Merge pull request #9237 from valeriosetti/issue8968
PSA client-server: support in the unit test framework
diff --git a/Makefile b/Makefile
index 67ad0b7..74e328a 100644
--- a/Makefile
+++ b/Makefile
@@ -31,7 +31,10 @@
lib:
$(MAKE) -C library
-tests: lib mbedtls_test
+ifndef PSASIM
+tests: lib
+endif
+tests: mbedtls_test
$(MAKE) -C tests
mbedtls_test:
@@ -168,7 +171,10 @@
if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln
endif
-check: lib tests
+ifndef PSASIM
+check: lib
+endif
+check: tests
$(MAKE) -C tests check
test: check
diff --git a/scripts/common.make b/scripts/common.make
index ead1334..077ac6f 100644
--- a/scripts/common.make
+++ b/scripts/common.make
@@ -4,6 +4,8 @@
MBEDTLS_PATH := ..
endif
+PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim
+
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
@@ -26,19 +28,38 @@
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
+
+ifdef PSASIM
+LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
+ -L$(PSASIM_PATH)/client_libs \
+ -lpsaclient \
+ -lmbedtls$(SHARED_SUFFIX) \
+ -lmbedx509$(SHARED_SUFFIX) \
+ -lmbedcrypto$(SHARED_SUFFIX)
+else
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
+endif
include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
-ifndef SHARED
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a
+ifdef PSASIM
+MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \
+ $(PSASIM_PATH)/client_libs/libmbedx509.a \
+ $(PSASIM_PATH)/client_libs/libmbedtls.a \
+ $(PSASIM_PATH)/client_libs/libpsaclient.a
+else ifndef SHARED
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \
+ $(MBEDTLS_PATH)/library/libmbedx509.a \
+ $(MBEDTLS_PATH)/library/libmbedtls.a
else
-MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
+MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \
+ $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@@ -126,10 +147,17 @@
endif
# Auxiliary modules used by tests and some sample programs
-MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
+MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/drivers/*.c \
))
+# Ignore PSA stubs when building for the client side of PSASIM (i.e.
+# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates.
+ifdef PSASIM
+MBEDTLS_CORE_TEST_OBJS := $(filter-out \
+ ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
+ )
+endif
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \
diff --git a/tests/Makefile b/tests/Makefile
index 7ab4d9c..796d5fc 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -177,6 +177,7 @@
clean:
ifndef WINDOWS
+ $(MAKE) -C psa-client-server/psasim clean
rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h
rm -f src/test_keys.h src/test_certs.h
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 7306d8e..7393d81 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -11,7 +11,7 @@
#include "test/helpers.h"
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
@@ -38,12 +38,15 @@
mbedtls_psa_crypto_free(); \
} \
while (0)
-#else /*MBEDTLS_PSA_CRYPTO_C */
+#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
+#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
+#define PSA_DONE() mbedtls_psa_crypto_free();
+#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() ((void) 0)
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@@ -313,7 +316,7 @@
} \
while (0)
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** \def USE_PSA_INIT
*
diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile
index 02b639f..ec6691f 100644
--- a/tests/psa-client-server/psasim/Makefile
+++ b/tests/psa-client-server/psasim/Makefile
@@ -1,11 +1,11 @@
CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
ifeq ($(DEBUG),1)
-CFLAGS += -DDEBUG -O0 -g
+override CFLAGS += -DDEBUG -O0 -g
endif
-LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls
-LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto
+CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto
+SERVER_LIBS := -Lserver_libs -lmbedcrypto
MBEDTLS_ROOT_PATH = ../../..
COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \
@@ -16,13 +16,14 @@
include/psa_manifest/pid.h \
include/psa_manifest/sid.h
-PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \
- src/psa_sim_crypto_client.c \
- src/psa_sim_serialise.c
+LIBPSACLIENT_SRC = src/psa_ff_client.c \
+ src/psa_sim_crypto_client.c \
+ src/psa_sim_serialise.c
+LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o)
-PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c
+PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c
-PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \
+PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \
$(wildcard src/aut_*.c)
PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
@@ -32,21 +33,28 @@
src/psa_sim_crypto_server.c \
src/psa_sim_serialise.c
-.PHONY: all clean libpsaclient libpsaserver
+.PHONY: all clean client_libs server_libs
all:
test/seedfile:
dd if=/dev/urandom of=./test/seedfile bs=64 count=1
-test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES)
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
+src/%.o: src/%.c $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@
-test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES)
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
+client_libs/libpsaclient: $(LIBPSACLIENT_OBJS)
+ mkdir -p client_libs
+ $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS)
