From b78b300b2e10ac73cdaad7c95bd8ba4218852e57 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 29 Oct 2018 15:15:41 +0000 Subject: [PATCH 1/5] tests: Test crypto via the crypto submodule Test the crypto implementation via tests from the Mbed Crypto submodule instead of at the Mbed TLS top level. The version test is the only test that is tested from both TLS and Crypto, despite being entirely in libmbedcrypto. This is because the test data is code-gen'd from the version updating script and the version between Mbed TLS and Mbed Crypto don't necessarily always agree. The test data must come from the top level module, as only the top level module will have test data that matches the expected version. --- CMakeLists.txt | 3 + Makefile | 6 ++ tests/CMakeLists.txt | 136 ++++++++++++++++++++++--------------------- tests/Makefile | 72 +++++++++++++++++++++++ 4 files changed, 150 insertions(+), 67 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 19ab4eb5fd..ecfa40e03c 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -195,6 +195,9 @@ if(ENABLE_TESTING) enable_testing() add_subdirectory(tests) + if(USE_CRYPTO_SUBMODULE) + add_subdirectory(crypto/tests) + endif() # additional convenience targets for Unix only if(UNIX) diff --git a/Makefile b/Makefile index 87b5a0c0f1..a5b8b610e6 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,9 @@ lib: tests: lib $(MAKE) -C tests +ifdef USE_CRYPTO_SUBMODULE + $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests +endif ifndef WINDOWS install: no_test @@ -103,6 +106,9 @@ endif check: lib tests $(MAKE) -C tests check +ifdef USE_CRYPTO_SUBMODULE + $(MAKE) CRYPTO_INCLUDES:="-I../../include -I../include" -C crypto/tests check +endif test: check diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index a8e7523e50..ee8ff7909c 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -60,76 +60,78 @@ if(MSVC) set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX-") endif(MSVC) -add_test_suite(aes aes.ecb) -add_test_suite(aes aes.cbc) -add_test_suite(aes aes.cfb) -add_test_suite(aes aes.ofb) -add_test_suite(aes aes.rest) -add_test_suite(aes aes.xts) -add_test_suite(arc4) -add_test_suite(aria) -add_test_suite(asn1write) -add_test_suite(base64) -add_test_suite(blowfish) -add_test_suite(camellia) -add_test_suite(ccm) -add_test_suite(chacha20) -add_test_suite(chachapoly) -add_test_suite(cipher cipher.aes) -add_test_suite(cipher cipher.arc4) -add_test_suite(cipher cipher.blowfish) -add_test_suite(cipher cipher.camellia) -add_test_suite(cipher cipher.ccm) -add_test_suite(cipher cipher.chacha20) -add_test_suite(cipher cipher.chachapoly) -add_test_suite(cipher cipher.des) -add_test_suite(cipher cipher.gcm) -add_test_suite(cipher cipher.misc) -add_test_suite(cipher cipher.null) -add_test_suite(cipher cipher.padding) -add_test_suite(cmac) -add_test_suite(ctr_drbg) +if(NOT USE_CRYPTO_SUBMODULE) + add_test_suite(aes aes.ecb) + add_test_suite(aes aes.cbc) + add_test_suite(aes aes.cfb) + add_test_suite(aes aes.ofb) + add_test_suite(aes aes.rest) + add_test_suite(aes aes.xts) + add_test_suite(arc4) + add_test_suite(aria) + add_test_suite(asn1write) + add_test_suite(base64) + add_test_suite(blowfish) + add_test_suite(camellia) + add_test_suite(ccm) + add_test_suite(chacha20) + add_test_suite(chachapoly) + add_test_suite(cipher cipher.aes) + add_test_suite(cipher cipher.arc4) + add_test_suite(cipher cipher.blowfish) + add_test_suite(cipher cipher.camellia) + add_test_suite(cipher