test_mpi_mod_modulus_free_with_limbs().
- *
- * \param[in,out] N A modulus structure. It must be initialized, but
- * not set up.
- * \param[in] s The null-terminated hexadecimal string to read from.
- * \param int_rep The desired representation of residues.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
- const char *s,
- mbedtls_mpi_mod_rep_selector int_rep);
-
-/** Free a modulus and its limbs.
- *
- * \param[in] N A modulus structure such that there is no other
- * reference to `N->p`.
- */
-void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N);
-
-/** Read an MPI from a hexadecimal string.
- *
- * Like mbedtls_mpi_read_string(), but with tighter guarantees around
- * edge cases.
- *
- * - This function guarantees that if \p s begins with '-' then the sign
- * bit of the result will be negative, even if the value is 0.
- * When this function encounters such a "negative 0", it calls
- * mbedtls_test_increment_case_uses_negative_0().
- * - The size of the result is exactly the minimum number of limbs needed to fit
- * the digits in the input. In particular, this function constructs a bignum
- * with 0 limbs for an empty string, and a bignum with leading 0 limbs if the
- * string has sufficiently many leading 0 digits. This is important so that
- * the "0 (null)" and "0 (1 limb)" and "leading zeros" test cases do what they
- * claim.
- *
- * \param[out] X The MPI object to populate. It must be initialized.
- * \param[in] s The null-terminated hexadecimal string to read from.
- *
- * \return \c 0 on success, an \c MBEDTLS_ERR_MPI_xxx error code otherwise.
- */
-int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s);
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#endif /* TEST_BIGNUM_HELPERS_H */
diff --git a/tests/include/test/constant_flow.h b/tests/include/test/constant_flow.h
deleted file mode 100644
index c5658eb..0000000
--- a/tests/include/test/constant_flow.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/**
- * \file constant_flow.h
- *
- * \brief This file contains tools to ensure tested code has constant flow.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_CONSTANT_FLOW_H
-#define TEST_CONSTANT_FLOW_H
-
-#include "mbedtls/build_info.h"
-
-/*
- * This file defines the two macros
- *
- * #define TEST_CF_SECRET(ptr, size)
- * #define TEST_CF_PUBLIC(ptr, size)
- *
- * that can be used in tests to mark a memory area as secret (no branch or
- * memory access should depend on it) or public (default, only needs to be
- * marked explicitly when it was derived from secret data).
- *
- * Arguments:
- * - ptr: a pointer to the memory area to be marked
- * - size: the size in bytes of the memory area
- *
- * Implementation:
- * The basic idea is that of ctgrind <https://github.com/agl/ctgrind>: we can
- * re-use tools that were designed for checking use of uninitialized memory.
- * This file contains two implementations: one based on MemorySanitizer, the
- * other on valgrind's memcheck. If none of them is enabled, dummy macros that
- * do nothing are defined for convenience.
- *
- * \note #TEST_CF_SECRET must be called directly from within a .function file,
- * not indirectly via a macro defined under tests/include or a function
- * under tests/src. This is because we only run Valgrind for constant
- * flow on test suites that have greppable annotations inside them (see
- * `skip_suites_without_constant_flow` in `tests/scripts/all.sh`).
- */
-
-#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
-#include <sanitizer/msan_interface.h>
-
-/* Use macros to avoid messing up with origin tracking */
-#define TEST_CF_SECRET __msan_allocated_memory
-// void __msan_allocated_memory(const volatile void* data, size_t size);
-#define TEST_CF_PUBLIC __msan_unpoison
-// void __msan_unpoison(const volatile void *a, size_t size);
-
-#elif defined(MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND)
-#include <valgrind/memcheck.h>
-
-#define TEST_CF_SECRET VALGRIND_MAKE_MEM_UNDEFINED
-// VALGRIND_MAKE_MEM_UNDEFINED(_qzz_addr, _qzz_len)
-#define TEST_CF_PUBLIC VALGRIND_MAKE_MEM_DEFINED
-// VALGRIND_MAKE_MEM_DEFINED(_qzz_addr, _qzz_len)
-
-#else /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
- MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
-
-#define TEST_CF_SECRET(ptr, size)
-#define TEST_CF_PUBLIC(ptr, size)
-
-#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN ||
- MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND */
-
-#endif /* TEST_CONSTANT_FLOW_H */
diff --git a/tests/include/test/drivers/aead.h b/tests/include/test/drivers/aead.h
deleted file mode 100644
index a033e39..0000000
--- a/tests/include/test/drivers/aead.h
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * Test driver for AEAD driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_AEAD_H
-#define PSA_CRYPTO_TEST_DRIVERS_AEAD_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times AEAD driver functions are called. */
- unsigned long hits_encrypt;
- unsigned long hits_decrypt;
- unsigned long hits_encrypt_setup;
- unsigned long hits_decrypt_setup;
- unsigned long hits_set_nonce;
- unsigned long hits_set_lengths;
- unsigned long hits_update_ad;
- unsigned long hits_update;
- unsigned long hits_finish;
- unsigned long hits_verify;
- unsigned long hits_abort;
-
- /* Status returned by the last AEAD driver function call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_aead_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_AEAD_INIT { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }
-static inline mbedtls_test_driver_aead_hooks_t
-mbedtls_test_driver_aead_hooks_init(void)
-{
- const mbedtls_test_driver_aead_hooks_t v = MBEDTLS_TEST_DRIVER_AEAD_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks;
-
-psa_status_t mbedtls_test_transparent_aead_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length);
-
-psa_status_t mbedtls_test_transparent_aead_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length);
-
-psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_aead_set_nonce(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length);
-
-psa_status_t mbedtls_test_transparent_aead_set_lengths(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length);
-
-psa_status_t mbedtls_test_transparent_aead_update_ad(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_aead_update(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_aead_finish(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length);
-
-psa_status_t mbedtls_test_transparent_aead_verify(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length);
-
-psa_status_t mbedtls_test_transparent_aead_abort(
- mbedtls_transparent_test_driver_aead_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_AEAD_H */
diff --git a/tests/include/test/drivers/asymmetric_encryption.h b/tests/include/test/drivers/asymmetric_encryption.h
deleted file mode 100644
index 0ac7708..0000000
--- a/tests/include/test/drivers/asymmetric_encryption.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Test driver for asymmetric encryption.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
-#define PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-#include <psa/crypto.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the asymmetric_encryption driver
- functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_asymmetric_encryption_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT { NULL, 0, PSA_SUCCESS, 0 }
-
-static inline mbedtls_test_driver_asymmetric_encryption_hooks_t
-mbedtls_test_driver_asymmetric_encryption_hooks_init(void)
-{
- const mbedtls_test_driver_asymmetric_encryption_hooks_t v =
- MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_asymmetric_encryption_hooks_t
- mbedtls_test_driver_asymmetric_encryption_hooks;
-
-psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_ASYMMETRIC_ENCRYPTION_H */
diff --git a/tests/include/test/drivers/cipher.h b/tests/include/test/drivers/cipher.h
deleted file mode 100644
index 2fe47e4..0000000
--- a/tests/include/test/drivers/cipher.h
+++ /dev/null
@@ -1,136 +0,0 @@
-/*
- * Test driver for cipher functions
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
-#define PSA_CRYPTO_TEST_DRIVERS_CIPHER_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-#include <psa/crypto.h>
-
-#include "mbedtls/cipher.h"
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- psa_status_t forced_status_encrypt;
- psa_status_t forced_status_set_iv;
- /* Count the amount of times one of the cipher driver functions is called. */
- unsigned long hits;
- unsigned long hits_encrypt;
- unsigned long hits_set_iv;
-} mbedtls_test_driver_cipher_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_CIPHER_INIT { NULL, 0, \
- PSA_SUCCESS, PSA_SUCCESS, PSA_SUCCESS, \
- 0, 0, 0 }
-static inline mbedtls_test_driver_cipher_hooks_t
-mbedtls_test_driver_cipher_hooks_init(void)
-{
- const mbedtls_test_driver_cipher_hooks_t v = MBEDTLS_TEST_DRIVER_CIPHER_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks;
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_cipher_abort(
- mbedtls_transparent_test_driver_cipher_operation_t *operation);
-
-psa_status_t mbedtls_test_transparent_cipher_set_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length);
-
-psa_status_t mbedtls_test_transparent_cipher_update(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_cipher_finish(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-/*
- * opaque versions
- */
-psa_status_t mbedtls_test_opaque_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_cipher_abort(
- mbedtls_opaque_test_driver_cipher_operation_t *operation);
-
-psa_status_t mbedtls_test_opaque_cipher_set_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *iv, size_t iv_length);
-
-psa_status_t mbedtls_test_opaque_cipher_update(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_opaque_cipher_finish(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_CIPHER_H */
diff --git a/tests/include/test/drivers/config_test_driver.h b/tests/include/test/drivers/config_test_driver.h
deleted file mode 100644
index ec8bcb6..0000000
--- a/tests/include/test/drivers/config_test_driver.h
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Mbed TLS configuration for PSA test driver libraries. It includes:
- * . the minimum set of modules needed by the PSA core.
- * . the Mbed TLS configuration options that may need to be additionally
- * enabled for the purpose of a specific test.
- * . the PSA configuration file for the Mbed TLS library and its test drivers.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef MBEDTLS_CONFIG_H
-#define MBEDTLS_CONFIG_H
-
-#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
-#define _CRT_SECURE_NO_DEPRECATE 1
-#endif
-
-#define MBEDTLS_PSA_CRYPTO_C
-#define MBEDTLS_PSA_CRYPTO_CONFIG
-
-/* PSA core mandatory configuration options */
-#define MBEDTLS_CIPHER_C
-#define MBEDTLS_AES_C
-#define MBEDTLS_SHA256_C
-#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
-#define MBEDTLS_CTR_DRBG_C
-#define MBEDTLS_ENTROPY_C
-#define MBEDTLS_ENTROPY_FORCE_SHA256
-
-/*
- * Configuration options that may need to be additionally enabled for the
- * purpose of a specific set of tests.
- */
-//#define MBEDTLS_SHA1_C
-//#define MBEDTLS_SHA224_C
-//#define MBEDTLS_SHA384_C
-//#define MBEDTLS_SHA512_C
-//#define MBEDTLS_MD_C
-//#define MBEDTLS_PEM_PARSE_C
-//#define MBEDTLS_BASE64_C
-//#define MBEDTLS_THREADING_C
-//#define MBEDTLS_THREADING_PTHREAD
-
-#endif /* MBEDTLS_CONFIG_H */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
deleted file mode 100644
index 66378e7..0000000
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ /dev/null
@@ -1,689 +0,0 @@
-/**
- * This file is intended to be used to build PSA external test driver
- * libraries (libtestdriver1).
- *
- * It is intended to be appended by the test build system to the
- * crypto_config.h file of the Mbed TLS library the test library will be
- * linked to (see `tests/Makefile` libtestdriver1 target). This is done in
- * order to insert it at the right time: after the main configuration
- * (PSA_WANT) but before the logic that determines what built-ins to enable
- * based on PSA_WANT and MBEDTLS_PSA_ACCEL macros.
- *
- * It reverses the PSA_ACCEL_* macros defining the cryptographic operations
- * that will be accelerated in the main library:
- * - When something is accelerated in the main library, we need it supported
- * in libtestdriver1, so we disable the accel macro in order to the built-in
- * to be enabled.
- * - When something is NOT accelerated in the main library, we don't need it
- * in libtestdriver1, so we enable its accel macro in order to the built-in
- * to be disabled, to keep libtestdriver1 minimal. (We can't adjust the
- * PSA_WANT macros as they need to be the same between libtestdriver1 and
- * the main library, since they determine the ABI between the two.)
- */
-
-#include "psa/crypto_legacy.h"
-
-#if defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING)
-#undef MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_NO_PADDING 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_PKCS7)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7)
-#undef MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_PKCS7 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CFB)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CFB)
-#undef MBEDTLS_PSA_ACCEL_ALG_CFB
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CFB 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CMAC)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CMAC)
-#undef MBEDTLS_PSA_ACCEL_ALG_CMAC
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CMAC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CTR)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CTR)
-#undef MBEDTLS_PSA_ACCEL_ALG_CTR
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CTR 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_STREAM_CIPHER)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER)
-#undef MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_STREAM_CIPHER 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_ECB_NO_PADDING)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING)
-#undef MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_ECB_NO_PADDING 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256)
-#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_256 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384)
-#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_384 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512)
-#undef MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_BRAINPOOL_P_R1_512 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_255)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255)
-#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_255 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_MONTGOMERY_448)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448)
-#undef MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_MONTGOMERY_448 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_192)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_192 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_224)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_224 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_K1_256)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_K1_256 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_192)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_192 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_224)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_224 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_256)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_256 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_384)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_384 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ECC_SECP_R1_521)
-#if defined(MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521)
-#undef MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521
-#else
-#define MBEDTLS_PSA_ACCEL_ECC_SECP_R1_521 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA)
-#undef MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_DETERMINISTIC_ECDSA 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_ECDSA)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDSA)
-#undef MBEDTLS_PSA_ACCEL_ALG_ECDSA
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_ECDSA 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_ECDH)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_ECDH)
-#undef MBEDTLS_PSA_ACCEL_ALG_ECDH
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_ECDH 1
-#endif
-#endif
-
-#if defined(PSA_WANT_DH_RFC7919_2048)
-#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_2048)
-#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
-#else
-#define MBEDTLS_PSA_ACCEL_DH_RFC7919_2048
-#endif
-#endif
-
-#if defined(PSA_WANT_DH_RFC7919_3072)
-#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_3072)
-#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
-#else
-#define MBEDTLS_PSA_ACCEL_DH_RFC7919_3072
-#endif
-#endif
-
-#if defined(PSA_WANT_DH_RFC7919_4096)
-#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_4096)
-#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
-#else
-#define MBEDTLS_PSA_ACCEL_DH_RFC7919_4096
-#endif
-#endif
-
-#if defined(PSA_WANT_DH_RFC7919_6144)
-#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_6144)
-#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
-#else
-#define MBEDTLS_PSA_ACCEL_DH_RFC7919_6144
-#endif
-#endif
-
-#if defined(PSA_WANT_DH_RFC7919_8192)
-#if defined(MBEDTLS_PSA_ACCEL_DH_RFC7919_8192)
-#undef MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
-#else
-#define MBEDTLS_PSA_ACCEL_DH_RFC7919_8192
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_FFDH)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_FFDH)
-#undef MBEDTLS_PSA_ACCEL_ALG_FFDH
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_FFDH 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_MD5)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_MD5)
-#undef MBEDTLS_PSA_ACCEL_ALG_MD5
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_MD5 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_OFB)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_OFB)
-#undef MBEDTLS_PSA_ACCEL_ALG_OFB
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_OFB 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_RIPEMD160)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RIPEMD160)
-#undef MBEDTLS_PSA_ACCEL_ALG_RIPEMD160
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_RIPEMD160 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN)
-#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PSS)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PSS)
-#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PSS
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PSS 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_1)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_1)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_1
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_1 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_224)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_224)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_224
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_224 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_256)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_256)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_256
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_256 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_384)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_384)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_384
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_384 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA_512)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA_512)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA_512
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA_512 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA3_224)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_224)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_224
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_224 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA3_256)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_256)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_256
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_256 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA3_384)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_384)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_384
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_384 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_SHA3_512)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_SHA3_512)
-#undef MBEDTLS_PSA_ACCEL_ALG_SHA3_512
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_SHA3_512 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_XTS)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_XTS)
-#undef MBEDTLS_PSA_ACCEL_ALG_XTS
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_XTS 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CHACHA20_POLY1305)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305)
-#undef MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CHACHA20_POLY1305 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_JPAKE)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_JPAKE)
-#undef MBEDTLS_PSA_ACCEL_ALG_JPAKE
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_JPAKE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_AES
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ARIA)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARIA 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CAMELLIA 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_BASIC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_IMPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_EXPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_GENERATE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR_DERIVE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_BASIC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_IMPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_EXPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_KEY_PAIR_GENERATE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_IMPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_EXPORT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_GENERATE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DH_PUBLIC_KEY)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DH_PUBLIC_KEY 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20 1
-#endif
-#endif
-
-
-#if defined(PSA_WANT_ALG_TLS12_PRF)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF)
-#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PRF 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_TLS12_PSK_TO_MS)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS)
-#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_TLS12_PSK_TO_MS 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_TLS12_ECJPAKE_TO_PMS)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS)
-#undef MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_TLS12_ECJPAKE_TO_PMS 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_GCM)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
-#undef MBEDTLS_PSA_ACCEL_ALG_GCM
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_GCM 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CCM)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM)
-#undef MBEDTLS_PSA_ACCEL_ALG_CCM
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CCM 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CCM_STAR_NO_TAG)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG)
-#undef MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CCM_STAR_NO_TAG 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_CBC_MAC)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_CBC_MAC)
-#undef MBEDTLS_PSA_ACCEL_ALG_CBC_MAC
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_CBC_MAC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_HMAC)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_HMAC)
-#undef MBEDTLS_PSA_ACCEL_ALG_HMAC
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_HMAC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_HKDF)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
-#undef MBEDTLS_PSA_ACCEL_ALG_HKDF
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_HKDF_EXTRACT)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT)
-#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXTRACT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_HKDF_EXPAND)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND)
-#undef MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_HKDF_EXPAND 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_OAEP)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP)
-#undef MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP 1
-#endif
-#endif
-
-#if defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
-#if defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT)
-#undef MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT
-#else
-#define MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DERIVE)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DERIVE 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_HMAC)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_DES)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_DES)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_DES
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
-#endif
-#endif
-
-#if defined(PSA_WANT_KEY_TYPE_RAW_DATA)
-#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA)
-#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA
-#else
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
-#endif
-#endif
diff --git a/tests/include/test/drivers/hash.h b/tests/include/test/drivers/hash.h
deleted file mode 100644
index ad48c45..0000000
--- a/tests/include/test/drivers/hash.h
+++ /dev/null
@@ -1,64 +0,0 @@
-/*
- * Test driver for hash driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_HASH_H
-#define PSA_CRYPTO_TEST_DRIVERS_HASH_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times hash driver entry points are called. */
- unsigned long hits;
- /* Status returned by the last hash driver entry point call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_hash_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_HASH_INIT { 0, 0, 0 }
-static inline mbedtls_test_driver_hash_hooks_t
-mbedtls_test_driver_hash_hooks_init(void)
-{
- const mbedtls_test_driver_hash_hooks_t v = MBEDTLS_TEST_DRIVER_HASH_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks;
-
-psa_status_t mbedtls_test_transparent_hash_compute(
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length);
-
-psa_status_t mbedtls_test_transparent_hash_setup(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_hash_clone(
- const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation);
-
-psa_status_t mbedtls_test_transparent_hash_update(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_hash_finish(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length);
-
-psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_HASH_H */
diff --git a/tests/include/test/drivers/key_agreement.h b/tests/include/test/drivers/key_agreement.h
deleted file mode 100644
index ca82b3a..0000000
--- a/tests/include/test/drivers/key_agreement.h
+++ /dev/null
@@ -1,62 +0,0 @@
-/*
- * Test driver for key agreement functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
-#define PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the signature driver functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_key_agreement_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline mbedtls_test_driver_key_agreement_hooks_t
-mbedtls_test_driver_key_agreement_hooks_init(void)
-{
- const mbedtls_test_driver_key_agreement_hooks_t
- v = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_key_agreement_hooks_t
- mbedtls_test_driver_key_agreement_hooks;
-
-psa_status_t mbedtls_test_transparent_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length);
-
-psa_status_t mbedtls_test_opaque_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length);
-
-#endif /*PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_AGREEMENT_H */
diff --git a/tests/include/test/drivers/key_management.h b/tests/include/test/drivers/key_management.h
deleted file mode 100644
index 1d9bc43..0000000
--- a/tests/include/test/drivers/key_management.h
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
-#define PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT 0
-#define PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT 1
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the key management driver functions
- * is called. */
- unsigned long hits;
- /* Subset of hits which only counts public key export operations */
- unsigned long hits_export_public_key;
- /* Subset of hits which only counts key generation operations */
- unsigned long hits_generate_key;
- /* Location of the last key management driver called to import a key. */
- psa_key_location_t location;
-} mbedtls_test_driver_key_management_hooks_t;
-
-/* The location is initialized to the invalid value 0x800000. Invalid in the
- * sense that no PSA specification will assign a meaning to this location
- * (stated first in version 1.0.1 of the specification) and that it is not
- * used as a location of an opaque test drivers. */
-#define MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT { NULL, 0, PSA_SUCCESS, 0, 0, 0, 0x800000 }
-static inline mbedtls_test_driver_key_management_hooks_t
-mbedtls_test_driver_key_management_hooks_init(void)
-{
- const mbedtls_test_driver_key_management_hooks_t
- v = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
- return v;
-}
-
-/*
- * In order to convert the plain text keys to Opaque, the size of the key is
- * padded up by PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE in addition to
- * xor mangling the key. The pad prefix needs to be accounted for while
- * sizing for the key.
- */
-#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX 0xBEEFED00U
-#define PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE sizeof( \
- PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX)
-
-size_t mbedtls_test_opaque_size_function(
- const psa_key_type_t key_type,
- const size_t key_bits);
-
-extern mbedtls_test_driver_key_management_hooks_t
- mbedtls_test_driver_key_management_hooks;
-
-psa_status_t mbedtls_test_transparent_init(void);
-void mbedtls_test_transparent_free(void);
-psa_status_t mbedtls_test_opaque_init(void);
-void mbedtls_test_opaque_free(void);
-
-psa_status_t mbedtls_test_opaque_unwrap_key(
- const uint8_t *wrapped_key, size_t wrapped_key_length, uint8_t *key_buffer,
- size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t mbedtls_test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length);
-
-psa_status_t mbedtls_test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length);
-
-psa_status_t mbedtls_test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length);
-
-psa_status_t mbedtls_test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits);
-
-psa_status_t mbedtls_test_opaque_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits);
-
-psa_status_t mbedtls_test_opaque_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length);
-
-psa_status_t mbedtls_test_opaque_copy_key(
- psa_key_attributes_t *attributes,
- const uint8_t *source_key,
- size_t source_key_length,
- uint8_t *target_key_buffer,
- size_t target_key_buffer_size,
- size_t *target_key_buffer_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_KEY_MANAGEMENT_H */
diff --git a/tests/include/test/drivers/mac.h b/tests/include/test/drivers/mac.h
deleted file mode 100644
index d92eff9..0000000
--- a/tests/include/test/drivers/mac.h
+++ /dev/null
@@ -1,125 +0,0 @@
-/*
- * Test driver for MAC driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_MAC_H
-#define PSA_CRYPTO_TEST_DRIVERS_MAC_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times MAC driver functions are called. */
- unsigned long hits;
- /* Status returned by the last MAC driver function call. */
- psa_status_t driver_status;
-} mbedtls_test_driver_mac_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_MAC_INIT { 0, 0, 0 }
-static inline mbedtls_test_driver_mac_hooks_t
-mbedtls_test_driver_mac_hooks_init(void)
-{
- const mbedtls_test_driver_mac_hooks_t v = MBEDTLS_TEST_DRIVER_MAC_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks;
-
-psa_status_t mbedtls_test_transparent_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_sign_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_mac_verify_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_transparent_mac_update(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_mac_sign_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_verify_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation);
-
-psa_status_t mbedtls_test_opaque_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_sign_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_mac_verify_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg);
-
-psa_status_t mbedtls_test_opaque_mac_update(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_opaque_mac_sign_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_verify_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length);
-
-psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_MAC_H */
diff --git a/tests/include/test/drivers/pake.h b/tests/include/test/drivers/pake.h
deleted file mode 100644
index d292ca0..0000000
--- a/tests/include/test/drivers/pake.h
+++ /dev/null
@@ -1,75 +0,0 @@
-/*
- * Test driver for PAKE driver entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_PAKE_H
-#define PSA_CRYPTO_TEST_DRIVERS_PAKE_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* PAKE driver setup is executed on the first call to
- pake_output/pake_input (added to distinguish forced statuses). */
- psa_status_t forced_setup_status;
- /* Count the amount of times PAKE driver functions are called. */
- struct {
- unsigned long total;
- unsigned long setup;
- unsigned long input;
- unsigned long output;
- unsigned long implicit_key;
- unsigned long abort;
- } hits;
- /* Status returned by the last PAKE driver function call. */
- psa_status_t driver_status;
- /* Output returned by pake_output */
- void *forced_output;
- size_t forced_output_length;
-} mbedtls_test_driver_pake_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_PAKE_INIT { PSA_SUCCESS, PSA_SUCCESS, { 0, 0, 0, 0, 0, 0 }, PSA_SUCCESS, \
- NULL, 0 }
-static inline mbedtls_test_driver_pake_hooks_t
-mbedtls_test_driver_pake_hooks_init(void)
-{
- const mbedtls_test_driver_pake_hooks_t v = MBEDTLS_TEST_DRIVER_PAKE_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks;
-
-psa_status_t mbedtls_test_transparent_pake_setup(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- const psa_crypto_driver_pake_inputs_t *inputs);
-
-psa_status_t mbedtls_test_transparent_pake_output(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_pake_input(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- const uint8_t *input,
- size_t input_length);
-
-psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length);
-
-psa_status_t mbedtls_test_transparent_pake_abort(
- mbedtls_transparent_test_driver_pake_operation_t *operation);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_PAKE_H */
diff --git a/tests/include/test/drivers/signature.h b/tests/include/test/drivers/signature.h
deleted file mode 100644
index 8c5703e..0000000
--- a/tests/include/test/drivers/signature.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Test driver for signature functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
-#define PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <psa/crypto_driver_common.h>
-
-typedef struct {
- /* If non-null, on success, copy this to the output. */
- void *forced_output;
- size_t forced_output_length;
- /* If not PSA_SUCCESS, return this error code instead of processing the
- * function call. */
- psa_status_t forced_status;
- /* Count the amount of times one of the signature driver functions is called. */
- unsigned long hits;
-} mbedtls_test_driver_signature_hooks_t;
-
-#define MBEDTLS_TEST_DRIVER_SIGNATURE_INIT { NULL, 0, PSA_SUCCESS, 0 }
-static inline mbedtls_test_driver_signature_hooks_t
-mbedtls_test_driver_signature_hooks_init(void)
-{
- const mbedtls_test_driver_signature_hooks_t
- v = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
- return v;
-}
-
-extern mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_sign_hooks;
-extern mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_verify_hooks;
-
-psa_status_t mbedtls_test_transparent_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length);
-
-psa_status_t mbedtls_test_transparent_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-psa_status_t mbedtls_test_opaque_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length);
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVERS_SIGNATURE_H */
diff --git a/tests/include/test/drivers/test_driver.h b/tests/include/test/drivers/test_driver.h
deleted file mode 100644
index 74605d6..0000000
--- a/tests/include/test/drivers/test_driver.h
+++ /dev/null
@@ -1,32 +0,0 @@
-/*
- * Umbrella include for all of the test driver functionality
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_TEST_DRIVER_H
-#define PSA_CRYPTO_TEST_DRIVER_H
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#ifndef PSA_CRYPTO_DRIVER_PRESENT
-#define PSA_CRYPTO_DRIVER_PRESENT
-#endif
-#ifndef PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#define PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT
-#endif
-
-#define PSA_CRYPTO_TEST_DRIVER_LOCATION 0x7fffff
-
-#include "test/drivers/aead.h"
-#include "test/drivers/cipher.h"
-#include "test/drivers/hash.h"
-#include "test/drivers/mac.h"
-#include "test/drivers/key_management.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/asymmetric_encryption.h"
-#include "test/drivers/key_agreement.h"
-#include "test/drivers/pake.h"
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
-#endif /* PSA_CRYPTO_TEST_DRIVER_H */
diff --git a/tests/include/test/fake_external_rng_for_test.h b/tests/include/test/fake_external_rng_for_test.h
deleted file mode 100644
index e3e331d..0000000
--- a/tests/include/test/fake_external_rng_for_test.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/*
- * Insecure but standalone implementation of mbedtls_psa_external_get_random().
- * Only for use in tests!
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef FAKE_EXTERNAL_RNG_FOR_TEST_H
-#define FAKE_EXTERNAL_RNG_FOR_TEST_H
-
-#include "mbedtls/build_info.h"
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-/** Enable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * The insecure implementation of mbedtls_psa_external_get_random() is
- * disabled by default.
- *
- * When MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG is enabled and the test
- * helpers are linked into a program, you must enable this before running any
- * code that uses the PSA subsystem to generate random data (including internal
- * random generation for purposes such as blinding when the random generation
- * is routed through PSA).
- *
- * You can enable and disable it at any time, regardless of the state
- * of the PSA subsystem. You may disable it temporarily to simulate a
- * depleted entropy source.
- */
-void mbedtls_test_enable_insecure_external_rng(void);
-
-/** Disable the insecure implementation of mbedtls_psa_external_get_random().
- *
- * See mbedtls_test_enable_insecure_external_rng().
- */
-void mbedtls_test_disable_insecure_external_rng(void);
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
-
-#endif /* FAKE_EXTERNAL_RNG_FOR_TEST_H */
diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h
deleted file mode 100644
index d08100f..0000000
--- a/tests/include/test/helpers.h
+++ /dev/null
@@ -1,404 +0,0 @@
-/**
- * \file helpers.h
- *
- * \brief This file contains the prototypes of helper functions for the
- * purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_HELPERS_H
-#define TEST_HELPERS_H
-
-/* Most fields of publicly available structs are private and are wrapped with
- * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
- * directly (without using the MBEDTLS_PRIVATE wrapper). */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
-#include "mbedtls/build_info.h"
-
-#if defined(__SANITIZE_ADDRESS__) /* gcc -fsanitize=address */
-# define MBEDTLS_TEST_HAVE_ASAN
-#endif
-#if defined(__SANITIZE_THREAD__) /* gcc -fsanitize-thread */
-# define MBEDTLS_TEST_HAVE_TSAN
-#endif
-
-#if defined(__has_feature)
-# if __has_feature(address_sanitizer) /* clang -fsanitize=address */
-# define MBEDTLS_TEST_HAVE_ASAN
-# endif
-# if __has_feature(memory_sanitizer) /* clang -fsanitize=memory */
-# define MBEDTLS_TEST_HAVE_MSAN
-# endif
-# if __has_feature(thread_sanitizer) /* clang -fsanitize=thread */
-# define MBEDTLS_TEST_HAVE_TSAN
-# endif
-#endif
-
-#include "test/threading_helpers.h"
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-#include "mbedtls/threading.h"
-#endif
-
-#include "mbedtls/platform.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-#include "mbedtls/bignum.h"
-#endif
-
-/** The type of test case arguments that contain binary data. */
-typedef struct data_tag {
- uint8_t *x;
- uint32_t len;
-} data_t;
-
-typedef enum {
- MBEDTLS_TEST_RESULT_SUCCESS = 0,
- MBEDTLS_TEST_RESULT_FAILED,
- MBEDTLS_TEST_RESULT_SKIPPED
-} mbedtls_test_result_t;
-
-#define MBEDTLS_TEST_LINE_LENGTH 76
-
-typedef struct {
- mbedtls_test_result_t result;
- const char *test;
- const char *filename;
- int line_no;
- unsigned long step;
- char line1[MBEDTLS_TEST_LINE_LENGTH];
- char line2[MBEDTLS_TEST_LINE_LENGTH];
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
- const char *mutex_usage_error;
-#endif
-#if defined(MBEDTLS_BIGNUM_C)
- unsigned case_uses_negative_0;
-#endif
-}
-mbedtls_test_info_t;
-
-/**
- * \brief Get the current test result status
- *
- * \return The current test result status
- */
-mbedtls_test_result_t mbedtls_test_get_result(void);
-
-/**
- * \brief Get the current test name/description
- *
- * \return The current test name/description
- */
-const char *mbedtls_test_get_test(void);
-
-/**
- * \brief Get the current test filename
- *
- * \return The current test filename
- */
-const char *mbedtls_get_test_filename(void);
-
-/**
- * \brief Get the current test file line number (for failure / skip)
- *
- * \return The current test file line number (for failure / skip)
- */
-int mbedtls_test_get_line_no(void);
-
-/**
- * \brief Increment the current test step.
- *
- * \note It is not recommended for multiple threads to call this
- * function concurrently - whilst it is entirely thread safe,
- * the order of calls to this function can obviously not be
- * ensured, so unexpected results may occur.
- */
-void mbedtls_test_increment_step(void);
-
-/**
- * \brief Get the current test step
- *
- * \return The current test step
- */
-unsigned long mbedtls_test_get_step(void);
-
-/**
- * \brief Get the current test line buffer 1
- *
- * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
- * which will have line buffer 1 copied to it.
- */
-void mbedtls_test_get_line1(char *line);
-
-/**
- * \brief Get the current test line buffer 2
- *
- * \param line Buffer of minimum size \c MBEDTLS_TEST_LINE_LENGTH,
- * which will have line buffer 1 copied to it.
- */
-void mbedtls_test_get_line2(char *line);
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/**
- * \brief Get the current mutex usage error message
- *
- * \return The current mutex error message (may be NULL if no error)
- */
-const char *mbedtls_test_get_mutex_usage_error(void);
-
-/**
- * \brief Set the current mutex usage error message
- *
- * \note This will only set the mutex error message if one has not
- * already been set, or if we are clearing the message (msg is
- * NULL)
- *
- * \param msg Error message to set (can be NULL to clear)
- */
-void mbedtls_test_set_mutex_usage_error(const char *msg);
-#endif
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-/**
- * \brief Get whether the current test is a bignum test that uses
- * negative zero.
- *
- * \return non zero if the current test uses bignum negative zero.
- */
-unsigned mbedtls_test_get_case_uses_negative_0(void);
-
-/**
- * \brief Indicate that the current test uses bignum negative zero.
- *
- * \note This function is called if the current test case had an
- * input parsed with mbedtls_test_read_mpi() that is a negative
- * 0 (`"-"`, `"-0"`, `"-00"`, etc., constructing a result with
- * the sign bit set to -1 and the value being all-limbs-0,
- * which is not a valid representation in #mbedtls_mpi but is
- * tested for robustness). *
- */
-void mbedtls_test_increment_case_uses_negative_0(void);
-#endif
-
-int mbedtls_test_platform_setup(void);
-void mbedtls_test_platform_teardown(void);
-
-/**
- * \brief Record the current test case as a failure.
- *
- * This function can be called directly however it is usually
- * called via macros such as TEST_ASSERT, TEST_EQUAL,
- * PSA_ASSERT, etc...
- *
- * \note If the test case was already marked as failed, calling
- * `mbedtls_test_fail( )` again will not overwrite any
- * previous information about the failure.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- */
-void mbedtls_test_fail(const char *test, int line_no, const char *filename);
-
-/**
- * \brief Record the current test case as skipped.
- *
- * This function can be called directly however it is usually
- * called via the TEST_ASSUME macro.
- *
- * \param test Description of the assumption that caused the test case to
- * be skipped. This MUST be a string literal.
- * \param line_no Line number where the test case was skipped.
- * \param filename Filename where the test case was skipped.
- */
-void mbedtls_test_skip(const char *test, int line_no, const char *filename);
-
-/**
- * \brief Set the test step number for failure reports.
- *
- * Call this function to display "step NNN" in addition to the
- * line number and file name if a test fails. Typically the
- * "step number" is the index of a for loop but it can be
- * whatever you want.
- *
- * \note It is not recommended for multiple threads to call this
- * function concurrently - whilst it is entirely thread safe,
- * the order of calls to this function can obviously not be
- * ensured, so unexpected results may occur.
- *
- * \param step The step number to report.
- */
-void mbedtls_test_set_step(unsigned long step);
-
-/**
- * \brief Reset mbedtls_test_info to a ready/starting state.
- */
-void mbedtls_test_info_reset(void);
-
-#ifdef MBEDTLS_TEST_MUTEX_USAGE
-/**
- * \brief Get the test info data mutex.
- *
- * \note This is designed only to be used by threading_helpers to
- * avoid a deadlock, not for general access to this mutex.
- *
- * \return The test info data mutex.
- */
-mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void);
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-/**
- * \brief Record the current test case as a failure if two integers
- * have a different value.
- *
- * This function is usually called via the macro
- * #TEST_EQUAL.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 == EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if the values are equal, otherwise \c 0.
- */
-int mbedtls_test_equal(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2);
-
-/**
- * \brief Record the current test case as a failure based
- * on comparing two unsigned integers.
- *
- * This function is usually called via the macro
- * #TEST_LE_U.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
- */
-int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2);
-
-/**
- * \brief Record the current test case as a failure based
- * on comparing two signed integers.
- *
- * This function is usually called via the macro
- * #TEST_LE_S.
- *
- * \param test Description of the failure or assertion that failed. This
- * MUST be a string literal. This normally has the form
- * "EXPR1 <= EXPR2" where EXPR1 has the value \p value1
- * and EXPR2 has the value \p value2.
- * \param line_no Line number where the failure originated.
- * \param filename Filename where the failure originated.
- * \param value1 The first value to compare.
- * \param value2 The second value to compare.
- *
- * \return \c 1 if \p value1 <= \p value2, otherwise \c 0.
- */
-int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
- long long value1, long long value2);
-
-/**
- * \brief This function decodes the hexadecimal representation of
- * data.
- *
- * \note The output buffer can be the same as the input buffer. For
- * any other overlapping of the input and output buffers, the
- * behavior is undefined.
- *
- * \param obuf Output buffer.
- * \param obufmax Size in number of bytes of \p obuf.
- * \param ibuf Input buffer.
- * \param len The number of unsigned char written in \p obuf. This must
- * not be \c NULL.
- *
- * \return \c 0 on success.
- * \return \c -1 if the output buffer is too small or the input string
- * is not a valid hexadecimal representation.
- */
-int mbedtls_test_unhexify(unsigned char *obuf, size_t obufmax,
- const char *ibuf, size_t *len);
-
-void mbedtls_test_hexify(unsigned char *obuf,
- const unsigned char *ibuf,
- int len);
-
-/**
- * \brief Convert hexadecimal digit to an integer.
- *
- * \param c The digit to convert (`'0'` to `'9'`, `'A'` to `'F'` or
- * `'a'` to `'f'`).
- * \param[out] uc On success, the value of the digit (0 to 15).
- *
- * \return 0 on success, -1 if \p c is not a hexadecimal digit.
- */
-int mbedtls_test_ascii2uc(const char c, unsigned char *uc);
-
-/**
- * Allocate and zeroize a buffer.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-unsigned char *mbedtls_test_zero_alloc(size_t len);
-
-/**
- * Allocate and fill a buffer from hex data.
- *
- * The buffer is sized exactly as needed. This allows to detect buffer
- * overruns (including overreads) when running the test suite under valgrind.
- *
- * If the size if zero, a pointer to a zeroized 1-byte buffer is returned.
- *
- * For convenience, dies if allocation fails.
- */
-unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen);
-
-int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
- uint32_t a_len, uint32_t b_len);
-
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#include "test/fake_external_rng_for_test.h"
-#endif
-
-#if defined(MBEDTLS_TEST_HOOKS)
-/**
- * \brief Check that only a pure high-level error code is being combined with
- * a pure low-level error code as otherwise the resultant error code
- * would be corrupted.
- *
- * \note Both high-level and low-level error codes cannot be greater than
- * zero however can be zero. If one error code is zero then the
- * other error code is returned even if both codes are zero.
- *
- * \note If the check fails, fail the test currently being run.
- */
-void mbedtls_test_err_add_check(int high, int low,
- const char *file, int line);
-#endif
-
-#endif /* TEST_HELPERS_H */
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
deleted file mode 100644
index a73e06f..0000000
--- a/tests/include/test/macros.h
+++ /dev/null
@@ -1,250 +0,0 @@
-/**
- * \file macros.h
- *
- * \brief This file contains generic macros for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_MACROS_H
-#define TEST_MACROS_H
-
-#include "mbedtls/build_info.h"
-
-#include <stdlib.h>
-
-#include "mbedtls/platform.h"
-
-#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
-#include "mbedtls/memory_buffer_alloc.h"
-#endif
-#include "common.h"
-
-/**
- * \brief This macro tests the expression passed to it as a test step or
- * individual test in a test case.
- *
- * It allows a library function to return a value and return an error
- * code that can be tested.
- *
- * Failing the test means:
- * - Mark this test case as failed.
- * - Print a message identifying the failure.
- * - Jump to the \c exit label.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_ASSERT(TEST) \
- do { \
- if (!(TEST)) \
- { \
- mbedtls_test_fail( #TEST, __LINE__, __FILE__); \
- goto exit; \
- } \
- } while (0)
-
-/** This macro asserts fails the test with given output message.
- *
- * \param MESSAGE The message to be outputed on assertion
- */
-#define TEST_FAIL(MESSAGE) \
- do { \
- mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
- goto exit; \
- } while (0)
-
-/** Evaluate two integer expressions and fail the test case if they have
- * different values.
- *
- * The two expressions should have the same signedness, otherwise the
- * comparison is not meaningful if the signed value is negative.
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_EQUAL(expr1, expr2) \
- do { \
- if (!mbedtls_test_equal( #expr1 " == " #expr2, __LINE__, __FILE__, \
- (unsigned long long) (expr1), (unsigned long long) (expr2))) \
- goto exit; \
- } while (0)
-
-/** Evaluate two unsigned integer expressions and fail the test case
- * if they are not in increasing order (left <= right).
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_LE_U(expr1, expr2) \
- do { \
- if (!mbedtls_test_le_u( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2)) \
- goto exit; \
- } while (0)
-
-/** Evaluate two signed integer expressions and fail the test case
- * if they are not in increasing order (left <= right).
- *
- * \param expr1 An integral-typed expression to evaluate.
- * \param expr2 Another integral-typed expression to evaluate.
- */
-#define TEST_LE_S(expr1, expr2) \
- do { \
- if (!mbedtls_test_le_s( #expr1 " <= " #expr2, __LINE__, __FILE__, \
- expr1, expr2)) \
- goto exit; \
- } while (0)
-
-/** Allocate memory dynamically and fail the test case if this fails.
- * The allocated memory will be filled with zeros.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free(pointer)` in the test's cleanup code.
- *
- * If \p item_count is zero, the resulting \p pointer will be \c NULL.
- * This is usually what we want in tests since API functions are
- * supposed to accept null pointers when a buffer size is zero.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param item_count Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- */
-#define TEST_CALLOC(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- TEST_ASSERT((pointer) != NULL); \
- } \
- } while (0)
-
-/** Allocate memory dynamically and fail the test case if this fails.
- * The allocated memory will be filled with zeros.
- *
- * You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free(pointer)` in the test's cleanup code.
- *
- * If \p item_count is zero, the resulting \p pointer will not be \c NULL.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param item_count Number of elements to allocate.
- * This expression may be evaluated multiple times.
- *
- * Note: if passing size 0, mbedtls_calloc may return NULL. In this case,
- * we reattempt to allocate with the smallest possible buffer to assure a
- * non-NULL pointer.
- */
-#define TEST_CALLOC_NONNULL(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- if (((pointer) == NULL) && ((item_count) == 0)) { \
- (pointer) = mbedtls_calloc(1, 1); \
- } \
- TEST_ASSERT((pointer) != NULL); \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
-
-/** Allocate memory dynamically. If the allocation fails, skip the test case.
- *
- * This macro behaves like #TEST_CALLOC, except that if the allocation
- * fails, it marks the test as skipped rather than failed.
- */
-#define TEST_CALLOC_OR_SKIP(pointer, item_count) \
- do { \
- TEST_ASSERT((pointer) == NULL); \
- if ((item_count) != 0) { \
- (pointer) = mbedtls_calloc((item_count), \
- sizeof(*(pointer))); \
- TEST_ASSUME((pointer) != NULL); \
- } \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count)
-
-/** Compare two buffers and fail the test case if they differ.
- *
- * This macro expands to an instruction, not an expression.
- * It may jump to the \c exit label.
- *
- * \param p1 Pointer to the start of the first buffer.
- * \param size1 Size of the first buffer in bytes.
- * This expression may be evaluated multiple times.
- * \param p2 Pointer to the start of the second buffer.
- * \param size2 Size of the second buffer in bytes.
- * This expression may be evaluated multiple times.
- */
-#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \
- do { \
- TEST_EQUAL((size1), (size2)); \
- if ((size1) != 0) { \
- TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
- } \
- } while (0)
-
-/* For backwards compatibility */
-#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2)
-
-/**
- * \brief This macro tests the expression passed to it and skips the
- * running test if it doesn't evaluate to 'true'.
- *
- * \param TEST The test expression to be tested.
- */
-#define TEST_ASSUME(TEST) \
- do { \
- if (!(TEST)) \
- { \
- mbedtls_test_skip( #TEST, __LINE__, __FILE__); \
- goto exit; \
- } \
- } while (0)
-
-#define TEST_HELPER_ASSERT(a) if (!(a)) \
- { \
- mbedtls_fprintf(stderr, "Assertion Failed at %s:%d - %s\n", \
- __FILE__, __LINE__, #a); \
- mbedtls_exit(1); \
- }
-
-/** Return the smaller of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The smaller of \p x and \p y.
- */
-#define MIN(x, y) ((x) < (y) ? (x) : (y))
-
-/** Return the larger of two values.
- *
- * \param x An integer-valued expression without side effects.
- * \param y An integer-valued expression without side effects.
- *
- * \return The larger of \p x and \p y.
- */
-#define MAX(x, y) ((x) > (y) ? (x) : (y))
-
-#endif /* TEST_MACROS_H */
diff --git a/tests/include/test/memory.h b/tests/include/test/memory.h
deleted file mode 100644
index 940d9e6..0000000
--- a/tests/include/test/memory.h
+++ /dev/null
@@ -1,108 +0,0 @@
-/**
- * \file memory.h
- *
- * \brief Helper macros and functions related to testing memory management.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_MEMORY_H
-#define TEST_MEMORY_H
-
-#include "mbedtls/build_info.h"
-#include "mbedtls/platform.h"
-#include "test/helpers.h"
-
-/** \def MBEDTLS_TEST_MEMORY_CAN_POISON
- *
- * This macro is defined if the tests are compiled with a method to mark
- * memory as poisoned, which can be used to enforce some memory access
- * policies.
- *
- * Support for the C11 thread_local keyword is also required.
- *
- * Currently, only Asan (Address Sanitizer) is supported.
- */
-#if defined(MBEDTLS_TEST_HAVE_ASAN) && \
- (__STDC_VERSION__ >= 201112L) && \
- !defined(PSA_CRYPTO_DRIVER_TEST)
-# define MBEDTLS_TEST_MEMORY_CAN_POISON
-#endif
-
-/** \def MBEDTLS_TEST_MEMORY_POISON(buf, size)
- *
- * Poison a memory area so that any attempt to read or write from it will
- * cause a runtime failure.
- *
- * Depending on the implementation, this may poison a few bytes beyond the
- * indicated region, but will never poison a separate object on the heap
- * or a separate object with more than the alignment of a long long.
- *
- * The behavior is undefined if any part of the memory area is invalid.
- *
- * This is a no-op in builds without a poisoning method.
- * See #MBEDTLS_TEST_MEMORY_CAN_POISON.
- *
- * \param buf Pointer to the beginning of the memory area to poison.
- * \param size Size of the memory area in bytes.
- */
-
-/** \def MBEDTLS_TEST_MEMORY_UNPOISON(buf, size)
- *
- * Undo the effect of #MBEDTLS_TEST_MEMORY_POISON.
- *
- * The behavior is undefined if any part of the memory area is invalid,
- * or if the memory area contains a mixture of poisoned and unpoisoned parts.
- *
- * This is a no-op in builds without a poisoning method.
- * See #MBEDTLS_TEST_MEMORY_CAN_POISON.
- *
- * \param buf Pointer to the beginning of the memory area to unpoison.
- * \param size Size of the memory area in bytes.
- */
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-/** Thread-local variable used to enable memory poisoning. This is set and
- * unset in the test wrappers so that calls to PSA functions from the library
- * do not poison memory.
- */
-extern _Thread_local unsigned int mbedtls_test_memory_poisoning_count;
-
-/** Poison a memory area so that any attempt to read or write from it will
- * cause a runtime failure.
- *
- * The behavior is undefined if any part of the memory area is invalid.
- */
-void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size);
-#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) \
- do { \
- mbedtls_test_memory_poisoning_count++; \
- mbedtls_test_memory_poison(ptr, size); \
- } while (0)
-
-/** Undo the effect of mbedtls_test_memory_poison().
- *
- * This is a no-op if the given area is entirely valid, unpoisoned memory.
- *
- * The behavior is undefined if any part of the memory area is invalid,
- * or if the memory area contains a mixture of poisoned and unpoisoned parts.
- */
-void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size);
-#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) \
- do { \
- mbedtls_test_memory_unpoison(ptr, size); \
- if (mbedtls_test_memory_poisoning_count != 0) { \
- mbedtls_test_memory_poisoning_count--; \
- } \
- } while (0)
-
-#else /* MBEDTLS_TEST_MEMORY_CAN_POISON */
-#define MBEDTLS_TEST_MEMORY_POISON(ptr, size) ((void) (ptr), (void) (size))
-#define MBEDTLS_TEST_MEMORY_UNPOISON(ptr, size) ((void) (ptr), (void) (size))
-#endif /* MBEDTLS_TEST_MEMORY_CAN_POISON */
-
-#endif /* TEST_MEMORY_H */
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
deleted file mode 100644
index 9c83af6..0000000
--- a/tests/include/test/psa_crypto_helpers.h
+++ /dev/null
@@ -1,533 +0,0 @@
-/*
- * Helper functions for tests that use the PSA Crypto API.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_CRYPTO_HELPERS_H
-#define PSA_CRYPTO_HELPERS_H
-
-#include "test/helpers.h"
-
-#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
- (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
-#include "test/psa_helpers.h"
-#include <psa/crypto.h>
-#endif
-
-#include <mbedtls/ctr_drbg.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-/** Initialize the PSA Crypto subsystem. */
-#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
-
-/** Shut down the PSA Crypto subsystem and destroy persistent keys.
- * Expect a clean shutdown, with no slots in use.
- *
- * If some key slots are still in use, record the test case as failed,
- * but continue executing. This macro is suitable (and primarily intended)
- * for use in the cleanup section of test functions.
- *
- * \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
- * creating them.
- */
-#define PSA_DONE() \
- do \
- { \
- mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
- mbedtls_test_psa_purge_key_storage(); \
- mbedtls_psa_crypto_free(); \
- } \
- while (0)
-#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
-#define PSA_DONE() mbedtls_psa_crypto_free();
-#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
-#define PSA_INIT() ((void) 0)
-#define PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_PSA_CRYPTO_C */
-
-#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
- (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-
-/* Internal function for #TEST_USES_KEY_ID. Return 1 on success, 0 on failure. */
-int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id);
-
-/** Destroy persistent keys recorded with #TEST_USES_KEY_ID.
- */
-void mbedtls_test_psa_purge_key_storage(void);
-
-/** Purge the in-memory cache of persistent keys recorded with
- * #TEST_USES_KEY_ID.
- *
- * Call this function before calling PSA_DONE() if it's ok for
- * persistent keys to still exist at this point.
- */
-void mbedtls_test_psa_purge_key_cache(void);
-
-/** \def TEST_USES_KEY_ID
- *
- * Call this macro in a test function before potentially creating a
- * persistent key. Test functions that use this mechanism must call
- * mbedtls_test_psa_purge_key_storage() in their cleanup code.
- *
- * This macro records a persistent key identifier as potentially used in the
- * current test case. Recorded key identifiers will be cleaned up at the end
- * of the test case, even on failure.
- *
- * This macro has no effect on volatile keys. Therefore, it is safe to call
- * this macro in a test function that creates either volatile or persistent
- * keys depending on the test data.
- *
- * This macro currently has no effect on special identifiers
- * used to store implementation-specific files.
- *
- * Calling this macro multiple times on the same key identifier in the same
- * test case has no effect.
- *
- * This macro can fail the test case if there isn't enough memory to
- * record the key id.
- *
- * \param key_id The PSA key identifier to record.
- */
-#define TEST_USES_KEY_ID(key_id) \
- TEST_ASSERT(mbedtls_test_uses_key_id(key_id))
-
-#else /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-#define TEST_USES_KEY_ID(key_id) ((void) (key_id))
-#define mbedtls_test_psa_purge_key_storage() ((void) 0)
-#define mbedtls_test_psa_purge_key_cache() ((void) 0)
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-/** Check for things that have not been cleaned up properly in the
- * PSA subsystem.
- *
- * \return NULL if nothing has leaked.
- * \return A string literal explaining what has not been cleaned up
- * if applicable.
- */
-const char *mbedtls_test_helper_is_psa_leaking(void);
-
-/** Check that no PSA Crypto key slots are in use.
- *
- * If any slots are in use, mark the current test as failed and jump to
- * the exit label. This is equivalent to
- * `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
- * but with a more informative message.
- */
-#define ASSERT_PSA_PRISTINE() \
- do \
- { \
- if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \
- goto exit; \
- } \
- while (0)
-
-/** Shut down the PSA Crypto subsystem, allowing persistent keys to survive.
- * Expect a clean shutdown, with no slots in use.
- *
- * If some key slots are still in use, record the test case as failed and
- * jump to the `exit` label.
- */
-#define PSA_SESSION_DONE() \
- do \
- { \
- mbedtls_test_psa_purge_key_cache(); \
- ASSERT_PSA_PRISTINE(); \
- mbedtls_psa_crypto_free(); \
- } \
- while (0)
-
-
-
-#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
-psa_status_t mbedtls_test_record_status(psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr);
-
-/** Return value logging wrapper macro.
- *
- * Evaluate \p expr. Write a line recording its value to the log file
- * #STATUS_LOG_FILE_NAME and return the value. The line is a colon-separated
- * list of fields:
- * ```
- * value of expr:string:__FILE__:__LINE__:expr
- * ```
- *
- * The test code does not call this macro explicitly because that would
- * be very invasive. Instead, we instrument the source code by defining
- * a bunch of wrapper macros like
- * ```
- * #define psa_crypto_init() RECORD_STATUS("psa_crypto_init", psa_crypto_init())
- * ```
- * These macro definitions must be present in `instrument_record_status.h`
- * when building the test suites.
- *
- * \param string A string, normally a function name.
- * \param expr An expression to evaluate, normally a call of the function
- * whose name is in \p string. This expression must return
- * a value of type #psa_status_t.
- * \return The value of \p expr.
- */
-#define RECORD_STATUS(string, expr) \
- mbedtls_test_record_status((expr), string, __FILE__, __LINE__, #expr)
-
-#include "instrument_record_status.h"
-
-#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
-
-/** Return extended key usage policies.
- *
- * Do a key policy permission extension on key usage policies always involves
- * permissions of other usage policies
- * (like PSA_KEY_USAGE_SIGN_HASH involves PSA_KEY_USAGE_SIGN_MESSAGE).
- */
-psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags);
-
-/** Check that no PSA Crypto key slots are in use.
- *
- * If any slots are in use, mark the current test as failed.
- *
- * \return 0 if the key store is empty, 1 otherwise.
- */
-int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
-
-
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
- * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
- * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
- * is to read and write from the entropy seed file, which is located
- * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
- * (These could have been provided as library functions, but for historical
- * reasons, they weren't, and so each integrator has to provide a copy
- * of these functions.)
- *
- * Provide implementations of these functions for testing. */
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
-
-
-/** Make sure that the injected entropy is present.
- *
- * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
- * will fail if the PSA entropy seed is not present.
- * This function must be called at least once in a test suite or other
- * program before any call to psa_crypto_init().
- * It does not need to be called in each test case.
- *
- * The test framework calls this function before running any test case.
- *
- * The few tests that might remove the entropy file must call this function
- * in their cleanup.
- */
-int mbedtls_test_inject_entropy_restore(void);
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-/** Parse binary string and convert it to a long integer
- */
-uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
-
-/** Skip a test case if the given key is a 192 bits AES key and the AES
- * implementation is at least partially provided by an accelerator or
- * alternative implementation.
- *
- * Call this macro in a test case when a cryptographic operation that may
- * involve an AES operation returns a #PSA_ERROR_NOT_SUPPORTED error code.
- * The macro call will skip and not fail the test case in case the operation
- * involves a 192 bits AES key and the AES implementation is at least
- * partially provided by an accelerator or alternative implementation.
- *
- * Hardware AES implementations not supporting 192 bits keys commonly exist.
- * Consequently, PSA test cases aim at not failing when an AES operation with
- * a 192 bits key performed by an alternative AES implementation returns
- * with the #PSA_ERROR_NOT_SUPPORTED error code. The purpose of this macro
- * is to facilitate this and make the test case code more readable.
- *
- * \param key_type Key type
- * \param key_bits Key length in number of bits.
- */
-#if defined(MBEDTLS_AES_ALT) || \
- defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES)
-#define MBEDTLS_TEST_HAVE_ACCEL_AES 1
-#else
-#define MBEDTLS_TEST_HAVE_ACCEL_AES 0
-#endif
-
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \
- do \
- { \
- if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \
- ((key_type) == PSA_KEY_TYPE_AES) && \
- (key_bits == 192)) \
- { \
- mbedtls_test_skip("AES-192 not supported", __LINE__, __FILE__); \
- goto exit; \
- } \
- } \
- while (0)
-
-/** Skip a test case if a GCM operation with a nonce length different from
- * 12 bytes fails and was performed by an accelerator or alternative
- * implementation.
- *
- * Call this macro in a test case when an AEAD cryptography operation that
- * may involve the GCM mode returns with a #PSA_ERROR_NOT_SUPPORTED error
- * code. The macro call will skip and not fail the test case in case the
- * operation involves the GCM mode, a nonce with a length different from
- * 12 bytes and the GCM mode implementation is an alternative one.
- *
- * Hardware GCM implementations not supporting nonce lengths different from
- * 12 bytes commonly exist, as supporting a non-12-byte nonce requires
- * additional computations involving the GHASH function.
- * Consequently, PSA test cases aim at not failing when an AEAD operation in
- * GCM mode with a nonce length different from 12 bytes is performed by an
- * alternative GCM implementation and returns with a #PSA_ERROR_NOT_SUPPORTED
- * error code. The purpose of this macro is to facilitate this check and make
- * the test case code more readable.
- *
- * \param alg The AEAD algorithm.
- * \param nonce_length The nonce length in number of bytes.
- */
-
-#if defined(MBEDTLS_GCM_ALT) || \
- defined(MBEDTLS_PSA_ACCEL_ALG_GCM)
-#define MBEDTLS_TEST_HAVE_ACCEL_GCM 1
-#else
-#define MBEDTLS_TEST_HAVE_ACCEL_GCM 0
-#endif
-
-#define MBEDTLS_TEST_PSA_SKIP_IF_ALT_GCM_NOT_12BYTES_NONCE(alg, \
- nonce_length) \
- do \
- { \
- if ((MBEDTLS_TEST_HAVE_ACCEL_GCM) && \
- (PSA_ALG_AEAD_WITH_SHORTENED_TAG((alg), 0) == \
- PSA_ALG_AEAD_WITH_SHORTENED_TAG(PSA_ALG_GCM, 0)) && \
- ((nonce_length) != 12)) \
- { \
- mbedtls_test_skip("GCM with non-12-byte IV is not supported", __LINE__, __FILE__); \
- goto exit; \
- } \
- } \
- while (0)
-
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */
-
-#if MBEDTLS_VERSION_MAJOR >= 4
-/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */
-#define USE_PSA_INIT() PSA_INIT()
-#define USE_PSA_DONE() PSA_DONE()
-#define MD_PSA_INIT() PSA_INIT()
-#define MD_PSA_DONE() PSA_DONE()
-#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
-#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
-#define MD_OR_USE_PSA_INIT() PSA_INIT()
-#define MD_OR_USE_PSA_DONE() PSA_DONE()
-#define AES_PSA_INIT() PSA_INIT()
-#define AES_PSA_DONE() PSA_DONE()
-
-#else /* MBEDTLS_VERSION_MAJOR < 4 */
-
-/** \def USE_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if #MBEDTLS_USE_PSA_CRYPTO
- * or #MBEDTLS_SSL_PROTO_TLS1_3 (In contrast to TLS 1.2 implementation, the
- * TLS 1.3 one uses PSA independently of the definition of
- * #MBEDTLS_USE_PSA_CRYPTO) is enabled and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def USE_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #USE_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #USE_PSA_INIT.
- */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-#define USE_PSA_INIT() PSA_INIT()
-#define USE_PSA_DONE() PSA_DONE()
-#elif defined(MBEDTLS_SSL_PROTO_TLS1_3)
-/* TLS 1.3 must work without having called psa_crypto_init(), for backward
- * compatibility with Mbed TLS <= 3.5 when connecting with a peer that
- * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init()
- * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */
-#define USE_PSA_INIT() ((void) 0)
-/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly,
- * otherwise Asan and Valgrind would notice a resource leak. */
-#define USE_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */
-/* Define empty macros so that we can use them in the preamble and teardown
- * of every test function that uses PSA conditionally based on
- * MBEDTLS_USE_PSA_CRYPTO. */
-#define USE_PSA_INIT() ((void) 0)
-#define USE_PSA_DONE() ((void) 0)
-#endif /* !MBEDTLS_USE_PSA_CRYPTO && !MBEDTLS_SSL_PROTO_TLS1_3 */
-
-/** \def MD_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if MD uses a driver,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def MD_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #MD_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #MD_PSA_INIT.
- */
-#if defined(MBEDTLS_MD_SOME_PSA)
-#define MD_PSA_INIT() PSA_INIT()
-#define MD_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_MD_SOME_PSA */
-#define MD_PSA_INIT() ((void) 0)
-#define MD_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_MD_SOME_PSA */
-
-/** \def BLOCK_CIPHER_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if BLOCK_CIPHER uses a driver,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def BLOCK_CIPHER_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #BLOCK_CIPHER_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #BLOCK_CIPHER_PSA_INIT.
- */
-#if defined(MBEDTLS_BLOCK_CIPHER_SOME_PSA)
-#define BLOCK_CIPHER_PSA_INIT() PSA_INIT()
-#define BLOCK_CIPHER_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_MD_SOME_PSA */
-#define BLOCK_CIPHER_PSA_INIT() ((void) 0)
-#define BLOCK_CIPHER_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_MD_SOME_PSA */
-
-
-/** \def MD_OR_USE_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if MD uses a driver,
- * or if #MBEDTLS_USE_PSA_CRYPTO or #MBEDTLS_SSL_PROTO_TLS1_3 is enabled,
- * and do nothing otherwise.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def MD_OR_USE_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #MD_OR_USE_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #MD_OR_USE_PSA_INIT.
- */
-#if defined(MBEDTLS_MD_SOME_PSA)
-#define MD_OR_USE_PSA_INIT() PSA_INIT()
-#define MD_OR_USE_PSA_DONE() PSA_DONE()
-#else
-#define MD_OR_USE_PSA_INIT() USE_PSA_INIT()
-#define MD_OR_USE_PSA_DONE() USE_PSA_DONE()
-#endif
-
-/** \def AES_PSA_INIT
- *
- * Call this macro to initialize the PSA subsystem if AES_C is not defined,
- * so that CTR_DRBG uses PSA implementation to get AES-ECB.
- *
- * If the initialization fails, mark the test case as failed and jump to the
- * \p exit label.
- */
-/** \def AES_PSA_DONE
- *
- * Call this macro at the end of a test case if you called #AES_PSA_INIT.
- *
- * This is like #PSA_DONE except it does nothing under the same conditions as
- * #AES_PSA_INIT.
- */
-#if defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
-#define AES_PSA_INIT() PSA_INIT()
-#define AES_PSA_DONE() PSA_DONE()
-#else /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
-#define AES_PSA_INIT() ((void) 0)
-#define AES_PSA_DONE() ((void) 0)
-#endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */
-
-#endif /* MBEDTLS_VERSION_MAJOR >= 4 */
-
-#if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \
- defined(MBEDTLS_CTR_DRBG_C) && \
- defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO)
-/* When AES_C is not defined and PSA does not have an external RNG,
- * then CTR_DRBG uses PSA to perform AES-ECB. In this scenario 1 key
- * slot is used internally from PSA to hold the AES key and it should
- * not be taken into account when evaluating remaining open slots. */
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 1
-#else
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG 0
-#endif
-
-/** The number of volatile keys that PSA crypto uses internally.
- *
- * We expect that many volatile keys to be in use after a successful
- * psa_crypto_init().
- */
-#define MBEDTLS_TEST_PSA_INTERNAL_KEYS \
- MBEDTLS_TEST_PSA_INTERNAL_KEYS_FOR_DRBG
-
-/* A couple of helper macros to verify if MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE is
- * large enough to contain an RSA key pair of the given size. This is meant to be
- * used in test cases where MBEDTLS_PSA_STATIC_KEY_SLOTS is enabled. */
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
-
-#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(4096))
-#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096
-#endif
-
-#if (MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE >= PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(2048))
-#define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_2048
-#endif
-
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-
-/* Helper macro to get the size of the each key slot buffer. */
-#if defined(MBEDTLS_PSA_STATIC_KEY_SLOTS)
-#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
-#else
-#define MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE SIZE_MAX
-#endif
-
-/* Helper macro for the PK module to check whether MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE
- * is large enough to contain 4096-bit RSA key pairs. Of course this check is only
- * necessary if PK relies on PSA (i.e. MBEDTLS_USE_PSA_CRYPTO) to store and manage
- * the key. */
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
-
-#if !defined(MBEDTLS_PSA_STATIC_KEY_SLOTS) || \
- defined(MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_4096)
-#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
-#endif
-
-#else /* MBEDTLS_USE_PSA_CRYPTO */
-
-#define MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096
-
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
-#endif /* PSA_CRYPTO_HELPERS_H */
diff --git a/tests/include/test/psa_exercise_key.h b/tests/include/test/psa_exercise_key.h
deleted file mode 100644
index f6be307..0000000
--- a/tests/include/test/psa_exercise_key.h
+++ /dev/null
@@ -1,286 +0,0 @@
-/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
- * and can do what it is supposed to do.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_EXERCISE_KEY_H
-#define PSA_EXERCISE_KEY_H
-
-#include "test/helpers.h"
-#include "test/psa_crypto_helpers.h"
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PK_C)
-#include <mbedtls/pk.h>
-#endif
-
-/** \def KNOWN_SUPPORTED_HASH_ALG
- *
- * A hash algorithm that is known to be supported.
- *
- * This is used in some smoke tests.
- */
-#if defined(PSA_WANT_ALG_SHA_256)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_256
-#elif defined(PSA_WANT_ALG_SHA_384)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_384
-#elif defined(PSA_WANT_ALG_SHA_512)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_512
-#elif defined(PSA_WANT_ALG_SHA3_256)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA3_256
-#elif defined(PSA_WANT_ALG_SHA_1)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_SHA_1
-#elif defined(PSA_WANT_ALG_MD5)
-#define KNOWN_SUPPORTED_HASH_ALG PSA_ALG_MD5
-/* PSA_WANT_ALG_RIPEMD160 omitted. This is necessary for the sake of
- * exercise_signature_key() because Mbed TLS doesn't support RIPEMD160
- * in RSA PKCS#1v1.5 signatures. A RIPEMD160-only configuration would be
- * implausible anyway. */
-#else
-#undef KNOWN_SUPPORTED_HASH_ALG
-#endif
-
-/** \def KNOWN_SUPPORTED_BLOCK_CIPHER
- *
- * A block cipher that is known to be supported.
- *
- * For simplicity's sake, stick to block ciphers with 16-byte blocks.
- */
-#if defined(PSA_WANT_KEY_TYPE_AES)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_AES
-#elif defined(PSA_WANT_KEY_TYPE_ARIA)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_ARIA
-#elif defined(PSA_WANT_KEY_TYPE_CAMELLIA)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER PSA_KEY_TYPE_CAMELLIA
-#else
-#undef KNOWN_SUPPORTED_BLOCK_CIPHER
-#endif
-
-/** \def KNOWN_SUPPORTED_MAC_ALG
- *
- * A MAC mode that is known to be supported.
- *
- * It must either be HMAC with #KNOWN_SUPPORTED_HASH_ALG or
- * a block cipher-based MAC with #KNOWN_SUPPORTED_BLOCK_CIPHER.
- *
- * This is used in some smoke tests.
- */
-#if defined(KNOWN_SUPPORTED_HASH_ALG) && defined(PSA_WANT_ALG_HMAC)
-#define KNOWN_SUPPORTED_MAC_ALG (PSA_ALG_HMAC(KNOWN_SUPPORTED_HASH_ALG))
-#define KNOWN_SUPPORTED_MAC_KEY_TYPE PSA_KEY_TYPE_HMAC
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(MBEDTLS_CMAC_C)
-#define KNOWN_SUPPORTED_MAC_ALG PSA_ALG_CMAC
-#define KNOWN_SUPPORTED_MAC_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
-#else
-#undef KNOWN_SUPPORTED_MAC_ALG
-#undef KNOWN_SUPPORTED_MAC_KEY_TYPE
-#endif
-
-/** \def KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
- *
- * A cipher algorithm and key type that are known to be supported.
- *
- * This is used in some smoke tests.
- */
-#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CTR)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CTR
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CBC_NO_PADDING)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CBC_NO_PADDING
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_CFB)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_CFB
-#elif defined(KNOWN_SUPPORTED_BLOCK_CIPHER) && defined(PSA_WANT_ALG_OFB)
-#define KNOWN_SUPPORTED_BLOCK_CIPHER_ALG PSA_ALG_OFB
-#else
-#undef KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
-#endif
-#if defined(KNOWN_SUPPORTED_BLOCK_CIPHER_ALG)
-#define KNOWN_SUPPORTED_CIPHER_ALG KNOWN_SUPPORTED_BLOCK_CIPHER_ALG
-#define KNOWN_SUPPORTED_CIPHER_KEY_TYPE KNOWN_SUPPORTED_BLOCK_CIPHER
-#else
-#undef KNOWN_SUPPORTED_CIPHER_ALG
-#undef KNOWN_SUPPORTED_CIPHER_KEY_TYPE
-#endif
-
-/** Convenience function to set up a key derivation.
- *
- * In case of failure, mark the current test case as failed.
- *
- * The inputs \p input1 and \p input2 are, in order:
- * - HKDF: salt, info.
- * - TKS 1.2 PRF, TLS 1.2 PSK-to-MS: seed, label.
- * - PBKDF2: input cost, salt.
- *
- * \param operation The operation object to use.
- * It must be in the initialized state.
- * \param key The key to use.
- * \param alg The algorithm to use.
- * \param input1 The first input to pass.
- * \param input1_length The length of \p input1 in bytes.
- * \param input2 The first input to pass.
- * \param input2_length The length of \p input2 in bytes.
- * \param capacity The capacity to set.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char *input1, size_t input1_length,
- const unsigned char *input2, size_t input2_length,
- size_t capacity, int key_destroyable);
-
-/** Perform a key agreement using the given key pair against its public key
- * using psa_raw_key_agreement().
- *
- * The result is discarded. The purpose of this function is to smoke-test a key.
- *
- * In case of failure, mark the current test case as failed.
- *
- * \param alg A key agreement algorithm compatible with \p key.
- * \param key A key that allows key agreement with \p alg.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
- psa_algorithm_t alg,
- mbedtls_svc_key_id_t key, int key_destroyable);
-
-/** Perform a key agreement using the given key pair against its public key
- * using psa_key_derivation_raw_key().
- *
- * The result is discarded. The purpose of this function is to smoke-test a key.
- *
- * In case of failure, mark the current test case as failed.
- *
- * \param operation An operation that has been set up for a key
- * agreement algorithm that is compatible with
- * \p key.
- * \param key A key pair object that is suitable for a key
- * agreement with \p operation.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \return \c 1 on success, \c 0 on failure.
- */
-psa_status_t mbedtls_test_psa_key_agreement_with_self(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key, int key_destroyable);
-
-/** Perform sanity checks on the given key representation.
- *
- * If any of the checks fail, mark the current test case as failed.
- *
- * The checks depend on the key type.
- * - All types: check the export size against maximum-size macros.
- * - DES: parity bits.
- * - RSA: check the ASN.1 structure and the size and parity of the integers.
- * - ECC private or public key: exact representation length.
- * - Montgomery public key: first byte.
- *
- * \param type The key type.
- * \param bits The key size in bits.
- * \param exported A buffer containing the key representation.
- * \param exported_length The length of \p exported in bytes.
- *
- * \return \c 1 if all checks passed, \c 0 on failure.
- */
-int mbedtls_test_psa_exported_key_sanity_check(
- psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length);
-
-/** Do smoke tests on a key.
- *
- * Perform one of each operation indicated by \p alg (decrypt/encrypt,
- * sign/verify, or derivation) that is permitted according to \p usage.
- * \p usage and \p alg should correspond to the expected policy on the
- * key.
- *
- * Export the key if permitted by \p usage, and check that the output
- * looks sensible. If \p usage forbids export, check that
- * \p psa_export_key correctly rejects the attempt. If the key is
- * asymmetric, also check \p psa_export_public_key.
- *
- * If the key fails the tests, this function calls the test framework's
- * `mbedtls_test_fail` function and returns false. Otherwise this function
- * returns true. Therefore it should be used as follows:
- * ```
- * if( ! exercise_key( ... ) ) goto exit;
- * ```
- * To use this function for multi-threaded tests where the key
- * may be destroyed at any point: call this function with key_destroyable set
- * to 1, while another thread calls psa_destroy_key on the same key;
- * this will test whether destroying the key in use leads to any corruption.
- *
- * There cannot be a set of concurrent calls:
- * `mbedtls_test_psa_exercise_key(ki,...)` such that each ki is a unique
- * persistent key not loaded into any key slot, and i is greater than the
- * number of free key slots.
- * This is because such scenarios can lead to unsupported
- * `PSA_ERROR_INSUFFICIENT_MEMORY` return codes.
- *
- *
- * \param key The key to exercise. It should be capable of performing
- * \p alg.
- * \param usage The usage flags to assume.
- * \param alg The algorithm to exercise.
- * \param key_destroyable If set to 1, a failure due to the key not existing
- * or the key being destroyed mid-operation will only
- * be reported if the error code is unexpected.
- *
- * \retval 0 The key failed the smoke tests.
- * \retval 1 The key passed the smoke tests.
- */
-int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable);
-
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
- psa_algorithm_t alg);
-
-/** Whether the specified algorithm can be exercised.
- *
- * \note This function is solely based on the algorithm and does not
- * consider potential issues with the compatibility of a key.
- * The idea is that you already have a key, so you know that the
- * key type is supported, and you want to exercise the key but
- * only if the algorithm given in its policy is enabled in the
- * compile-time configuration.
- *
- * \note This function currently only supports signature algorithms
- * (including wildcards).
- * TODO: a more general mechanism, which should be automatically
- * generated and possibly available as a library function?
- */
-int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg);
-
-#if defined(MBEDTLS_PK_C)
-/** PK-PSA key consistency test.
- *
- * This function tests that the pk context and the PSA key are
- * consistent. At a minimum:
- *
- * - The two objects must contain keys of the same type,
- * or a key pair and a public key of the matching type.
- * - The two objects must have the same public key.
- *
- * \retval 0 The key failed the consistency tests.
- * \retval 1 The key passed the consistency tests.
- */
-int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key,
- const mbedtls_pk_context *pk);
-#endif /* MBEDTLS_PK_C */
-
-#endif /* PSA_EXERCISE_KEY_H */
diff --git a/tests/include/test/psa_helpers.h b/tests/include/test/psa_helpers.h
deleted file mode 100644
index b617189..0000000
--- a/tests/include/test/psa_helpers.h
+++ /dev/null
@@ -1,24 +0,0 @@
-/*
- * Helper functions for tests that use any PSA API.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_HELPERS_H
-#define PSA_HELPERS_H
-
-#if defined(MBEDTLS_PSA_CRYPTO_SPM)
-#include "spm/psa_defs.h"
-#endif
-
-/** Evaluate an expression and fail the test case if it returns an error.
- *
- * \param expr The expression to evaluate. This is typically a call
- * to a \c psa_xxx function that returns a value of type
- * #psa_status_t.
- */
-#define PSA_ASSERT(expr) TEST_EQUAL((expr), PSA_SUCCESS)
-
-#endif /* PSA_HELPERS_H */
diff --git a/tests/include/test/psa_memory_poisoning_wrappers.h b/tests/include/test/psa_memory_poisoning_wrappers.h
deleted file mode 100644
index 3f30b65..0000000
--- a/tests/include/test/psa_memory_poisoning_wrappers.h
+++ /dev/null
@@ -1,40 +0,0 @@
-/** Support for memory poisoning wrappers for PSA functions.
- *
- * The wrappers poison the input and output buffers of each function
- * before calling it, to ensure that it does not access the buffers
- * except by calling the approved buffer-copying functions.
- *
- * This header declares support functions. The wrappers themselves are
- * decalred in the automatically generated file `test/psa_test_wrappers.h`.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef PSA_MEMORY_POISONING_WRAPPERS_H
-#define PSA_MEMORY_POISONING_WRAPPERS_H
-
-#include "psa/crypto.h"
-
-#include "test/memory.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-/**
- * \brief Setup the memory poisoning test hooks used by
- * psa_crypto_copy_input() and psa_crypto_copy_output() for
- * memory poisoning.
- */
-void mbedtls_poison_test_hooks_setup(void);
-
-/**
- * \brief Teardown the memory poisoning test hooks used by
- * psa_crypto_copy_input() and psa_crypto_copy_output() for
- * memory poisoning.
- */
-void mbedtls_poison_test_hooks_teardown(void);
-
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_TEST_MEMORY_CAN_POISON */
-
-#endif /* PSA_MEMORY_POISONING_WRAPPERS_H */
diff --git a/tests/include/test/psa_test_wrappers.h b/tests/include/test/psa_test_wrappers.h
index f1f92aa..880f34c 100644
--- a/tests/include/test/psa_test_wrappers.h
+++ b/tests/include/test/psa_test_wrappers.h
@@ -389,7 +389,7 @@
psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete(
psa_generate_key_iop_t *arg0_operation,
- psa_key_id_t *arg1_key);
+ mbedtls_svc_key_id_t *arg1_key);
#define psa_generate_key_iop_complete(arg0_operation, arg1_key) \
mbedtls_test_wrap_psa_generate_key_iop_complete(arg0_operation, arg1_key)
diff --git a/tests/include/test/random.h b/tests/include/test/random.h
deleted file mode 100644
index 6304e05..0000000
--- a/tests/include/test/random.h
+++ /dev/null
@@ -1,91 +0,0 @@
-/**
- * \file random.h
- *
- * \brief This file contains the prototypes of helper functions to generate
- * random numbers for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef TEST_RANDOM_H
-#define TEST_RANDOM_H
-
-#include "mbedtls/build_info.h"
-
-#include <stddef.h>
-#include <stdint.h>
-
-typedef struct {
- unsigned char *buf; /* Pointer to a buffer of length bytes. */
- size_t length;
- /* If fallback_f_rng is NULL, fail after delivering length bytes. */
- int (*fallback_f_rng)(void *, unsigned char *, size_t);
- void *fallback_p_rng;
-} mbedtls_test_rnd_buf_info;
-
-/**
- * Info structure for the pseudo random function
- *
- * Key should be set at the start to a test-unique value.
- * Do not forget endianness!
- * State( v0, v1 ) should be set to zero.
- */
-typedef struct {
- uint32_t key[16];
- uint32_t v0, v1;
-} mbedtls_test_rnd_pseudo_info;
-
-/**
- * This function just returns data from rand().
- * Although predictable and often similar on multiple
- * runs, this does not result in identical random on
- * each run. So do not use this if the results of a
- * test depend on the random data that is generated.
- *
- * rng_state shall be NULL.
- */
-int mbedtls_test_rnd_std_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function only returns zeros.
- *
- * \p rng_state shall be \c NULL.
- */
-int mbedtls_test_rnd_zero_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function returns random data based on a buffer it receives.
- *
- * \p rng_state shall be a pointer to a #mbedtls_test_rnd_buf_info structure.
- *
- * The number of bytes released from the buffer on each call to
- * the random function is specified by \p len.
- *
- * After the buffer is empty, this function will call the fallback RNG in the
- * #mbedtls_test_rnd_buf_info structure if there is one, and
- * will return #MBEDTLS_ERR_ENTROPY_SOURCE_FAILED otherwise.
- */
-int mbedtls_test_rnd_buffer_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-/**
- * This function returns random based on a pseudo random function.
- * This means the results should be identical on all systems.
- * Pseudo random is based on the XTEA encryption algorithm to
- * generate pseudorandom.
- *
- * \p rng_state shall be a pointer to a #mbedtls_test_rnd_pseudo_info structure.
- */
-int mbedtls_test_rnd_pseudo_rand(void *rng_state,
- unsigned char *output,
- size_t len);
-
-#endif /* TEST_RANDOM_H */
diff --git a/tests/include/test/threading_helpers.h b/tests/include/test/threading_helpers.h
deleted file mode 100644
index 79bc6c0..0000000
--- a/tests/include/test/threading_helpers.h
+++ /dev/null
@@ -1,112 +0,0 @@
-/**
- * \file threading_helpers.h
- *
- * \brief This file contains the prototypes of helper functions for the purpose
- * of testing threading.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#ifndef THREADING_HELPERS_H
-#define THREADING_HELPERS_H
-
-#if defined MBEDTLS_THREADING_C
-
-#include "mbedtls/private_access.h"
-#include "mbedtls/build_info.h"
-
-/* Most fields of publicly available structs are private and are wrapped with
- * MBEDTLS_PRIVATE macro. This define allows tests to access the private fields
- * directly (without using the MBEDTLS_PRIVATE wrapper). */
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-
-#define MBEDTLS_ERR_THREADING_THREAD_ERROR -0x001F
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-#include <pthread.h>
-#endif /* MBEDTLS_THREADING_PTHREAD */
-
-#if defined(MBEDTLS_THREADING_ALT)
-/* You should define the mbedtls_test_thread_t type in your header */
-#include "threading_alt.h"
-
-/**
- * \brief Set your alternate threading implementation
- * function pointers for test threads. If used, this
- * function must be called once in the main thread
- * before any other MbedTLS function is called.
- *
- * \note These functions are part of the testing API only and
- * thus not considered part of the public API of
- * MbedTLS and thus may change without notice.
- *
- * \param thread_create The thread create function implementation.
- * \param thread_join The thread join function implementation.
-
- */
-void mbedtls_test_thread_set_alt(int (*thread_create)(mbedtls_test_thread_t *thread,
- void *(*thread_func)(
- void *),
- void *thread_data),
- int (*thread_join)(mbedtls_test_thread_t *thread));
-
-#else /* MBEDTLS_THREADING_ALT*/
-
-typedef struct mbedtls_test_thread_t {
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
- pthread_t MBEDTLS_PRIVATE(thread);
-#else /* MBEDTLS_THREADING_PTHREAD */
- /* Make sure this struct is always non-empty */
- unsigned dummy;
-#endif
-
-} mbedtls_test_thread_t;
-
-#endif /* MBEDTLS_THREADING_ALT*/
-
-/**
- * \brief The function pointers for thread create and thread
- * join.
- *
- * \note These functions are part of the testing API only
- * and thus not considered part of the public API of
- * MbedTLS and thus may change without notice.
- *
- * \note All these functions are expected to work or
- * the result will be undefined.
- */
-extern int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread,
- void *(*thread_func)(void *), void *thread_data);
-extern int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread);
-
-#if defined(MBEDTLS_THREADING_PTHREAD) && defined(MBEDTLS_TEST_HOOKS)
-#define MBEDTLS_TEST_MUTEX_USAGE
-#endif
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-/**
- * Activate the mutex usage verification framework. See threading_helpers.c for
- * information.
- */
-void mbedtls_test_mutex_usage_init(void);
-
-/**
- * Deactivate the mutex usage verification framework. See threading_helpers.c
- * for information.
- */
-void mbedtls_test_mutex_usage_end(void);
-
-/**
- * Call this function after executing a test case to check for mutex usage
- * errors.
- */
-void mbedtls_test_mutex_usage_check(void);
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-#endif /* MBEDTLS_THREADING_C */
-
-#endif /* THREADING_HELPERS_H */
diff --git a/tests/psa-client-server/psasim/src/psa_functions_codes.h b/tests/psa-client-server/psasim/src/psa_functions_codes.h
index 1301ff2..4be53c5 100644
--- a/tests/psa-client-server/psasim/src/psa_functions_codes.h
+++ b/tests/psa-client-server/psasim/src/psa_functions_codes.h
@@ -41,6 +41,10 @@
PSA_EXPORT_PUBLIC_KEY,
PSA_GENERATE_KEY,
PSA_GENERATE_KEY_CUSTOM,
+ PSA_GENERATE_KEY_IOP_ABORT,
+ PSA_GENERATE_KEY_IOP_COMPLETE,
+ PSA_GENERATE_KEY_IOP_GET_NUM_OPS,
+ PSA_GENERATE_KEY_IOP_SETUP,
PSA_GENERATE_RANDOM,
PSA_GET_KEY_ATTRIBUTES,
PSA_HASH_ABORT,
@@ -54,6 +58,11 @@
PSA_IMPORT_KEY,
PSA_INTERRUPTIBLE_GET_MAX_OPS,
PSA_INTERRUPTIBLE_SET_MAX_OPS,
+ PSA_KEY_AGREEMENT,
+ PSA_KEY_AGREEMENT_IOP_ABORT,
+ PSA_KEY_AGREEMENT_IOP_COMPLETE,
+ PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS,
+ PSA_KEY_AGREEMENT_IOP_SETUP,
PSA_KEY_DERIVATION_ABORT,
PSA_KEY_DERIVATION_GET_CAPACITY,
PSA_KEY_DERIVATION_INPUT_BYTES,
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
index d4d9d60..f6efd62 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_client.c
@@ -2897,6 +2897,309 @@
}
+psa_status_t psa_generate_key_iop_abort(
+ psa_generate_key_iop_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_generate_key_iop_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY_IOP_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_generate_key_iop_complete(
+ psa_generate_key_iop_t *operation,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_generate_key_iop_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_COMPLETE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY_IOP_COMPLETE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+uint32_t psa_generate_key_iop_get_num_ops(
+ psa_generate_key_iop_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ uint32_t value = 0;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_generate_key_iop_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ value = 0;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_GET_NUM_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY_IOP_GET_NUM_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &rpos, &rremain,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return value;
+}
+
+
+psa_status_t psa_generate_key_iop_setup(
+ psa_generate_key_iop_t *operation,
+ const psa_key_attributes_t *attributes
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_generate_key_iop_t_needs(*operation) +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_GENERATE_KEY_IOP_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_GENERATE_KEY_IOP_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
psa_status_t psa_generate_random(
uint8_t *output, size_t output_size
)
@@ -3902,6 +4205,435 @@
}
+psa_status_t psa_key_agreement(
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key, size_t peer_key_length,
+ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) +
+ psasim_serialise_buffer_needs(peer_key, peer_key_length) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ private_key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ peer_key, peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_AGREEMENT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_AGREEMENT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_agreement_iop_abort(
+ psa_key_agreement_iop_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_agreement_iop_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_ABORT,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_AGREEMENT_IOP_ABORT server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+psa_status_t psa_key_agreement_iop_complete(
+ psa_key_agreement_iop_t *operation,
+ mbedtls_svc_key_id_t *key
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_agreement_iop_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(*key);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ *key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_COMPLETE,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_AGREEMENT_IOP_COMPLETE server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
+uint32_t psa_key_agreement_iop_get_num_ops(
+ psa_key_agreement_iop_t *operation
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ uint32_t value = 0;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_agreement_iop_t_needs(*operation);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ value = 0;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_uint32_t(
+ &rpos, &rremain,
+ &value);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return value;
+}
+
+
+psa_status_t psa_key_agreement_iop_setup(
+ psa_key_agreement_iop_t *operation,
+ mbedtls_svc_key_id_t private_key,
+ const uint8_t *peer_key, size_t peer_key_length,
+ psa_algorithm_t alg,
+ const psa_key_attributes_t *attributes
+ )
+{
+ uint8_t *ser_params = NULL;
+ uint8_t *ser_result = NULL;
+ size_t result_length;
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+
+ size_t needed =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_key_agreement_iop_t_needs(*operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(private_key) +
+ psasim_serialise_buffer_needs(peer_key, peer_key_length) +
+ psasim_serialise_psa_algorithm_t_needs(alg) +
+ psasim_serialise_psa_key_attributes_t_needs(*attributes);
+
+ ser_params = malloc(needed);
+ if (ser_params == NULL) {
+ status = PSA_ERROR_INSUFFICIENT_MEMORY;
+ goto fail;
+ }
+
+ uint8_t *pos = ser_params;
+ size_t remaining = needed;
+ int ok;
+ ok = psasim_serialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ *operation);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ private_key);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_buffer(
+ &pos, &remaining,
+ peer_key, peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_algorithm_t(
+ &pos, &remaining,
+ alg);
+ if (!ok) {
+ goto fail;
+ }
+ ok = psasim_serialise_psa_key_attributes_t(
+ &pos, &remaining,
+ *attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psa_crypto_call(PSA_KEY_AGREEMENT_IOP_SETUP,
+ ser_params, (size_t) (pos - ser_params), &ser_result, &result_length);
+ if (!ok) {
+ printf("PSA_KEY_AGREEMENT_IOP_SETUP server call failed\n");
+ goto fail;
+ }
+
+ uint8_t *rpos = ser_result;
+ size_t rremain = result_length;
+
+ ok = psasim_deserialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_status_t(
+ &rpos, &rremain,
+ &status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+fail:
+ free(ser_params);
+ free(ser_result);
+
+ return status;
+}
+
+
psa_status_t psa_key_derivation_abort(
psa_key_derivation_operation_t *operation
)
diff --git a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
index a88fc51..599e55f 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_crypto_server.c
@@ -3227,6 +3227,332 @@
}
// Returns 1 for success, 0 for failure
+int psa_generate_key_iop_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_generate_key_iop_t operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_key_iop_abort(
+ &operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_generate_key_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_key_iop_complete_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_generate_key_iop_t operation;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_key_iop_complete(
+ &operation,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_generate_key_iop_t_needs(operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_key_iop_get_num_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t value = 0;
+ psa_generate_key_iop_t operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ value = psa_generate_key_iop_get_num_ops(
+ &operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(value) +
+ psasim_serialise_psa_generate_key_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_uint32_t(
+ &rpos, &rremain,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_generate_key_iop_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_generate_key_iop_t operation;
+ psa_key_attributes_t attributes;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_generate_key_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_generate_key_iop_setup(
+ &operation,
+ &attributes
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_generate_key_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_generate_key_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
int psa_generate_random_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
@@ -4344,6 +4670,480 @@
}
// Returns 1 for success, 0 for failure
+int psa_key_agreement_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ mbedtls_svc_key_id_t private_key;
+ uint8_t *peer_key = NULL;
+ size_t peer_key_length;
+ psa_algorithm_t alg;
+ psa_key_attributes_t attributes;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &private_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &peer_key, &peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_agreement(
+ private_key,
+ peer_key, peer_key_length,
+ alg,
+ &attributes,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(peer_key);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(peer_key);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_agreement_iop_abort_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_agreement_iop_t operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_agreement_iop_abort(
+ &operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_key_agreement_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_agreement_iop_complete_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_agreement_iop_t operation;
+ mbedtls_svc_key_id_t key;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &key);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_agreement_iop_complete(
+ &operation,
+ &key
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_key_agreement_iop_t_needs(operation) +
+ psasim_serialise_mbedtls_svc_key_id_t_needs(key);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_mbedtls_svc_key_id_t(
+ &rpos, &rremain,
+ key);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_agreement_iop_get_num_ops_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ uint32_t value = 0;
+ psa_key_agreement_iop_t operation;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ value = psa_key_agreement_iop_get_num_ops(
+ &operation
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_uint32_t_needs(value) +
+ psasim_serialise_psa_key_agreement_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_uint32_t(
+ &rpos, &rremain,
+ value);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
+int psa_key_agreement_iop_setup_wrapper(
+ uint8_t *in_params, size_t in_params_len,
+ uint8_t **out_params, size_t *out_params_len)
+{
+ psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_agreement_iop_t operation;
+ mbedtls_svc_key_id_t private_key;
+ uint8_t *peer_key = NULL;
+ size_t peer_key_length;
+ psa_algorithm_t alg;
+ psa_key_attributes_t attributes;
+
+ uint8_t *pos = in_params;
+ size_t remaining = in_params_len;
+ uint8_t *result = NULL;
+ int ok;
+
+ ok = psasim_deserialise_begin(&pos, &remaining);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_agreement_iop_t(
+ &pos, &remaining,
+ &operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_mbedtls_svc_key_id_t(
+ &pos, &remaining,
+ &private_key);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_buffer(
+ &pos, &remaining,
+ &peer_key, &peer_key_length);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_algorithm_t(
+ &pos, &remaining,
+ &alg);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_deserialise_psa_key_attributes_t(
+ &pos, &remaining,
+ &attributes);
+ if (!ok) {
+ goto fail;
+ }
+
+ // Now we call the actual target function
+
+ status = psa_key_agreement_iop_setup(
+ &operation,
+ private_key,
+ peer_key, peer_key_length,
+ alg,
+ &attributes
+ );
+
+ // NOTE: Should really check there is no overflow as we go along.
+ size_t result_size =
+ psasim_serialise_begin_needs() +
+ psasim_serialise_psa_status_t_needs(status) +
+ psasim_serialise_psa_key_agreement_iop_t_needs(operation);
+
+ result = malloc(result_size);
+ if (result == NULL) {
+ goto fail;
+ }
+
+ uint8_t *rpos = result;
+ size_t rremain = result_size;
+
+ ok = psasim_serialise_begin(&rpos, &rremain);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_status_t(
+ &rpos, &rremain,
+ status);
+ if (!ok) {
+ goto fail;
+ }
+
+ ok = psasim_serialise_psa_key_agreement_iop_t(
+ &rpos, &rremain,
+ operation);
+ if (!ok) {
+ goto fail;
+ }
+
+ *out_params = result;
+ *out_params_len = result_size;
+
+ free(peer_key);
+
+ return 1; // success
+
+fail:
+ free(result);
+
+ free(peer_key);
+
+ return 0; // This shouldn't happen!
+}
+
+// Returns 1 for success, 0 for failure
int psa_key_derivation_abort_wrapper(
uint8_t *in_params, size_t in_params_len,
uint8_t **out_params, size_t *out_params_len)
@@ -7738,6 +8538,22 @@
ok = psa_generate_key_custom_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
+ case PSA_GENERATE_KEY_IOP_ABORT:
+ ok = psa_generate_key_iop_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_KEY_IOP_COMPLETE:
+ ok = psa_generate_key_iop_complete_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_KEY_IOP_GET_NUM_OPS:
+ ok = psa_generate_key_iop_get_num_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_GENERATE_KEY_IOP_SETUP:
+ ok = psa_generate_key_iop_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
case PSA_GENERATE_RANDOM:
ok = psa_generate_random_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
@@ -7790,6 +8606,26 @@
ok = psa_interruptible_set_max_ops_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
break;
+ case PSA_KEY_AGREEMENT:
+ ok = psa_key_agreement_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_AGREEMENT_IOP_ABORT:
+ ok = psa_key_agreement_iop_abort_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_AGREEMENT_IOP_COMPLETE:
+ ok = psa_key_agreement_iop_complete_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_AGREEMENT_IOP_GET_NUM_OPS:
+ ok = psa_key_agreement_iop_get_num_ops_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
+ case PSA_KEY_AGREEMENT_IOP_SETUP:
+ ok = psa_key_agreement_iop_setup_wrapper(in_params, in_params_len,
+ &out_params, &out_params_len);
+ break;
case PSA_KEY_DERIVATION_ABORT:
ok = psa_key_derivation_abort_wrapper(in_params, in_params_len,
&out_params, &out_params_len);
diff --git a/tests/psa-client-server/psasim/src/psa_sim_generate.pl b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
index e0e9b19..fbceddf 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_generate.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_generate.pl
@@ -302,6 +302,10 @@
#if !defined(MBEDTLS_PSA_CRYPTO_C)
#error "Error: MBEDTLS_PSA_CRYPTO_C must be enabled on server build"
#endif
+
+#if defined(MBEDTLS_TEST_HOOKS)
+void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
+#endif
EOF
}
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.c b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
index 44d87d6..cd081e4 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.c
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.c
@@ -1660,6 +1660,42 @@
return 1;
}
+size_t psasim_serialise_psa_generate_key_iop_t_needs(
+ psa_generate_key_iop_t value)
+{
+ return sizeof(value);
+}
+
+int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos,
+ size_t *remaining,
+ psa_generate_key_iop_t value)
+{
+ if (*remaining < sizeof(value)) {
+ return 0;
+ }
+
+ memcpy(*pos, &value, sizeof(value));
+ *pos += sizeof(value);
+
+ return 1;
+}
+
+int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos,
+ size_t *remaining,
+ psa_generate_key_iop_t *value)
+{
+ if (*remaining < sizeof(*value)) {
+ return 0;
+ }
+
+ memcpy(value, *pos, sizeof(*value));
+
+ *pos += sizeof(*value);
+ *remaining -= sizeof(*value);
+
+ return 1;
+}
+
void psa_sim_serialize_reset(void)
{
memset(hash_operation_handles, 0,
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.h b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
index 02f6bcb..a224d82 100644
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.h
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.h
@@ -1344,3 +1344,46 @@
int psasim_deserialise_psa_key_agreement_iop_t(uint8_t **pos,
size_t *remaining,
psa_key_agreement_iop_t *value);
+
+/** Return how much buffer space is needed by \c psasim_serialise_psa_generate_key_iop_t()
+ * to serialise a `psa_generate_key_iop_t`.
+ *
+ * \param value The value that will be serialised into the buffer
+ * (needed in case some serialisations are value-
+ * dependent).
+ *
+ * \return The number of bytes needed in the buffer by
+ * \c psasim_serialise_psa_generate_key_iop_t() to serialise
+ * the given value.
+ */
+size_t psasim_serialise_psa_generate_key_iop_t_needs(
+ psa_generate_key_iop_t value);
+
+/** Serialise a `psa_generate_key_iop_t` into a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value The value to serialise into the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_serialise_psa_generate_key_iop_t(uint8_t **pos,
+ size_t *remaining,
+ psa_generate_key_iop_t value);
+
+/** Deserialise a `psa_generate_key_iop_t` from a buffer.
+ *
+ * \param pos[in,out] Pointer to a `uint8_t *` holding current position
+ * in the buffer.
+ * \param remaining[in,out] Pointer to a `size_t` holding number of bytes
+ * remaining in the buffer.
+ * \param value Pointer to a `psa_generate_key_iop_t` to receive the value
+ * deserialised from the buffer.
+ *
+ * \return \c 1 on success ("okay"), \c 0 on error.
+ */
+int psasim_deserialise_psa_generate_key_iop_t(uint8_t **pos,
+ size_t *remaining,
+ psa_generate_key_iop_t *value);
diff --git a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
index 054841e..0dba81e 100755
--- a/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
+++ b/tests/psa-client-server/psasim/src/psa_sim_serialise.pl
@@ -49,7 +49,8 @@
psa_sign_hash_interruptible_operation_t
psa_verify_hash_interruptible_operation_t
mbedtls_svc_key_id_t
- psa_key_agreement_iop_t);
+ psa_key_agreement_iop_t
+ sa_generate_key_iop_t);
grep(s/-/ /g, @types);
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index a224e58..35990d0 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -164,7 +164,7 @@
fi
check scripts/generate_psa_constants.py programs/psa/psa_constant_names_generated.c
-check framework/scripts/generate_test_keys.py tests/src/test_keys.h
+check framework/scripts/generate_test_keys.py framework/tests/src/test_keys.h
check scripts/generate_driver_wrappers.py ${crypto_core_dir}/psa_crypto_driver_wrappers.h \
${crypto_core_dir}/psa_crypto_driver_wrappers_no_static.c
diff --git a/tests/scripts/check_names.py b/tests/scripts/check_names.py
index 4f503e4..3ac4d45 100755
--- a/tests/scripts/check_names.py
+++ b/tests/scripts/check_names.py
@@ -247,7 +247,7 @@
"library/*.h",
"tf-psa-crypto/core/*.h",
"tf-psa-crypto/drivers/builtin/src/*.h",
- "tests/include/test/drivers/*.h",
+ "framework/tests/include/test/drivers/*.h",
])
all_macros["private"] = self.parse_macros([
"library/*.c",
diff --git a/tests/scripts/components-build-system.sh b/tests/scripts/components-build-system.sh
index f2b74a9..7ebe627 100644
--- a/tests/scripts/components-build-system.sh
+++ b/tests/scripts/components-build-system.sh
@@ -20,7 +20,7 @@
msg "build/test: cmake shared" # ~ 2min
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
make
- ldd programs/util/strerror | grep libmbedcrypto
+ ldd programs/util/strerror | grep libtfpsacrypto
make test
programs/test/dlopen_demo.sh
}
diff --git a/tests/scripts/components-compiler.sh b/tests/scripts/components-compiler.sh
index 5d22735..a4b2323 100644
--- a/tests/scripts/components-compiler.sh
+++ b/tests/scripts/components-compiler.sh
@@ -18,7 +18,7 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, armclang armv7-m thumb2"
- helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ helper_armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
}
test_build_opt () {
diff --git a/tests/scripts/components-configuration-crypto.sh b/tests/scripts/components-configuration-crypto.sh
index 33f3902..2c83caf 100644
--- a/tests/scripts/components-configuration-crypto.sh
+++ b/tests/scripts/components-configuration-crypto.sh
@@ -67,12 +67,12 @@
# We can only compile, not link, since our test and sample programs
# aren't equipped for the modified names used when MBEDTLS_PSA_CRYPTO_SPM
# is active.
- make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' lib
+ make CC=gcc CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' lib
# Check that if a symbol is renamed by crypto_spe.h, the non-renamed
# version is not present.
echo "Checking for renamed symbols in the library"
- check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
+ check_renamed_symbols framework/tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
# The goal of this component is to build a configuration where:
@@ -537,7 +537,7 @@
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
- make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
+ make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/"
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
}
@@ -1437,7 +1437,7 @@
common_tfm_config
# Build crypto library
- make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
+ make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../framework/tests/include/spe" LDFLAGS="$ASAN_CFLAGS"
# Make sure any built-in EC alg was not re-enabled by accident (additive config)
not grep mbedtls_ecdsa_ ${BUILTIN_SRC_PATH}/ecdsa.o
@@ -1471,7 +1471,7 @@
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
msg "build: TF-M config without p256m"
- make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
+ make CFLAGS='-Werror -Wall -Wextra -I../framework/tests/include/spe' tests
# Check that p256m was not built
not grep p256_ecdsa_ library/libmbedcrypto.a
@@ -2649,7 +2649,7 @@
msg "build: full + test drivers dispatching to builtins"
scripts/config.py full
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_CONFIG_ADJUST_TEST_ACCELERATORS"
- loc_cflags="${loc_cflags} -I../tests/include"
+ loc_cflags="${loc_cflags} -I../framework/tests/include"
make CC=$ASAN_CC CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
@@ -2685,13 +2685,13 @@
# Generate alternative versions of the substitutable headers with the
# same content except different include guards.
- make -C tests include/alt-extra/psa/crypto_platform_alt.h include/alt-extra/psa/crypto_struct_alt.h
+ make -C tests ../framework/tests/include/alt-extra/psa/crypto_platform_alt.h ../framework/tests/include/alt-extra/psa/crypto_struct_alt.h
# Build the library and some programs.
# Don't build the fuzzers to avoid having to go through hoops to set
# a correct include path for programs/fuzz/Makefile.
- make CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
- make -C programs -o fuzz CFLAGS="-I ../tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
+ make CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'" lib
+ make -C programs -o fuzz CFLAGS="-I ../framework/tests/include/alt-extra -DMBEDTLS_PSA_CRYPTO_PLATFORM_FILE='\"psa/crypto_platform_alt.h\"' -DMBEDTLS_PSA_CRYPTO_STRUCT_FILE='\"psa/crypto_struct_alt.h\"'"
# Check that we're getting the alternative include guards and not the
# original include guards.
diff --git a/tests/scripts/components-configuration.sh b/tests/scripts/components-configuration.sh
index 683ac84..4b7162a 100644
--- a/tests/scripts/components-configuration.sh
+++ b/tests/scripts/components-configuration.sh
@@ -219,7 +219,7 @@
component_build_baremetal () {
msg "build: make, baremetal config"
scripts/config.py baremetal
- make CFLAGS="-O1 -Werror -I$PWD/tests/include/baremetal-override/"
+ make CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/"
}
support_build_baremetal () {
@@ -238,11 +238,11 @@
cp configs/config-tfm.h "$CONFIG_H"
msg "build: TF-M config, clang, armv7-m thumb2"
- make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../tests/include/spe"
+ make lib CC="clang" CFLAGS="--target=arm-linux-gnueabihf -march=armv7-m -mthumb -Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused -I../framework/tests/include/spe"
msg "build: TF-M config, gcc native build"
make clean
- make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../tests/include/spe"
+ make lib CC="gcc" CFLAGS="-Os -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wformat-signedness -Wlogical-op -I../framework/tests/include/spe"
}
component_test_malloc_0_null () {
diff --git a/tests/scripts/components-sanitizers.sh b/tests/scripts/components-sanitizers.sh
index e872af0..7a67027 100644
--- a/tests/scripts/components-sanitizers.sh
+++ b/tests/scripts/components-sanitizers.sh
@@ -12,7 +12,7 @@
skip_suites_without_constant_flow () {
# Skip the test suites that don't have any constant-flow annotations.
# This will need to be adjusted if we ever start declaring things as
- # secret from macros or functions inside tests/include or tests/src.
+ # secret from macros or functions inside framework/tests/include or framework/tests/src.
SKIP_TEST_SUITES=$(
git -C tests/suites grep -L TEST_CF_ 'test_suite_*.function' |
sed 's/test_suite_//; s/\.function$//' |
diff --git a/tests/src/asn1_helpers.c b/tests/src/asn1_helpers.c
deleted file mode 100644
index c63bd0c..0000000
--- a/tests/src/asn1_helpers.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/** \file asn1_helpers.c
- *
- * \brief Helper functions for tests that manipulate ASN.1 data.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
-
-#include <mbedtls/asn1.h>
-
-#include <test/asn1_helpers.h>
-
-int mbedtls_test_asn1_skip_integer(unsigned char **p, const unsigned char *end,
- size_t min_bits, size_t max_bits,
- int must_be_odd)
-{
- size_t len;
- size_t actual_bits;
- unsigned char msb;
- TEST_EQUAL(mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_INTEGER),
- 0);
-
- /* Check if the retrieved length doesn't extend the actual buffer's size.
- * It is assumed here, that end >= p, which validates casting to size_t. */
- TEST_ASSERT(len <= (size_t) (end - *p));
-
- /* Tolerate a slight departure from DER encoding:
- * - 0 may be represented by an empty string or a 1-byte string.
- * - The sign bit may be used as a value bit. */
- if ((len == 1 && (*p)[0] == 0) ||
- (len > 1 && (*p)[0] == 0 && ((*p)[1] & 0x80) != 0)) {
- ++(*p);
- --len;
- }
- if (min_bits == 0 && len == 0) {
- return 1;
- }
- msb = (*p)[0];
- TEST_ASSERT(msb != 0);
- actual_bits = 8 * (len - 1);
- while (msb != 0) {
- msb >>= 1;
- ++actual_bits;
- }
- TEST_ASSERT(actual_bits >= min_bits);
- TEST_ASSERT(actual_bits <= max_bits);
- if (must_be_odd) {
- TEST_ASSERT(((*p)[len-1] & 1) != 0);
- }
- *p += len;
- return 1;
-exit:
- return 0;
-}
-
-#endif /* MBEDTLS_ASN1_PARSE_C */
diff --git a/tests/src/bignum_codepath_check.c b/tests/src/bignum_codepath_check.c
deleted file mode 100644
index 9c6bbc7..0000000
--- a/tests/src/bignum_codepath_check.c
+++ /dev/null
@@ -1,38 +0,0 @@
-/** Support for path tracking in optionally safe bignum functions
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include "test/bignum_codepath_check.h"
-#include "bignum_core_invasive.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-int mbedtls_codepath_check = MBEDTLS_MPI_IS_TEST;
-
-static void mbedtls_codepath_take_safe(void)
-{
- if (mbedtls_codepath_check == MBEDTLS_MPI_IS_TEST) {
- mbedtls_codepath_check = MBEDTLS_MPI_IS_SECRET;
- }
-}
-
-static void mbedtls_codepath_take_unsafe(void)
-{
- mbedtls_codepath_check = MBEDTLS_MPI_IS_PUBLIC;
-}
-
-void mbedtls_codepath_test_hooks_setup(void)
-{
- mbedtls_safe_codepath_hook = mbedtls_codepath_take_safe;
- mbedtls_unsafe_codepath_hook = mbedtls_codepath_take_unsafe;
-}
-
-void mbedtls_codepath_test_hooks_teardown(void)
-{
- mbedtls_safe_codepath_hook = NULL;
- mbedtls_unsafe_codepath_hook = NULL;
-}
-
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
diff --git a/tests/src/bignum_helpers.c b/tests/src/bignum_helpers.c
deleted file mode 100644
index 913f5e3..0000000
--- a/tests/src/bignum_helpers.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/**
- * \file bignum_helpers.c
- *
- * \brief This file contains the prototypes of helper functions for
- * bignum-related testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#define MBEDTLS_ALLOW_PRIVATE_ACCESS
-#include <test/bignum_helpers.h>
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-#include <stdlib.h>
-#include <string.h>
-
-#include <mbedtls/bignum.h>
-#include <bignum_core.h>
-#include <bignum_mod.h>
-#include <bignum_mod_raw.h>
-
-#include <test/helpers.h>
-#include <test/macros.h>
-
-int mbedtls_test_read_mpi_core(mbedtls_mpi_uint **pX, size_t *plimbs,
- const char *input)
-{
- /* Sanity check */
- if (*pX != NULL) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
-
- size_t hex_len = strlen(input);
- size_t byte_len = (hex_len + 1) / 2;
- *plimbs = CHARS_TO_LIMBS(byte_len);
-
- /* A core bignum is not allowed to be empty. Forbid it as test data,
- * this way static analyzers have a chance of knowing we don't expect
- * the bignum functions to support empty inputs. */
- if (*plimbs == 0) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
-
- *pX = mbedtls_calloc(*plimbs, sizeof(**pX));
- if (*pX == NULL) {
- return MBEDTLS_ERR_MPI_ALLOC_FAILED;
- }
-
- unsigned char *byte_start = (unsigned char *) *pX;
- if (byte_len % sizeof(mbedtls_mpi_uint) != 0) {
- byte_start += sizeof(mbedtls_mpi_uint) - byte_len % sizeof(mbedtls_mpi_uint);
- }
- if ((hex_len & 1) != 0) {
- /* mbedtls_test_unhexify wants an even number of hex digits */
- TEST_ASSERT(mbedtls_test_ascii2uc(*input, byte_start) == 0);
- ++byte_start;
- ++input;
- --byte_len;
- }
- TEST_ASSERT(mbedtls_test_unhexify(byte_start,
- byte_len,
- input,
- &byte_len) == 0);
-
- mbedtls_mpi_core_bigendian_to_host(*pX, *plimbs);
- return 0;
-
-exit:
- mbedtls_free(*pX);
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
-}
-
-#if defined(MBEDTLS_ECP_WITH_MPI_UINT)
-int mbedtls_test_read_mpi_modulus(mbedtls_mpi_mod_modulus *N,
- const char *s,
- mbedtls_mpi_mod_rep_selector int_rep)
-{
- mbedtls_mpi_uint *p = NULL;
- size_t limbs = 0;
- if (N->limbs != 0) {
- return MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- }
- int ret = mbedtls_test_read_mpi_core(&p, &limbs, s);
- if (ret != 0) {
- return ret;
- }
-
- switch (int_rep) {
- case MBEDTLS_MPI_MOD_REP_MONTGOMERY:
- ret = mbedtls_mpi_mod_modulus_setup(N, p, limbs);
- break;
- case MBEDTLS_MPI_MOD_REP_OPT_RED:
- ret = mbedtls_mpi_mod_optred_modulus_setup(N, p, limbs, NULL);
- break;
- default:
- ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA;
- break;
- }
- if (ret != 0) {
- mbedtls_free(p);
- }
- return ret;
-}
-
-void mbedtls_test_mpi_mod_modulus_free_with_limbs(mbedtls_mpi_mod_modulus *N)
-{
- mbedtls_free((mbedtls_mpi_uint *) N->p);
- mbedtls_mpi_mod_modulus_free(N);
-}
-#endif /* MBEDTLS_ECP_WITH_MPI_UINT */
-
-int mbedtls_test_read_mpi(mbedtls_mpi *X, const char *s)
-{
- int negative = 0;
- /* Always set the sign bit to -1 if the input has a minus sign, even for 0.
- * This creates an invalid representation, which mbedtls_mpi_read_string()
- * avoids but we want to be able to create that in test data. */
- if (s[0] == '-') {
- ++s;
- negative = 1;
- }
- /* mbedtls_mpi_read_string() currently retains leading zeros.
- * It always allocates at least one limb for the value 0. */
- if (s[0] == 0) {
- mbedtls_mpi_free(X);
- return 0;
- }
- int ret = mbedtls_mpi_read_string(X, 16, s);
- if (ret != 0) {
- return ret;
- }
- if (negative) {
- if (mbedtls_mpi_cmp_int(X, 0) == 0) {
- mbedtls_test_increment_case_uses_negative_0();
- }
- X->s = -1;
- }
- return 0;
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c
deleted file mode 100644
index 54aec93..0000000
--- a/tests/src/drivers/hash.c
+++ /dev/null
@@ -1,203 +0,0 @@
-/*
- * Test driver for hash entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_hash.h"
-
-#include "test/drivers/hash.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_hash.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
-#endif
-#endif
-
-mbedtls_test_driver_hash_hooks_t
- mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT;
-
-psa_status_t mbedtls_test_transparent_hash_compute(
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *hash, size_t hash_size, size_t *hash_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_compute(
- alg, input, input_length,
- hash, hash_size, hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_compute(
- alg, input, input_length,
- hash, hash_size, hash_length);
-#else
- (void) alg;
- (void) input;
- (void) input_length;
- (void) hash;
- (void) hash_size;
- (void) hash_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_setup(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_setup(operation, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_setup(operation, alg);
-#else
- (void) operation;
- (void) alg;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_clone(
- const mbedtls_transparent_test_driver_hash_operation_t *source_operation,
- mbedtls_transparent_test_driver_hash_operation_t *target_operation)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_clone(source_operation,
- target_operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_clone(source_operation, target_operation);
-#else
- (void) source_operation;
- (void) target_operation;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_update(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_update(
- operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_update(operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_finish(
- mbedtls_transparent_test_driver_hash_operation_t *operation,
- uint8_t *hash,
- size_t hash_size,
- size_t *hash_length)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_finish(
- operation, hash, hash_size, hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_finish(operation, hash, hash_size, hash_length);
-#else
- (void) operation;
- (void) hash;
- (void) hash_size;
- (void) hash_length;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_hash_abort(
- mbedtls_transparent_test_driver_hash_operation_t *operation)
-{
- mbedtls_test_driver_hash_hooks.hits++;
-
- if (mbedtls_test_driver_hash_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_test_driver_hash_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- libtestdriver1_mbedtls_psa_hash_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- mbedtls_test_driver_hash_hooks.driver_status =
- mbedtls_psa_hash_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_hash_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_hash_hooks.driver_status;
-}
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/platform_builtin_keys.c b/tests/src/drivers/platform_builtin_keys.c
deleted file mode 100644
index 4561b6f..0000000
--- a/tests/src/drivers/platform_builtin_keys.c
+++ /dev/null
@@ -1,82 +0,0 @@
-/** \file platform_builtin_keys.c
- *
- * \brief Test driver implementation of the builtin key support
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS)
-
-#include <psa/crypto.h>
-#include <psa/crypto_extra.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include <test/drivers/test_driver.h>
-#endif
-
-typedef struct {
- psa_key_id_t builtin_key_id;
- psa_key_lifetime_t lifetime;
- psa_drv_slot_number_t slot_number;
-} mbedtls_psa_builtin_key_description_t;
-
-static const mbedtls_psa_builtin_key_description_t builtin_keys[] = {
-#if defined(PSA_CRYPTO_DRIVER_TEST)
- /* For testing, assign the AES builtin key slot to the boundary values.
- * ECDSA can be exercised on key ID MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1. */
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN - 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MIN + 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX - 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
- { MBEDTLS_PSA_KEY_ID_BUILTIN_MAX + 1,
- PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(
- PSA_KEY_PERSISTENCE_READ_ONLY, PSA_CRYPTO_TEST_DRIVER_LOCATION),
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT },
-#else
- { 0, 0, 0 }
-#endif
-};
-
-psa_status_t mbedtls_psa_platform_get_builtin_key(
- mbedtls_svc_key_id_t key_id,
- psa_key_lifetime_t *lifetime,
- psa_drv_slot_number_t *slot_number)
-{
- psa_key_id_t app_key_id = MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id);
- const mbedtls_psa_builtin_key_description_t *builtin_key;
-
- for (size_t i = 0;
- i < (sizeof(builtin_keys) / sizeof(builtin_keys[0])); i++) {
- builtin_key = &builtin_keys[i];
- if (builtin_key->builtin_key_id == app_key_id) {
- *lifetime = builtin_key->lifetime;
- *slot_number = builtin_key->slot_number;
- return PSA_SUCCESS;
- }
- }
-
- return PSA_ERROR_DOES_NOT_EXIST;
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c
deleted file mode 100644
index 6992a06..0000000
--- a/tests/src/drivers/test_driver_aead.c
+++ /dev/null
@@ -1,466 +0,0 @@
-/*
- * Test driver for AEAD entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_aead.h"
-#include "psa_crypto_core.h"
-
-#include "test/drivers/aead.h"
-
-#include "mbedtls/constant_time.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_aead.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h"
-#endif
-#endif
-
-mbedtls_test_driver_aead_hooks_t
- mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT;
-
-psa_status_t mbedtls_test_transparent_aead_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *plaintext, size_t plaintext_length,
- uint8_t *ciphertext, size_t ciphertext_size, size_t *ciphertext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_encrypt++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- plaintext, plaintext_length,
- ciphertext, ciphertext_size, ciphertext_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) nonce;
- (void) nonce_length;
- (void) additional_data;
- (void) additional_data_length;
- (void) plaintext;
- (void) plaintext_length;
- (void) ciphertext;
- (void) ciphertext_size;
- (void) ciphertext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *nonce, size_t nonce_length,
- const uint8_t *additional_data, size_t additional_data_length,
- const uint8_t *ciphertext, size_t ciphertext_length,
- uint8_t *plaintext, size_t plaintext_size, size_t *plaintext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_decrypt++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg,
- nonce, nonce_length,
- additional_data, additional_data_length,
- ciphertext, ciphertext_length,
- plaintext, plaintext_size, plaintext_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) nonce;
- (void) nonce_length;
- (void) additional_data;
- (void) additional_data_length;
- (void) ciphertext;
- (void) ciphertext_length;
- (void) plaintext;
- (void) plaintext_size;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_encrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_aead_hooks.hits_encrypt_setup++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_encrypt_setup(operation,
- (const libtestdriver1_psa_key_attributes_t
- *) attributes,
- key_buffer,
- key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_encrypt_setup(operation, attributes, key_buffer,
- key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_decrypt_setup(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_aead_hooks.hits_decrypt_setup++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_decrypt_setup(operation,
- (const libtestdriver1_psa_key_attributes_t
- *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_decrypt_setup(operation, attributes, key_buffer,
- key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_set_nonce(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *nonce,
- size_t nonce_length)
-{
- mbedtls_test_driver_aead_hooks.hits_set_nonce++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_set_nonce(operation, nonce, nonce_length);
-#else
- (void) operation;
- (void) nonce;
- (void) nonce_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_set_lengths(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- size_t ad_length,
- size_t plaintext_length)
-{
- mbedtls_test_driver_aead_hooks.hits_set_lengths++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_set_lengths(operation, ad_length,
- plaintext_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_set_lengths(operation, ad_length,
- plaintext_length);
-#else
- (void) operation;
- (void) ad_length;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_update_ad(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_aead_hooks.hits_update_ad++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_update_ad(operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_update_ad(operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_update(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_aead_hooks.hits_update++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_update(operation, input,
- input_length, output,
- output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_update(operation, input, input_length, output,
- output_size, output_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_finish(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *ciphertext,
- size_t ciphertext_size,
- size_t *ciphertext_length,
- uint8_t *tag,
- size_t tag_size,
- size_t *tag_length)
-{
- mbedtls_test_driver_aead_hooks.hits_finish++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_finish(operation, ciphertext,
- ciphertext_size, ciphertext_length,
- tag, tag_size, tag_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_finish(operation, ciphertext, ciphertext_size,
- ciphertext_length, tag, tag_size,
- tag_length);
-#else
- (void) operation;
- (void) ciphertext;
- (void) ciphertext_size;
- (void) ciphertext_length;
- (void) tag;
- (void) tag_size;
- (void) tag_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_verify(
- mbedtls_transparent_test_driver_aead_operation_t *operation,
- uint8_t *plaintext,
- size_t plaintext_size,
- size_t *plaintext_length,
- const uint8_t *tag,
- size_t tag_length)
-{
- mbedtls_test_driver_aead_hooks.hits_verify++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
- uint8_t check_tag[PSA_AEAD_TAG_MAX_SIZE];
- size_t check_tag_length = 0;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_finish(operation,
- plaintext,
- plaintext_size,
- plaintext_length,
- check_tag,
- sizeof(check_tag),
- &check_tag_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_finish(operation,
- plaintext,
- plaintext_size,
- plaintext_length,
- check_tag,
- sizeof(check_tag),
- &check_tag_length);
-#else
- (void) operation;
- (void) plaintext;
- (void) plaintext_size;
- (void) plaintext_length;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
-
- if (mbedtls_test_driver_aead_hooks.driver_status == PSA_SUCCESS) {
- if (tag_length != check_tag_length ||
- mbedtls_ct_memcmp(tag, check_tag, tag_length)
- != 0) {
- mbedtls_test_driver_aead_hooks.driver_status =
- PSA_ERROR_INVALID_SIGNATURE;
- }
- }
-
- mbedtls_platform_zeroize(check_tag, sizeof(check_tag));
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_aead_abort(
- mbedtls_transparent_test_driver_aead_operation_t *operation)
-{
- mbedtls_test_driver_aead_hooks.hits_abort++;
-
- if (mbedtls_test_driver_aead_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_test_driver_aead_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- libtestdriver1_mbedtls_psa_aead_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_AEAD)
- mbedtls_test_driver_aead_hooks.driver_status =
- mbedtls_psa_aead_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_aead_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_aead_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c
deleted file mode 100644
index 6fdbe43..0000000
--- a/tests/src/drivers/test_driver_asymmetric_encryption.c
+++ /dev/null
@@ -1,185 +0,0 @@
-/*
- * Test driver for asymmetric encryption.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "mbedtls/rsa.h"
-#include "psa_crypto_rsa.h"
-#include "string.h"
-#include "test/drivers/asymmetric_encryption.h"
-#include "test/drivers/key_management.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
-#endif
-#endif
-
-#define PSA_RSA_KEY_PAIR_MAX_SIZE \
- PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS)
-
-mbedtls_test_driver_asymmetric_encryption_hooks_t mbedtls_test_driver_asymmetric_encryption_hooks =
- MBEDTLS_TEST_DRIVER_ASYMMETRIC_ENCRYPTION_INIT;
-
-psa_status_t mbedtls_test_transparent_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
-
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key_buffer,
- size_t key_buffer_size, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_asymmetric_encryption_hooks.hits++;
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output,
- mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_asymmetric_encryption_hooks.forced_output_length;
-
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_asymmetric_encryption_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_asymmetric_encryption_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-/*
- * opaque versions
- */
-psa_status_t mbedtls_test_opaque_asymmetric_encrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
- size_t unwrapped_key_length;
- psa_status_t status;
-
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- unwrapped_key, sizeof(unwrapped_key),
- &unwrapped_key_length);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
- return libtestdriver1_mbedtls_psa_asymmetric_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_encrypt(
- attributes, unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
- const psa_key_attributes_t *attributes, const uint8_t *key,
- size_t key_length, psa_algorithm_t alg, const uint8_t *input,
- size_t input_length, const uint8_t *salt, size_t salt_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- unsigned char unwrapped_key[PSA_RSA_KEY_PAIR_MAX_SIZE];
- size_t unwrapped_key_length;
- psa_status_t status;
-
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- unwrapped_key, sizeof(unwrapped_key),
- &unwrapped_key_length);
- if (status != PSA_SUCCESS) {
- return status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_ALG_RSA_OAEP) || defined(MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_CRYPT))
- return libtestdriver1_mbedtls_psa_asymmetric_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#else
- return mbedtls_psa_asymmetric_decrypt(
- attributes, unwrapped_key, unwrapped_key_length,
- alg, input, input_length, salt, salt_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c
deleted file mode 100644
index 90256fc..0000000
--- a/tests/src/drivers/test_driver_cipher.c
+++ /dev/null
@@ -1,436 +0,0 @@
-/*
- * Test driver for cipher functions.
- * Currently only supports multi-part operations using AES-CTR.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_cipher.h"
-#include "psa_crypto_core.h"
-#include "mbedtls/cipher.h"
-
-#include "test/drivers/cipher.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_cipher.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h"
-#endif
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_cipher_hooks_t mbedtls_test_driver_cipher_hooks =
- MBEDTLS_TEST_DRIVER_CIPHER_INIT;
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *iv,
- size_t iv_length,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
- mbedtls_test_driver_cipher_hooks.hits_encrypt++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
- if (mbedtls_test_driver_cipher_hooks.forced_status_encrypt != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status_encrypt;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_encrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_encrypt(
- attributes, key_buffer, key_buffer_size,
- alg, iv, iv_length, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_decrypt(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_decrypt(
- attributes, key_buffer, key_buffer_size,
- alg, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_encrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- /* Wiping the entire struct here, instead of member-by-member. This is
- * useful for the test suite, since it gives a chance of catching memory
- * corruption errors should the core not have allocated (enough) memory for
- * our context struct. */
- memset(operation, 0, sizeof(*operation));
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_encrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_length, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_encrypt_setup(
- operation, attributes, key, key_length, alg);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_decrypt_setup(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_decrypt_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_length, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_decrypt_setup(
- operation, attributes, key, key_length, alg);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_abort(
- mbedtls_transparent_test_driver_cipher_operation_t *operation)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- libtestdriver1_mbedtls_psa_cipher_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- mbedtls_psa_cipher_abort(operation);
-#endif
-
- /* Wiping the entire struct here, instead of member-by-member. This is
- * useful for the test suite, since it gives a chance of catching memory
- * corruption errors should the core not have allocated (enough) memory for
- * our context struct. */
- memset(operation, 0, sizeof(*operation));
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_set_iv(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
- mbedtls_test_driver_cipher_hooks.hits_set_iv++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
- if (mbedtls_test_driver_cipher_hooks.forced_status_set_iv != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status_set_iv;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_set_iv(
- operation, iv, iv_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_set_iv(operation, iv, iv_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_update(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_update(
- operation, input, input_length,
- output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_cipher_finish(
- mbedtls_transparent_test_driver_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_cipher_hooks.hits++;
-
- if (mbedtls_test_driver_cipher_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_cipher_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_cipher_hooks.forced_output,
- mbedtls_test_driver_cipher_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_cipher_hooks.forced_output_length;
-
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_cipher_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_cipher_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_CIPHER)
- return libtestdriver1_mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_CIPHER)
- return mbedtls_psa_cipher_finish(
- operation, output, output_size, output_length);
-#endif
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-/*
- * opaque versions, to do
- */
-psa_status_t mbedtls_test_opaque_cipher_encrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *iv, size_t iv_length,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) iv;
- (void) iv_length;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input, size_t input_length,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_encrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- (void) operation;
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_decrypt_setup(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg)
-{
- (void) operation;
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_abort(
- mbedtls_opaque_test_driver_cipher_operation_t *operation)
-{
- (void) operation;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_set_iv(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *iv,
- size_t iv_length)
-{
- (void) operation;
- (void) iv;
- (void) iv_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_update(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- const uint8_t *input,
- size_t input_length,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- (void) operation;
- (void) input;
- (void) input_length;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_cipher_finish(
- mbedtls_opaque_test_driver_cipher_operation_t *operation,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- (void) operation;
- (void) output;
- (void) output_size;
- (void) output_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c
deleted file mode 100644
index 8a7a9ea..0000000
--- a/tests/src/drivers/test_driver_key_agreement.c
+++ /dev/null
@@ -1,153 +0,0 @@
-/*
- * Test driver for key agreement functions.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_ffdh.h"
-
-#include "test/drivers/key_agreement.h"
-#include "test/drivers/test_driver.h"
-
-#include <string.h>
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/include/psa/crypto.h"
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
-#endif
-#endif
-
-mbedtls_test_driver_key_agreement_hooks_t
- mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT;
-
-psa_status_t mbedtls_test_transparent_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length)
-{
- mbedtls_test_driver_key_agreement_hooks.hits++;
-
- if (mbedtls_test_driver_key_agreement_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_agreement_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_agreement_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_agreement_hooks.forced_output_length > shared_secret_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(shared_secret, mbedtls_test_driver_key_agreement_hooks.forced_output,
- mbedtls_test_driver_key_agreement_hooks.forced_output_length);
- *shared_secret_length = mbedtls_test_driver_key_agreement_hooks.forced_output_length;
-
- return PSA_SUCCESS;
- }
-
- if (PSA_ALG_IS_ECDH(alg)) {
-#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDH))
- return libtestdriver1_mbedtls_psa_key_agreement_ecdh(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, peer_key, peer_key_length,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
- return mbedtls_psa_key_agreement_ecdh(
- attributes,
- key_buffer, key_buffer_size,
- alg, peer_key, peer_key_length,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- if (PSA_ALG_IS_FFDH(alg)) {
-#if (defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_FFDH))
- return libtestdriver1_mbedtls_psa_ffdh_key_agreement(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- peer_key, peer_key_length,
- key_buffer, key_buffer_size,
- shared_secret, shared_secret_size,
- shared_secret_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_FFDH)
- return mbedtls_psa_ffdh_key_agreement(
- attributes,
- peer_key,
- peer_key_length,
- key_buffer,
- key_buffer_size,
- shared_secret,
- shared_secret_size,
- shared_secret_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
-
-}
-
-psa_status_t mbedtls_test_opaque_key_agreement(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *peer_key,
- size_t peer_key_length,
- uint8_t *shared_secret,
- size_t shared_secret_size,
- size_t *shared_secret_length)
-{
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) peer_key;
- (void) peer_key_length;
- (void) shared_secret;
- (void) shared_secret_size;
- (void) shared_secret_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c
deleted file mode 100644
index d2ca157..0000000
--- a/tests/src/drivers/test_driver_key_management.c
+++ /dev/null
@@ -1,794 +0,0 @@
-/*
- * Test driver for generating and verifying keys.
- * Currently only supports generating and verifying ECC keys.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_rsa.h"
-#include "psa_crypto_ffdh.h"
-#include "mbedtls/ecp.h"
-#include "mbedtls/error.h"
-
-#include "test/drivers/key_management.h"
-#include "test/drivers/test_driver.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#include "libtestdriver1/library/psa_crypto_ffdh.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h"
-#endif
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_key_management_hooks_t
- mbedtls_test_driver_key_management_hooks = MBEDTLS_TEST_DRIVER_KEY_MANAGEMENT_INIT;
-
-const uint8_t mbedtls_test_driver_aes_key[16] =
-{ 0x36, 0x77, 0x39, 0x7A, 0x24, 0x43, 0x26, 0x46,
- 0x29, 0x4A, 0x40, 0x4E, 0x63, 0x52, 0x66, 0x55 };
-const uint8_t mbedtls_test_driver_ecdsa_key[32] =
-{ 0xdc, 0x7d, 0x9d, 0x26, 0xd6, 0x7a, 0x4f, 0x63,
- 0x2c, 0x34, 0xc2, 0xdc, 0x0b, 0x69, 0x86, 0x18,
- 0x38, 0x82, 0xc2, 0x06, 0xdf, 0x04, 0xcd, 0xb7,
- 0xd6, 0x9a, 0xab, 0xe2, 0x8b, 0xe4, 0xf8, 0x1a };
-const uint8_t mbedtls_test_driver_ecdsa_pubkey[65] =
-{ 0x04,
- 0x85, 0xf6, 0x4d, 0x89, 0xf0, 0x0b, 0xe6, 0x6c,
- 0x88, 0xdd, 0x93, 0x7e, 0xfd, 0x6d, 0x7c, 0x44,
- 0x56, 0x48, 0xdc, 0xb7, 0x01, 0x15, 0x0b, 0x8a,
- 0x95, 0x09, 0x29, 0x58, 0x50, 0xf4, 0x1c, 0x19,
- 0x31, 0xe5, 0x71, 0xfb, 0x8f, 0x8c, 0x78, 0x31,
- 0x7a, 0x20, 0xb3, 0x80, 0xe8, 0x66, 0x58, 0x4b,
- 0xbc, 0x25, 0x16, 0xc3, 0xd2, 0x70, 0x2d, 0x79,
- 0x2f, 0x13, 0x1a, 0x92, 0x20, 0x95, 0xfd, 0x6c };
-
-psa_status_t mbedtls_test_transparent_init(void)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- status = libtestdriver1_psa_crypto_init();
- if (status != PSA_SUCCESS) {
- return status;
- }
-#endif
-
- (void) status;
- return PSA_SUCCESS;
-}
-
-void mbedtls_test_transparent_free(void)
-{
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
- libtestdriver1_mbedtls_psa_crypto_free();
-#endif
-
- return;
-}
-
-psa_status_t mbedtls_test_opaque_init(void)
-{
- return PSA_SUCCESS;
-}
-
-void mbedtls_test_opaque_free(void)
-{
- return;
-}
-
-/*
- * This macro returns the base size for the key context when SE does not
- * support storage. It is the size of the metadata that gets added to the
- * wrapped key. In its test functionality the metadata is just some padded
- * prefixing to the key.
- */
-#define TEST_DRIVER_KEY_CONTEXT_BASE_SIZE \
- PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX_SIZE
-
-
-size_t mbedtls_test_opaque_size_function(
- const psa_key_type_t key_type,
- const size_t key_bits)
-{
- size_t key_buffer_size = 0;
-
- key_buffer_size = PSA_EXPORT_KEY_OUTPUT_SIZE(key_type, key_bits);
- if (key_buffer_size == 0) {
- return 0;
- }
- /* Include spacing for base size overhead over the key size
- * */
- key_buffer_size += TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
- return key_buffer_size;
-}
-
-static size_t mbedtls_test_opaque_get_base_size()
-{
- return TEST_DRIVER_KEY_CONTEXT_BASE_SIZE;
-}
-
-/*
- * The wrap function mbedtls_test_opaque_wrap_key pads and wraps the
- * clear key. It expects the clear and wrap buffers to be passed in.
- * key_length is the size of the clear key to be wrapped.
- * wrapped_key_buffer_size is the size of the output buffer wrap_key.
- * The argument wrapped_key_buffer_length is filled with the wrapped
- * key_size on success.
- * */
-static psa_status_t mbedtls_test_opaque_wrap_key(
- const uint8_t *key,
- size_t key_length,
- uint8_t *wrapped_key_buffer,
- size_t wrapped_key_buffer_size,
- size_t *wrapped_key_buffer_length)
-{
- size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
- uint64_t prefix = PSA_CRYPTO_TEST_DRIVER_OPAQUE_PAD_PREFIX;
-
- if (key_length + opaque_key_base_size > wrapped_key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- /* Write in the opaque pad prefix */
- memcpy(wrapped_key_buffer, &prefix, opaque_key_base_size);
- wrapped_key_buffer += opaque_key_base_size;
- *wrapped_key_buffer_length = key_length + opaque_key_base_size;
-
- while (key_length--) {
- wrapped_key_buffer[key_length] = key[key_length] ^ 0xFF;
- }
- return PSA_SUCCESS;
-}
-
-/*
- * The unwrap function mbedtls_test_opaque_unwrap_key removes a pad prefix
- * and unwraps the wrapped key. It expects the clear and wrap buffers to be
- * passed in.
- * wrapped_key_length is the size of the wrapped key,
- * key_buffer_size is the size of the output buffer clear_key.
- * The argument key_buffer_length is filled with the unwrapped(clear)
- * key_size on success.
- * */
-psa_status_t mbedtls_test_opaque_unwrap_key(
- const uint8_t *wrapped_key,
- size_t wrapped_key_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length)
-{
- /* Remove the pad prefix from the wrapped key */
- size_t opaque_key_base_size = mbedtls_test_opaque_get_base_size();
- size_t clear_key_size;
-
- /* Check for underflow */
- if (wrapped_key_length < opaque_key_base_size) {
- return PSA_ERROR_DATA_CORRUPT;
- }
- clear_key_size = wrapped_key_length - opaque_key_base_size;
-
- wrapped_key += opaque_key_base_size;
- if (clear_key_size > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *key_buffer_length = clear_key_size;
- while (clear_key_size--) {
- key_buffer[clear_key_size] = wrapped_key[clear_key_size] ^ 0xFF;
- }
- return PSA_SUCCESS;
-}
-
-psa_status_t mbedtls_test_transparent_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length)
-{
- ++mbedtls_test_driver_key_management_hooks.hits;
- ++mbedtls_test_driver_key_management_hooks.hits_generate_key;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_management_hooks.forced_output_length >
- key_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(key, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length);
- *key_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(psa_get_key_type(attributes))
- && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_ecp_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_GENERATE)
- return mbedtls_psa_ecp_generate_key(
- attributes, key, key_size, key_length);
-#endif
- } else if (psa_get_key_type(attributes) == PSA_KEY_TYPE_RSA_KEY_PAIR) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_rsa_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- NULL, 0, /* We don't support custom e in the test driver yet */
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_GENERATE)
- return mbedtls_psa_rsa_generate_key(
- attributes,
- NULL, 0, /* We don't support custom e in the test driver yet */
- key, key_size, key_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(psa_get_key_type(attributes))
- && PSA_KEY_TYPE_IS_KEY_PAIR(psa_get_key_type(attributes))) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR_GENERATE)
- return libtestdriver1_mbedtls_psa_ffdh_generate_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key, key_size, key_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR)
- return mbedtls_psa_ffdh_generate_key(
- attributes, key, key_size, key_length);
-#endif
- }
-
- (void) attributes;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_generate_key(
- const psa_key_attributes_t *attributes,
- uint8_t *key, size_t key_size, size_t *key_length)
-{
- (void) attributes;
- (void) key;
- (void) key_size;
- (void) key_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- psa_key_type_t type = psa_get_key_type(attributes);
-
- ++mbedtls_test_driver_key_management_hooks.hits;
- mbedtls_test_driver_key_management_hooks.location = PSA_KEY_LOCATION_LOCAL_STORAGE;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ecp_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return mbedtls_psa_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_rsa_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ffdh_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_ffdh_import_key(
- attributes,
- data, data_length,
- key_buffer, key_buffer_size,
- key_buffer_length, bits);
-#endif
- }
- (void) data;
- (void) data_length;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) key_buffer_length;
- (void) bits;
- (void) type;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-
-psa_status_t mbedtls_test_opaque_import_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- uint8_t *key_buffer,
- size_t key_buffer_size,
- size_t *key_buffer_length,
- size_t *bits)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type(attributes);
- /* This buffer will be used as an intermediate placeholder for
- * the clear key till we wrap it */
- uint8_t *key_buffer_temp;
-
- ++mbedtls_test_driver_key_management_hooks.hits;
- mbedtls_test_driver_key_management_hooks.location = PSA_CRYPTO_TEST_DRIVER_LOCATION;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- key_buffer_temp = mbedtls_calloc(1, key_buffer_size);
- if (key_buffer_temp == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- *bits = PSA_BYTES_TO_BITS(data_length);
-
- status = psa_validate_unstructured_key_bit_size(type,
- *bits);
- if (status != PSA_SUCCESS) {
- goto exit;
- }
-
- if (data_length > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- /* Copy the key material accounting for opaque key padding. */
- memcpy(key_buffer_temp, data, data_length);
- *key_buffer_length = data_length;
- } else if (PSA_KEY_TYPE_IS_ECC(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_ecp_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- status = mbedtls_psa_ecp_import_key(
- attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- goto exit;
- }
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_rsa_import_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_IMPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- status = mbedtls_psa_rsa_import_key(
- attributes,
- data, data_length,
- key_buffer_temp, key_buffer_size,
- key_buffer_length, bits);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- goto exit;
- }
- } else {
- status = PSA_ERROR_INVALID_ARGUMENT;
- goto exit;
- }
-
- status = mbedtls_test_opaque_wrap_key(key_buffer_temp, *key_buffer_length,
- key_buffer, key_buffer_size, key_buffer_length);
-exit:
- mbedtls_free(key_buffer_temp);
- return status;
-}
-
-psa_status_t mbedtls_test_opaque_export_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- if (key_length == sizeof(psa_drv_slot_number_t)) {
- /* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
-
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- /* This is the ECDSA slot. Verify the key's attributes before
- * returning the private key. */
- if (psa_get_key_type(attributes) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 256) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) !=
- PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if ((psa_get_key_usage_flags(attributes) &
- PSA_KEY_USAGE_EXPORT) == 0) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_ecdsa_key)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_ecdsa_key,
- sizeof(mbedtls_test_driver_ecdsa_key));
- *data_length = sizeof(mbedtls_test_driver_ecdsa_key);
- return PSA_SUCCESS;
-
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
- /* This is the AES slot. Verify the key's attributes before
- * returning the key. */
- if (psa_get_key_type(attributes) != PSA_KEY_TYPE_AES) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 128) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) != PSA_ALG_CTR) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if ((psa_get_key_usage_flags(attributes) &
- PSA_KEY_USAGE_EXPORT) == 0) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_aes_key)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_aes_key,
- sizeof(mbedtls_test_driver_aes_key));
- *data_length = sizeof(mbedtls_test_driver_aes_key);
- return PSA_SUCCESS;
-
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
- } else {
- /* This buffer will be used as an intermediate placeholder for
- * the opaque key till we unwrap the key into key_buffer */
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t type = psa_get_key_type(attributes);
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type) ||
- PSA_KEY_TYPE_IS_RSA(type) ||
- PSA_KEY_TYPE_IS_ECC(type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- data, data_size, data_length);
- return status;
- }
- }
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- ++mbedtls_test_driver_key_management_hooks.hits;
- ++mbedtls_test_driver_key_management_hooks.hits_export_public_key;
-
- if (mbedtls_test_driver_key_management_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_key_management_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_key_management_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_key_management_hooks.forced_output_length >
- data_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(data, mbedtls_test_driver_key_management_hooks.forced_output,
- mbedtls_test_driver_key_management_hooks.forced_output_length);
- *data_length = mbedtls_test_driver_key_management_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- psa_key_type_t key_type = psa_get_key_type(attributes);
-
- if (PSA_KEY_TYPE_IS_ECC(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ecp_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- return mbedtls_psa_ecp_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_rsa_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- return mbedtls_psa_rsa_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- } else if (PSA_KEY_TYPE_IS_DH(key_type)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY))
- return libtestdriver1_mbedtls_psa_ffdh_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_KEY_PAIR) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_DH_PUBLIC_KEY)
- return mbedtls_psa_ffdh_export_public_key(
- attributes,
- key_buffer, key_buffer_size,
- data, data_size, data_length);
-#endif
- }
-
- (void) key_buffer;
- (void) key_buffer_size;
- (void) key_type;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_opaque_export_public_key(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- uint8_t *data, size_t data_size, size_t *data_length)
-{
- if (key_length != sizeof(psa_drv_slot_number_t)) {
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- psa_key_type_t key_type = psa_get_key_type(attributes);
- uint8_t *key_buffer_temp;
-
- key_buffer_temp = mbedtls_calloc(1, key_length);
- if (key_buffer_temp == NULL) {
- return PSA_ERROR_INSUFFICIENT_MEMORY;
- }
-
- if (PSA_KEY_TYPE_IS_ECC(key_type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- key_buffer_temp, key_length, data_length);
- if (status == PSA_SUCCESS) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_ecp_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_PUBLIC_KEY)
- status = mbedtls_psa_ecp_export_public_key(
- attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- } else if (PSA_KEY_TYPE_IS_RSA(key_type)) {
- status = mbedtls_test_opaque_unwrap_key(key, key_length,
- key_buffer_temp, key_length, data_length);
- if (status == PSA_SUCCESS) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR) || \
- defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY))
- status = libtestdriver1_mbedtls_psa_rsa_export_public_key(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR_EXPORT) || \
- defined(MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_PUBLIC_KEY)
- status = mbedtls_psa_rsa_export_public_key(
- attributes,
- key_buffer_temp, *data_length,
- data, data_size, data_length);
-#else
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
- } else {
- status = PSA_ERROR_NOT_SUPPORTED;
- (void) key;
- (void) key_type;
- }
- mbedtls_free(key_buffer_temp);
- return status;
- }
-
- /* Assume this is a builtin key based on the key material length. */
- psa_drv_slot_number_t slot_number = *((psa_drv_slot_number_t *) key);
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- /* This is the ECDSA slot. Verify the key's attributes before
- * returning the public key. */
- if (psa_get_key_type(attributes) !=
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_bits(attributes) != 256) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
- if (psa_get_key_algorithm(attributes) !=
- PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)) {
- return PSA_ERROR_CORRUPTION_DETECTED;
- }
-
- if (data_size < sizeof(mbedtls_test_driver_ecdsa_pubkey)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(data, mbedtls_test_driver_ecdsa_pubkey,
- sizeof(mbedtls_test_driver_ecdsa_pubkey));
- *data_length = sizeof(mbedtls_test_driver_ecdsa_pubkey);
- return PSA_SUCCESS;
-
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-}
-
-/* The opaque test driver exposes two built-in keys when builtin key support is
- * compiled in.
- * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT is an AES-128
- * key which allows CTR mode.
- * The key in slot #PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT is a secp256r1
- * private key which allows ECDSA sign & verify.
- * The key buffer format for these is the raw format of psa_drv_slot_number_t
- * (i.e. for an actual driver this would mean 'builtin_key_size' =
- * sizeof(psa_drv_slot_number_t)).
- */
-psa_status_t mbedtls_test_opaque_get_builtin_key(
- psa_drv_slot_number_t slot_number,
- psa_key_attributes_t *attributes,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
-{
- switch (slot_number) {
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT:
- psa_set_key_type(attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(attributes, 128);
- psa_set_key_usage_flags(
- attributes,
- PSA_KEY_USAGE_ENCRYPT |
- PSA_KEY_USAGE_DECRYPT |
- PSA_KEY_USAGE_EXPORT);
- psa_set_key_algorithm(attributes, PSA_ALG_CTR);
-
- if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *((psa_drv_slot_number_t *) key_buffer) =
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_AES_KEY_SLOT;
- *key_buffer_length = sizeof(psa_drv_slot_number_t);
- return PSA_SUCCESS;
- case PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT:
- psa_set_key_type(
- attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
- psa_set_key_bits(attributes, 256);
- psa_set_key_usage_flags(
- attributes,
- PSA_KEY_USAGE_SIGN_HASH |
- PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_EXPORT);
- psa_set_key_algorithm(
- attributes, PSA_ALG_ECDSA(PSA_ALG_ANY_HASH));
-
- if (key_buffer_size < sizeof(psa_drv_slot_number_t)) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- *((psa_drv_slot_number_t *) key_buffer) =
- PSA_CRYPTO_TEST_DRIVER_BUILTIN_ECDSA_KEY_SLOT;
- *key_buffer_length = sizeof(psa_drv_slot_number_t);
- return PSA_SUCCESS;
- default:
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-}
-
-psa_status_t mbedtls_test_opaque_copy_key(
- psa_key_attributes_t *attributes,
- const uint8_t *source_key, size_t source_key_length,
- uint8_t *key_buffer, size_t key_buffer_size, size_t *key_buffer_length)
-{
- /* This is a case where the opaque test driver emulates an SE without storage.
- * With that all key context is stored in the wrapped buffer.
- * So no additional house keeping is necessary to reference count the
- * copied keys. This could change when the opaque test driver is extended
- * to support SE with storage, or to emulate an SE without storage but
- * still holding some slot references */
- if (source_key_length > key_buffer_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(key_buffer, source_key, source_key_length);
- *key_buffer_length = source_key_length;
- (void) attributes;
- return PSA_SUCCESS;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c
deleted file mode 100644
index f1cf504..0000000
--- a/tests/src/drivers/test_driver_mac.c
+++ /dev/null
@@ -1,426 +0,0 @@
-/*
- * Test driver for MAC entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_mac.h"
-
-#include "test/drivers/mac.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_mac.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h"
-#endif
-#endif
-
-mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks =
- MBEDTLS_TEST_DRIVER_MAC_INIT;
-
-psa_status_t mbedtls_test_transparent_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_compute(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg,
- input, input_length,
- mac, mac_size, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_compute(
- attributes, key_buffer, key_buffer_size, alg,
- input, input_length,
- mac, mac_size, mac_length);
-#else
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_sign_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_sign_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_sign_setup(
- operation, attributes, key_buffer, key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_verify_setup(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_verify_setup(
- operation,
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size, alg);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_verify_setup(
- operation, attributes, key_buffer, key_buffer_size, alg);
-#else
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_update(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_update(
- operation, input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_update(
- operation, input, input_length);
-#else
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_sign_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_sign_finish(
- operation, mac, mac_size, mac_length);
-#else
- (void) operation;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_verify_finish(
- mbedtls_transparent_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_verify_finish(
- operation, mac, mac_length);
-#else
- (void) operation;
- (void) mac;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_mac_abort(
- mbedtls_transparent_test_driver_mac_operation_t *operation)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- libtestdriver1_mbedtls_psa_mac_abort(operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_MAC)
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_psa_mac_abort(operation);
-#else
- (void) operation;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_compute(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_sign_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_verify_setup(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_update(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_sign_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- uint8_t *mac,
- size_t mac_size,
- size_t *mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) mac;
- (void) mac_size;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_verify_finish(
- mbedtls_opaque_test_driver_mac_operation_t *operation,
- const uint8_t *mac,
- size_t mac_length)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- (void) mac;
- (void) mac_length;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_opaque_mac_abort(
- mbedtls_opaque_test_driver_mac_operation_t *operation)
-{
- mbedtls_test_driver_mac_hooks.hits++;
-
- if (mbedtls_test_driver_mac_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_mac_hooks.driver_status =
- mbedtls_test_driver_mac_hooks.forced_status;
- } else {
- (void) operation;
- mbedtls_test_driver_mac_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
- }
-
- return mbedtls_test_driver_mac_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c
deleted file mode 100644
index c3ce326..0000000
--- a/tests/src/drivers/test_driver_pake.c
+++ /dev/null
@@ -1,206 +0,0 @@
-/*
- * Test driver for PAKE entry points.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa_crypto_pake.h"
-
-#include "test/drivers/pake.h"
-#include "string.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_pake.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h"
-#endif
-#endif
-
-mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks =
- MBEDTLS_TEST_DRIVER_PAKE_INIT;
-
-
-psa_status_t mbedtls_test_transparent_pake_setup(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- const psa_crypto_driver_pake_inputs_t *inputs)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.setup++;
-
- if (mbedtls_test_driver_pake_hooks.forced_setup_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_setup_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_setup(
- operation, (const libtestdriver1_psa_crypto_driver_pake_inputs_t *) inputs);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_setup(
- operation, inputs);
-#else
- (void) operation;
- (void) inputs;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_output(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- uint8_t *output,
- size_t output_size,
- size_t *output_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.output++;
-
- if (mbedtls_test_driver_pake_hooks.forced_output != NULL) {
- if (output_size < mbedtls_test_driver_pake_hooks.forced_output_length) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(output,
- mbedtls_test_driver_pake_hooks.forced_output,
- mbedtls_test_driver_pake_hooks.forced_output_length);
- *output_length = mbedtls_test_driver_pake_hooks.forced_output_length;
-
- return mbedtls_test_driver_pake_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_output(
- operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
- output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_output(
- operation, step, output, output_size, output_length);
-#else
- (void) operation;
- (void) step;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_input(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- psa_crypto_driver_pake_step_t step,
- const uint8_t *input,
- size_t input_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.input++;
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_input(
- operation, (libtestdriver1_psa_crypto_driver_pake_step_t) step,
- input, input_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_input(
- operation, step, input, input_length);
-#else
- (void) operation;
- (void) step;
- (void) input;
- (void) input_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_get_implicit_key(
- mbedtls_transparent_test_driver_pake_operation_t *operation,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.implicit_key++;
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- } else {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_get_implicit_key(
- operation, output, output_size, output_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_get_implicit_key(
- operation, output, output_size, output_length);
-#else
- (void) operation;
- (void) output;
- (void) output_size;
- (void) output_length;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- }
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-psa_status_t mbedtls_test_transparent_pake_abort(
- mbedtls_transparent_test_driver_pake_operation_t *operation)
-{
- mbedtls_test_driver_pake_hooks.hits.total++;
- mbedtls_test_driver_pake_hooks.hits.abort++;
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- libtestdriver1_mbedtls_psa_pake_abort(
- operation);
-#elif defined(MBEDTLS_PSA_BUILTIN_PAKE)
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_psa_pake_abort(
- operation);
-#else
- (void) operation;
- mbedtls_test_driver_pake_hooks.driver_status = PSA_ERROR_NOT_SUPPORTED;
-#endif
-
-
- if (mbedtls_test_driver_pake_hooks.forced_status != PSA_SUCCESS &&
- mbedtls_test_driver_pake_hooks.driver_status == PSA_SUCCESS) {
- mbedtls_test_driver_pake_hooks.driver_status =
- mbedtls_test_driver_pake_hooks.forced_status;
- }
-
-
- return mbedtls_test_driver_pake_hooks.driver_status;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c
deleted file mode 100644
index a6eef57..0000000
--- a/tests/src/drivers/test_driver_signature.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/*
- * Test driver for signature functions.
- * Currently supports signing and verifying precalculated hashes, using
- * only deterministic ECDSA on curves secp256r1, secp384r1 and secp521r1.
- */
-/* Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-
-#if defined(PSA_CRYPTO_DRIVER_TEST)
-#include "psa/crypto.h"
-#include "psa_crypto_core.h"
-#include "psa_crypto_ecp.h"
-#include "psa_crypto_hash.h"
-#include "psa_crypto_rsa.h"
-#include "mbedtls/ecp.h"
-
-#include "test/drivers/hash.h"
-#include "test/drivers/signature.h"
-#include "test/drivers/hash.h"
-
-#include "mbedtls/ecdsa.h"
-
-#include "test/random.h"
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1)
-#if MBEDTLS_VERSION_MAJOR < 4
-#include "libtestdriver1/library/psa_crypto_ecp.h"
-#include "libtestdriver1/library/psa_crypto_hash.h"
-#include "libtestdriver1/library/psa_crypto_rsa.h"
-#else
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h"
-#include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h"
-#endif
-#endif
-
-#include <string.h>
-
-mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_sign_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-mbedtls_test_driver_signature_hooks_t
- mbedtls_test_driver_signature_verify_hooks = MBEDTLS_TEST_DRIVER_SIGNATURE_INIT;
-
-psa_status_t sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- if (attributes->type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
- PSA_ALG_IS_RSA_PSS(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
- return libtestdriver1_mbedtls_psa_rsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return mbedtls_psa_rsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
- if (PSA_ALG_IS_ECDSA(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
- return libtestdriver1_mbedtls_psa_ecdsa_sign_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return mbedtls_psa_ecdsa_sign_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash,
- size_t hash_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- if (PSA_KEY_TYPE_IS_RSA(attributes->type)) {
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg) ||
- PSA_ALG_IS_RSA_PSS(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS))
- return libtestdriver1_mbedtls_psa_rsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PKCS1V15_SIGN) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_RSA_PSS)
- return mbedtls_psa_rsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- } else if (PSA_KEY_TYPE_IS_ECC(attributes->type)) {
- if (PSA_ALG_IS_ECDSA(alg)) {
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- (defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA))
- return libtestdriver1_mbedtls_psa_ecdsa_verify_hash(
- (const libtestdriver1_psa_key_attributes_t *) attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_ALG_ECDSA) || \
- defined(MBEDTLS_PSA_BUILTIN_ALG_DETERMINISTIC_ECDSA)
- return mbedtls_psa_ecdsa_verify_hash(
- attributes,
- key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-#endif
- } else {
- return PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- (void) attributes;
- (void) key_buffer;
- (void) key_buffer_size;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t hash_length;
- uint8_t hash[PSA_HASH_MAX_SIZE];
-
- ++mbedtls_test_driver_signature_sign_hooks.hits;
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_sign_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
-
- memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length);
- *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
-
- return PSA_SUCCESS;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#else
- (void) input;
- (void) input_length;
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return sign_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_sign_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- uint8_t *signature,
- size_t signature_size,
- size_t *signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer,
- size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
- size_t hash_length;
- uint8_t hash[PSA_HASH_MAX_SIZE];
-
- ++mbedtls_test_driver_signature_verify_hooks.hits;
-
- if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_verify_hooks.forced_status;
- }
-
-#if defined(MBEDTLS_TEST_LIBTESTDRIVER1) && \
- defined(LIBTESTDRIVER1_MBEDTLS_PSA_BUILTIN_HASH)
- status = libtestdriver1_mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#elif defined(MBEDTLS_PSA_BUILTIN_HASH)
- status = mbedtls_psa_hash_compute(
- PSA_ALG_SIGN_GET_HASH(alg), input, input_length,
- hash, sizeof(hash), &hash_length);
-#else
- (void) input;
- (void) input_length;
- status = PSA_ERROR_NOT_SUPPORTED;
-#endif
- if (status != PSA_SUCCESS) {
- return status;
- }
-
- return verify_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_verify_message(
- const psa_key_attributes_t *attributes,
- const uint8_t *key,
- size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *input,
- size_t input_length,
- const uint8_t *signature,
- size_t signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) input;
- (void) input_length;
- (void) signature;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length)
-{
- ++mbedtls_test_driver_signature_sign_hooks.hits;
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_sign_hooks.forced_status;
- }
-
- if (mbedtls_test_driver_signature_sign_hooks.forced_output != NULL) {
- if (mbedtls_test_driver_signature_sign_hooks.forced_output_length > signature_size) {
- return PSA_ERROR_BUFFER_TOO_SMALL;
- }
- memcpy(signature, mbedtls_test_driver_signature_sign_hooks.forced_output,
- mbedtls_test_driver_signature_sign_hooks.forced_output_length);
- *signature_length = mbedtls_test_driver_signature_sign_hooks.forced_output_length;
- return PSA_SUCCESS;
- }
-
- return sign_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_size, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_sign_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- uint8_t *signature, size_t signature_size, size_t *signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_size;
- (void) signature_length;
-
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-psa_status_t mbedtls_test_transparent_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key_buffer, size_t key_buffer_size,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length)
-{
- ++mbedtls_test_driver_signature_verify_hooks.hits;
-
- if (mbedtls_test_driver_signature_verify_hooks.forced_status != PSA_SUCCESS) {
- return mbedtls_test_driver_signature_verify_hooks.forced_status;
- }
-
- return verify_hash(attributes, key_buffer, key_buffer_size,
- alg, hash, hash_length,
- signature, signature_length);
-}
-
-psa_status_t mbedtls_test_opaque_signature_verify_hash(
- const psa_key_attributes_t *attributes,
- const uint8_t *key, size_t key_length,
- psa_algorithm_t alg,
- const uint8_t *hash, size_t hash_length,
- const uint8_t *signature, size_t signature_length)
-{
- (void) attributes;
- (void) key;
- (void) key_length;
- (void) alg;
- (void) hash;
- (void) hash_length;
- (void) signature;
- (void) signature_length;
- return PSA_ERROR_NOT_SUPPORTED;
-}
-
-#endif /* PSA_CRYPTO_DRIVER_TEST */
diff --git a/tests/src/fake_external_rng_for_test.c b/tests/src/fake_external_rng_for_test.c
deleted file mode 100644
index c0bfde5..0000000
--- a/tests/src/fake_external_rng_for_test.c
+++ /dev/null
@@ -1,45 +0,0 @@
-/** \file fake_external_rng_for_test.c
- *
- * \brief Helper functions to test PSA crypto functionality.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/fake_external_rng_for_test.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG)
-#include <test/random.h>
-#include <psa/crypto.h>
-
-static int test_insecure_external_rng_enabled = 0;
-
-void mbedtls_test_enable_insecure_external_rng(void)
-{
- test_insecure_external_rng_enabled = 1;
-}
-
-void mbedtls_test_disable_insecure_external_rng(void)
-{
- test_insecure_external_rng_enabled = 0;
-}
-
-psa_status_t mbedtls_psa_external_get_random(
- mbedtls_psa_external_random_context_t *context,
- uint8_t *output, size_t output_size, size_t *output_length)
-{
- (void) context;
-
- if (!test_insecure_external_rng_enabled) {
- return PSA_ERROR_INSUFFICIENT_ENTROPY;
- }
-
- /* This implementation is for test purposes only!
- * Use the libc non-cryptographic random generator. */
- mbedtls_test_rnd_std_rand(NULL, output, output_size);
- *output_length = output_size;
- return PSA_SUCCESS;
-}
-#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
deleted file mode 100644
index 1a15733..0000000
--- a/tests/src/helpers.c
+++ /dev/null
@@ -1,723 +0,0 @@
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/constant_flow.h>
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <string.h>
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include <psa/crypto.h>
-#include <test/psa_crypto_helpers.h>
-#endif
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C)
-#include <test/psa_memory_poisoning_wrappers.h>
-#endif
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
-#include <test/bignum_codepath_check.h>
-#endif
-#if defined(MBEDTLS_THREADING_C)
-#include "mbedtls/threading.h"
-#endif
-
-/*----------------------------------------------------------------------------*/
-/* Static global variables */
-
-#if defined(MBEDTLS_PLATFORM_C)
-static mbedtls_platform_context platform_ctx;
-#endif
-
-static mbedtls_test_info_t mbedtls_test_info;
-
-#ifdef MBEDTLS_THREADING_C
-mbedtls_threading_mutex_t mbedtls_test_info_mutex;
-#endif /* MBEDTLS_THREADING_C */
-
-/*----------------------------------------------------------------------------*/
-/* Mbedtls Test Info accessors
- *
- * NOTE - there are two types of accessors here: public accessors and internal
- * accessors. The public accessors have prototypes in helpers.h and lock
- * mbedtls_test_info_mutex (if mutexes are enabled). The _internal accessors,
- * which are expected to be used from this module *only*, do not lock the mutex.
- * These are designed to be called from within public functions which already
- * hold the mutex. The main reason for this difference is the need to set
- * multiple test data values atomically (without releasing the mutex) to prevent
- * race conditions. */
-
-mbedtls_test_result_t mbedtls_test_get_result(void)
-{
- mbedtls_test_result_t result;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- result = mbedtls_test_info.result;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return result;
-}
-
-static void mbedtls_test_set_result_internal(mbedtls_test_result_t result, const char *test,
- int line_no, const char *filename)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.result = result;
- mbedtls_test_info.test = test;
- mbedtls_test_info.line_no = line_no;
- mbedtls_test_info.filename = filename;
-}
-
-const char *mbedtls_test_get_test(void)
-{
- const char *test;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- test = mbedtls_test_info.test;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return test;
-}
-const char *mbedtls_get_test_filename(void)
-{
- const char *filename;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* It should be ok just to pass back the pointer here, as it is going to
- * be a pointer into non changing data. */
- filename = mbedtls_test_info.filename;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return filename;
-}
-
-int mbedtls_test_get_line_no(void)
-{
- int line_no;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- line_no = mbedtls_test_info.line_no;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return line_no;
-}
-
-void mbedtls_test_increment_step(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- ++mbedtls_test_info.step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-unsigned long mbedtls_test_get_step(void)
-{
- unsigned long step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- step = mbedtls_test_info.step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return step;
-}
-
-static void mbedtls_test_reset_step_internal(void)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.step = (unsigned long) (-1);
-}
-
-void mbedtls_test_set_step(unsigned long step)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_info.step = step;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_get_line1(char *line)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- memcpy(line, mbedtls_test_info.line1, MBEDTLS_TEST_LINE_LENGTH);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-static void mbedtls_test_set_line1_internal(const char *line)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- if (line == NULL) {
- memset(mbedtls_test_info.line1, 0, MBEDTLS_TEST_LINE_LENGTH);
- } else {
- memcpy(mbedtls_test_info.line1, line, MBEDTLS_TEST_LINE_LENGTH);
- }
-}
-
-void mbedtls_test_get_line2(char *line)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- memcpy(line, mbedtls_test_info.line2, MBEDTLS_TEST_LINE_LENGTH);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-static void mbedtls_test_set_line2_internal(const char *line)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- if (line == NULL) {
- memset(mbedtls_test_info.line2, 0, MBEDTLS_TEST_LINE_LENGTH);
- } else {
- memcpy(mbedtls_test_info.line2, line, MBEDTLS_TEST_LINE_LENGTH);
- }
-}
-
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-const char *mbedtls_test_get_mutex_usage_error(void)
-{
- const char *usage_error;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- usage_error = mbedtls_test_info.mutex_usage_error;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return usage_error;
-}
-
-void mbedtls_test_set_mutex_usage_error(const char *msg)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- if (mbedtls_test_info.mutex_usage_error == NULL || msg == NULL) {
- mbedtls_test_info.mutex_usage_error = msg;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-#endif // #if defined(MBEDTLS_TEST_MUTEX_USAGE)
-
-#if defined(MBEDTLS_BIGNUM_C)
-
-unsigned mbedtls_test_get_case_uses_negative_0(void)
-{
- unsigned test_case_uses_negative_0 = 0;
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
- test_case_uses_negative_0 = mbedtls_test_info.case_uses_negative_0;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return test_case_uses_negative_0;
-}
-
-static void mbedtls_test_set_case_uses_negative_0_internal(unsigned uses)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- mbedtls_test_info.case_uses_negative_0 = uses;
-}
-
-void mbedtls_test_increment_case_uses_negative_0(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- ++mbedtls_test_info.case_uses_negative_0;
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-#endif /* MBEDTLS_BIGNUM_C */
-
-#ifdef MBEDTLS_TEST_MUTEX_USAGE
-mbedtls_threading_mutex_t *mbedtls_test_get_info_mutex(void)
-{
- return &mbedtls_test_info_mutex;
-}
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-/*----------------------------------------------------------------------------*/
-/* Helper Functions */
-
-int mbedtls_test_platform_setup(void)
-{
- int ret = 0;
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
- mbedtls_poison_test_hooks_setup();
-#endif
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
- /* Make sure that injected entropy is present. Otherwise
- * psa_crypto_init() will fail. This is not necessary for test suites
- * that don't use PSA, but it's harmless (except for leaving a file
- * behind). */
- ret = mbedtls_test_inject_entropy_restore();
- if (ret != 0) {
- return ret;
- }
-#endif
-
-#if defined(MBEDTLS_PLATFORM_C)
- ret = mbedtls_platform_setup(&platform_ctx);
-#endif /* MBEDTLS_PLATFORM_C */
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_init(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
- mbedtls_codepath_test_hooks_setup();
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-
- return ret;
-}
-
-void mbedtls_test_platform_teardown(void)
-{
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && !defined(MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
- mbedtls_poison_test_hooks_teardown();
-#endif
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_free(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
-#if defined(MBEDTLS_PLATFORM_C)
- mbedtls_platform_teardown(&platform_ctx);
-#endif /* MBEDTLS_PLATFORM_C */
-
-#if defined(MBEDTLS_TEST_HOOKS) && !defined(MBEDTLS_THREADING_C)
- mbedtls_codepath_test_hooks_teardown();
-#endif /* MBEDTLS_TEST_HOOKS && !MBEDTLS_THREADING_C */
-}
-
-int mbedtls_test_ascii2uc(const char c, unsigned char *uc)
-{
- if ((c >= '0') && (c <= '9')) {
- *uc = c - '0';
- } else if ((c >= 'a') && (c <= 'f')) {
- *uc = c - 'a' + 10;
- } else if ((c >= 'A') && (c <= 'F')) {
- *uc = c - 'A' + 10;
- } else {
- return -1;
- }
-
- return 0;
-}
-
-static void mbedtls_test_fail_internal(const char *test, int line_no, const char *filename)
-{
- /* Internal function only - mbedtls_test_info_mutex should be held prior
- * to calling this function. */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we have already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_FAILED, test, line_no, filename);
- }
-}
-
-void mbedtls_test_fail(const char *test, int line_no, const char *filename)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_fail_internal(test, line_no, filename);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_skip(const char *test, int line_no, const char *filename)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SKIPPED, test, line_no, filename);
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-void mbedtls_test_info_reset(void)
-{
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- mbedtls_test_set_result_internal(MBEDTLS_TEST_RESULT_SUCCESS, 0, 0, 0);
- mbedtls_test_reset_step_internal();
- mbedtls_test_set_line1_internal(NULL);
- mbedtls_test_set_line2_internal(NULL);
-
-#if defined(MBEDTLS_BIGNUM_C)
- mbedtls_test_set_case_uses_negative_0_internal(0);
-#endif
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-}
-
-int mbedtls_test_equal(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 == value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, as we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %lld",
- value1, (long long) value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %lld",
- value2, (long long) value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_le_u(const char *test, int line_no, const char *filename,
- unsigned long long value1, unsigned long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 <= value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %llu",
- value1, value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %llu",
- value2, value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_le_s(const char *test, int line_no, const char *filename,
- long long value1, long long value2)
-{
- TEST_CF_PUBLIC(&value1, sizeof(value1));
- TEST_CF_PUBLIC(&value2, sizeof(value2));
-
- if (value1 <= value2) {
- return 1;
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_lock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- /* Don't use accessor, we already hold mutex. */
- if (mbedtls_test_info.result != MBEDTLS_TEST_RESULT_FAILED) {
- /* If we've already recorded the test as having failed then don't
- * overwrite any previous information about the failure. */
-
- char buf[MBEDTLS_TEST_LINE_LENGTH];
- mbedtls_test_fail_internal(test, line_no, filename);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "lhs = 0x%016llx = %lld",
- (unsigned long long) value1, value1);
- mbedtls_test_set_line1_internal(buf);
- (void) mbedtls_snprintf(buf, sizeof(buf),
- "rhs = 0x%016llx = %lld",
- (unsigned long long) value2, value2);
- mbedtls_test_set_line2_internal(buf);
- }
-
-#ifdef MBEDTLS_THREADING_C
- mbedtls_mutex_unlock(&mbedtls_test_info_mutex);
-#endif /* MBEDTLS_THREADING_C */
-
- return 0;
-}
-
-int mbedtls_test_unhexify(unsigned char *obuf,
- size_t obufmax,
- const char *ibuf,
- size_t *len)
-{
- unsigned char uc, uc2;
-
- *len = strlen(ibuf);
-
- /* Must be even number of bytes. */
- if ((*len) & 1) {
- return -1;
- }
- *len /= 2;
-
- if ((*len) > obufmax) {
- return -1;
- }
-
- while (*ibuf != 0) {
- if (mbedtls_test_ascii2uc(*(ibuf++), &uc) != 0) {
- return -1;
- }
-
- if (mbedtls_test_ascii2uc(*(ibuf++), &uc2) != 0) {
- return -1;
- }
-
- *(obuf++) = (uc << 4) | uc2;
- }
-
- return 0;
-}
-
-void mbedtls_test_hexify(unsigned char *obuf,
- const unsigned char *ibuf,
- int len)
-{
- unsigned char l, h;
-
- while (len != 0) {
- h = *ibuf / 16;
- l = *ibuf % 16;
-
- if (h < 10) {
- *obuf++ = '0' + h;
- } else {
- *obuf++ = 'a' + h - 10;
- }
-
- if (l < 10) {
- *obuf++ = '0' + l;
- } else {
- *obuf++ = 'a' + l - 10;
- }
-
- ++ibuf;
- len--;
- }
-}
-
-unsigned char *mbedtls_test_zero_alloc(size_t len)
-{
- void *p;
- size_t actual_len = (len != 0) ? len : 1;
-
- p = mbedtls_calloc(1, actual_len);
- TEST_HELPER_ASSERT(p != NULL);
-
- memset(p, 0x00, actual_len);
-
- return p;
-}
-
-unsigned char *mbedtls_test_unhexify_alloc(const char *ibuf, size_t *olen)
-{
- unsigned char *obuf;
- size_t len;
-
- *olen = strlen(ibuf) / 2;
-
- if (*olen == 0) {
- return mbedtls_test_zero_alloc(*olen);
- }
-
- obuf = mbedtls_calloc(1, *olen);
- TEST_HELPER_ASSERT(obuf != NULL);
- TEST_HELPER_ASSERT(mbedtls_test_unhexify(obuf, *olen, ibuf, &len) == 0);
-
- return obuf;
-}
-
-int mbedtls_test_hexcmp(uint8_t *a, uint8_t *b,
- uint32_t a_len, uint32_t b_len)
-{
- int ret = 0;
- uint32_t i = 0;
-
- if (a_len != b_len) {
- return -1;
- }
-
- for (i = 0; i < a_len; i++) {
- if (a[i] != b[i]) {
- ret = -1;
- break;
- }
- }
- return ret;
-}
-
-#if defined(MBEDTLS_TEST_HOOKS)
-void mbedtls_test_err_add_check(int high, int low,
- const char *file, int line)
-{
- /* Error codes are always negative (a value of zero is a success) however
- * their positive opposites can be easier to understand. The following
- * examples given in comments have been made positive for ease of
- * understanding. The structure of an error code is such:
- *
- * shhhhhhhhlllllll
- *
- * s = sign bit.
- * h = high level error code (includes high level module ID (bits 12..14)
- * and module-dependent error code (bits 7..11)).
- * l = low level error code.
- */
- if (high > -0x1000 && high != 0) {
- /* high < 0001000000000000
- * No high level module ID bits are set.
- */
- mbedtls_test_fail("'high' is not a high-level error code",
- line, file);
- } else if (high < -0x7F80) {
- /* high > 0111111110000000
- * Error code is greater than the largest allowed high level module ID.
- */
- mbedtls_test_fail("'high' error code is greater than 15 bits",
- line, file);
- } else if ((high & 0x7F) != 0) {
- /* high & 0000000001111111
- * Error code contains low level error code bits.
- */
- mbedtls_test_fail("'high' contains a low-level error code",
- line, file);
- } else if (low < -0x007F) {
- /* low > 0000000001111111
- * Error code contains high or module level error code bits.
- */
- mbedtls_test_fail("'low' error code is greater than 7 bits",
- line, file);
- } else if (low > 0) {
- mbedtls_test_fail("'low' error code is greater than zero",
- line, file);
- }
-}
-
-void (*mbedtls_test_hook_error_add)(int, int, const char *, int);
-
-#endif /* MBEDTLS_TEST_HOOKS */
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
deleted file mode 100644
index 197fd41..0000000
--- a/tests/src/psa_crypto_helpers.c
+++ /dev/null
@@ -1,205 +0,0 @@
-/** \file psa_crypto_helpers.c
- *
- * \brief Helper functions to test PSA crypto functionality.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <psa_crypto_slot_management.h>
-#include <test/psa_crypto_helpers.h>
-
-#if defined(MBEDTLS_CTR_DRBG_C)
-#include <mbedtls/ctr_drbg.h>
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
-
-#include <psa_crypto_storage.h>
-
-static mbedtls_svc_key_id_t key_ids_used_in_test[9];
-static size_t num_key_ids_used;
-
-int mbedtls_test_uses_key_id(mbedtls_svc_key_id_t key_id)
-{
- size_t i;
- if (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(key_id) >
- PSA_MAX_PERSISTENT_KEY_IDENTIFIER) {
- /* Don't touch key id values that designate non-key files. */
- return 1;
- }
- for (i = 0; i < num_key_ids_used; i++) {
- if (mbedtls_svc_key_id_equal(key_id, key_ids_used_in_test[i])) {
- return 1;
- }
- }
- if (num_key_ids_used == ARRAY_LENGTH(key_ids_used_in_test)) {
- return 0;
- }
- key_ids_used_in_test[num_key_ids_used] = key_id;
- ++num_key_ids_used;
- return 1;
-}
-
-void mbedtls_test_psa_purge_key_storage(void)
-{
- size_t i;
- for (i = 0; i < num_key_ids_used; i++) {
- psa_destroy_persistent_key(key_ids_used_in_test[i]);
- }
- num_key_ids_used = 0;
-}
-
-void mbedtls_test_psa_purge_key_cache(void)
-{
- size_t i;
- for (i = 0; i < num_key_ids_used; i++) {
- psa_purge_key(key_ids_used_in_test[i]);
- }
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */
-
-const char *mbedtls_test_helper_is_psa_leaking(void)
-{
- mbedtls_psa_stats_t stats;
-
- mbedtls_psa_get_stats(&stats);
-
- /* Some volatile slots may be used for internal purposes. Generally
- * we'll have exactly MBEDTLS_TEST_PSA_INTERNAL_KEYS at this point,
- * but in some cases we might have less, e.g. if a code path calls
- * PSA_DONE more than once, or if there has only been a partial or
- * failed initialization. */
- if (stats.volatile_slots > MBEDTLS_TEST_PSA_INTERNAL_KEYS) {
- return "A volatile slot has not been closed properly.";
- }
- if (stats.persistent_slots != 0) {
- return "A persistent slot has not been closed properly.";
- }
- if (stats.external_slots != 0) {
- return "An external slot has not been closed properly.";
- }
- if (stats.half_filled_slots != 0) {
- return "A half-filled slot has not been cleared properly.";
- }
- if (stats.locked_slots != 0) {
- return "Some slots are still marked as locked.";
- }
-
- return NULL;
-}
-
-#if defined(RECORD_PSA_STATUS_COVERAGE_LOG)
-/** Name of the file where return statuses are logged by #RECORD_STATUS. */
-#define STATUS_LOG_FILE_NAME "statuses.log"
-
-psa_status_t mbedtls_test_record_status(psa_status_t status,
- const char *func,
- const char *file, int line,
- const char *expr)
-{
- /* We open the log file on first use.
- * We never close the log file, so the record_status feature is not
- * compatible with resource leak detectors such as Asan.
- */
- static FILE *log;
- if (log == NULL) {
- log = fopen(STATUS_LOG_FILE_NAME, "a");
- }
- fprintf(log, "%d:%s:%s:%d:%s\n", (int) status, func, file, line, expr);
- return status;
-}
-#endif /* defined(RECORD_PSA_STATUS_COVERAGE_LOG) */
-
-psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags)
-{
- psa_key_usage_t updated_usage = usage_flags;
-
- if (usage_flags & PSA_KEY_USAGE_SIGN_HASH) {
- updated_usage |= PSA_KEY_USAGE_SIGN_MESSAGE;
- }
-
- if (usage_flags & PSA_KEY_USAGE_VERIFY_HASH) {
- updated_usage |= PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
-
- return updated_usage;
-}
-
-int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
-{
- const char *msg = mbedtls_test_helper_is_psa_leaking();
- if (msg == NULL) {
- return 0;
- } else {
- mbedtls_test_fail(msg, line_no, filename);
- return 1;
- }
-}
-
-uint64_t mbedtls_test_parse_binary_string(data_t *bin_string)
-{
- uint64_t result = 0;
- TEST_LE_U(bin_string->len, 8);
- for (size_t i = 0; i < bin_string->len; i++) {
- result = result << 8 | bin_string->x[i];
- }
-exit:
- return result; /* returns 0 if len > 8 */
-}
-
-#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-
-#include <mbedtls/entropy.h>
-#include <psa_crypto_its.h>
-
-int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
-{
- size_t actual_len = 0;
- psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
- 0, len, buf, &actual_len);
- if (status != 0) {
- return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- }
- if (actual_len != len) {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
- return 0;
-}
-
-int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
-{
- psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
- len, buf, 0);
- if (status != 0) {
- return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
- }
- return 0;
-}
-
-int mbedtls_test_inject_entropy_restore(void)
-{
- unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
- for (size_t i = 0; i < sizeof(buf); i++) {
- buf[i] = (unsigned char) i;
- }
- psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
- /* It's ok if the file was just created, or if it already exists. */
- if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
- return status;
- }
- return PSA_SUCCESS;
-}
-
-#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_crypto_stubs.c b/tests/src/psa_crypto_stubs.c
deleted file mode 100644
index 81d7f4b..0000000
--- a/tests/src/psa_crypto_stubs.c
+++ /dev/null
@@ -1,75 +0,0 @@
-/** \file psa_crypto_stubs.c
- *
- * \brief Stub functions when MBEDTLS_PSA_CRYPTO_CLIENT is enabled but
- * MBEDTLS_PSA_CRYPTO_C is disabled.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <psa/crypto.h>
-
-#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && !defined(MBEDTLS_PSA_CRYPTO_C)
-
-psa_status_t psa_generate_random(uint8_t *output,
- size_t output_size)
-{
- (void) output;
- (void) output_size;
-
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_export_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- (void) key;
- (void) data;
- (void) data_size;
- (void) data_length;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_export_public_key(mbedtls_svc_key_id_t key,
- uint8_t *data,
- size_t data_size,
- size_t *data_length)
-{
- (void) key;
- (void) data;
- (void) data_size;
- (void) data_length;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_get_key_attributes(mbedtls_svc_key_id_t key,
- psa_key_attributes_t *attributes)
-{
- (void) key;
- (void) attributes;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_hash_abort(psa_hash_operation_t *operation)
-{
- (void) operation;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-psa_status_t psa_import_key(const psa_key_attributes_t *attributes,
- const uint8_t *data,
- size_t data_length,
- mbedtls_svc_key_id_t *key)
-{
- (void) attributes;
- (void) data;
- (void) data_length;
- (void) key;
- return PSA_ERROR_COMMUNICATION_FAILURE;
-}
-
-#endif /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
deleted file mode 100644
index 032c489..0000000
--- a/tests/src/psa_exercise_key.c
+++ /dev/null
@@ -1,1336 +0,0 @@
-/** Code to exercise a PSA key object, i.e. validate that it seems well-formed
- * and can do what it is supposed to do.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <test/psa_exercise_key.h>
-
-#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \
- (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT))
-
-#include <mbedtls/asn1.h>
-#include <psa/crypto.h>
-
-#include <test/asn1_helpers.h>
-#include <psa_crypto_slot_management.h>
-#include <test/psa_crypto_helpers.h>
-
-#if defined(MBEDTLS_PK_C)
-#include <pk_internal.h>
-#endif
-#if defined(MBEDTLS_ECP_C)
-#include <mbedtls/ecp.h>
-#endif
-#if defined(MBEDTLS_RSA_C)
-#include <rsa_internal.h>
-#endif
-
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-static int lifetime_is_dynamic_secure_element(psa_key_lifetime_t lifetime)
-{
- return PSA_KEY_LIFETIME_GET_LOCATION(lifetime) !=
- PSA_KEY_LOCATION_LOCAL_STORAGE;
-}
-#endif
-
-static int check_key_attributes_sanity(mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- int ok = 0;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_lifetime_t lifetime;
- mbedtls_svc_key_id_t id;
- psa_key_type_t type;
- size_t bits;
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
- lifetime = psa_get_key_lifetime(&attributes);
- id = psa_get_key_id(&attributes);
- type = psa_get_key_type(&attributes);
- bits = psa_get_key_bits(&attributes);
-
- /* Persistence */
- if (PSA_KEY_LIFETIME_IS_VOLATILE(lifetime)) {
- TEST_ASSERT(
- (PSA_KEY_ID_VOLATILE_MIN <=
- MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
- (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <=
- PSA_KEY_ID_VOLATILE_MAX));
- } else {
- TEST_ASSERT(
- (PSA_KEY_ID_USER_MIN <= MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id)) &&
- (MBEDTLS_SVC_KEY_ID_GET_KEY_ID(id) <= PSA_KEY_ID_USER_MAX));
- }
-#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
- /* MBEDTLS_PSA_CRYPTO_SE_C does not support thread safety. */
- if (key_destroyable == 0) {
- /* randomly-generated 64-bit constant, should never appear in test data */
- psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
- status = psa_get_key_slot_number(&attributes, &slot_number);
- if (lifetime_is_dynamic_secure_element(lifetime)) {
- /* Mbed TLS currently always exposes the slot number to
- * applications. This is not mandated by the PSA specification
- * and may change in future versions. */
- TEST_EQUAL(status, 0);
- TEST_ASSERT(slot_number != 0xec94d4a5058a1a21);
- } else {
- TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
- }
- }
-#endif
-
- /* Type and size */
- TEST_ASSERT(type != 0);
- TEST_ASSERT(bits != 0);
- TEST_ASSERT(bits <= PSA_MAX_KEY_BITS);
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- TEST_ASSERT(bits % 8 == 0);
- }
-
- /* MAX macros concerning specific key types */
- if (PSA_KEY_TYPE_IS_ECC(type)) {
- TEST_ASSERT(bits <= PSA_VENDOR_ECC_MAX_CURVE_BITS);
- } else if (PSA_KEY_TYPE_IS_RSA(type)) {
- TEST_ASSERT(bits <= PSA_VENDOR_RSA_MAX_KEY_BITS);
- }
- TEST_ASSERT(PSA_BLOCK_CIPHER_BLOCK_LENGTH(type) <= PSA_BLOCK_CIPHER_BLOCK_MAX_SIZE);
-
- ok = 1;
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- return ok;
-}
-
-static int exercise_mac_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_mac_operation_t operation = PSA_MAC_OPERATION_INIT;
- const unsigned char input[] = "foo";
- unsigned char mac[PSA_MAC_MAX_SIZE] = { 0 };
- size_t mac_length = sizeof(mac);
- psa_status_t status = PSA_SUCCESS;
- /* Convert wildcard algorithm to exercisable algorithm */
- if (alg & PSA_ALG_MAC_AT_LEAST_THIS_LENGTH_FLAG) {
- alg = PSA_ALG_TRUNCATED_MAC(alg, PSA_MAC_TRUNCATED_LENGTH(alg));
- }
-
- if (usage & PSA_KEY_USAGE_SIGN_HASH) {
- status = psa_mac_sign_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_mac_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_mac_update(&operation,
- input, sizeof(input)));
- PSA_ASSERT(psa_mac_sign_finish(&operation,
- mac, sizeof(mac),
- &mac_length));
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_mac_verify_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_mac_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_mac_update(&operation,
- input, sizeof(input)));
- TEST_EQUAL(psa_mac_verify_finish(&operation, mac, mac_length),
- verify_status);
- }
-
- return 1;
-
-exit:
- psa_mac_abort(&operation);
- return 0;
-}
-
-static int exercise_cipher_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- unsigned char iv[PSA_CIPHER_IV_MAX_SIZE] = { 0 };
- size_t iv_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- const unsigned char plaintext[16] = "Hello, world...";
- unsigned char ciphertext[32] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- unsigned char decrypted[sizeof(ciphertext)];
- size_t part_length;
- psa_status_t status = PSA_SUCCESS;
-
- PSA_ASSERT(psa_get_key_attributes(key, &attributes));
- key_type = psa_get_key_type(&attributes);
- iv_length = PSA_CIPHER_IV_LENGTH(key_type, alg);
-
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_cipher_encrypt_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_cipher_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- if (iv_length != 0) {
- PSA_ASSERT(psa_cipher_generate_iv(&operation,
- iv, sizeof(iv),
- &iv_length));
- }
- PSA_ASSERT(psa_cipher_update(&operation,
- plaintext, sizeof(plaintext),
- ciphertext, sizeof(ciphertext),
- &ciphertext_length));
- PSA_ASSERT(psa_cipher_finish(&operation,
- ciphertext + ciphertext_length,
- sizeof(ciphertext) - ciphertext_length,
- &part_length));
- ciphertext_length += part_length;
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- int maybe_invalid_padding = 0;
- if (!(usage & PSA_KEY_USAGE_ENCRYPT)) {
- maybe_invalid_padding = !PSA_ALG_IS_STREAM_CIPHER(alg);
- }
- status = psa_cipher_decrypt_setup(&operation, key, alg);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_cipher_abort(&operation));
- return 1;
- }
- PSA_ASSERT(status);
- if (iv_length != 0) {
- PSA_ASSERT(psa_cipher_set_iv(&operation,
- iv, iv_length));
- }
- PSA_ASSERT(psa_cipher_update(&operation,
- ciphertext, ciphertext_length,
- decrypted, sizeof(decrypted),
- &part_length));
- status = psa_cipher_finish(&operation,
- decrypted + part_length,
- sizeof(decrypted) - part_length,
- &part_length);
- /* For a stream cipher, all inputs are valid. For a block cipher,
- * if the input is some arbitrary data rather than an actual
- ciphertext, a padding error is likely. */
- if (maybe_invalid_padding) {
- TEST_ASSERT(status == PSA_SUCCESS ||
- status == PSA_ERROR_INVALID_PADDING);
- } else {
- PSA_ASSERT(status);
- }
- }
-
- return 1;
-
-exit:
- psa_cipher_abort(&operation);
- psa_reset_key_attributes(&attributes);
- return 0;
-}
-
-static int exercise_aead_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- unsigned char nonce[PSA_AEAD_NONCE_MAX_SIZE] = { 0 };
- size_t nonce_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t key_type;
- unsigned char plaintext[16] = "Hello, world...";
- unsigned char ciphertext[48] = "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- size_t plaintext_length = sizeof(ciphertext);
- psa_status_t status = PSA_SUCCESS;
-
- /* Convert wildcard algorithm to exercisable algorithm */
- if (alg & PSA_ALG_AEAD_AT_LEAST_THIS_LENGTH_FLAG) {
- alg = PSA_ALG_AEAD_WITH_SHORTENED_TAG(alg, PSA_ALG_AEAD_GET_TAG_LENGTH(alg));
- }
-
- PSA_ASSERT(psa_get_key_attributes(key, &attributes));
- key_type = psa_get_key_type(&attributes);
- nonce_length = PSA_AEAD_NONCE_LENGTH(key_type, alg);
-
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_aead_encrypt(key, alg,
- nonce, nonce_length,
- NULL, 0,
- plaintext, sizeof(plaintext),
- ciphertext, sizeof(ciphertext),
- &ciphertext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_ENCRYPT ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_aead_decrypt(key, alg,
- nonce, nonce_length,
- NULL, 0,
- ciphertext, ciphertext_length,
- plaintext, sizeof(plaintext),
- &plaintext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
-
- return 1;
-
-exit:
- psa_reset_key_attributes(&attributes);
- return 0;
-}
-
-static int can_sign_or_verify_message(psa_key_usage_t usage,
- psa_algorithm_t alg)
-{
- /* Sign-the-unspecified-hash algorithms can only be used with
- * {sign,verify}_hash, not with {sign,verify}_message. */
- if (alg == PSA_ALG_ECDSA_ANY || alg == PSA_ALG_RSA_PKCS1V15_SIGN_RAW) {
- return 0;
- }
- return usage & (PSA_KEY_USAGE_SIGN_MESSAGE |
- PSA_KEY_USAGE_VERIFY_MESSAGE);
-}
-
-static int exercise_signature_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- /* If the policy allows signing with any hash, just pick one. */
- psa_algorithm_t hash_alg = PSA_ALG_SIGN_GET_HASH(alg);
- if (PSA_ALG_IS_SIGN_HASH(alg) && hash_alg == PSA_ALG_ANY_HASH &&
- usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE)) {
-#if defined(KNOWN_SUPPORTED_HASH_ALG)
- hash_alg = KNOWN_SUPPORTED_HASH_ALG;
- alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
-#else
- TEST_FAIL("No hash algorithm for hash-and-sign testing");
-#endif
- }
- psa_status_t status = PSA_SUCCESS;
-
- if (usage & (PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH) &&
- PSA_ALG_IS_SIGN_HASH(alg)) {
- unsigned char payload[PSA_HASH_MAX_SIZE] = { 1 };
- size_t payload_length = 16;
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
- size_t signature_length = sizeof(signature);
-
- /* Some algorithms require the payload to have the size of
- * the hash encoded in the algorithm. Use this input size
- * even for algorithms that allow other input sizes. */
- if (hash_alg != 0) {
- payload_length = PSA_HASH_LENGTH(hash_alg);
- }
-
- if (usage & PSA_KEY_USAGE_SIGN_HASH) {
- status = psa_sign_hash(key, alg,
- payload, payload_length,
- signature, sizeof(signature),
- &signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_HASH) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_HASH ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_verify_hash(key, alg,
- payload, payload_length,
- signature, signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
- }
-
- if (can_sign_or_verify_message(usage, alg)) {
- unsigned char message[256] = "Hello, world...";
- unsigned char signature[PSA_SIGNATURE_MAX_SIZE] = { 0 };
- size_t message_length = 16;
- size_t signature_length = sizeof(signature);
-
- if (usage & PSA_KEY_USAGE_SIGN_MESSAGE) {
- status = psa_sign_message(key, alg,
- message, message_length,
- signature, sizeof(signature),
- &signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_VERIFY_MESSAGE) {
- psa_status_t verify_status =
- (usage & PSA_KEY_USAGE_SIGN_MESSAGE ?
- PSA_SUCCESS :
- PSA_ERROR_INVALID_SIGNATURE);
- status = psa_verify_message(key, alg,
- message, message_length,
- signature, signature_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == verify_status);
- }
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-static int exercise_asymmetric_encryption_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- unsigned char plaintext[PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE] =
- "Hello, world...";
- unsigned char ciphertext[PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE] =
- "(wabblewebblewibblewobblewubble)";
- size_t ciphertext_length = sizeof(ciphertext);
- size_t plaintext_length = 16;
- psa_status_t status = PSA_SUCCESS;
- if (usage & PSA_KEY_USAGE_ENCRYPT) {
- status = psa_asymmetric_encrypt(key, alg,
- plaintext, plaintext_length,
- NULL, 0,
- ciphertext, sizeof(ciphertext),
- &ciphertext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- }
-
- if (usage & PSA_KEY_USAGE_DECRYPT) {
- status = psa_asymmetric_decrypt(key, alg,
- ciphertext, ciphertext_length,
- NULL, 0,
- plaintext, sizeof(plaintext),
- &plaintext_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- TEST_ASSERT(status == PSA_SUCCESS ||
- ((usage & PSA_KEY_USAGE_ENCRYPT) == 0 &&
- (status == PSA_ERROR_INVALID_ARGUMENT ||
- status == PSA_ERROR_INVALID_PADDING)));
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-int mbedtls_test_psa_setup_key_derivation_wrap(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key,
- psa_algorithm_t alg,
- const unsigned char *input1, size_t input1_length,
- const unsigned char *input2, size_t input2_length,
- size_t capacity, int key_destroyable)
-{
- PSA_ASSERT(psa_key_derivation_setup(operation, alg));
- psa_status_t status = PSA_SUCCESS;
- if (PSA_ALG_IS_HKDF(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length));
- } else if (PSA_ALG_IS_HKDF_EXTRACT(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- } else if (PSA_ALG_IS_HKDF_EXPAND(alg)) {
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- input2,
- input2_length));
- } else if (PSA_ALG_IS_TLS12_PRF(alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SEED,
- input1, input1_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_LABEL,
- input2, input2_length));
- } else if (PSA_ALG_IS_PBKDF2(alg)) {
- PSA_ASSERT(psa_key_derivation_input_integer(operation,
- PSA_KEY_DERIVATION_INPUT_COST,
- 1U));
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- input2,
- input2_length));
- status = psa_key_derivation_input_key(operation,
- PSA_KEY_DERIVATION_INPUT_PASSWORD,
- key);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- return 1;
- }
- PSA_ASSERT(status);
- } else if (alg == PSA_ALG_TLS12_ECJPAKE_TO_PMS) {
- PSA_ASSERT(psa_key_derivation_input_bytes(operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- input1, input1_length));
- } else {
- TEST_FAIL("Key derivation algorithm not supported");
- }
-
- if (capacity != SIZE_MAX) {
- PSA_ASSERT(psa_key_derivation_set_capacity(operation, capacity));
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-
-static int exercise_key_derivation_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- unsigned char input1[] = "Input 1";
- size_t input1_length = sizeof(input1);
- unsigned char input2[] = "Input 2";
- size_t input2_length = sizeof(input2);
- unsigned char output[1];
- size_t capacity = sizeof(output);
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- if (!mbedtls_test_psa_setup_key_derivation_wrap(&operation, key, alg,
- input1, input1_length,
- input2, input2_length,
- capacity, key_destroyable)) {
- goto exit;
- }
-
- psa_status_t status = psa_key_derivation_output_bytes(&operation,
- output,
- capacity);
- if (key_destroyable && status == PSA_ERROR_BAD_STATE) {
- /* The key has been destroyed. */
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- } else {
- PSA_ASSERT(status);
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- }
- }
-
- return 1;
-
-exit:
- return 0;
-}
-
-/* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
-psa_status_t mbedtls_test_psa_key_agreement_with_self(
- psa_key_derivation_operation_t *operation,
- mbedtls_svc_key_id_t key, int key_destroyable)
-{
- psa_key_type_t private_key_type;
- psa_key_type_t public_key_type;
- size_t key_bits;
- uint8_t *public_key = NULL;
- size_t public_key_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return PSA_SUCCESS;
- }
- PSA_ASSERT(status);
-
- private_key_type = psa_get_key_type(&attributes);
- key_bits = psa_get_key_bits(&attributes);
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- TEST_CALLOC(public_key, public_key_length);
- status = psa_export_public_key(key, public_key, public_key_length,
- &public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- PSA_ASSERT(status);
-
- status = psa_key_derivation_key_agreement(
- operation, PSA_KEY_DERIVATION_INPUT_SECRET, key,
- public_key, public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(public_key);
- return status;
-}
-
-/* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
-psa_status_t mbedtls_test_psa_raw_key_agreement_with_self(
- psa_algorithm_t alg,
- mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- psa_key_type_t private_key_type;
- psa_key_type_t public_key_type;
- size_t key_bits;
- uint8_t *public_key = NULL;
- size_t public_key_length;
- uint8_t output[1024];
- size_t output_length;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return PSA_SUCCESS;
- }
- PSA_ASSERT(status);
-
- private_key_type = psa_get_key_type(&attributes);
- key_bits = psa_get_key_bits(&attributes);
- public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
- public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- TEST_CALLOC(public_key, public_key_length);
- status = psa_export_public_key(key,
- public_key, public_key_length,
- &public_key_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- PSA_ASSERT(status);
-
- status = psa_raw_key_agreement(alg, key,
- public_key, public_key_length,
- output, sizeof(output), &output_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- status = PSA_SUCCESS;
- goto exit;
- }
- if (status == PSA_SUCCESS) {
- TEST_ASSERT(output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(private_key_type,
- key_bits));
- TEST_ASSERT(output_length <=
- PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
- }
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(public_key);
- return status;
-}
-
-static int exercise_raw_key_agreement_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- int ok = 0;
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- /* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
- PSA_ASSERT(mbedtls_test_psa_raw_key_agreement_with_self(alg, key,
- key_destroyable));
- }
- ok = 1;
-
-exit:
- return ok;
-}
-
-static int exercise_key_agreement_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
- unsigned char input[1] = { 0 };
- unsigned char output[1];
- int ok = 0;
- psa_algorithm_t kdf_alg = PSA_ALG_KEY_AGREEMENT_GET_KDF(alg);
- psa_status_t expected_key_agreement_status = PSA_SUCCESS;
-
- if (usage & PSA_KEY_USAGE_DERIVE) {
- /* We need two keys to exercise key agreement. Exercise the
- * private key against its own public key. */
- PSA_ASSERT(psa_key_derivation_setup(&operation, alg));
- if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SEED,
- input, sizeof(input)));
- }
-
- if (PSA_ALG_IS_HKDF_EXTRACT(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_SALT,
- input, sizeof(input)));
- }
-
- /* For HKDF_EXPAND input secret may fail as secret size may not match
- to expected PRK size. In practice it means that key bits must match
- hash length. Otherwise test should fail with INVALID_ARGUMENT. */
- if (PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- }
- PSA_ASSERT(status);
- size_t key_bits = psa_get_key_bits(&attributes);
- psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH(kdf_alg);
-
- if (PSA_BITS_TO_BYTES(key_bits) != PSA_HASH_LENGTH(hash_alg)) {
- expected_key_agreement_status = PSA_ERROR_INVALID_ARGUMENT;
- }
- }
-
- TEST_EQUAL(mbedtls_test_psa_key_agreement_with_self(&operation, key,
- key_destroyable),
- expected_key_agreement_status);
-
- if (expected_key_agreement_status != PSA_SUCCESS) {
- return 1;
- }
-
- if (PSA_ALG_IS_TLS12_PRF(kdf_alg) ||
- PSA_ALG_IS_TLS12_PSK_TO_MS(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_LABEL,
- input, sizeof(input)));
- } else if (PSA_ALG_IS_HKDF(kdf_alg) || PSA_ALG_IS_HKDF_EXPAND(kdf_alg)) {
- PSA_ASSERT(psa_key_derivation_input_bytes(
- &operation, PSA_KEY_DERIVATION_INPUT_INFO,
- input, sizeof(input)));
- }
- PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
- output,
- sizeof(output)));
- PSA_ASSERT(psa_key_derivation_abort(&operation));
- }
- ok = 1;
-
-exit:
- return ok;
-}
-
-int mbedtls_test_psa_exported_key_sanity_check(
- psa_key_type_t type, size_t bits,
- const uint8_t *exported, size_t exported_length)
-{
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_OUTPUT_SIZE(type, bits));
-
- if (PSA_KEY_TYPE_IS_UNSTRUCTURED(type)) {
- TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
- } else
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- if (type == PSA_KEY_TYPE_RSA_KEY_PAIR) {
- uint8_t *p = (uint8_t *) exported;
- const uint8_t *end = exported + exported_length;
- size_t len;
- /* RSAPrivateKey ::= SEQUENCE {
- * version INTEGER, -- must be 0
- * modulus INTEGER, -- n
- * publicExponent INTEGER, -- e
- * privateExponent INTEGER, -- d
- * prime1 INTEGER, -- p
- * prime2 INTEGER, -- q
- * exponent1 INTEGER, -- d mod (p-1)
- * exponent2 INTEGER, -- d mod (q-1)
- * coefficient INTEGER, -- (inverse of q) mod p
- * }
- */
- TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED), 0);
- TEST_EQUAL(len, end - p);
- if (!mbedtls_test_asn1_skip_integer(&p, end, 0, 0, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
- goto exit;
- }
- /* Require d to be at least half the size of n. */
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits, 1)) {
- goto exit;
- }
- /* Require p and q to be at most half the size of n, rounded up. */
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits / 2, bits / 2 + 1, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 1, bits / 2 + 1, 0)) {
- goto exit;
- }
- TEST_EQUAL(p - end, 0);
-
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
- } else
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
- if (PSA_KEY_TYPE_IS_ECC_KEY_PAIR(type)) {
- /* Just the secret value */
- TEST_EQUAL(exported_length, PSA_BITS_TO_BYTES(bits));
-
- TEST_ASSERT(exported_length <= PSA_EXPORT_KEY_PAIR_MAX_SIZE);
- } else
-
-#if defined(MBEDTLS_ASN1_PARSE_C)
- if (type == PSA_KEY_TYPE_RSA_PUBLIC_KEY) {
- uint8_t *p = (uint8_t *) exported;
- const uint8_t *end = exported + exported_length;
- size_t len;
- /* RSAPublicKey ::= SEQUENCE {
- * modulus INTEGER, -- n
- * publicExponent INTEGER } -- e
- */
- TEST_EQUAL(mbedtls_asn1_get_tag(&p, end, &len,
- MBEDTLS_ASN1_SEQUENCE |
- MBEDTLS_ASN1_CONSTRUCTED),
- 0);
- TEST_EQUAL(len, end - p);
- if (!mbedtls_test_asn1_skip_integer(&p, end, bits, bits, 1)) {
- goto exit;
- }
- if (!mbedtls_test_asn1_skip_integer(&p, end, 2, bits, 1)) {
- goto exit;
- }
- TEST_EQUAL(p - end, 0);
-
-
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- } else
-#endif /* MBEDTLS_ASN1_PARSE_C */
-
- if (PSA_KEY_TYPE_IS_ECC_PUBLIC_KEY(type)) {
-
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
-
- if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_MONTGOMERY) {
- /* The representation of an ECC Montgomery public key is
- * the raw compressed point */
- TEST_EQUAL(PSA_BITS_TO_BYTES(bits), exported_length);
- } else if (PSA_KEY_TYPE_ECC_GET_FAMILY(type) == PSA_ECC_FAMILY_TWISTED_EDWARDS) {
- /* The representation of an ECC Edwards public key is
- * the raw compressed point */
- TEST_EQUAL(PSA_BITS_TO_BYTES(bits + 1), exported_length);
- } else {
- /* The representation of an ECC Weierstrass public key is:
- * - The byte 0x04;
- * - `x_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - `y_P` as a `ceiling(m/8)`-byte string, big-endian;
- * - where m is the bit size associated with the curve.
- */
- TEST_EQUAL(1 + 2 * PSA_BITS_TO_BYTES(bits), exported_length);
- TEST_EQUAL(exported[0], 4);
- }
- } else
- if (PSA_KEY_TYPE_IS_DH_PUBLIC_KEY(type) || PSA_KEY_TYPE_IS_DH_KEY_PAIR(type)) {
- TEST_ASSERT(exported_length ==
- PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(type, bits));
- TEST_ASSERT(exported_length <=
- PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- } else {
- (void) exported;
- TEST_FAIL("Sanity check not implemented for this key type");
- }
-
-#if defined(MBEDTLS_DES_C)
- if (type == PSA_KEY_TYPE_DES) {
- /* Check the parity bits. */
- unsigned i;
- for (i = 0; i < bits / 8; i++) {
- unsigned bit_count = 0;
- unsigned m;
- for (m = 1; m <= 0x100; m <<= 1) {
- if (exported[i] & m) {
- ++bit_count;
- }
- }
- TEST_ASSERT(bit_count % 2 != 0);
- }
- }
-#endif
-
- return 1;
-
-exit:
- return 0;
-}
-
-static int exercise_export_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- int key_destroyable)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t *exported = NULL;
- size_t exported_size = 0;
- size_t exported_length = 0;
- int ok = 0;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
-
- exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type(&attributes),
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_key(key, exported, exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- } else if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
- !PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
- TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
- ok = 1;
- goto exit;
- }
- PSA_ASSERT(status);
- ok = mbedtls_test_psa_exported_key_sanity_check(
- psa_get_key_type(&attributes), psa_get_key_bits(&attributes),
- exported, exported_length);
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(exported);
- return ok;
-}
-
-static int exercise_export_public_key(mbedtls_svc_key_id_t key,
- int key_destroyable)
-{
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_type_t public_type;
- uint8_t *exported = NULL;
- size_t exported_size = 0;
- size_t exported_length = 0;
- int ok = 0;
-
- psa_status_t status = psa_get_key_attributes(key, &attributes);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- psa_reset_key_attributes(&attributes);
- return 1;
- }
- PSA_ASSERT(status);
- if (!PSA_KEY_TYPE_IS_ASYMMETRIC(psa_get_key_type(&attributes))) {
- exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
- psa_get_key_type(&attributes),
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_public_key(key, exported,
- exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- }
- TEST_EQUAL(status, PSA_ERROR_INVALID_ARGUMENT);
- ok = 1;
- goto exit;
- }
-
- public_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(
- psa_get_key_type(&attributes));
- exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
- psa_get_key_bits(&attributes));
- TEST_CALLOC(exported, exported_size);
-
- status = psa_export_public_key(key, exported,
- exported_size, &exported_length);
- if (key_destroyable && status == PSA_ERROR_INVALID_HANDLE) {
- /* The key has been destroyed. */
- ok = 1;
- goto exit;
- }
- PSA_ASSERT(status);
- ok = mbedtls_test_psa_exported_key_sanity_check(
- public_type, psa_get_key_bits(&attributes),
- exported, exported_length);
-
-exit:
- /*
- * Key attributes may have been returned by psa_get_key_attributes()
- * thus reset them as required.
- */
- psa_reset_key_attributes(&attributes);
-
- mbedtls_free(exported);
- return ok;
-}
-
-int mbedtls_test_psa_exercise_key(mbedtls_svc_key_id_t key,
- psa_key_usage_t usage,
- psa_algorithm_t alg,
- int key_destroyable)
-{
- int ok = 0;
-
- if (!check_key_attributes_sanity(key, key_destroyable)) {
- return 0;
- }
-
- if (alg == 0) {
- ok = 1; /* If no algorithm, do nothing (used for raw data "keys"). */
- } else if (PSA_ALG_IS_MAC(alg)) {
- ok = exercise_mac_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_CIPHER(alg)) {
- ok = exercise_cipher_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_AEAD(alg)) {
- ok = exercise_aead_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_SIGN(alg)) {
- ok = exercise_signature_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
- ok = exercise_asymmetric_encryption_key(key, usage, alg,
- key_destroyable);
- } else if (PSA_ALG_IS_KEY_DERIVATION(alg)) {
- ok = exercise_key_derivation_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
- ok = exercise_raw_key_agreement_key(key, usage, alg, key_destroyable);
- } else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
- ok = exercise_key_agreement_key(key, usage, alg, key_destroyable);
- } else {
- TEST_FAIL("No code to exercise this category of algorithm");
- }
-
- ok = ok && exercise_export_key(key,
- usage,
- key_destroyable);
- ok = ok && exercise_export_public_key(key,
- key_destroyable);
-
-exit:
- return ok;
-}
-
-psa_key_usage_t mbedtls_test_psa_usage_to_exercise(psa_key_type_t type,
- psa_algorithm_t alg)
-{
- if (PSA_ALG_IS_MAC(alg) || PSA_ALG_IS_SIGN(alg)) {
- if (PSA_ALG_IS_SIGN_HASH(alg)) {
- if (PSA_ALG_SIGN_GET_HASH(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_HASH | PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH |
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
- } else if (PSA_ALG_IS_SIGN_MESSAGE(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_MESSAGE :
- PSA_KEY_USAGE_SIGN_MESSAGE | PSA_KEY_USAGE_VERIFY_MESSAGE;
- }
-
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_VERIFY_HASH :
- PSA_KEY_USAGE_SIGN_HASH | PSA_KEY_USAGE_VERIFY_HASH;
- } else if (PSA_ALG_IS_CIPHER(alg) || PSA_ALG_IS_AEAD(alg) ||
- PSA_ALG_IS_ASYMMETRIC_ENCRYPTION(alg)) {
- return PSA_KEY_TYPE_IS_PUBLIC_KEY(type) ?
- PSA_KEY_USAGE_ENCRYPT :
- PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_DECRYPT;
- } else if (PSA_ALG_IS_KEY_DERIVATION(alg) ||
- PSA_ALG_IS_KEY_AGREEMENT(alg)) {
- return PSA_KEY_USAGE_DERIVE;
- } else {
- return 0;
- }
-
-}
-
-int mbedtls_test_can_exercise_psa_algorithm(psa_algorithm_t alg)
-{
- /* Reject algorithms that we know are not supported. Default to
- * attempting exercise, so that if an algorithm is missing from this
- * function, the result will be a test failure and not silently
- * omitting exercise. */
-#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_CRYPT)
- if (alg == PSA_ALG_RSA_PKCS1V15_CRYPT) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PKCS1V15_SIGN)
- if (PSA_ALG_IS_RSA_PKCS1V15_SIGN(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PSS)
- if (PSA_ALG_IS_RSA_PSS_STANDARD_SALT(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_RSA_PSS_ANY_SALT)
- if (PSA_ALG_IS_RSA_PSS_ANY_SALT(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_ECDSA)
- if (PSA_ALG_IS_ECDSA(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_DETERMINISTIC_ECDSA)
- if (PSA_ALG_IS_DETERMINISTIC_ECDSA(alg)) {
- return 0;
- }
-#endif
-#if !defined(PSA_WANT_ALG_ECDH)
- if (PSA_ALG_IS_ECDH(alg)) {
- return 0;
- }
-#endif
- (void) alg;
- return 1;
-}
-
-#if defined(MBEDTLS_PK_C)
-int mbedtls_test_key_consistency_psa_pk(mbedtls_svc_key_id_t psa_key,
- const mbedtls_pk_context *pk)
-{
- psa_key_attributes_t psa_attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_attributes_t pk_attributes = PSA_KEY_ATTRIBUTES_INIT;
- int ok = 0;
-
- PSA_ASSERT(psa_get_key_attributes(psa_key, &psa_attributes));
- psa_key_type_t psa_type = psa_get_key_type(&psa_attributes);
- mbedtls_pk_type_t pk_type = mbedtls_pk_get_type(pk);
-
- TEST_ASSERT(PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_type) ||
- PSA_KEY_TYPE_IS_KEY_PAIR(psa_type));
- TEST_EQUAL(psa_get_key_bits(&psa_attributes), mbedtls_pk_get_bitlen(pk));
-
- uint8_t pk_public_buffer[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
- const uint8_t *pk_public = NULL;
- size_t pk_public_length = 0;
-
- switch (pk_type) {
-#if defined(MBEDTLS_RSA_C)
- case MBEDTLS_PK_RSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_RSA(psa_type));
- const mbedtls_rsa_context *rsa = mbedtls_pk_rsa(*pk);
- uint8_t *const end = pk_public_buffer + sizeof(pk_public_buffer);
- uint8_t *cursor = end;
- TEST_LE_U(1, mbedtls_rsa_write_pubkey(rsa,
- pk_public_buffer, &cursor));
- pk_public = cursor;
- pk_public_length = end - pk_public;
- break;
-#endif
-
-#if defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_type));
- TEST_EQUAL(PSA_KEY_TYPE_ECC_GET_FAMILY(psa_type), pk->ec_family);
- pk_public = pk->pub_raw;
- pk_public_length = pk->pub_raw_len;
- break;
-#endif /* MBEDTLS_PK_USE_PSA_EC_DATA */
-
-#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) && !defined(MBEDTLS_PK_USE_PSA_EC_DATA)
- case MBEDTLS_PK_ECKEY:
- case MBEDTLS_PK_ECKEY_DH:
- case MBEDTLS_PK_ECDSA:
- TEST_ASSERT(PSA_KEY_TYPE_IS_ECC(psa_get_key_type(&psa_attributes)));
- const mbedtls_ecp_keypair *ec = mbedtls_pk_ec_ro(*pk);
- TEST_EQUAL(mbedtls_ecp_write_public_key(
- ec, MBEDTLS_ECP_PF_UNCOMPRESSED, &pk_public_length,
- pk_public_buffer, sizeof(pk_public_buffer)), 0);
- pk_public = pk_public_buffer;
- break;
-#endif /* PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY && !MBEDTLS_PK_USE_PSA_EC_DATA */
-
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- case MBEDTLS_PK_OPAQUE:
- PSA_ASSERT(psa_get_key_attributes(pk->priv_id, &pk_attributes));
- psa_key_type_t pk_psa_type = psa_get_key_type(&pk_attributes);
- TEST_EQUAL(PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(psa_type),
- PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(pk_psa_type));
- PSA_ASSERT(psa_export_public_key(psa_key,
- pk_public_buffer,
- sizeof(pk_public_buffer),
- &pk_public_length));
- pk_public = pk_public_buffer;
- break;
-#endif /* MBEDTLS_USE_PSA_CRYPTO */
-
- default:
- TEST_FAIL("pk type not supported");
- }
-
- uint8_t psa_public[PSA_EXPORT_PUBLIC_KEY_MAX_SIZE];
- size_t psa_public_length = 0;
- PSA_ASSERT(psa_export_public_key(psa_key,
- psa_public, sizeof(psa_public),
- &psa_public_length));
- TEST_MEMORY_COMPARE(pk_public, pk_public_length,
- psa_public, psa_public_length);
-
- ok = 1;
-
-exit:
- psa_reset_key_attributes(&psa_attributes);
- psa_reset_key_attributes(&pk_attributes);
- return ok;
-}
-#endif /* MBEDTLS_PK_C */
-
-#endif /* MBEDTLS_PSA_CRYPTO_C || MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/tests/src/psa_memory_poisoning_wrappers.c b/tests/src/psa_memory_poisoning_wrappers.c
deleted file mode 100644
index 7b48c7c..0000000
--- a/tests/src/psa_memory_poisoning_wrappers.c
+++ /dev/null
@@ -1,32 +0,0 @@
-/** Helper functions for memory poisoning in tests.
- */
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-#include <test/memory.h>
-#include <test/psa_memory_poisoning_wrappers.h>
-
-#include "psa_crypto_invasive.h"
-
-#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_PSA_CRYPTO_C) \
- && defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-void mbedtls_poison_test_hooks_setup(void)
-{
- psa_input_pre_copy_hook = mbedtls_test_memory_unpoison;
- psa_input_post_copy_hook = mbedtls_test_memory_poison;
- psa_output_pre_copy_hook = mbedtls_test_memory_unpoison;
- psa_output_post_copy_hook = mbedtls_test_memory_poison;
-}
-
-void mbedtls_poison_test_hooks_teardown(void)
-{
- psa_input_pre_copy_hook = NULL;
- psa_input_post_copy_hook = NULL;
- psa_output_pre_copy_hook = NULL;
- psa_output_post_copy_hook = NULL;
-}
-
-#endif /* MBEDTLS_TEST_HOOKS && MBEDTLS_PSA_CRYPTO_C &&
- MBEDTLS_TEST_MEMORY_CAN_POISON */
diff --git a/tests/src/psa_test_wrappers.c b/tests/src/psa_test_wrappers.c
index 87d9c9f..65d8157 100644
--- a/tests/src/psa_test_wrappers.c
+++ b/tests/src/psa_test_wrappers.c
@@ -667,7 +667,7 @@
/* Wrapper for psa_generate_key_iop_complete */
psa_status_t mbedtls_test_wrap_psa_generate_key_iop_complete(
psa_generate_key_iop_t *arg0_operation,
- psa_key_id_t *arg1_key)
+ mbedtls_svc_key_id_t *arg1_key)
{
psa_status_t status = (psa_generate_key_iop_complete)(arg0_operation, arg1_key);
return status;
diff --git a/tests/src/random.c b/tests/src/random.c
deleted file mode 100644
index d041f36..0000000
--- a/tests/src/random.c
+++ /dev/null
@@ -1,136 +0,0 @@
-/**
- * \file random.c
- *
- * \brief This file contains the helper functions to generate random numbers
- * for the purpose of testing.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-/*
- * for arc4random_buf() from <stdlib.h>
- */
-#if defined(__NetBSD__)
-#define _NETBSD_SOURCE 1
-#elif defined(__OpenBSD__)
-#define _BSD_SOURCE 1
-#endif
-
-#include <test/macros.h>
-#include <test/random.h>
-#include <string.h>
-
-#include <mbedtls/entropy.h>
-#include <alignment.h>
-
-int mbedtls_test_rnd_std_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
-#if !defined(__OpenBSD__) && !defined(__NetBSD__)
- size_t i;
-
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- for (i = 0; i < len; ++i) {
- output[i] = rand();
- }
-#else
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- arc4random_buf(output, len);
-#endif /* !OpenBSD && !NetBSD */
-
- return 0;
-}
-
-int mbedtls_test_rnd_zero_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- if (rng_state != NULL) {
- rng_state = NULL;
- }
-
- memset(output, 0, len);
-
- return 0;
-}
-
-int mbedtls_test_rnd_buffer_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- mbedtls_test_rnd_buf_info *info = (mbedtls_test_rnd_buf_info *) rng_state;
- size_t use_len;
-
- if (rng_state == NULL) {
- return mbedtls_test_rnd_std_rand(NULL, output, len);
- }
-
- use_len = len;
- if (len > info->length) {
- use_len = info->length;
- }
-
- if (use_len) {
- memcpy(output, info->buf, use_len);
- info->buf += use_len;
- info->length -= use_len;
- }
-
- if (len - use_len > 0) {
- if (info->fallback_f_rng != NULL) {
- return info->fallback_f_rng(info->fallback_p_rng,
- output + use_len,
- len - use_len);
- } else {
- return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
- }
- }
-
- return 0;
-}
-
-int mbedtls_test_rnd_pseudo_rand(void *rng_state,
- unsigned char *output,
- size_t len)
-{
- mbedtls_test_rnd_pseudo_info *info =
- (mbedtls_test_rnd_pseudo_info *) rng_state;
- uint32_t i, *k, sum, delta = 0x9E3779B9;
- unsigned char result[4], *out = output;
-
- if (rng_state == NULL) {
- return mbedtls_test_rnd_std_rand(NULL, output, len);
- }
-
- k = info->key;
-
- while (len > 0) {
- size_t use_len = (len > 4) ? 4 : len;
- sum = 0;
-
- for (i = 0; i < 32; i++) {
- info->v0 += (((info->v1 << 4) ^ (info->v1 >> 5))
- + info->v1) ^ (sum + k[sum & 3]);
- sum += delta;
- info->v1 += (((info->v0 << 4) ^ (info->v0 >> 5))
- + info->v0) ^ (sum + k[(sum>>11) & 3]);
- }
-
- MBEDTLS_PUT_UINT32_BE(info->v0, result, 0);
- memcpy(out, result, use_len);
- len -= use_len;
- out += 4;
- }
-
- return 0;
-}
diff --git a/tests/src/test_memory.c b/tests/src/test_memory.c
deleted file mode 100644
index ac9dde6..0000000
--- a/tests/src/test_memory.c
+++ /dev/null
@@ -1,60 +0,0 @@
-/**
- * \file memory.c
- *
- * \brief Helper functions related to testing memory management.
- */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/macros.h>
-#include <test/memory.h>
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-#include <sanitizer/asan_interface.h>
-#include <stdint.h>
-#endif
-
-#if defined(MBEDTLS_TEST_MEMORY_CAN_POISON)
-
-_Thread_local unsigned int mbedtls_test_memory_poisoning_count = 0;
-
-static void align_for_asan(const unsigned char **p_ptr, size_t *p_size)
-{
- uintptr_t start = (uintptr_t) *p_ptr;
- uintptr_t end = start + (uintptr_t) *p_size;
- /* ASan can only poison regions with 8-byte alignment, and only poisons a
- * region if it's fully within the requested range. We want to poison the
- * whole requested region and don't mind a few extra bytes. Therefore,
- * align start down to an 8-byte boundary, and end up to an 8-byte
- * boundary. */
- start = start & ~(uintptr_t) 7;
- end = (end + 7) & ~(uintptr_t) 7;
- *p_ptr = (const unsigned char *) start;
- *p_size = end - start;
-}
-
-void mbedtls_test_memory_poison(const unsigned char *ptr, size_t size)
-{
- if (mbedtls_test_memory_poisoning_count == 0) {
- return;
- }
- if (size == 0) {
- return;
- }
- align_for_asan(&ptr, &size);
- __asan_poison_memory_region(ptr, size);
-}
-
-void mbedtls_test_memory_unpoison(const unsigned char *ptr, size_t size)
-{
- if (size == 0) {
- return;
- }
- align_for_asan(&ptr, &size);
- __asan_unpoison_memory_region(ptr, size);
-}
-#endif /* Memory poisoning */
diff --git a/tests/src/threading_helpers.c b/tests/src/threading_helpers.c
deleted file mode 100644
index c1686c2..0000000
--- a/tests/src/threading_helpers.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/** Mutex usage verification framework. */
-
-/*
- * Copyright The Mbed TLS Contributors
- * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
- */
-
-#include <test/helpers.h>
-#include <test/threading_helpers.h>
-#include <test/macros.h>
-
-#include "mbedtls/threading.h"
-
-#if defined(MBEDTLS_THREADING_C)
-
-#if defined(MBEDTLS_THREADING_PTHREAD)
-
-static int threading_thread_create_pthread(mbedtls_test_thread_t *thread, void *(*thread_func)(
- void *), void *thread_data)
-{
- if (thread == NULL || thread_func == NULL) {
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
- }
-
- if (pthread_create(&thread->thread, NULL, thread_func, thread_data)) {
- return MBEDTLS_ERR_THREADING_THREAD_ERROR;
- }
-
- return 0;
-}
-
-static int threading_thread_join_pthread(mbedtls_test_thread_t *thread)
-{
- if (thread == NULL) {
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
- }
-
- if (pthread_join(thread->thread, NULL) != 0) {
- return MBEDTLS_ERR_THREADING_THREAD_ERROR;
- }
-
- return 0;
-}
-
-int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
- void *thread_data) = threading_thread_create_pthread;
-int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_pthread;
-
-#endif /* MBEDTLS_THREADING_PTHREAD */
-
-#if defined(MBEDTLS_THREADING_ALT)
-
-static int threading_thread_create_fail(mbedtls_test_thread_t *thread,
- void *(*thread_func)(void *),
- void *thread_data)
-{
- (void) thread;
- (void) thread_func;
- (void) thread_data;
-
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
-}
-
-static int threading_thread_join_fail(mbedtls_test_thread_t *thread)
-{
- (void) thread;
-
- return MBEDTLS_ERR_THREADING_BAD_INPUT_DATA;
-}
-
-int (*mbedtls_test_thread_create)(mbedtls_test_thread_t *thread, void *(*thread_func)(void *),
- void *thread_data) = threading_thread_create_fail;
-int (*mbedtls_test_thread_join)(mbedtls_test_thread_t *thread) = threading_thread_join_fail;
-
-#endif /* MBEDTLS_THREADING_ALT */
-
-#if defined(MBEDTLS_TEST_MUTEX_USAGE)
-
-#include "mbedtls/threading.h"
-
-/** Mutex usage verification framework.
- *
- * The mutex usage verification code below aims to detect bad usage of
- * Mbed TLS's mutex abstraction layer at runtime. Note that this is solely
- * about the use of the mutex itself, not about checking whether the mutex
- * correctly protects whatever it is supposed to protect.
- *
- * The normal usage of a mutex is:
- * ```
- * digraph mutex_states {
- * "UNINITIALIZED"; // the initial state
- * "IDLE";
- * "FREED";
- * "LOCKED";
- * "UNINITIALIZED" -> "IDLE" [label="init"];
- * "FREED" -> "IDLE" [label="init"];
- * "IDLE" -> "LOCKED" [label="lock"];
- * "LOCKED" -> "IDLE" [label="unlock"];
- * "IDLE" -> "FREED" [label="free"];
- * }
- * ```
- *
- * All bad transitions that can be unambiguously detected are reported.
- * An attempt to use an uninitialized mutex cannot be detected in general
- * since the memory content may happen to denote a valid state. For the same
- * reason, a double init cannot be detected.
- * All-bits-zero is the state of a freed mutex, which is distinct from an
- * initialized mutex, so attempting to use zero-initialized memory as a mutex
- * without calling the init function is detected.
- *
- * The framework attempts to detect missing calls to init and free by counting
- * calls to init and free. If there are more calls to init than free, this
- * means that a mutex is not being freed somewhere, which is a memory leak
- * on platforms where a mutex consumes resources other than the
- * mbedtls_threading_mutex_t object itself. If there are more calls to free
- * than init, this indicates a missing init, which is likely to be detected
- * by an attempt to lock the mutex as well. A limitation of this framework is
- * that it cannot detect scenarios where there is exactly the same number of
- * calls to init and free but the calls don't match. A bug like this is
- * unlikely to happen uniformly throughout the whole test suite though.
- *
- * If an error is detected, this framework will report what happened and the
- * test case will be marked as failed. Unfortunately, the error report cannot
- * indicate the exact location of the problematic call. To locate the error,
- * use a debugger and set a breakpoint on mbedtls_test_mutex_usage_error().
- */
-enum value_of_mutex_state_field {
- /* Potential values for the state field of mbedtls_threading_mutex_t.
- * Note that MUTEX_FREED must be 0 and MUTEX_IDLE must be 1 for
- * compatibility with threading_mutex_init_pthread() and
- * threading_mutex_free_pthread(). MUTEX_LOCKED could be any nonzero
- * value. */
- MUTEX_FREED = 0, //! < Set by mbedtls_test_wrap_mutex_free
- MUTEX_IDLE = 1, //! < Set by mbedtls_test_wrap_mutex_init and by mbedtls_test_wrap_mutex_unlock
- MUTEX_LOCKED = 2, //! < Set by mbedtls_test_wrap_mutex_lock
-};
-
-typedef struct {
- void (*init)(mbedtls_threading_mutex_t *);
- void (*free)(mbedtls_threading_mutex_t *);
- int (*lock)(mbedtls_threading_mutex_t *);
- int (*unlock)(mbedtls_threading_mutex_t *);
-} mutex_functions_t;
-static mutex_functions_t mutex_functions;
-
-/**
- * The mutex used to guard live_mutexes below and access to the status variable
- * in every mbedtls_threading_mutex_t.
- * Note that we are not reporting any errors when locking and unlocking this
- * mutex. This is for a couple of reasons:
- *
- * 1. We have no real way of reporting any errors with this mutex - we cannot
- * report it back to the caller, as the failure was not that of the mutex
- * passed in. We could fail the test, but again this would indicate a problem
- * with the test code that did not exist.
- *
- * 2. Any failure to lock is unlikely to be intermittent, and will thus not
- * give false test results - the overall result would be to turn off the
- * testing. This is not a situation that is likely to happen with normal
- * testing and we still have TSan to fall back on should this happen.
- */
-mbedtls_threading_mutex_t mbedtls_test_mutex_mutex;
-
-/**
- * The total number of calls to mbedtls_mutex_init(), minus the total number
- * of calls to mbedtls_mutex_free().
- *
- * Do not read or write without holding mbedtls_test_mutex_mutex (above). Reset
- * to 0 after each test case.
- */
-static int live_mutexes;
-
-static void mbedtls_test_mutex_usage_error(mbedtls_threading_mutex_t *mutex,
- const char *msg)
-{
- (void) mutex;
-
- mbedtls_test_set_mutex_usage_error(msg);
- mbedtls_fprintf(stdout, "[mutex: %s] ", msg);
- /* Don't mark the test as failed yet. This way, if the test fails later
- * for a functional reason, the test framework will report the message
- * and location for this functional reason. If the test passes,
- * mbedtls_test_mutex_usage_check() will mark it as failed. */
-}
-
-static int mbedtls_test_mutex_can_test(mbedtls_threading_mutex_t *mutex)
-{
- /* If we attempt to run tests on this mutex then we are going to run into a
- * couple of problems:
- * 1. If any test on this mutex fails, we are going to deadlock when
- * reporting that failure, as we already hold the mutex at that point.
- * 2. Given the 'global' position of the initialization and free of this
- * mutex, it will be shown as leaked on the first test run. */
- if (mutex == mbedtls_test_get_info_mutex()) {
- return 0;
- }
-
- return 1;
-}
-
-static void mbedtls_test_wrap_mutex_init(mbedtls_threading_mutex_t *mutex)
-{
- mutex_functions.init(mutex);
-
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- mutex->state = MUTEX_IDLE;
- ++live_mutexes;
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-}
-
-static void mbedtls_test_wrap_mutex_free(mbedtls_threading_mutex_t *mutex)
-{
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
-
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "free without init or double free");
- break;
- case MUTEX_IDLE:
- mutex->state = MUTEX_FREED;
- --live_mutexes;
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "free without unlock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- mutex_functions.free(mutex);
-}
-
-static int mbedtls_test_wrap_mutex_lock(mbedtls_threading_mutex_t *mutex)
-{
- /* Lock the passed in mutex first, so that the only way to change the state
- * is to hold the passed in and internal mutex - otherwise we create a race
- * condition. */
- int ret = mutex_functions.lock(mutex);
-
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "lock without init");
- break;
- case MUTEX_IDLE:
- if (ret == 0) {
- mutex->state = MUTEX_LOCKED;
- }
- break;
- case MUTEX_LOCKED:
- mbedtls_test_mutex_usage_error(mutex, "double lock");
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- return ret;
-}
-
-static int mbedtls_test_wrap_mutex_unlock(mbedtls_threading_mutex_t *mutex)
-{
- /* Lock the internal mutex first and change state, so that the only way to
- * change the state is to hold the passed in and internal mutex - otherwise
- * we create a race condition. */
- if (mbedtls_test_mutex_can_test(mutex)) {
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- switch (mutex->state) {
- case MUTEX_FREED:
- mbedtls_test_mutex_usage_error(mutex, "unlock without init");
- break;
- case MUTEX_IDLE:
- mbedtls_test_mutex_usage_error(mutex, "unlock without lock");
- break;
- case MUTEX_LOCKED:
- mutex->state = MUTEX_IDLE;
- break;
- default:
- mbedtls_test_mutex_usage_error(mutex, "corrupted state");
- break;
- }
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
- }
-
- return mutex_functions.unlock(mutex);
-}
-
-void mbedtls_test_mutex_usage_init(void)
-{
- mutex_functions.init = mbedtls_mutex_init;
- mutex_functions.free = mbedtls_mutex_free;
- mutex_functions.lock = mbedtls_mutex_lock;
- mutex_functions.unlock = mbedtls_mutex_unlock;
- mbedtls_mutex_init = &mbedtls_test_wrap_mutex_init;
- mbedtls_mutex_free = &mbedtls_test_wrap_mutex_free;
- mbedtls_mutex_lock = &mbedtls_test_wrap_mutex_lock;
- mbedtls_mutex_unlock = &mbedtls_test_wrap_mutex_unlock;
-
- mutex_functions.init(&mbedtls_test_mutex_mutex);
-}
-
-void mbedtls_test_mutex_usage_check(void)
-{
- if (mutex_functions.lock(&mbedtls_test_mutex_mutex) == 0) {
- if (live_mutexes != 0) {
- /* A positive number (more init than free) means that a mutex resource
- * is leaking (on platforms where a mutex consumes more than the
- * mbedtls_threading_mutex_t object itself). The (hopefully) rare
- * case of a negative number means a missing init somewhere. */
- mbedtls_fprintf(stdout, "[mutex: %d leaked] ", live_mutexes);
- live_mutexes = 0;
- mbedtls_test_set_mutex_usage_error("missing free");
- }
- if (mbedtls_test_get_mutex_usage_error() != NULL &&
- mbedtls_test_get_result() != MBEDTLS_TEST_RESULT_FAILED) {
- /* Functionally, the test passed. But there was a mutex usage error,
- * so mark the test as failed after all. */
- mbedtls_test_fail("Mutex usage error", __LINE__, __FILE__);
- }
- mbedtls_test_set_mutex_usage_error(NULL);
-
- mutex_functions.unlock(&mbedtls_test_mutex_mutex);
- }
-}
-
-void mbedtls_test_mutex_usage_end(void)
-{
- mbedtls_mutex_init = mutex_functions.init;
- mbedtls_mutex_free = mutex_functions.free;
- mbedtls_mutex_lock = mutex_functions.lock;
- mbedtls_mutex_unlock = mutex_functions.unlock;
-
- mutex_functions.free(&mbedtls_test_mutex_mutex);
-}
-
-#endif /* MBEDTLS_TEST_MUTEX_USAGE */
-
-#endif /* MBEDTLS_THREADING_C */
diff --git a/tf-psa-crypto/CMakeLists.txt b/tf-psa-crypto/CMakeLists.txt
index 21eb64e..d30b787 100644
--- a/tf-psa-crypto/CMakeLists.txt
+++ b/tf-psa-crypto/CMakeLists.txt
@@ -13,13 +13,19 @@
# - TF_PSA_CRYPTO_TARGET_PREFIX: CMake targets are designed to be alterable by
# calling CMake in order to avoid target name clashes, via the use of
# TF_PSA_CRYPTO_TARGET_PREFIX. The value of this variable is prefixed to the
-# tfpsacrypto and apidoc targets.
+# tfpsacrypto and tfpsacrypto-apidoc targets.
#
# We specify a minimum requirement of 3.10.2, but for now use 3.5.1 here
# until our infrastructure catches up.
cmake_minimum_required(VERSION 3.5.1)
+include(CMakePackageConfigHelpers)
+
+# Include convenience functions for printing properties and variables, like
+# cmake_print_properties(), cmake_print_variables().
+include(CMakePrintHelpers)
+
# https://cmake.org/cmake/help/latest/policy/CMP0011.html
# Setting this policy is required in CMake >= 3.18.0, otherwise a warning is generated. The OLD
# policy setting is deprecated, and will be removed in future versions.
@@ -31,28 +37,6 @@
# is deprecated and will be removed in future versions.
cmake_policy(SET CMP0012 NEW)
-if(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
-
-set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${MBEDTLS_PYTHON_EXECUTABLE})
-set(USE_STATIC_TF_PSA_CRYPTO_LIBRARY ${USE_STATIC_MBEDTLS_LIBRARY})
-set(USE_SHARED_TF_PSA_CRYPTO_LIBRARY ${USE_SHARED_MBEDTLS_LIBRARY})
-set(TF_PSA_CRYPTO_TARGET_PREFIX ${MBEDTLS_TARGET_PREFIX})
-option(INSTALL_TF_PSA_CRYPTO_HEADERS "Install TF-PSA-Crypto headers." ${INSTALL_MBEDTLS_HEADERS})
-
-# Set the project root directory.
-set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-
-add_subdirectory(include)
-add_subdirectory(core)
-add_subdirectory(drivers)
-
-if(ENABLE_TESTING)
- enable_testing()
- add_subdirectory(tests)
-endif()
-
-else(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
-
set(TF_PSA_CRYPTO_VERSION 0.1.0)
set(TF_PSA_CRYPTO_SOVERSION 0)
@@ -68,6 +52,479 @@
)
endif()
-include(TF-PSA-Crypto.cmake)
+include(GNUInstallDirs)
-endif(NOT (CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR))
+# Determine if TF-PSA-Crypto is being built as a subproject using add_subdirectory()
+if(NOT DEFINED TF_PSA_CRYPTO_AS_SUBPROJECT)
+ set(TF_PSA_CRYPTO_AS_SUBPROJECT ON)
+ if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
+ set(TF_PSA_CRYPTO_AS_SUBPROJECT OFF)
+ endif()
+endif()
+
+# Set the project, Mbed TLS and framework root directory.
+set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
+set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
+set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
+
+# Put the version numbers into relevant files
+set(version_number_files
+ doxygen/input/doc_mainpage.h
+ doxygen/tfpsacrypto.doxyfile)
+foreach(file ${version_number_files})
+ configure_file(${file}.in
+ ${TF_PSA_CRYPTO_DIR}/${file})
+endforeach(file)
+
+ADD_CUSTOM_TARGET(${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto-apidoc
+ COMMAND doxygen tfpsacrypto.doxyfile
+ WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
+
+option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON)
+
+option(TF_PSA_CRYPTO_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
+if(CMAKE_HOST_WIN32)
+ # N.B. The comment on the next line is significant! If you change it,
+ # edit the sed command in prepare_release.sh that modifies
+ # CMakeLists.txt.
+ option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
+else()
+ option(GEN_FILES "Generate the auto-generated files as needed" ON)
+endif()
+
+# Support for package config and install to be added later.
+option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${TF_PSA_CRYPTO_AS_SUBPROJECT})
+
+if (CMAKE_C_SIMULATE_ID)
+ set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
+else()
+ set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
+endif(CMAKE_C_SIMULATE_ID)
+
+string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
+string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
+string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
+string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
+
+# the test suites currently have compile errors with MSVC
+if(CMAKE_COMPILER_IS_MSVC)
+ option(ENABLE_TESTING "Build TF-PSA-Crypto tests." OFF)
+else()
+ option(ENABLE_TESTING "Build TF-PSA-Crypto tests." ON)
+endif()
+
+option(USE_STATIC_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto static library." ON)
+option(USE_SHARED_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
+
+set(tfpsacrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto")
+if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
+ set(tfpsacrypto_static_target ${tfpsacrypto_target})
+endif()
+if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
+ string(APPEND tfpsacrypto_static_target "_static")
+endif()
+
+# Warning string - created as a list for compatibility with CMake 2.8
+set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
+set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
+
+set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
+ "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
+ "${WARNING_BORDER}")
+
+# Python 3 is only needed here to check for configuration warnings.
+if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
+ set(Python3_FIND_STRATEGY LOCATION)
+ find_package(Python3 COMPONENTS Interpreter)
+ if(Python3_Interpreter_FOUND)
+ set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
+ endif()
+else()
+ find_package(PythonInterp 3)
+ if(PYTHONINTERP_FOUND)
+ set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
+ endif()
+endif()
+if(TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
+
+ # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
+ execute_process(COMMAND ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/config.py -f ${MBEDTLS_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
+ RESULT_VARIABLE result)
+ if(${result} EQUAL 0)
+ message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
+ endif()
+
+endif()
+
+# We now potentially need to link all executables against PThreads, if available
+set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
+set(THREADS_PREFER_PTHREAD_FLAG TRUE)
+find_package(Threads)
+
+# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
+if(NOT TF_PSA_CRYPTO_AS_SUBPROJECT)
+ set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
+ CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
+ FORCE)
+endif()
+
+# Make TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE into PATHs
+set(TF_PSA_CRYPTO_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto config file (overrides default).")
+set(TF_PSA_CRYPTO_USER_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto user config file (appended to default).")
+
+# Create a symbolic link from ${base_name} in the binary directory
+# to the corresponding path in the source directory.
+# Note: Copies the file(s) on Windows.
+function(link_to_source base_name)
+ set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
+ set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
+
+ # Linking to non-existent file is not desirable. At best you will have a
+ # dangling link, but when building in tree, this can create a symbolic link
+ # to itself.
+ if (EXISTS ${target} AND NOT EXISTS ${link})
+ if (CMAKE_HOST_UNIX)
+ execute_process(COMMAND ln -s ${target} ${link}
+ RESULT_VARIABLE result
+ ERROR_VARIABLE output)
+
+ if (NOT ${result} EQUAL 0)
+ message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
+ endif()
+ else()
+ if (IS_DIRECTORY ${target})
+ file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
+ foreach(file IN LISTS files)
+ configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
+ endforeach(file)
+ else()
+ configure_file(${target} ${link} COPYONLY)
+ endif()
+ endif()
+ endif()
+endfunction(link_to_source)
+
+# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
+function(get_name_without_last_ext dest_var full_name)
+ # Split into a list on '.' (but a cmake list is just a ';'-separated string)
+ string(REPLACE "." ";" ext_parts "${full_name}")
+ # Remove the last item if there are more than one
+ list(LENGTH ext_parts ext_parts_len)
+ if (${ext_parts_len} GREATER "1")
+ math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
+ list(REMOVE_AT ext_parts ${ext_parts_last_item})
+ endif()
+ # Convert back to a string by replacing separators with '.'
+ string(REPLACE ";" "." no_ext_name "${ext_parts}")
+ # Copy into the desired variable
+ set(${dest_var} ${no_ext_name} PARENT_SCOPE)
+endfunction(get_name_without_last_ext)
+
+include(CheckCCompilerFlag)
+
+set(CMAKE_C_EXTENSIONS OFF)
+set(CMAKE_C_STANDARD 99)
+
+function(set_base_compile_options target)
+ if(CMAKE_COMPILER_IS_GNU)
+ set_gnu_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_CLANG)
+ set_clang_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_IAR)
+ set_iar_base_compile_options(${target})
+ elseif(CMAKE_COMPILER_IS_MSVC)
+ set_msvc_base_compile_options(${target})
+ endif()
+endfunction(set_base_compile_options)
+
+function(set_gnu_base_compile_options target)
+ # some warnings we want are not available with old GCC versions
+ # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
+ execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
+ OUTPUT_VARIABLE GCC_VERSION)
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes)
+ if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
+ target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral)
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
+ target_compile_options(${target} PRIVATE -Wvla)
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
+ target_compile_options(${target} PRIVATE -Wlogical-op)
+ endif()
+ if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
+ target_compile_options(${target} PRIVATE -Wshadow)
+ endif()
+ if (GCC_VERSION VERSION_GREATER 5.0)
+ CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
+ if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
+ target_compile_options(${target} PRIVATE -Wformat-signedness)
+ endif()
+ endif()
+ if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
+ target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation)
+ endif()
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
+ # Old GCC versions hit a performance problem with test_suite_pkwrite
+ # "Private keey write check EC" tests when building with Asan+UBSan
+ # and -O3: those tests take more than 100x time than normal, with
+ # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
+ # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
+ # GCC 7.5 and above on Ubuntu 18.04 appear fine.
+ # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0.
+ # It doesn't slow down much even with modern compiler versions.
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>)
+ if (GCC_VERSION VERSION_LESS 7.0)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O2>)
+ else()
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O3>)
+ endif()
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
+
+ if(TF_PSA_CRYPTO_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(TF_PSA_CRYPTO_FATAL_WARNINGS)
+endfunction(set_gnu_base_compile_options)
+
+function(set_clang_base_compile_options target)
+ target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSan>:-fsanitize=memory>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:MemSanDbg>:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
+ set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
+
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE -Werror)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_clang_base_compile_options)
+
+function(set_iar_base_compile_options target)
+ target_compile_options(${target} PRIVATE --warn_about_c_style_casts)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
+ target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
+
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE --warnings_are_errors)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_iar_base_compile_options)
+
+function(set_msvc_base_compile_options target)
+ # Strictest warnings, UTF-8 source and execution charset
+ target_compile_options(${target} PRIVATE /W3 /utf-8)
+
+ if(MBEDTLS_FATAL_WARNINGS)
+ target_compile_options(${target} PRIVATE /WX)
+ endif(MBEDTLS_FATAL_WARNINGS)
+endfunction(set_msvc_base_compile_options)
+
+function(set_config_files_compile_definitions target)
+ # Pass-through MBEDTLS_CONFIG_FILE, MBEDTLS_USER_CONFIG_FILE,
+ # TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
+ if(TF_PSA_CRYPTO_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}")
+ endif()
+ if(TF_PSA_CRYPTO_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}")
+ endif()
+endfunction(set_config_files_compile_definitions)
+
+if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
+ set(CMAKE_CXX_STANDARD 11)
+ set(CMAKE_CXX_STANDARD_REQUIRED ON)
+ set(CMAKE_CXX_EXTENSIONS OFF)
+ if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
+ set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic")
+ endif()
+endif()
+
+if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
+ message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
+endif()
+
+add_subdirectory(include)
+add_subdirectory(core)
+add_subdirectory(drivers)
+add_subdirectory(pkgconfig)
+
+#
+# The C files in tests/src directory contain test code shared among test suites
+# and programs. This shared test code is compiled and linked to test suites and
+# programs objects as a set of compiled objects. The compiled objects are NOT
+# built into a library that the test suite and program objects would link
+# against as they link against the tfpsacrypto library. The reason is that such
+# library is expected to have mutual dependencies with the aforementioned
+# library and that there is as of today no portable way of handling such
+# dependencies (only toolchain specific solutions).
+#
+# Thus the below definition of the `tf_psa_crypto_test` CMake library of
+# objects target. This library of objects is used by tests and programs CMake
+# files to define the test executables.
+#
+if(ENABLE_TESTING OR ENABLE_PROGRAMS)
+ file(GLOB MBEDTLS_TEST_FILES
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/src/*.c
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/src/drivers/*.c
+ ${MBEDTLS_DIR}/tests/src/*.c)
+ add_library(tf_psa_crypto_test OBJECT ${MBEDTLS_TEST_FILES})
+ set_base_compile_options(tf_psa_crypto_test)
+ if(GEN_FILES)
+ add_custom_command(
+ OUTPUT
+ ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h
+ WORKING_DIRECTORY
+ ${MBEDTLS_DIR}/tests
+ COMMAND
+ "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
+ "--output"
+ "${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h"
+ DEPENDS
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
+ )
+ add_custom_target(tf_psa_crypto_test_keys_header DEPENDS ${MBEDTLS_FRAMEWORK_DIR}/tests/src/test_keys.h)
+
+ add_custom_command(
+ OUTPUT
+ ${MBEDTLS_DIR}/tests/src/test_certs.h
+ WORKING_DIRECTORY
+ ${MBEDTLS_DIR}/tests
+ COMMAND
+ "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
+ "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
+ "--output"
+ "${MBEDTLS_DIR}/tests/src/test_certs.h"
+ DEPENDS
+ ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
+ )
+ add_custom_target(tf_psa_crypto_test_certs_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
+ add_dependencies(tf_psa_crypto_test tf_psa_crypto_test_keys_header tf_psa_crypto_test_certs_header)
+ endif()
+ target_include_directories(tf_psa_crypto_test
+ PRIVATE ${MBEDTLS_FRAMEWORK_DIR}/tests/include
+ PRIVATE ${MBEDTLS_DIR}/tests/include
+ PRIVATE ${MBEDTLS_DIR}/include
+ PRIVATE include
+ PRIVATE drivers/builtin/include
+ PRIVATE drivers/everest/include
+ PRIVATE core
+ PRIVATE drivers/builtin/src)
+ # Request C11, needed for memory poisoning tests
+ set_target_properties(tf_psa_crypto_test PROPERTIES C_STANDARD 11)
+ set_config_files_compile_definitions(tf_psa_crypto_test)
+endif()
+
+if(ENABLE_PROGRAMS)
+ add_subdirectory(programs)
+endif()
+
+if(ENABLE_TESTING)
+ enable_testing()
+
+ add_subdirectory(tests)
+
+ # additional convenience targets for Unix only
+ if(UNIX AND (NOT TF_PSA_CRYPTO_AS_SUBPROJECT))
+ # For coverage testing:
+ # 1. Build with:
+ # cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make
+ # 2. Run the relevant tests for the part of the code you're interested in.
+ # For the reference coverage measurement, see
+ # tests/scripts/basic-build-test.sh
+ # 3. Run scripts/lcov.sh to generate an HTML report.
+ ADD_CUSTOM_TARGET(lcov
+ COMMAND ${MBEDTLS_DIR}/scripts/lcov.sh
+ )
+
+ ADD_CUSTOM_TARGET(memcheck
+ COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
+ COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
+ COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
+ COMMAND rm -f memcheck.log
+ COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
+ )
+ endif()
+
+ # Make scripts needed for testing available in an out-of-source build.
+ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
+ link_to_source(scripts)
+ # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
+ # keep things simple with the sed commands in the memcheck target.
+ configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
+ ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
+ endif()
+endif()
+
+if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
+ configure_package_config_file(
+ "cmake/TF-PSA-CryptoConfig.cmake.in"
+ "cmake/TF-PSA-CryptoConfig.cmake"
+ INSTALL_DESTINATION "cmake")
+
+ write_basic_package_version_file(
+ "cmake/TF-PSA-CryptoConfigVersion.cmake"
+ COMPATIBILITY SameMajorVersion
+ VERSION 0.1.0)
+
+ install(
+ FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfig.cmake"
+ "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfigVersion.cmake"
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto")
+
+ export(
+ EXPORT TF-PSA-CryptoTargets
+ NAMESPACE TF-PSA-Crypto::
+ FILE "cmake/TF-PSA-CryptoTargets.cmake")
+
+ install(
+ EXPORT TF-PSA-CryptoTargets
+ NAMESPACE TF-PSA-Crypto::
+ DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto"
+ FILE "TF-PSA-CryptoTargets.cmake")
+
+ if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
+ # Do not export the package by default
+ cmake_policy(SET CMP0090 NEW)
+
+ # Make this package visible to the system
+ export(PACKAGE TF-PSA-Crypto)
+ endif()
+endif()
diff --git a/tf-psa-crypto/TF-PSA-Crypto.cmake b/tf-psa-crypto/TF-PSA-Crypto.cmake
deleted file mode 100644
index 13b7a45..0000000
--- a/tf-psa-crypto/TF-PSA-Crypto.cmake
+++ /dev/null
@@ -1,462 +0,0 @@
-include(CMakePackageConfigHelpers)
-include(GNUInstallDirs)
-
-# Determine if TF-PSA-Crypto is being built as a subproject using add_subdirectory()
-if(NOT DEFINED TF_PSA_CRYPTO_AS_SUBPROJECT)
- set(TF_PSA_CRYPTO_AS_SUBPROJECT ON)
- if(CMAKE_CURRENT_SOURCE_DIR STREQUAL CMAKE_SOURCE_DIR)
- set(TF_PSA_CRYPTO_AS_SUBPROJECT OFF)
- endif()
-endif()
-
-# Set the project, Mbed TLS and framework root directory.
-set(TF_PSA_CRYPTO_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/..)
-set(MBEDTLS_FRAMEWORK_DIR ${CMAKE_CURRENT_SOURCE_DIR}/../framework)
-
-# Put the version numbers into relevant files
-set(version_number_files
- doxygen/input/doc_mainpage.h
- doxygen/tfpsacrypto.doxyfile)
-foreach(file ${version_number_files})
- configure_file(${file}.in
- ${TF_PSA_CRYPTO_DIR}/${file})
-endforeach(file)
-
-ADD_CUSTOM_TARGET(${TF_PSA_CRYPTO_TARGET_PREFIX}apidoc
- COMMAND doxygen tfpsacrypto.doxyfile
- WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/doxygen)
-
-option(ENABLE_PROGRAMS "Build TF-PSA-Crypto programs." ON)
-
-option(TF_PSA_CRYPTO_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
-if(CMAKE_HOST_WIN32)
- # N.B. The comment on the next line is significant! If you change it,
- # edit the sed command in prepare_release.sh that modifies
- # CMakeLists.txt.
- option(GEN_FILES "Generate the auto-generated files as needed" OFF) # off in development
-else()
- option(GEN_FILES "Generate the auto-generated files as needed" ON)
-endif()
-
-# Support for package config and install to be added later.
-option(DISABLE_PACKAGE_CONFIG_AND_INSTALL "Disable package configuration, target export and installation" ${TF_PSA_CRYPTO_AS_SUBPROJECT})
-
-if (CMAKE_C_SIMULATE_ID)
- set(COMPILER_ID ${CMAKE_C_SIMULATE_ID})
-else()
- set(COMPILER_ID ${CMAKE_C_COMPILER_ID})
-endif(CMAKE_C_SIMULATE_ID)
-
-string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${COMPILER_ID}")
-string(REGEX MATCH "GNU" CMAKE_COMPILER_IS_GNU "${COMPILER_ID}")
-string(REGEX MATCH "IAR" CMAKE_COMPILER_IS_IAR "${COMPILER_ID}")
-string(REGEX MATCH "MSVC" CMAKE_COMPILER_IS_MSVC "${COMPILER_ID}")
-
-# the test suites currently have compile errors with MSVC
-if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build TF-PSA-Crypto tests." OFF)
-else()
- option(ENABLE_TESTING "Build TF-PSA-Crypto tests." ON)
-endif()
-
-option(USE_STATIC_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto static library." ON)
-option(USE_SHARED_TF_PSA_CRYPTO_LIBRARY "Build TF-PSA-Crypto shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
-
-set(mbedcrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}mbedcrypto")
-if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
- set(mbedcrypto_static_target ${mbedcrypto_target})
-endif()
-if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
- string(APPEND mbedcrypto_static_target "_static")
-endif()
-
-# Warning string - created as a list for compatibility with CMake 2.8
-set(CTR_DRBG_128_BIT_KEY_WARN_L1 "**** WARNING! MBEDTLS_CTR_DRBG_USE_128_BIT_KEY defined!\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L2 "**** Using 128-bit keys for CTR_DRBG limits the security of generated\n")
-set(CTR_DRBG_128_BIT_KEY_WARN_L3 "**** keys and operations that use random values generated to 128-bit security\n")
-
-set(CTR_DRBG_128_BIT_KEY_WARNING "${WARNING_BORDER}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L1}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L2}"
- "${CTR_DRBG_128_BIT_KEY_WARN_L3}"
- "${WARNING_BORDER}")
-
-# Python 3 is only needed here to check for configuration warnings.
-if(NOT CMAKE_VERSION VERSION_LESS 3.15.0)
- set(Python3_FIND_STRATEGY LOCATION)
- find_package(Python3 COMPONENTS Interpreter)
- if(Python3_Interpreter_FOUND)
- set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${Python3_EXECUTABLE})
- endif()
-else()
- find_package(PythonInterp 3)
- if(PYTHONINTERP_FOUND)
- set(TF_PSA_CRYPTO_PYTHON_EXECUTABLE ${PYTHON_EXECUTABLE})
- endif()
-endif()
-if(TF_PSA_CRYPTO_PYTHON_EXECUTABLE)
-
- # If 128-bit keys are configured for CTR_DRBG, display an appropriate warning
- execute_process(COMMAND ${TF_PSA_CRYPTO_PYTHON_EXECUTABLE} ${MBEDTLS_DIR}/scripts/config.py -f ${MBEDTLS_DIR}/include/mbedtls/mbedtls_config.h get MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
- RESULT_VARIABLE result)
- if(${result} EQUAL 0)
- message(WARNING ${CTR_DRBG_128_BIT_KEY_WARNING})
- endif()
-
-endif()
-
-# We now potentially need to link all executables against PThreads, if available
-set(CMAKE_THREAD_PREFER_PTHREAD TRUE)
-set(THREADS_PREFER_PTHREAD_FLAG TRUE)
-find_package(Threads)
-
-# If this is the root project add longer list of available CMAKE_BUILD_TYPE values
-if(NOT TF_PSA_CRYPTO_AS_SUBPROJECT)
- set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
- CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull TSan TSanDbg"
- FORCE)
-endif()
-
-# Make TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE into PATHs
-set(TF_PSA_CRYPTO_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto config file (overrides default).")
-set(TF_PSA_CRYPTO_USER_CONFIG_FILE "" CACHE FILEPATH "TF-PSA-Crypto user config file (appended to default).")
-
-# Create a symbolic link from ${base_name} in the binary directory
-# to the corresponding path in the source directory.
-# Note: Copies the file(s) on Windows.
-function(link_to_source base_name)
- set(link "${CMAKE_CURRENT_BINARY_DIR}/${base_name}")
- set(target "${CMAKE_CURRENT_SOURCE_DIR}/${base_name}")
-
- # Linking to non-existent file is not desirable. At best you will have a
- # dangling link, but when building in tree, this can create a symbolic link
- # to itself.
- if (EXISTS ${target} AND NOT EXISTS ${link})
- if (CMAKE_HOST_UNIX)
- execute_process(COMMAND ln -s ${target} ${link}
- RESULT_VARIABLE result
- ERROR_VARIABLE output)
-
- if (NOT ${result} EQUAL 0)
- message(FATAL_ERROR "Could not create symbolic link for: ${target} --> ${output}")
- endif()
- else()
- if (IS_DIRECTORY ${target})
- file(GLOB_RECURSE files FOLLOW_SYMLINKS LIST_DIRECTORIES false RELATIVE ${target} "${target}/*")
- foreach(file IN LISTS files)
- configure_file("${target}/${file}" "${link}/${file}" COPYONLY)
- endforeach(file)
- else()
- configure_file(${target} ${link} COPYONLY)
- endif()
- endif()
- endif()
-endfunction(link_to_source)
-
-# Get the filename without the final extension (i.e. convert "a.b.c" to "a.b")
-function(get_name_without_last_ext dest_var full_name)
- # Split into a list on '.' (but a cmake list is just a ';'-separated string)
- string(REPLACE "." ";" ext_parts "${full_name}")
- # Remove the last item if there are more than one
- list(LENGTH ext_parts ext_parts_len)
- if (${ext_parts_len} GREATER "1")
- math(EXPR ext_parts_last_item "${ext_parts_len} - 1")
- list(REMOVE_AT ext_parts ${ext_parts_last_item})
- endif()
- # Convert back to a string by replacing separators with '.'
- string(REPLACE ";" "." no_ext_name "${ext_parts}")
- # Copy into the desired variable
- set(${dest_var} ${no_ext_name} PARENT_SCOPE)
-endfunction(get_name_without_last_ext)
-
-include(CheckCCompilerFlag)
-
-set(CMAKE_C_EXTENSIONS OFF)
-set(CMAKE_C_STANDARD 99)
-
-function(set_base_compile_options target)
- if(CMAKE_COMPILER_IS_GNU)
- set_gnu_base_compile_options(${target})
- elseif(CMAKE_COMPILER_IS_CLANG)
- set_clang_base_compile_options(${target})
- elseif(CMAKE_COMPILER_IS_IAR)
- set_iar_base_compile_options(${target})
- elseif(CMAKE_COMPILER_IS_MSVC)
- set_msvc_base_compile_options(${target})
- endif()
-endfunction(set_base_compile_options)
-
-function(set_gnu_base_compile_options target)
- # some warnings we want are not available with old GCC versions
- # note: starting with CMake 2.8 we could use CMAKE_C_COMPILER_VERSION
- execute_process(COMMAND ${CMAKE_C_COMPILER} -dumpversion
- OUTPUT_VARIABLE GCC_VERSION)
- target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes)
- if (GCC_VERSION VERSION_GREATER 3.0 OR GCC_VERSION VERSION_EQUAL 3.0)
- target_compile_options(${target} PRIVATE -Wformat=2 -Wno-format-nonliteral)
- endif()
- if (GCC_VERSION VERSION_GREATER 4.3 OR GCC_VERSION VERSION_EQUAL 4.3)
- target_compile_options(${target} PRIVATE -Wvla)
- endif()
- if (GCC_VERSION VERSION_GREATER 4.5 OR GCC_VERSION VERSION_EQUAL 4.5)
- target_compile_options(${target} PRIVATE -Wlogical-op)
- endif()
- if (GCC_VERSION VERSION_GREATER 4.8 OR GCC_VERSION VERSION_EQUAL 4.8)
- target_compile_options(${target} PRIVATE -Wshadow)
- endif()
- if (GCC_VERSION VERSION_GREATER 5.0)
- CHECK_C_COMPILER_FLAG("-Wformat-signedness" C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
- if(C_COMPILER_SUPPORTS_WFORMAT_SIGNEDNESS)
- target_compile_options(${target} PRIVATE -Wformat-signedness)
- endif()
- endif()
- if (GCC_VERSION VERSION_GREATER 7.0 OR GCC_VERSION VERSION_EQUAL 7.0)
- target_compile_options(${target} PRIVATE -Wformat-overflow=2 -Wformat-truncation)
- endif()
- target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
- # Old GCC versions hit a performance problem with test_suite_pkwrite
- # "Private keey write check EC" tests when building with Asan+UBSan
- # and -O3: those tests take more than 100x time than normal, with
- # test_suite_pkwrite taking >3h on the CI. Observed with GCC 5.4 on
- # Ubuntu 16.04 x86_64 and GCC 6.5 on Ubuntu 18.04 x86_64.
- # GCC 7.5 and above on Ubuntu 18.04 appear fine.
- # To avoid the performance problem, we use -O2 when GCC version is lower than 7.0.
- # It doesn't slow down much even with modern compiler versions.
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all>)
- if (GCC_VERSION VERSION_LESS 7.0)
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O2>)
- else()
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-O3>)
- endif()
- set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
- target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
- target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
- target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:CheckFull>:-Os -Wcast-qual>)
-
- if(TF_PSA_CRYPTO_FATAL_WARNINGS)
- target_compile_options(${target} PRIVATE -Werror)
- endif(TF_PSA_CRYPTO_FATAL_WARNINGS)
-endfunction(set_gnu_base_compile_options)
-
-function(set_clang_base_compile_options target)
- target_compile_options(${target} PRIVATE -Wall -Wextra -Wwrite-strings -Wmissing-prototypes -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-O2>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:-O0 -g3>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Coverage>:-O0 -g3 --coverage>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_COVERAGE "--coverage")
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASan>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O3>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_ASAN "-fsanitize=address -fsanitize=undefined")
- target_compile_options(${target} PRIVATE $<$<CONFIG:ASanDbg>:-fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover=all -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_ASANDBG "-fsanitize=address -fsanitize=undefined")
- target_compile_options(${target} PRIVATE $<$<CONFIG:MemSan>:-fsanitize=memory>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSAN "-fsanitize=memory")
- target_compile_options(${target} PRIVATE $<$<CONFIG:MemSanDbg>:-fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_MEMSANDBG "-fsanitize=memory")
- target_compile_options(${target} PRIVATE $<$<CONFIG:TSan>:-fsanitize=thread -O3>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_TSAN "-fsanitize=thread")
- target_compile_options(${target} PRIVATE $<$<CONFIG:TSanDbg>:-fsanitize=thread -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls>)
- set_target_properties(${target} PROPERTIES LINK_FLAGS_TSANDBG "-fsanitize=thread")
- target_compile_options(${target} PRIVATE $<$<CONFIG:Check>:-Os>)
-
- if(MBEDTLS_FATAL_WARNINGS)
- target_compile_options(${target} PRIVATE -Werror)
- endif(MBEDTLS_FATAL_WARNINGS)
-endfunction(set_clang_base_compile_options)
-
-function(set_iar_base_compile_options target)
- target_compile_options(${target} PRIVATE --warn_about_c_style_casts)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Release>:-Ohz>)
- target_compile_options(${target} PRIVATE $<$<CONFIG:Debug>:--debug -On>)
-
- if(MBEDTLS_FATAL_WARNINGS)
- target_compile_options(${target} PRIVATE --warnings_are_errors)
- endif(MBEDTLS_FATAL_WARNINGS)
-endfunction(set_iar_base_compile_options)
-
-function(set_msvc_base_compile_options target)
- # Strictest warnings, UTF-8 source and execution charset
- target_compile_options(${target} PRIVATE /W3 /utf-8)
-
- if(MBEDTLS_FATAL_WARNINGS)
- target_compile_options(${target} PRIVATE /WX)
- endif(MBEDTLS_FATAL_WARNINGS)
-endfunction(set_msvc_base_compile_options)
-
-if(CMAKE_BUILD_TYPE STREQUAL "Check" AND TEST_CPP)
- set(CMAKE_CXX_STANDARD 11)
- set(CMAKE_CXX_STANDARD_REQUIRED ON)
- set(CMAKE_CXX_EXTENSIONS OFF)
- if(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
- set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -pedantic")
- endif()
-endif()
-
-if (NOT EXISTS "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt")
- message(FATAL_ERROR "${MBEDTLS_FRAMEWORK_DIR}/CMakeLists.txt not found. Run `git submodule update --init` from the source tree to fetch the submodule contents.")
-endif()
-
-add_subdirectory(include)
-add_subdirectory(core)
-add_subdirectory(drivers)
-add_subdirectory(pkgconfig)
-
-#
-# The C files in tests/src directory contain test code shared among test suites
-# and programs. This shared test code is compiled and linked to test suites and
-# programs objects as a set of compiled objects. The compiled objects are NOT
-# built into a library that the test suite and program objects would link
-# against as they link against the tfpsacrypto library. The reason is that such
-# library is expected to have mutual dependencies with the aforementioned
-# library and that there is as of today no portable way of handling such
-# dependencies (only toolchain specific solutions).
-#
-# Thus the below definition of the `mbedtls_test` CMake library of objects
-# target. This library of objects is used by tests and programs CMake files
-# to define the test executables.
-#
-if(ENABLE_TESTING OR ENABLE_PROGRAMS)
- file(GLOB MBEDTLS_TEST_FILES
- ${MBEDTLS_DIR}/tests/src/*.c
- ${MBEDTLS_DIR}/tests/src/drivers/*.c)
- add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
- set_base_compile_options(mbedtls_test)
- if(GEN_FILES)
- add_custom_command(
- OUTPUT
- ${MBEDTLS_DIR}/tests/src/test_keys.h
- WORKING_DIRECTORY
- ${MBEDTLS_DIR}/tests
- COMMAND
- "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py"
- "--output"
- "${MBEDTLS_DIR}/tests/src/test_keys.h"
- DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_keys.py
- )
- add_custom_target(test_keys_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_keys.h)
-
- add_custom_command(
- OUTPUT
- ${MBEDTLS_DIR}/tests/src/test_certs.h
- WORKING_DIRECTORY
- ${MBEDTLS_DIR}/tests
- COMMAND
- "${TF_PSA_CRYPTO_PYTHON_EXECUTABLE}"
- "${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py"
- "--output"
- "${MBEDTLS_DIR}/tests/src/test_certs.h"
- DEPENDS
- ${MBEDTLS_FRAMEWORK_DIR}/scripts/generate_test_cert_macros.py
- )
- add_custom_target(test_certs_header DEPENDS ${MBEDTLS_DIR}/tests/src/test_certs.h)
- add_dependencies(mbedtls_test test_keys_header test_certs_header)
- endif()
- target_include_directories(mbedtls_test
- PRIVATE ${MBEDTLS_DIR}/tests/include
- PRIVATE ${MBEDTLS_DIR}/include
- PRIVATE include
- PRIVATE drivers/builtin/include
- PRIVATE core
- PRIVATE drivers/builtin/src)
- # Request C11, needed for memory poisoning tests
- set_target_properties(mbedtls_test PROPERTIES C_STANDARD 11)
-
- # Pass-through TF_PSA_CRYPTO_CONFIG_FILE and TF_PSA_CRYPTO_USER_CONFIG_FILE
- if(TF_PSA_CRYPTO_CONFIG_FILE)
- target_compile_definitions(mbedtls_test
- PUBLIC TF_PSA_CRYPTO_CONFIG_FILE="${TF_PSA_CRYPTO_CONFIG_FILE}")
- endif()
- if(TF_PSA_CRYPTO_USER_CONFIG_FILE)
- target_compile_definitions(mbedtls_test
- PUBLIC TF_PSA_CRYPTO_USER_CONFIG_FILE="${TF_PSA_CRYPTO_USER_CONFIG_FILE}")
- endif()
-endif()
-
-if(ENABLE_PROGRAMS)
- add_subdirectory(programs)
-endif()
-
-if(ENABLE_TESTING)
- enable_testing()
-
- add_subdirectory(tests)
-
- # additional convenience targets for Unix only
- if(UNIX)
- # For coverage testing:
- # 1. Build with:
- # cmake -D CMAKE_BUILD_TYPE=Coverage /path/to/source && make
- # 2. Run the relevant tests for the part of the code you're interested in.
- # For the reference coverage measurement, see
- # tests/scripts/basic-build-test.sh
- # 3. Run scripts/lcov.sh to generate an HTML report.
- ADD_CUSTOM_TARGET(lcov
- COMMAND ${MBEDTLS_DIR}/scripts/lcov.sh
- )
-
- ADD_CUSTOM_TARGET(memcheck
- COMMAND sed -i.bak s+/usr/bin/valgrind+`which valgrind`+ DartConfiguration.tcl
- COMMAND ctest -O memcheck.log -D ExperimentalMemCheck
- COMMAND tail -n1 memcheck.log | grep 'Memory checking results:' > /dev/null
- COMMAND rm -f memcheck.log
- COMMAND mv DartConfiguration.tcl.bak DartConfiguration.tcl
- )
- endif(UNIX)
-
- # Make scripts needed for testing available in an out-of-source build.
- if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
- link_to_source(scripts)
- # Copy (don't link) DartConfiguration.tcl, needed for memcheck, to
- # keep things simple with the sed commands in the memcheck target.
- configure_file(${CMAKE_CURRENT_SOURCE_DIR}/DartConfiguration.tcl
- ${CMAKE_CURRENT_BINARY_DIR}/DartConfiguration.tcl COPYONLY)
- endif()
-endif()
-
-if(NOT DISABLE_PACKAGE_CONFIG_AND_INSTALL)
- configure_package_config_file(
- "cmake/TF-PSA-CryptoConfig.cmake.in"
- "cmake/TF-PSA-CryptoConfig.cmake"
- INSTALL_DESTINATION "cmake")
-
- write_basic_package_version_file(
- "cmake/TF-PSA-CryptoConfigVersion.cmake"
- COMPATIBILITY SameMajorVersion
- VERSION 0.1.0)
-
- install(
- FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfig.cmake"
- "${CMAKE_CURRENT_BINARY_DIR}/cmake/TF-PSA-CryptoConfigVersion.cmake"
- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto")
-
- export(
- EXPORT MbedTLSTargets
- NAMESPACE TF-PSA-Crypto::
- FILE "cmake/TF-PSA-CryptoTargets.cmake")
-
- install(
- EXPORT MbedTLSTargets
- NAMESPACE TF-PSA-Crypto::
- DESTINATION "${CMAKE_INSTALL_LIBDIR}/cmake/TF-PSA-Crypto"
- FILE "TF-PSA-CryptoTargets.cmake")
-
- if(CMAKE_VERSION VERSION_GREATER 3.15 OR CMAKE_VERSION VERSION_EQUAL 3.15)
- # Do not export the package by default
- cmake_policy(SET CMP0090 NEW)
-
- # Make this package visible to the system
- export(PACKAGE TF-PSA-Crypto)
- endif()
-endif()
diff --git a/tf-psa-crypto/core/CMakeLists.txt b/tf-psa-crypto/core/CMakeLists.txt
index 1264acf..3e4092c 100644
--- a/tf-psa-crypto/core/CMakeLists.txt
+++ b/tf-psa-crypto/core/CMakeLists.txt
@@ -68,66 +68,66 @@
message(FATAL_ERROR "Need to choose static or shared TF-PSA-Crypto build!")
endif(NOT USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND NOT USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
-set(mbedcrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}mbedcrypto")
+set(tfpsacrypto_target "${TF_PSA_CRYPTO_TARGET_PREFIX}tfpsacrypto")
set(builtin_target "${TF_PSA_CRYPTO_TARGET_PREFIX}builtin")
if (USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
- set(mbedcrypto_static_target ${mbedcrypto_target})
+ set(tfpsacrypto_static_target ${tfpsacrypto_target})
set(builtin_static_target ${builtin_target})
endif()
-set(target_libraries ${mbedcrypto_target})
+set(target_libraries ${tfpsacrypto_target})
if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY AND USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
- string(APPEND mbedcrypto_static_target "_static")
+ string(APPEND tfpsacrypto_static_target "_static")
string(APPEND builtin_static_target "_static")
list(APPEND target_libraries
- ${mbedcrypto_static_target})
+ ${tfpsacrypto_static_target})
endif()
set(p256m_target "${TF_PSA_CRYPTO_TARGET_PREFIX}p256m")
set(everest_target "${TF_PSA_CRYPTO_TARGET_PREFIX}everest")
if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
- add_library(${mbedcrypto_static_target} STATIC ${src_crypto})
- set_base_compile_options(${mbedcrypto_static_target})
- target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS})
- set_target_properties(${mbedcrypto_static_target} PROPERTIES OUTPUT_NAME mbedcrypto)
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${libs})
+ add_library(${tfpsacrypto_static_target} STATIC ${src_crypto})
+ set_base_compile_options(${tfpsacrypto_static_target})
+ target_compile_options(${tfpsacrypto_static_target} PRIVATE ${LIBS_C_FLAGS})
+ set_target_properties(${tfpsacrypto_static_target} PROPERTIES OUTPUT_NAME tfpsacrypto)
+ target_link_libraries(${tfpsacrypto_static_target} PUBLIC ${libs})
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${builtin_static_target})
+ target_link_libraries(${tfpsacrypto_static_target} PUBLIC ${builtin_static_target})
if(TARGET ${everest_target})
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${everest_target})
+ target_link_libraries(${tfpsacrypto_static_target} PUBLIC ${everest_target})
endif()
if(TARGET ${p256m_target})
- target_link_libraries(${mbedcrypto_static_target} PUBLIC ${p256m_target})
+ target_link_libraries(${tfpsacrypto_static_target} PUBLIC ${p256m_target})
endif()
endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
- add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_base_compile_options(${mbedcrypto_target})
- target_compile_options(${mbedcrypto_static_target} PRIVATE ${LIBS_C_FLAGS})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16)
- target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
+ add_library(${tfpsacrypto_target} SHARED ${src_crypto})
+ set_base_compile_options(${tfpsacrypto_target})
+ target_compile_options(${tfpsacrypto_target} PRIVATE ${LIBS_C_FLAGS})
+ set_target_properties(${tfpsacrypto_target} PROPERTIES VERSION 4.0.0 SOVERSION 16)
+ target_link_libraries(${tfpsacrypto_target} PUBLIC ${libs})
- target_link_libraries(${mbedcrypto_target} PUBLIC ${builtin_target})
+ target_link_libraries(${tfpsacrypto_target} PUBLIC ${builtin_target})
if(TARGET ${everest_target})
- target_link_libraries(${mbedcrypto_target} PUBLIC ${everest_target})
+ target_link_libraries(${tfpsacrypto_target} PUBLIC ${everest_target})
endif()
if(TARGET ${p256m_target})
- target_link_libraries(${mbedcrypto_target} PUBLIC ${p256m_target})
+ target_link_libraries(${tfpsacrypto_target} PUBLIC ${p256m_target})
endif()
endif(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
foreach(target IN LISTS target_libraries)
- add_library(MbedTLS::${target} ALIAS ${target}) # add_subdirectory support
+ add_library(TF-PSA-Crypto::${target} ALIAS ${target}) # add_subdirectory support
# Include public header files include/, drivers/builtin/include/ and
# ${MBEDTLS_DIR}/include/ as we still need it. Include private header files
# from core/ and drivers/builtin/src/.
@@ -140,15 +140,7 @@
${TF_PSA_CRYPTO_DIR}/drivers/builtin/src
# Needed to include psa_crypto_driver_wrappers.h
${CMAKE_CURRENT_BINARY_DIR})
- # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
- if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
- endif()
- if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
- endif()
+ set_config_files_compile_definitions(${target})
install(
TARGETS ${target}
EXPORT MbedTLSTargets
@@ -156,27 +148,11 @@
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ install(
+ TARGETS ${target}
+ EXPORT TF-PSA-CryptoTargets
+ ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endforeach(target)
-
-if(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
- add_custom_command(
- TARGET ${mbedcrypto_static_target}
- POST_BUILD
- COMMAND ${CMAKE_COMMAND}
- ARGS -E copy $<TARGET_FILE:${mbedcrypto_static_target}> ${CMAKE_BINARY_DIR}/library)
-endif(USE_STATIC_TF_PSA_CRYPTO_LIBRARY)
-
-if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
- add_custom_command(
- TARGET ${mbedcrypto_target}
- POST_BUILD
- COMMAND ${CMAKE_COMMAND}
- ARGS -E copy $<TARGET_FILE:${mbedcrypto_target}>
- ${CMAKE_BINARY_DIR}/library/$<TARGET_FILE_NAME:${mbedcrypto_target}>)
- add_custom_command(
- TARGET ${mbedcrypto_target}
- POST_BUILD
- COMMAND ${CMAKE_COMMAND}
- ARGS -E copy $<TARGET_LINKER_FILE:${mbedcrypto_target}>
- ${CMAKE_BINARY_DIR}/library/$<TARGET_LINKER_FILE_NAME:${mbedcrypto_target}>)
-endif(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
diff --git a/tf-psa-crypto/core/psa_crypto.c b/tf-psa-crypto/core/psa_crypto.c
index def74c3..db930fd 100644
--- a/tf-psa-crypto/core/psa_crypto.c
+++ b/tf-psa-crypto/core/psa_crypto.c
@@ -7776,7 +7776,7 @@
psa_key_type_t key_type;
if (!PSA_ALG_IS_RAW_KEY_AGREEMENT(alg)) {
- return PSA_ERROR_INVALID_ARGUMENT;
+ return PSA_ERROR_NOT_SUPPORTED;
}
key_type = psa_get_key_type(attributes);
@@ -8387,7 +8387,7 @@
psa_status_t psa_generate_key_iop_complete(
psa_generate_key_iop_t *operation,
- psa_key_id_t *key)
+ mbedtls_svc_key_id_t *key)
{
(void) operation;
(void) key;
diff --git a/tf-psa-crypto/drivers/builtin/CMakeLists.txt b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
index dd1a113..983e050 100644
--- a/tf-psa-crypto/drivers/builtin/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/builtin/CMakeLists.txt
@@ -69,7 +69,7 @@
if(USE_SHARED_TF_PSA_CRYPTO_LIBRARY)
add_library(${builtin_target} SHARED ${src_builtin})
set_base_compile_options(${builtin_target})
- target_compile_options(${builtin_static_target} PRIVATE ${LIBS_C_FLAGS})
+ target_compile_options(${builtin_target} PRIVATE ${LIBS_C_FLAGS})
target_link_libraries(${builtin_target} PUBLIC ${libs})
if(TARGET ${everest_target})
target_link_libraries(${builtin_target} PUBLIC ${everest_target})
@@ -87,19 +87,7 @@
$<BUILD_INTERFACE:${MBEDTLS_DIR}/include>
$<BUILD_INTERFACE:${TF_PSA_CRYPTO_DIR}/include>
PRIVATE ${TF_PSA_CRYPTO_DIR}/core)
-
- # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
- # This must be duplicated from library/CMakeLists.txt because
- # everest is not directly linked against any mbedtls targets
- # so does not inherit the compile definitions.
- if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
- endif()
- if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(${target}
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
- endif()
+ set_config_files_compile_definitions(${target})
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
@@ -113,7 +101,12 @@
endif(INSTALL_TF_PSA_CRYPTO_HEADERS)
install(TARGETS ${target}
- EXPORT MbedTLSTargets
- DESTINATION ${CMAKE_INSTALL_LIBDIR}
- PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+ EXPORT MbedTLSTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+ install(TARGETS ${target}
+ EXPORT TF-PSA-CryptoTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
endforeach(target)
diff --git a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
index d50d04e..b4df0e3 100644
--- a/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
+++ b/tf-psa-crypto/drivers/builtin/include/mbedtls/threading.h
@@ -30,7 +30,7 @@
pthread_mutex_t MBEDTLS_PRIVATE(mutex);
/* WARNING - state should only be accessed when holding the mutex lock in
- * tests/src/threading_helpers.c, otherwise corruption can occur.
+ * framework/tests/src/threading_helpers.c, otherwise corruption can occur.
* state will be 0 after a failed init or a free, and nonzero after a
* successful init. This field is for testing only and thus not considered
* part of the public API of Mbed TLS and may change without notice.*/
diff --git a/tf-psa-crypto/drivers/builtin/src/threading.c b/tf-psa-crypto/drivers/builtin/src/threading.c
index 85db243..fde7cea 100644
--- a/tf-psa-crypto/drivers/builtin/src/threading.c
+++ b/tf-psa-crypto/drivers/builtin/src/threading.c
@@ -61,7 +61,7 @@
* this here in a thread safe manner without a significant performance
* hit, so state transitions are checked in tests only via the state
* variable. Please make sure any new mutex that gets added is exercised in
- * tests; see tests/src/threading_helpers.c for more details. */
+ * tests; see framework/tests/src/threading_helpers.c for more details. */
(void) pthread_mutex_init(&mutex->mutex, NULL);
}
diff --git a/tf-psa-crypto/drivers/everest/CMakeLists.txt b/tf-psa-crypto/drivers/everest/CMakeLists.txt
index 5671200..8c7b7c1 100644
--- a/tf-psa-crypto/drivers/everest/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/everest/CMakeLists.txt
@@ -16,19 +16,7 @@
include/everest/kremlib
${MBEDTLS_DIR}/library
${TF_PSA_CRYPTO_DIR}/core)
-
-# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
-# This must be duplicated from library/CMakeLists.txt because
-# everest is not directly linked against any mbedtls targets
-# so does not inherit the compile definitions.
-if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(${everest_target}
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
-endif()
-if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(${everest_target}
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
-endif()
+set_config_files_compile_definitions(${everest_target})
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
@@ -44,3 +32,8 @@
EXPORT MbedTLSTargets
DESTINATION ${CMAKE_INSTALL_LIBDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+install(TARGETS ${everest_target}
+ EXPORT TF-PSA-CryptoTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
index ae44123..3e62627 100644
--- a/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
+++ b/tf-psa-crypto/drivers/p256-m/CMakeLists.txt
@@ -16,19 +16,7 @@
$<INSTALL_INTERFACE:include>
PRIVATE ${MBEDTLS_DIR}/library/
${TF_PSA_CRYPTO_DIR}/core)
-
-# Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
-# This must be duplicated from library/CMakeLists.txt because
-# p256m is not directly linked against any mbedtls targets
-# so does not inherit the compile definitions.
-if(MBEDTLS_CONFIG_FILE)
- target_compile_definitions(${p256m_target}
- PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
-endif()
-if(MBEDTLS_USER_CONFIG_FILE)
- target_compile_definitions(${p256m_target}
- PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
-endif()
+set_config_files_compile_definitions(${p256m_target})
if(INSTALL_TF_PSA_CRYPTO_HEADERS)
@@ -44,3 +32,8 @@
EXPORT MbedTLSTargets
DESTINATION ${CMAKE_INSTALL_LIBDIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
+
+install(TARGETS ${p256m_target}
+ EXPORT TF-PSA-CryptoTargets
+ DESTINATION ${CMAKE_INSTALL_LIBDIR}
+ PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/tf-psa-crypto/include/psa/crypto.h b/tf-psa-crypto/include/psa/crypto.h
index 26da1c2..c1ef041 100644
--- a/tf-psa-crypto/include/psa/crypto.h
+++ b/tf-psa-crypto/include/psa/crypto.h
@@ -5498,7 +5498,7 @@
*/
psa_status_t psa_generate_key_iop_complete(
psa_generate_key_iop_t *operation,
- psa_key_id_t *key);
+ mbedtls_svc_key_id_t *key);
/**
* \brief Abort a key generation operation.
diff --git a/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in b/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in
index 2d130ea..28b9716 100644
--- a/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in
+++ b/tf-psa-crypto/pkgconfig/tfpsacrypto.pc.in
@@ -7,4 +7,4 @@
URL: @PKGCONFIG_PROJECT_HOMEPAGE_URL@
Version: @PROJECT_VERSION@
Cflags: -I"${includedir}"
-Libs: -L"${libdir}" -lmbedcrypto -lbuiltin -leverest -lp256m
+Libs: -L"${libdir}" -ltfpsacrypto -lbuiltin -leverest -lp256m
diff --git a/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt b/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt
index 20b7322..3ca548f 100644
--- a/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt
+++ b/tf-psa-crypto/programs/test/cmake_package/CMakeLists.txt
@@ -32,4 +32,4 @@
#
add_executable(cmake_package cmake_package.c)
-target_link_libraries(cmake_package TF-PSA-Crypto::mbedcrypto)
+target_link_libraries(cmake_package TF-PSA-Crypto::tfpsacrypto)
diff --git a/tf-psa-crypto/programs/test/cmake_subproject/.gitignore b/tf-psa-crypto/programs/test/cmake_subproject/.gitignore
new file mode 100644
index 0000000..464833b
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_subproject/.gitignore
@@ -0,0 +1,3 @@
+build
+Makefile
+cmake_subproject
diff --git a/tf-psa-crypto/programs/test/cmake_subproject/CMakeLists.txt b/tf-psa-crypto/programs/test/cmake_subproject/CMakeLists.txt
new file mode 100644
index 0000000..d0c9aaf
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_subproject/CMakeLists.txt
@@ -0,0 +1,18 @@
+cmake_minimum_required(VERSION 3.5.1)
+
+# Test the target renaming support by adding a prefix to the targets built
+set(TF_PSA_CRYPTO_TARGET_PREFIX subproject_test_)
+
+# We use the parent TF-PSA-Crypto directory as the TF_PSA_CRYPTO_DIR for this
+# test. Other projects that use TF-PSA-Crypto as a subproject are likely to
+# add by their own relative paths.
+set(TF_PSA_CRYPTO_DIR ../../../)
+
+# Add TF-PSA-Crypto as a subdirectory.
+add_subdirectory(${TF_PSA_CRYPTO_DIR} build)
+
+# Link against all the TF-PSA-Crypto library. Verifies that the target has been
+# created using the specified prefix
+
+add_executable(cmake_subproject cmake_subproject.c)
+target_link_libraries(cmake_subproject subproject_test_tfpsacrypto ${CMAKE_THREAD_LIBS_INIT})
diff --git a/tf-psa-crypto/programs/test/cmake_subproject/cmake_subproject.c b/tf-psa-crypto/programs/test/cmake_subproject/cmake_subproject.c
new file mode 100644
index 0000000..d82f0ac
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_subproject/cmake_subproject.c
@@ -0,0 +1,19 @@
+/*
+ * Simple program to test that CMake builds with TF-PSA-Crypto as a
+ * subdirectory work correctly.
+ *
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+ */
+
+#include <psa/crypto.h>
+
+/* The main reason to build this is for testing the CMake build, so the program
+ * doesn't need to do very much. It calls a PSA cryptography API to ensure
+ * linkage works, but that is all. */
+int main()
+{
+ psa_crypto_init();
+
+ return 0;
+}
diff --git a/tf-psa-crypto/programs/test/cmake_subproject/framework/.gitignore b/tf-psa-crypto/programs/test/cmake_subproject/framework/.gitignore
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/tf-psa-crypto/programs/test/cmake_subproject/framework/.gitignore
diff --git a/tf-psa-crypto/tests/CMakeLists.txt b/tf-psa-crypto/tests/CMakeLists.txt
index 0793dbe..c5813a6 100644
--- a/tf-psa-crypto/tests/CMakeLists.txt
+++ b/tf-psa-crypto/tests/CMakeLists.txt
@@ -1,5 +1,5 @@
set(libs
- ${mbedcrypto_target}
+ ${tfpsacrypto_target}
${CMAKE_THREAD_LIBS_INIT}
)
@@ -287,13 +287,13 @@
${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function
${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function
${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function
- ${mbedcrypto_target}
+ ${tfpsacrypto_target}
BYPRODUCTS
test_suite_${data_name}.datax
)
add_executable(test_suite_${data_name} test_suite_${data_name}.c
- $<TARGET_OBJECTS:mbedtls_test>)
+ $<TARGET_OBJECTS:tf_psa_crypto_test>)
set_base_compile_options(test_suite_${data_name})
target_compile_options(test_suite_${data_name} PRIVATE ${TEST_C_FLAGS})
add_dependencies(test_suite_${data_name} ${dependency})
@@ -303,7 +303,7 @@
# files are automatically included because the library targets declare
# them as PUBLIC.
target_include_directories(test_suite_${data_name}
- PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../library
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../core
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../drivers/builtin/src)
diff --git a/tf-psa-crypto/tests/scripts/components-build-system.sh b/tf-psa-crypto/tests/scripts/components-build-system.sh
index 957e23a..5de9dc7 100644
--- a/tf-psa-crypto/tests/scripts/components-build-system.sh
+++ b/tf-psa-crypto/tests/scripts/components-build-system.sh
@@ -9,7 +9,7 @@
#### Build System Testing
################################################################
-component_test_cmake_tf_psa_crypto_out_of_source () {
+component_test_tf_psa_crypto_cmake_out_of_source () {
msg "build: cmake tf-psa-crypto 'out-of-source' build"
TF_PSA_CRYPTO_ROOT_DIR="$PWD"
mkdir "$OUT_OF_SOURCE_DIR"
@@ -22,3 +22,12 @@
cd "$TF_PSA_CRYPTO_ROOT_DIR"
rm -rf "$OUT_OF_SOURCE_DIR"
}
+
+component_test_tf_psa_crypto_cmake_as_subdirectory () {
+ msg "build: cmake 'as-subdirectory' build"
+ cd programs/test/cmake_subproject
+ # Note: Explicitly generate files as these are turned off in releases
+ cmake -D GEN_FILES=ON .
+ make
+ ./cmake_subproject
+}
diff --git a/tf-psa-crypto/tests/suites/test_suite_constant_time.function b/tf-psa-crypto/tests/suites/test_suite_constant_time.function
index ba84397..64c815f 100644
--- a/tf-psa-crypto/tests/suites/test_suite_constant_time.function
+++ b/tf-psa-crypto/tests/suites/test_suite_constant_time.function
@@ -4,7 +4,7 @@
* Functional testing of functions in the constant_time module.
*
* The tests are instrumented with #TEST_CF_SECRET and #TEST_CF_PUBLIC
- * (see tests/include/test/constant_flow.h) so that running the tests
+ * (see framework/tests/include/test/constant_flow.h) so that running the tests
* under MSan or Valgrind will detect a non-constant-time implementation.
*/
diff --git a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
index 9289869..d88b4fa 100644
--- a/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
+++ b/tf-psa-crypto/tests/suites/test_suite_psa_crypto_op_fail.function
@@ -364,6 +364,9 @@
size_t length = 0;
psa_key_derivation_operation_t operation = PSA_KEY_DERIVATION_OPERATION_INIT;
+ mbedtls_svc_key_id_t shared_secret_id = MBEDTLS_SVC_KEY_ID_INIT;
+ psa_key_attributes_t shared_secret_attributes = PSA_KEY_ATTRIBUTES_INIT;
+
PSA_INIT();
psa_set_key_type(&attributes, key_type);
@@ -385,6 +388,14 @@
public_key, public_key_length,
output, sizeof(output), &length));
+ psa_set_key_type(&shared_secret_attributes, PSA_KEY_TYPE_DERIVE);
+ psa_set_key_usage_flags(&shared_secret_attributes, PSA_KEY_USAGE_DERIVE | PSA_KEY_USAGE_EXPORT);
+
+ TEST_STATUS(expected_status, psa_key_agreement(key_id, public_key,
+ public_key_length, alg,
+ &shared_secret_attributes,
+ &shared_secret_id));
+
#if defined(PSA_WANT_ALG_HKDF) && defined(PSA_WANT_ALG_SHA_256)
PSA_ASSERT(psa_key_derivation_setup(&operation,
PSA_ALG_HKDF(PSA_ALG_SHA_256)));
@@ -403,6 +414,8 @@
psa_key_derivation_abort(&operation);
psa_destroy_key(key_id);
psa_reset_key_attributes(&attributes);
+ psa_destroy_key(shared_secret_id);
+ psa_reset_key_attributes(&shared_secret_attributes);
PSA_DONE();
}
/* END_CASE */