-test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile
- $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
+test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
+
+test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
+ $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@
$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
tools/psa_autogen.py src/manifest.json
@@ -56,17 +64,18 @@
#
# Note: these rules assume that mbedtls_config.h is already configured by all.sh.
# If not using all.sh then the user must do it manually.
-libpsaclient libpsaserver:
+client_libs: client_libs/libpsaclient
+client_libs server_libs:
$(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a
mkdir -p $@
cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/
- $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean
-clean:
- rm -f test/psa_client_base test/psa_client_full test/psa_partition
+clean_server_intermediate_files:
rm -f $(PARTITION_SERVER_BOOTSTRAP)
- rm -rf libpsaclient libpsaserver
rm -rf include/psa_manifest
- rm -f test/psa_service_* test/psa_notify_*
- rm -f test/*.log
+
+clean: clean_server_intermediate_files
+ rm -f test/psa_client_base test/psa_client_full test/psa_server
+ rm -rf client_libs server_libs
+ rm -f test/psa_service_* test/psa_notify_* test/*.log
rm -f test/seedfile
diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c
index 0446e7a..b429c0b 100644
--- a/tests/psa-client-server/psasim/src/aut_psa_hash.c
+++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c
@@ -89,6 +89,43 @@
mbedtls_printf("Multi-part hash operation successful!\n");
}
+ /* A bit of white-box testing: ensure that we can abort an operation more
+ * times than there are operation slots on the simulator server.
+ */
+ for (int i = 0; i < 200; i++) {
+ /* This should be a no-op */
+ status = psa_hash_abort(&hash_operation);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_abort failed\n");
+ goto cleanup;
+ }
+ }
+
+ /* Compute hash using multi-part operation using the same operation struct */
+ status = psa_hash_setup(&hash_operation, HASH_ALG);
+ if (status == PSA_ERROR_NOT_SUPPORTED) {
+ mbedtls_printf("unknown hash algorithm supplied\n");
+ goto cleanup;
+ } else if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_setup failed: %d\n", status);
+ goto cleanup;
+ }
+
+ status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_update failed\n");
+ goto cleanup;
+ }
+
+ /* Don't use psa_hash_finish() when going to check against an expected result */
+ status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len);
+ if (status != PSA_SUCCESS) {
+ mbedtls_printf("psa_hash_verify failed: %d\n", status);
+ goto cleanup;
+ } else {
+ mbedtls_printf("Second multi-part hash operation successful!\n");
+ }
+
/* Clear local variables prior to one-shot hash demo */
memset(hash, 0, sizeof(hash));
hash_length = 0;
diff --git a/tests/psa-client-server/psasim/test/kill_server.sh b/tests/psa-client-server/psasim/test/kill_server.sh
new file mode 100755
index 0000000..7aba5a3
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/kill_server.sh
@@ -0,0 +1,16 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+pkill psa_server || true
+
+# Remove temporary files and logs
+rm -f psa_notify_*
+rm -f psa_service_*
+rm -f psa_server.log
+
+# Remove all IPCs
+ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh
index 7c1011e..ac9c4c8 100755
--- a/tests/psa-client-server/psasim/test/run_test.sh
+++ b/tests/psa-client-server/psasim/test/run_test.sh
@@ -1,13 +1,13 @@
#!/bin/bash
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
# This is a simple bash script that tests psa_client/psa_server interaction.
# This script is automatically executed when "make run" is launched by the
# "psasim" root folder. The script can also be launched manually once
# binary files are built (i.e. after "make test" is executed from the "psasim"
# root folder).
-#
-# Copyright The Mbed TLS Contributors
-# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
@@ -16,26 +16,10 @@
CLIENT_BIN=$1
shift
-function clean_run() {
- rm -f psa_notify_*
- pkill psa_partition || true
- pkill psa_client || true
- ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
-}
+ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
-# The server creates some local files when it starts up so we can wait for this
-# event as signal that the server is ready so that we can start client(s).