cipher.ccm) + add_test_suite(cipher cipher.chacha20) + add_test_suite(cipher cipher.chachapoly) + add_test_suite(cipher cipher.des) + add_test_suite(cipher cipher.gcm) + add_test_suite(cipher cipher.misc) + add_test_suite(cipher cipher.null) + add_test_suite(cipher cipher.padding) + add_test_suite(cmac) + add_test_suite(ctr_drbg) + add_test_suite(des) + add_test_suite(dhm) + add_test_suite(ecdh) + add_test_suite(ecdsa) + add_test_suite(ecjpake) + add_test_suite(ecp) + add_test_suite(entropy) + add_test_suite(error) + add_test_suite(gcm gcm.aes128_en) + add_test_suite(gcm gcm.aes192_en) + add_test_suite(gcm gcm.aes256_en) + add_test_suite(gcm gcm.aes128_de) + add_test_suite(gcm gcm.aes192_de) + add_test_suite(gcm gcm.aes256_de) + add_test_suite(gcm gcm.camellia) + add_test_suite(gcm gcm.misc) + add_test_suite(hkdf) + add_test_suite(hmac_drbg hmac_drbg.misc) + add_test_suite(hmac_drbg hmac_drbg.no_reseed) + add_test_suite(hmac_drbg hmac_drbg.nopr) + add_test_suite(hmac_drbg hmac_drbg.pr) + add_test_suite(md) + add_test_suite(mdx) + add_test_suite(memory_buffer_alloc) + add_test_suite(mpi) + add_test_suite(nist_kw) + add_test_suite(pem) + add_test_suite(pkcs1_v15) + add_test_suite(pkcs1_v21) + add_test_suite(pkcs5) + add_test_suite(pk) + add_test_suite(pkparse) + add_test_suite(pkwrite) + add_test_suite(poly1305) + add_test_suite(shax) + add_test_suite(timing) + add_test_suite(rsa) + add_test_suite(xtea) +endif() add_test_suite(debug) -add_test_suite(des) -add_test_suite(dhm) -add_test_suite(ecdh) -add_test_suite(ecdsa) -add_test_suite(ecjpake) -add_test_suite(ecp) -add_test_suite(entropy) -add_test_suite(error) -add_test_suite(gcm gcm.aes128_en) -add_test_suite(gcm gcm.aes192_en) -add_test_suite(gcm gcm.aes256_en) -add_test_suite(gcm gcm.aes128_de) -add_test_suite(gcm gcm.aes192_de) -add_test_suite(gcm gcm.aes256_de) -add_test_suite(gcm gcm.camellia) -add_test_suite(gcm gcm.misc) -add_test_suite(hkdf) -add_test_suite(hmac_drbg hmac_drbg.misc) -add_test_suite(hmac_drbg hmac_drbg.no_reseed) -add_test_suite(hmac_drbg hmac_drbg.nopr) -add_test_suite(hmac_drbg hmac_drbg.pr) -add_test_suite(md) -add_test_suite(mdx) -add_test_suite(memory_buffer_alloc) -add_test_suite(mpi) -add_test_suite(nist_kw) -add_test_suite(pem) -add_test_suite(pkcs1_v15) -add_test_suite(pkcs1_v21) -add_test_suite(pkcs5) -add_test_suite(pk) -add_test_suite(pkparse) -add_test_suite(pkwrite) -add_test_suite(poly1305) -add_test_suite(shax) add_test_suite(ssl) -add_test_suite(timing) -add_test_suite(rsa) add_test_suite(version) -add_test_suite(xtea) add_test_suite(x509parse) add_test_suite(x509write) diff --git a/tests/Makefile b/tests/Makefile index 598bed6bda..72c734324e 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -66,6 +66,78 @@ endif # constructed by stripping path 'suites/' and extension .data. APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data))) +ifdef USE_CRYPTO_SUBMODULE +APPS := $(filter-out \ + test_suite_aes.cbc \ + test_suite_aes.cfb \ + test_suite_aes.ecb \ + test_suite_aes.ofb \ + test_suite_aes.rest \ + test_suite_aes.xts \ + test_suite_arc4 \ + test_suite_aria \ + test_suite_asn1write \ + test_suite_base64 \ + test_suite_blowfish \ + test_suite_camellia \ + test_suite_ccm \ + test_suite_chacha20 \ + test_suite_chachapoly \ + test_suite_cipher.aes \ + test_suite_cipher.arc4 \ + test_suite_cipher.blowfish \ + test_suite_cipher.camellia \ + test_suite_cipher.ccm \ + test_suite_cipher.chacha20 \ + test_suite_cipher.chachapoly \ + test_suite_cipher.des \ + test_suite_cipher.gcm \ + test_suite_cipher.misc \ + test_suite_cipher.null \ + test_suite_cipher.padding \ + test_suite_cmac \ + test_suite_ctr_drbg \ + test_suite_des \ + test_suite_dhm \ + test_suite_ecdh \ + test_suite_ecdsa \ + test_suite_ecjpake \ + test_suite_ecp \ + test_suite_entropy \ + test_suite_error \ + test_suite_gcm.aes128_de \ + test_suite_gcm.aes128_en \ + test_suite_gcm.aes192_de \ + test_suite_gcm.aes192_en \ + test_suite_gcm.aes256_de \ + test_suite_gcm.aes256_en \ + test_suite_gcm.camellia \ + test_suite_gcm.misc \ + test_suite_hkdf \ + test_suite_hmac_drbg.misc \ + test_suite_hmac_drbg.nopr \ + test_suite_hmac_drbg.no_reseed \ + test_suite_hmac_drbg.pr \ + test_suite_md \ + test_suite_mdx \ + test_suite_memory_buffer_alloc \ + test_suite_mpi \ + test_suite_nist_kw \ + test_suite_pem \ + test_suite_pk \ + test_suite_pkcs1_v15 \ + test_suite_pkcs1_v21 \ + test_suite_pkcs5 \ + test_suite_pkparse \ + test_suite_pkwrite \ + test_suite_poly1305 \ + test_suite_rsa \ + test_suite_shax \ + test_suite_timing \ + test_suite_xtea \ + ,$(APPS)) +endif + # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From c9391b02d5a2cff7c2e89742643454a6e695fe76 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 13 Mar 2019 11:37:06 +0000 Subject: [PATCH 2/5] Update crypto submodule to Mbed Crypto development Update the crypto submodule to the top of the Mbed Crypto development branch. This brings in a version of Mbed Crypto compatible with being tested using its tests (as it avoids adding duplicate and conflicting CMake jobs). --- crypto | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/crypto b/crypto index a78c958b17..a52c0593cc 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit a78c958b17d75ddf63d8dd17255b6379dcbf259f +Subproject commit a52c0593cceb54113d7cd9937b042fd395f55991 From 2184ef63ab66f842322c10205c0141918d6a4c83 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Wed, 13 Mar 2019 14:50:00 +0000 Subject: [PATCH 3/5] tests: Use globbing in test suite exclusion list Use e.g. test_suite_aes.% instead of listing out subsuites. This makes is less of a pain to add new subsuites. --- tests/Makefile | 34 ++++------------------------------ 1 file changed, 4 insertions(+), 30 deletions(-) diff --git a/tests/Makefile b/tests/Makefile index 72c734324e..e2fbff7a55 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -68,12 +68,7 @@ APPS = $(basename $(subst suites/,,$(wildcard suites/test_suite_*.data))) ifdef USE_CRYPTO_SUBMODULE APPS := $(filter-out \ - test_suite_aes.cbc \ - test_suite_aes.cfb \ - test_suite_aes.ecb \ - test_suite_aes.ofb \ - test_suite_aes.rest \ - test_suite_aes.xts \ + test_suite_aes.% \ test_suite_arc4 \ test_suite_aria \ test_suite_asn1write \ @@ -83,18 +78,7 @@ APPS := $(filter-out \ test_suite_ccm \ test_suite_chacha20 \ test_suite_chachapoly \ - test_suite_cipher.aes \ - test_suite_cipher.arc4 \ - test_suite_cipher.blowfish \ - test_suite_cipher.camellia \ - test_suite_cipher.ccm \ - test_suite_cipher.chacha20 \ - test_suite_cipher.chachapoly \ - test_suite_cipher.des \ - test_suite_cipher.gcm \ - test_suite_cipher.misc \ - test_suite_cipher.null \ - test_suite_cipher.padding \ + test_suite_cipher.% \ test_suite_cmac \ test_suite_ctr_drbg \ test_suite_des \ @@ -105,19 +89,9 @@ APPS := $(filter-out \ test_suite_ecp \ test_suite_entropy \ test_suite_error \ - test_suite_gcm.aes128_de \ - test_suite_gcm.aes128_en \ - test_suite_gcm.aes192_de \ - test_suite_gcm.aes192_en \ - test_suite_gcm.aes256_de \ - test_suite_gcm.aes256_en \ - test_suite_gcm.camellia \ - test_suite_gcm.misc \ + test_suite_gcm.