-function wait_for_server_startup() {
- while [ ! -f ./psa_notify_* ]; do
- sleep 0.1
- done
-}
-
-clean_run
-
-./psa_partition &
-wait_for_server_startup
+./start_server.sh
./$CLIENT_BIN "$@"
# Kill server once client exited
-pkill psa_partition
+pkill psa_server
diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh
new file mode 100755
index 0000000..fcc8a97
--- /dev/null
+++ b/tests/psa-client-server/psasim/test/start_server.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+# Copyright The Mbed TLS Contributors
+# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
+
+set -e
+
+# The server creates some local files when it starts up so we can wait for this
+# event as signal that the server is ready so that we can start client(s).
+function wait_for_server_startup() {
+ while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do
+ sleep 0.1
+ done
+}
+
+$(dirname "$0")/kill_server.sh
+
+$(dirname "$0")/psa_server &
+wait_for_server_startup
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 3bff3a8..de74f97 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -217,6 +217,8 @@
# defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
+ PSASIM_PATH='tests/psa-client-server/psasim/'
+
# Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment
}
@@ -356,6 +358,24 @@
done
}
+# This is a helper function to be used in psasim builds. It is meant to clean
+# up the library's workspace after the server build and before the client
+# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
+# already copied to psasim folder at this point.
+helper_psasim_cleanup_before_client() {
+ # Clean up library files
+ make -C library clean
+ # Clean up intermediate files that were used to build the server
+ make -C $PSASIM_PATH clean_server_intermediate_files
+ # Restore files that were backup before building library files. This
+ # includes $CONFIG_H and $CRYPTO_CONFIG_H.
+ for x in $files_to_back_up; do
+ if [[ -e "$x$backup_suffix" ]]; then
+ cp -p "$x$backup_suffix" "$x"
+ fi
+ done
+}
+
# Final cleanup when this script exits (except when exiting on a failure
# in non-keep-going mode).
final_cleanup () {
@@ -948,11 +968,11 @@
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
}
-# $1: target which can be "client" or "server"
-helper_crypto_client_build() {
+# Set some default values $CONFIG_H in order to build server or client sides
+# in PSASIM. There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_config() {
TARGET=$1
- shift
- TARGET_LIB=libpsa$TARGET
if [ "$TARGET" == "client" ]; then
scripts/config.py full
@@ -976,8 +996,23 @@
# Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
fi
+}
- make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+# Helper to build the libraries for client/server in PSASIM. If the server is
+# being built, then it builds also the final executable.
+# There is only 1 mandatory parameter:
+# - $1: target which can be "client" or "server"
+helper_psasim_build() {
+ TARGET=$1
+ shift
+ TARGET_LIB=${TARGET}_libs
+
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
+
+ # Build also the server application after its libraries have been built.
+ if [ "$TARGET" == "server" ]; then
+ make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
+ fi
}
################################################################
@@ -1037,6 +1072,24 @@
echo "$loc_list"
}
+# Helper function for controlling (start & stop) the psasim server.
+helper_psasim_server() {
+ OPERATION=$1
+ if [ "$OPERATION" == "start" ]; then
+ (
+ cd tests
+ msg "start server"
+ psa-client-server/psasim/test/start_server.sh
+ )
+ else
+ (
+ cd tests
+ msg "terminate server and cleanup"
+ psa-client-server/psasim//test/kill_server.sh
+ )
+ fi
+}
+
################################################################
#### Basic checks
################################################################
@@ -1349,68 +1402,6 @@
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
-# Get a list of library-wise undefined symbols and ensure that they only
-# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
-# This function is a common helper used by both:
-# - component_test_default_psa_crypto_client_without_crypto_provider
-# - component_build_full_psa_crypto_client_without_crypto_provider.
-common_check_mbedtls_missing_symbols() {
- nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
- nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
- comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
- not grep mbedtls_ linking_errors.txt
-
- rm sym_def.txt sym_undef.txt linking_errors.txt
-}
-
-component_test_default_psa_crypto_client_without_crypto_provider () {
- msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
- scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
- scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
- scripts/config.py unset MBEDTLS_LMS_C
-
- make
-
- msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- common_check_mbedtls_missing_symbols
-
- msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
- make test
-}
-
-component_build_full_psa_crypto_client_without_crypto_provider () {
- msg "build: full config - PSA_CRYPTO_C"
-
- # Use full config which includes USE_PSA and CRYPTO_CLIENT.
- scripts/config.py full
-
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
- # Dynamic secure element support is a deprecated feature and it is not
- # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
- scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
-
- # Since there is no crypto provider in this build it is not possible to
- # build all the test executables and progrems due to missing PSA functions
- # at link time. Therefore we will just build libraries and we'll check
- # that symbols of interest are there.
- make lib
-
- msg "check missing symbols: full config - PSA_CRYPTO_C"
-
- common_check_mbedtls_missing_symbols
-
- # Ensure that desired functions are included into the build (extend the
- # following list as required).
- grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
- grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
- grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
-}
-
component_test_no_rsa_key_pair_generation() {
msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@@ -6029,20 +6020,16 @@
}
component_test_psasim() {
- msg "build library for server"
+ msg "build server library and application"
scripts/config.py crypto
- helper_crypto_client_build server
+ helper_psasim_config server
+ helper_psasim_build server
- msg "build server"
- make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition
-
- # cleanup() will restore some backed-up files which include $CONFIG_H and
- # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this
- # point.
- cleanup
+ helper_psasim_cleanup_before_client
msg "build library for client"
- helper_crypto_client_build client
+ helper_psasim_config client
+ helper_psasim_build client
msg "build basic psasim client"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
@@ -6057,6 +6044,38 @@
make -C tests/psa-client-server/psasim clean
}
+component_test_suite_with_psasim()
+{
+ msg "build server library and application"
+ helper_psasim_config server
+ # Modify server's library configuration here (if needed)
+ helper_psasim_build server
+
+ helper_psasim_cleanup_before_client
+
+ msg "build client library"
+ helper_psasim_config client
+ # PAKE functions are still unsupported from PSASIM
+ scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
+ scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+ helper_psasim_build client
+
+ msg "build test suites"
+ make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
+
+ helper_psasim_server start
+
+ # psasim takes an extremely long execution time on some test suites so we
+ # exclude them from the list.
+ SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
+ export SKIP_TEST_SUITES
+
+ msg "run test suites"
+ make PSASIM=1 test
+
+ helper_psasim_server kill
+}
+
################################################################
#### Termination
################################################################
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 937bd45..b223276 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -11,7 +11,7 @@
#include <test/macros.h>
#include <test/psa_exercise_key.h>
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <mbedtls/asn1.h>
#include <psa/crypto.h>
@@ -1332,4 +1332,4 @@
}
#endif /* MBEDTLS_PK_C */
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index 70e7bad..982be3c 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -59,7 +59,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -86,7 +86,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -98,7 +98,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -122,7 +122,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -134,7 +134,7 @@
mbedtls_ssl_config conf;
struct buffer_data buffer;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -158,7 +158,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@@ -211,7 +211,7 @@
struct buffer_data buffer;
mbedtls_mpi val;
- MD_PSA_INIT();
+ MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@@ -239,6 +239,6 @@
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
- MD_PSA_DONE();
+ MD_OR_USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function
index 293287a..c81501c 100644
--- a/tests/suites/test_suite_lmots.function
+++ b/tests/suites/test_suite_lmots.function
@@ -37,6 +37,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -48,6 +49,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -60,6 +62,7 @@
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -71,6 +74,7 @@
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -137,6 +142,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lmots_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -149,6 +155,8 @@
size_t exported_pub_key_size;
mbedtls_lmots_public_init(&ctx);
+ USE_PSA_INIT();
+
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -192,6 +200,7 @@
exit:
mbedtls_lmots_public_free(&ctx);
mbedtls_free(exported_pub_key);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -202,6 +211,7 @@
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -217,6 +227,7 @@
exit:
mbedtls_lmots_private_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -233,6 +244,7 @@
memset(sig, 0x7E, sizeof(sig));
mbedtls_lmots_private_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@@ -242,5 +254,6 @@
exit:
mbedtls_lmots_private_free(&ctx);
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function
index 7116f61..377efcd 100644
--- a/tests/suites/test_suite_lms.function
+++ b/tests/suites/test_suite_lms.function
@@ -17,6 +17,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -38,6 +39,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -50,6 +52,7 @@
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
+ USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@@ -71,6 +74,7 @@
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -83,6 +87,7 @@
unsigned char *tmp_sig = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@@ -139,6 +144,7 @@
exit:
mbedtls_free(tmp_sig);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -151,6 +157,7 @@
unsigned char *exported_pub_key = NULL;
mbedtls_lms_public_init(&ctx);
+ USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@@ -194,5 +201,6 @@
exit:
mbedtls_free(exported_pub_key);
mbedtls_lms_public_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 2bc3848..6911265 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -95,11 +95,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
@@ -147,15 +147,15 @@
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
@@ -195,11 +195,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
@@ -235,11 +235,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
@@ -283,11 +283,11 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
@@ -295,7 +295,7 @@
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 38c27e3..5f42677 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -45,7 +45,7 @@
#define MBEDTLS_TEST_PK_PSA_SIGN
#endif
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
/* Pick an elliptic curve that's supported by PSA. Note that the curve is
* not guaranteed to be supported by the ECP module.