% \ test_suite_hkdf \ - test_suite_hmac_drbg.misc \ - test_suite_hmac_drbg.nopr \ - test_suite_hmac_drbg.no_reseed \ - test_suite_hmac_drbg.pr \ + test_suite_hmac_drbg.% \ test_suite_md \ test_suite_mdx \ test_suite_memory_buffer_alloc \ From 57f4d9e4fe31340880e39a383ed44f30dc6cde19 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Fri, 15 Mar 2019 16:14:19 +0000 Subject: [PATCH 4/5] Update crypto submodule to test with private headers Update the crypto submodule to the top of the Mbed Crypto development branch. This brings in a version of Mbed Crypto that enables building Mbed Crypto tests that depend on private headers, like 'psa_crypto_invasive.h'. This also requires updating our config.h to include new configuration options added to Mbed Crypto. MBEDTLS_PSA_ITS_FILE_C replaces MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C and MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C. MBEDTLS_PSA_INJECT_ENTROPY replaces MBEDTLS_PSA_HAS_ITS_IO. --- crypto | 2 +- include/mbedtls/check_config.h | 27 ++++++++++---------- include/mbedtls/config.h | 45 +++++++++++++--------------------- library/version_features.c | 15 +++++------- programs/ssl/query_config.c | 24 ++++++------------ scripts/config.pl | 10 +++----- 6 files changed, 49 insertions(+), 74 deletions(-) diff --git a/crypto b/crypto index a52c0593cc..82b3b83d54 160000 --- a/crypto +++ b/crypto @@ -1 +1 @@ -Subproject commit a52c0593cceb54113d7cd9937b042fd395f55991 +Subproject commit 82b3b83d540ec9611277ca3e9b645b335f80846a diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 962d3db87e..c1450dbdaa 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -525,26 +525,25 @@ #error "MBEDTLS_PSA_CRYPTO_SPM defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) -#error "Only one of MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C can be defined" -#endif - #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ - !( defined(MBEDTLS_PSA_CRYPTO_C) && \ - ( defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) || \ - defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) ) ) + ! defined(MBEDTLS_PSA_CRYPTO_C) #error "MBEDTLS_PSA_CRYPTO_STORAGE_C defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) && \ - !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ - defined(MBEDTLS_FS_IO) ) -#error "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C defined, but not all prerequisites" +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ + !( defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) && \ + defined(MBEDTLS_ENTROPY_NV_SEED) ) +#error "MBEDTLS_PSA_INJECT_ENTROPY defined, but not all prerequisites" #endif -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) && \ - ! defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) -#error "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C defined, but not all prerequisites" +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) && \ + !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) +#error "MBEDTLS_PSA_INJECT_ENTROPY is not compatible with actual entropy sources" +#endif + +#if defined(MBEDTLS_PSA_ITS_FILE_C) && \ + !defined(MBEDTLS_FS_IO) +#error "MBEDTLS_PSA_ITS_FILE_C defined, but not all prerequisites" #endif #if defined(MBEDTLS_RSA_C) && ( !defined(MBEDTLS_BIGNUM_C) || \ diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 3a2fed5289..31a305923e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1237,14 +1237,17 @@ //#define MBEDTLS_PSA_CRYPTO_SPM /** - * \def MBEDTLS_PSA_HAS_ITS_IO + * \def MBEDTLS_PSA_INJECT_ENTROPY * - * Enable the non-volatile secure storage usage. + * Enable support for entropy injection at first boot. This feature is + * required on systems that do not have a built-in entropy source (TRNG). + * This feature is currently not supported on systems that have a built-in + * entropy source. * - * This is crucial on systems that do not have a HW TRNG support. + * Requires: MBEDTLS_PSA_CRYPTO_STORAGE_C, MBEDTLS_ENTROPY_NV_SEED * */ -//#define MBEDTLS_PSA_HAS_ITS_IO +//#define MBEDTLS_PSA_INJECT_ENTROPY /** * \def MBEDTLS_RSA_NO_CRT @@ -2741,40 +2744,26 @@ * * Enable the Platform Security Architecture persistent key storage. * - * Module: library/psa_crypto_storage.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C and one of either - * MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C or MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - * (but not both) + * Module: crypto/library/psa_crypto_storage.c * + * Requires: MBEDTLS_PSA_CRYPTO_C, + * either MBEDTLS_PSA_ITS_FILE_C or a native implementation of + * the PSA ITS interface */ //#define MBEDTLS_PSA_CRYPTO_STORAGE_C /** - * \def MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C + * \def MBEDTLS_PSA_ITS_FILE_C * - * Enable persistent key storage over files for the - * Platform Security Architecture cryptography API. + * Enable the emulation of the Platform Security Architecture + * Internal Trusted Storage (PSA ITS) over files. * - * Module: library/psa_crypto_storage_file.c + * Module: crypto/library/psa_its_file.c * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_FS_IO + * Requires: MBEDTLS_FS_IO * */ -//#define MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C - -/** - * \def MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C - * - * Enable persistent key storage over PSA ITS for the - * Platform Security Architecture cryptography API. - * - * Module: library/psa_crypto_storage_its.c - * - * Requires: MBEDTLS_PSA_CRYPTO_C, MBEDTLS_PSA_HAS_ITS_IO - * - */ -//#define MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C +//#define MBEDTLS_PSA_ITS_FILE_C /** * \def MBEDTLS_RIPEMD160_C diff --git a/library/version_features.c b/library/version_features.c index 161788ca76..1be0e0fc9f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -429,9 +429,9 @@ static const char *features[] = { #if defined(MBEDTLS_PSA_CRYPTO_SPM) "MBEDTLS_PSA_CRYPTO_SPM", #endif /* MBEDTLS_PSA_CRYPTO_SPM */ -#if defined(MBEDTLS_PSA_HAS_ITS_IO) - "MBEDTLS_PSA_HAS_ITS_IO", -#endif /* MBEDTLS_PSA_HAS_ITS_IO */ +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) + "MBEDTLS_PSA_INJECT_ENTROPY", +#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ #if defined(MBEDTLS_RSA_NO_CRT) "MBEDTLS_RSA_NO_CRT", #endif /* MBEDTLS_RSA_NO_CRT */ @@ -708,12 +708,9 @@ static const char *features[] = { #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) "MBEDTLS_PSA_CRYPTO_STORAGE_C", #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) - "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C", -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */ -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) - "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C", -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */ +#if defined(MBEDTLS_PSA_ITS_FILE_C) + "MBEDTLS_PSA_ITS_FILE_C", +#endif /* MBEDTLS_PSA_ITS_FILE_C */ #if defined(MBEDTLS_RIPEMD160_C) "MBEDTLS_RIPEMD160_C", #endif /* MBEDTLS_RIPEMD160_C */ diff --git a/programs/ssl/query_config.c b/programs/ssl/query_config.c index f2f7b46d6d..f272676502 100644 --- a/programs/ssl/query_config.c +++ b/programs/ssl/query_config.c @@ -1186,13 +1186,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PSA_CRYPTO_SPM */ -#if defined(MBEDTLS_PSA_HAS_ITS_IO) - if( strcmp( "MBEDTLS_PSA_HAS_ITS_IO", config ) == 0 ) +#if defined(MBEDTLS_PSA_INJECT_ENTROPY) + if( strcmp( "MBEDTLS_PSA_INJECT_ENTROPY", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_HAS_ITS_IO ); + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_INJECT_ENTROPY ); return( 0 ); } -#endif /* MBEDTLS_PSA_HAS_ITS_IO */ +#endif /* MBEDTLS_PSA_INJECT_ENTROPY */ #if defined(MBEDTLS_RSA_NO_CRT) if( strcmp( "MBEDTLS_RSA_NO_CRT", config ) == 0 ) @@ -1930,21 +1930,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_PSA_CRYPTO_STORAGE_C */ -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C) - if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C", config ) == 0 ) +#if defined(MBEDTLS_PSA_ITS_FILE_C) + if( strcmp( "MBEDTLS_PSA_ITS_FILE_C", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C ); + MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_ITS_FILE_C ); return( 0 ); } -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C */ - -#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C) - if( strcmp( "MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C", config ) == 0 ) - { - MACRO_EXPANSION_TO_STR( MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C ); - return( 0 ); - } -#endif /* MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C */ +#endif /* MBEDTLS_PSA_ITS_FILE_C */ #if defined(MBEDTLS_RIPEMD160_C) if( strcmp( "MBEDTLS_RIPEMD160_C", config ) == 0 ) diff --git a/scripts/config.pl b/scripts/config.pl index 84069d2316..6300362faf 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -41,10 +41,9 @@ # MBEDTLS_USE_PSA_CRYPTO # - experimental, and more an alternative implementation than a feature # MBEDTLS_PSA_CRYPTO_STORAGE_C -# MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C -# MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C +# MBEDTLS_PSA_ITS_FILE_C # MBEDTLS_PSA_CRYPTO_SPM -# MBEDTLS_PSA_HAS_ITS_IO +# MBEDTLS_PSA_INJECT_ENTROPY # and any symbol beginning _ALT # @@ -109,10 +108,9 @@ MBEDTLS_NO_UDBL_DIVISION MBEDTLS_NO_64BIT_MULTIPLICATION MBEDTLS_USE_PSA_CRYPTO MBEDTLS_PSA_CRYPTO_STORAGE_C -MBEDTLS_PSA_CRYPTO_STORAGE_FILE_C -MBEDTLS_PSA_CRYPTO_STORAGE_ITS_C +MBEDTLS_PSA_ITS_FILE_C MBEDTLS_PSA_CRYPTO_SPM -MBEDTLS_PSA_HAS_ITS_IO +MBEDTLS_PSA_INJECT_ENTROPY _ALT\s*$ ); From 9714510736fb178bb194ccf5f9c38dc2ad8de7db Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Mon, 18 Mar 2019 16:31:21 +0000 Subject: [PATCH 5/5] all.sh: Generate seedfile for crypto submodule tests When running tests from the crypto submodule, generate and use a seedfile within the crypto/tests directory. --- tests/scripts/all.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3f5d1d9f10..301dc52eea 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -406,6 +406,9 @@ pre_check_seedfile () { if [ ! -f "./tests/seedfile" ]; then dd if=/dev/urandom of=./tests/seedfile bs=32 count=1 fi + if [ ! -f "./crypto/tests/seedfile" ]; then + dd if=/dev/urandom of=./crypto/tests/seedfile bs=32 count=1 + fi } pre_setup_keep_going () {