*
@@ -153,7 +153,7 @@
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
#endif
-#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
/* Always define the macros so that we can use them in test data. */
#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY)
@@ -220,7 +220,7 @@
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
psa_key_type_t type, psa_key_usage_t usage,
psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
@@ -239,7 +239,7 @@
return status;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** Setup the provided PK context.
*
@@ -305,7 +305,7 @@
return ret;
}
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/** Create a PSA key of the desired type and properties.
*
* - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
@@ -465,7 +465,7 @@
exit:
return ok;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -499,7 +499,7 @@
FROM_PAIR = 1
} from_pair_t;
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
{
@@ -567,9 +567,9 @@
exit:
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Create a new PSA key which will contain only the public part of the private
* key which is provided in input. For this new key:
* - Type is the public counterpart of the private key.
@@ -636,7 +636,7 @@
psa_reset_key_attributes(&new_attr);
return new_key_id;
}
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -1753,7 +1753,7 @@
TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
PSA_KEY_USAGE_ENCRYPT,
@@ -1762,7 +1762,7 @@
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id),
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Test signature */
#if SIZE_MAX > UINT_MAX
@@ -2107,7 +2107,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes(int pk_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2155,7 +2155,11 @@
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+#else /* MBEDTLS_PSA_CRYPTO_C */
+ TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0);
if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) {
@@ -2170,7 +2174,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@@ -2218,7 +2222,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes_fail(int pk_type, int from_pair,
int usage_arg,
int expected_ret)
@@ -2244,7 +2248,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void pk_import_into_psa_lifetime(int from_opaque,
int from_persistent, /* when from opaque */
int from_exportable, /* when from opaque */
@@ -2395,7 +2399,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_import_into_psa_fail(int pk_type, int from_pair,
int type_arg, int bits_arg,
int expected_ret)
@@ -2490,7 +2494,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_from_psa_fail(void)
{
mbedtls_pk_context pk_ctx;
@@ -2535,7 +2539,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
void pk_copy_from_psa_builtin_fail()
{
mbedtls_pk_context pk_ctx;
@@ -2558,7 +2562,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
int key_alg_arg)
{
@@ -2645,7 +2649,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg)
{
psa_key_type_t key_type = key_type_arg;
diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function
index c933cb7..bc7adb4 100644
--- a/tests/suites/test_suite_psa_crypto_attributes.function
+++ b/tests/suites/test_suite_psa_crypto_attributes.function
@@ -20,6 +20,8 @@
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
+ USE_PSA_INIT();
+
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
@@ -56,6 +58,8 @@
TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
TEST_EQUAL(psa_get_key_type(&attributes), 0);
TEST_EQUAL(psa_get_key_bits(&attributes), 0);
+
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index 20167fd..c7c72f4 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
* END_DEPENDENCIES
*/
@@ -35,7 +35,7 @@
}
/* END_CASE */
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */
void hmac(int alg_arg, char *input, data_t *expected_mac)
{
psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index c96b4ad..b4d3451 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -561,11 +561,11 @@
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 840af7d..8125e58 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -3297,7 +3297,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };