mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-26 12:35:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #9237 from valeriosetti/issue8968

Browse Source 
PSA client-server: support in the unit test framework
This commit is contained in:
Tom Cosgrove 2024-07-02 16:57:20 +00:00 committed by GitHub
commit fb2da6fb35
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
20 changed files with 330 additions and 179 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
Makefile
View File

@ -31,7 +31,10 @@ programs: lib mbedtls_test
lib:
$(MAKE) -C library
tests: lib mbedtls_test
ifndef PSASIM
tests: lib
endif
tests: mbedtls_test
$(MAKE) -C tests
mbedtls_test:
@ -168,7 +171,10 @@ else
if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln
endif
check: lib tests
ifndef PSASIM
check: lib
endif
check: tests
$(MAKE) -C tests check
test: check

36
scripts/common.make
View File

@ -4,6 +4,8 @@ ifndef MBEDTLS_PATH
MBEDTLS_PATH := ..
endif
PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim
ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make))
# Use the define keyword to get a multi-line message.
# GNU make appends ". Stop.", so tweak the ending of our message accordingly.
@ -26,19 +28,38 @@ LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \
-I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \
-D_FILE_OFFSET_BITS=64
LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64
ifdef PSASIM
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(PSASIM_PATH)/client_libs \
-lpsaclient \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
else
LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \
-L$(MBEDTLS_PATH)/library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
endif
include $(MBEDTLS_PATH)/3rdparty/Makefile.inc
LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES)
ifndef SHARED
MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a
ifdef PSASIM
MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \
$(PSASIM_PATH)/client_libs/libmbedx509.a \
$(PSASIM_PATH)/client_libs/libmbedtls.a \
$(PSASIM_PATH)/client_libs/libpsaclient.a
else ifndef SHARED
MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \
$(MBEDTLS_PATH)/library/libmbedx509.a \
$(MBEDTLS_PATH)/library/libmbedtls.a
else
MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \
$(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \
$(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT)
endif
ifdef DEBUG
@ -126,10 +147,17 @@ else
endif
# Auxiliary modules used by tests and some sample programs
MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/*.c \
${MBEDTLS_TEST_PATH}/src/drivers/*.c \
))
# Ignore PSA stubs when building for the client side of PSASIM (i.e.
# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates.
ifdef PSASIM
MBEDTLS_CORE_TEST_OBJS := $(filter-out \
${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\
)
endif
# Additional auxiliary modules for TLS testing
MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \
${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \

1
tests/Makefile
View File

@ -177,6 +177,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS)
clean:
ifndef WINDOWS
$(MAKE) -C psa-client-server/psasim clean
rm -rf $(BINARIES) *.c *.datax
rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h
rm -f src/test_keys.h src/test_certs.h

11
tests/include/test/psa_crypto_helpers.h
View File

@ -11,7 +11,7 @@
#include "test/helpers.h"
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include "test/psa_helpers.h"
#include <psa/crypto.h>
#endif
@ -38,12 +38,15 @@
mbedtls_psa_crypto_free(); \
} \
while (0)
#else /*MBEDTLS_PSA_CRYPTO_C */
#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
#define PSA_DONE() mbedtls_psa_crypto_free();
#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
#define PSA_INIT() ((void) 0)
#define PSA_DONE() ((void) 0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
@ -313,7 +316,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
} \
while (0)
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** \def USE_PSA_INIT
*

53
tests/psa-client-server/psasim/Makefile
View File

@ -1,11 +1,11 @@
CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L
ifeq ($(DEBUG),1)
CFLAGS += -DDEBUG -O0 -g
override CFLAGS += -DDEBUG -O0 -g
endif
LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls
LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto
CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto
SERVER_LIBS := -Lserver_libs -lmbedcrypto
MBEDTLS_ROOT_PATH = ../../..
COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \
@ -16,13 +16,14 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \
include/psa_manifest/pid.h \
include/psa_manifest/sid.h
PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \
src/psa_sim_crypto_client.c \
src/psa_sim_serialise.c
LIBPSACLIENT_SRC = src/psa_ff_client.c \
src/psa_sim_crypto_client.c \
src/psa_sim_serialise.c
LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o)
PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c
PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c
PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \
PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \
$(wildcard src/aut_*.c)
PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c
@ -32,21 +33,28 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \
src/psa_sim_crypto_server.c \
src/psa_sim_serialise.c
.PHONY: all clean libpsaclient libpsaserver
.PHONY: all clean client_libs server_libs
all:
test/seedfile:
dd if=/dev/urandom of=./test/seedfile bs=64 count=1
test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
src/%.o: src/%.c $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@
test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@
client_libs/libpsaclient: $(LIBPSACLIENT_OBJS)
mkdir -p client_libs
$(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS)
test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@
test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@
test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES)
$(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@
$(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c
tools/psa_autogen.py src/manifest.json
@ -56,17 +64,18 @@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server
#
# Note: these rules assume that mbedtls_config.h is already configured by all.sh.
# If not using all.sh then the user must do it manually.
libpsaclient libpsaserver:
client_libs: client_libs/libpsaclient
client_libs server_libs:
$(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a
mkdir -p $@
cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/
$(MAKE) -C $(MBEDTLS_ROOT_PATH) clean
clean:
rm -f test/psa_client_base test/psa_client_full test/psa_partition
clean_server_intermediate_files:
rm -f $(PARTITION_SERVER_BOOTSTRAP)
rm -rf libpsaclient libpsaserver
rm -rf include/psa_manifest
rm -f test/psa_service_* test/psa_notify_*
rm -f test/*.log
clean: clean_server_intermediate_files
rm -f test/psa_client_base test/psa_client_full test/psa_server
rm -rf client_libs server_libs
rm -f test/psa_service_* test/psa_notify_* test/*.log
rm -f test/seedfile

37
tests/psa-client-server/psasim/src/aut_psa_hash.c
View File

@ -89,6 +89,43 @@ int psa_hash_main(void)
mbedtls_printf("Multi-part hash operation successful!\n");
}
/* A bit of white-box testing: ensure that we can abort an operation more
* times than there are operation slots on the simulator server.
*/
for (int i = 0; i < 200; i++) {
/* This should be a no-op */
status = psa_hash_abort(&hash_operation);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_abort failed\n");
goto cleanup;
}
}
/* Compute hash using multi-part operation using the same operation struct */
status = psa_hash_setup(&hash_operation, HASH_ALG);
if (status == PSA_ERROR_NOT_SUPPORTED) {
mbedtls_printf("unknown hash algorithm supplied\n");
goto cleanup;
} else if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_setup failed: %d\n", status);
goto cleanup;
}
status = psa_hash_update(&hash_operation, sample_message, sample_message_length);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_update failed\n");
goto cleanup;
}
/* Don't use psa_hash_finish() when going to check against an expected result */
status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len);
if (status != PSA_SUCCESS) {
mbedtls_printf("psa_hash_verify failed: %d\n", status);
goto cleanup;
} else {
mbedtls_printf("Second multi-part hash operation successful!\n");
}
/* Clear local variables prior to one-shot hash demo */
memset(hash, 0, sizeof(hash));
hash_length = 0;

16
tests/psa-client-server/psasim/test/kill_server.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
pkill psa_server || true
# Remove temporary files and logs
rm -f psa_notify_*
rm -f psa_service_*
rm -f psa_server.log
# Remove all IPCs
ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true

28
tests/psa-client-server/psasim/test/run_test.sh
View File

@ -1,13 +1,13 @@
#!/bin/bash
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
# This is a simple bash script that tests psa_client/psa_server interaction.
# This script is automatically executed when "make run" is launched by the
# "psasim" root folder. The script can also be launched manually once
# binary files are built (i.e. after "make test" is executed from the "psasim"
# root folder).
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
@ -16,26 +16,10 @@ cd "$(dirname "$0")"
CLIENT_BIN=$1
shift
function clean_run() {
rm -f psa_notify_*
pkill psa_partition || true
pkill psa_client || true
ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
}
ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true
# The server creates some local files when it starts up so we can wait for this
# event as signal that the server is ready so that we can start client(s).
function wait_for_server_startup() {
while [ ! -f ./psa_notify_* ]; do
sleep 0.1
done
}
clean_run
./psa_partition &
wait_for_server_startup
./start_server.sh
./$CLIENT_BIN "$@"
# Kill server once client exited
pkill psa_partition
pkill psa_server

19
tests/psa-client-server/psasim/test/start_server.sh Executable file
View File

@ -0,0 +1,19 @@
#!/bin/bash
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
set -e
# The server creates some local files when it starts up so we can wait for this
# event as signal that the server is ready so that we can start client(s).
function wait_for_server_startup() {
while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do
sleep 0.1
done
}
$(dirname "$0")/kill_server.sh
$(dirname "$0")/psa_server &
wait_for_server_startup

173
tests/scripts/all.sh
View File

@ -217,6 +217,8 @@ pre_initialize_variables () {
# defined in this script whose name starts with "component_".
ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
PSASIM_PATH='tests/psa-client-server/psasim/'
# Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override
# the commands set by the environment
}
@ -356,6 +358,24 @@ cleanup()
done
}
# This is a helper function to be used in psasim builds. It is meant to clean
# up the library's workspace after the server build and before the client
# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be
# already copied to psasim folder at this point.
helper_psasim_cleanup_before_client() {
# Clean up library files
make -C library clean
# Clean up intermediate files that were used to build the server
make -C $PSASIM_PATH clean_server_intermediate_files
# Restore files that were backup before building library files. This
# includes $CONFIG_H and $CRYPTO_CONFIG_H.
for x in $files_to_back_up; do
if [[ -e "$x$backup_suffix" ]]; then
cp -p "$x$backup_suffix" "$x"
fi
done
}
# Final cleanup when this script exits (except when exiting on a failure
# in non-keep-going mode).
final_cleanup () {
@ -948,11 +968,11 @@ helper_libtestdriver1_make_main() {
make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@"
}
# $1: target which can be "client" or "server"
helper_crypto_client_build() {
# Set some default values $CONFIG_H in order to build server or client sides
# in PSASIM. There is only 1 mandatory parameter:
# - $1: target which can be "client" or "server"
helper_psasim_config() {
TARGET=$1
shift
TARGET_LIB=libpsa$TARGET
if [ "$TARGET" == "client" ]; then
scripts/config.py full
@ -976,8 +996,23 @@ helper_crypto_client_build() {
# Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client)
scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
fi
}
make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
# Helper to build the libraries for client/server in PSASIM. If the server is
# being built, then it builds also the final executable.
# There is only 1 mandatory parameter:
# - $1: target which can be "client" or "server"
helper_psasim_build() {
TARGET=$1
shift
TARGET_LIB=${TARGET}_libs
make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@"
# Build also the server application after its libraries have been built.
if [ "$TARGET" == "server" ]; then
make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server
fi
}
################################################################
@ -1037,6 +1072,24 @@ helper_get_psa_key_type_list() {
echo "$loc_list"
}
# Helper function for controlling (start & stop) the psasim server.
helper_psasim_server() {
OPERATION=$1
if [ "$OPERATION" == "start" ]; then
(
cd tests
msg "start server"
psa-client-server/psasim/test/start_server.sh
)
else
(
cd tests
msg "terminate server and cleanup"
psa-client-server/psasim//test/kill_server.sh
)
fi
}
################################################################
#### Basic checks
################################################################
@ -1349,68 +1402,6 @@ component_build_psa_crypto_spm () {
check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a
}
# Get a list of library-wise undefined symbols and ensure that they only
# belong to psa_xxx() functions and not to mbedtls_yyy() ones.
# This function is a common helper used by both:
# - component_test_default_psa_crypto_client_without_crypto_provider
# - component_build_full_psa_crypto_client_without_crypto_provider.
common_check_mbedtls_missing_symbols() {
nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt
nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt
comm sym_def.txt sym_undef.txt -13 > linking_errors.txt
not grep mbedtls_ linking_errors.txt
rm sym_def.txt sym_undef.txt linking_errors.txt
}
component_test_default_psa_crypto_client_without_crypto_provider () {
msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT
scripts/config.py unset MBEDTLS_LMS_C
make
msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
common_check_mbedtls_missing_symbols
msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT"
make test
}
component_build_full_psa_crypto_client_without_crypto_provider () {
msg "build: full config - PSA_CRYPTO_C"
# Use full config which includes USE_PSA and CRYPTO_CLIENT.
scripts/config.py full
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
# Dynamic secure element support is a deprecated feature and it is not
# available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
# Since there is no crypto provider in this build it is not possible to
# build all the test executables and progrems due to missing PSA functions
# at link time. Therefore we will just build libraries and we'll check
# that symbols of interest are there.
make lib
msg "check missing symbols: full config - PSA_CRYPTO_C"
common_check_mbedtls_missing_symbols
# Ensure that desired functions are included into the build (extend the
# following list as required).
grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a
grep mbedtls_pk_import_into_psa library/libmbedcrypto.a
grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a
}
component_test_no_rsa_key_pair_generation() {
msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE"
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
@ -6029,20 +6020,16 @@ component_check_test_helpers () {
}
component_test_psasim() {
msg "build library for server"
msg "build server library and application"
scripts/config.py crypto
helper_crypto_client_build server
helper_psasim_config server
helper_psasim_build server
msg "build server"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition
# cleanup() will restore some backed-up files which include $CONFIG_H and
# $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this
# point.
cleanup
helper_psasim_cleanup_before_client
msg "build library for client"
helper_crypto_client_build client
helper_psasim_config client
helper_psasim_build client
msg "build basic psasim client"
make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base
@ -6057,6 +6044,38 @@ component_test_psasim() {
make -C tests/psa-client-server/psasim clean
}
component_test_suite_with_psasim()
{
msg "build server library and application"
helper_psasim_config server
# Modify server's library configuration here (if needed)
helper_psasim_build server
helper_psasim_cleanup_before_client
msg "build client library"
helper_psasim_config client
# PAKE functions are still unsupported from PSASIM
scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
helper_psasim_build client
msg "build test suites"
make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests
helper_psasim_server start
# psasim takes an extremely long execution time on some test suites so we
# exclude them from the list.
SKIP_TEST_SUITES="constant_time_hmac,lmots,lms"
export SKIP_TEST_SUITES
msg "run test suites"
make PSASIM=1 test
helper_psasim_server kill
}
################################################################
#### Termination
################################################################

4
tests/src/psa_exercise_key.c
View File

@ -11,7 +11,7 @@
#include <test/macros.h>
#include <test/psa_exercise_key.h>
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
#include <mbedtls/asn1.h>
#include <psa/crypto.h>
@ -1332,4 +1332,4 @@ exit:
}
#endif /* MBEDTLS_PK_C */
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */

16
tests/suites/test_suite_debug.function
View File

@ -59,7 +59,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
mbedtls_ssl_config conf;
struct buffer_data buffer;
MD_PSA_INIT();
MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@ -86,7 +86,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_PSA_DONE();
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@ -98,7 +98,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
mbedtls_ssl_config conf;
struct buffer_data buffer;
MD_PSA_INIT();
MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@ -122,7 +122,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_PSA_DONE();
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@ -134,7 +134,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
mbedtls_ssl_config conf;
struct buffer_data buffer;
MD_PSA_INIT();
MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@ -158,7 +158,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_PSA_DONE();
MD_OR_USE_PSA_DONE();
}
/* END_CASE */
@ -211,7 +211,7 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line,
struct buffer_data buffer;
mbedtls_mpi val;
MD_PSA_INIT();
MD_OR_USE_PSA_INIT();
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
@ -239,6 +239,6 @@ exit:
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
MD_PSA_DONE();
MD_OR_USE_PSA_DONE();
}
/* END_CASE */

13
tests/suites/test_suite_lmots.function
View File

@ -37,6 +37,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@ -48,6 +49,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -60,6 +62,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
mbedtls_lmots_public_init(&pub_ctx);
mbedtls_lmots_private_init(&priv_ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x, seed->len), 0);
@ -71,6 +74,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
exit:
mbedtls_lmots_public_free(&pub_ctx);
mbedtls_lmots_private_free(&priv_ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -83,6 +87,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
unsigned char *tmp_sig = NULL;
mbedtls_lmots_public_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@ -137,6 +142,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
exit:
mbedtls_free(tmp_sig);
mbedtls_lmots_public_free(&ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -149,6 +155,8 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
size_t exported_pub_key_size;
mbedtls_lmots_public_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@ -192,6 +200,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
exit:
mbedtls_lmots_public_free(&ctx);
mbedtls_free(exported_pub_key);
USE_PSA_DONE();
}
/* END_CASE */
@ -202,6 +211,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
mbedtls_lmots_private_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@ -217,6 +227,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
exit:
mbedtls_lmots_private_free(&ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -233,6 +244,7 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
memset(sig, 0x7E, sizeof(sig));
mbedtls_lmots_private_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
key_id->x, leaf_id, seed->x,
seed->len), 0);
@ -242,5 +254,6 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
exit:
mbedtls_lmots_private_free(&ctx);
mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
USE_PSA_DONE();
}
/* END_CASE */

8
tests/suites/test_suite_lms.function
View File

@ -17,6 +17,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed)
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@ -38,6 +39,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed)
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -50,6 +52,7 @@ void lms_sign_verify_null_msg_test(data_t *seed)
mbedtls_lms_public_init(&pub_ctx);
mbedtls_lms_private_init(&priv_ctx);
USE_PSA_INIT();
/* Allocation failure isn't a test failure, since it likely just means
* there's not enough memory to run the test.
@ -71,6 +74,7 @@ void lms_sign_verify_null_msg_test(data_t *seed)
exit:
mbedtls_lms_public_free(&pub_ctx);
mbedtls_lms_private_free(&priv_ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -83,6 +87,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
unsigned char *tmp_sig = NULL;
mbedtls_lms_public_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
@ -139,6 +144,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
exit:
mbedtls_free(tmp_sig);
mbedtls_lms_public_free(&ctx);
USE_PSA_DONE();
}
/* END_CASE */
@ -151,6 +157,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
unsigned char *exported_pub_key = NULL;
mbedtls_lms_public_init(&ctx);
USE_PSA_INIT();
TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
expected_import_rc);
@ -194,5 +201,6 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
exit:
mbedtls_free(exported_pub_key);
mbedtls_lms_public_free(&ctx);
USE_PSA_DONE();
}
/* END_CASE */

24
tests/suites/test_suite_pk.data
View File

@ -95,11 +95,11 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
@ -147,15 +147,15 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
@ -195,11 +195,11 @@ depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
@ -235,11 +235,11 @@ depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
@ -283,11 +283,11 @@ depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
@ -295,7 +295,7 @@ depends_on:MBEDTLS_RSA_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
depends_on:MBEDTLS_RSA_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)

46
tests/suites/test_suite_pk.function
View File

@ -45,7 +45,7 @@
#define MBEDTLS_TEST_PK_PSA_SIGN
#endif
#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
/* Pick an elliptic curve that's supported by PSA. Note that the curve is
* not guaranteed to be supported by the ECP module.
*
@ -153,7 +153,7 @@
#define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
#endif
#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
/* Always define the macros so that we can use them in test data. */
#if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY)
@ -220,7 +220,7 @@ exit:
return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
psa_key_type_t type, psa_key_usage_t usage,
psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
@ -239,7 +239,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
return status;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/** Setup the provided PK context.
*
@ -305,7 +305,7 @@ exit:
return ret;
}
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/** Create a PSA key of the desired type and properties.
*
* - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
@ -465,7 +465,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1,
exit:
return ok;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_RSA_C)
int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@ -499,7 +499,7 @@ typedef enum {
FROM_PAIR = 1
} from_pair_t;
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
mbedtls_pk_context *pk, psa_key_type_t *psa_type)
{
@ -567,9 +567,9 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
exit:
return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
/* Create a new PSA key which will contain only the public part of the private
* key which is provided in input. For this new key:
* - Type is the public counterpart of the private key.
@ -636,7 +636,7 @@ exit:
psa_reset_key_attributes(&new_attr);
return new_key_id;
}
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@ -1753,7 +1753,7 @@ void pk_rsa_alt()
TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
#if defined(MBEDTLS_PSA_CRYPTO_C)
#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
PSA_KEY_USAGE_ENCRYPT,
@ -1762,7 +1762,7 @@ void pk_rsa_alt()
mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id),
MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
#endif /* MBEDTLS_PSA_CRYPTO_C */
#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
/* Test signature */
#if SIZE_MAX > UINT_MAX
@ -2107,7 +2107,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes(int pk_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@ -2155,7 +2155,11 @@ void pk_get_psa_attributes(int pk_type, int from_pair,
mbedtls_pk_get_bitlen(&pk));
TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
#if defined(MBEDTLS_PSA_CRYPTO_C)
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
#else /* MBEDTLS_PSA_CRYPTO_C */
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42);
#endif /* MBEDTLS_PSA_CRYPTO_C */
TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0);
if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) {
@ -2170,7 +2174,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
int usage_arg,
int to_pair, int expected_alg)
@ -2218,7 +2222,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_get_psa_attributes_fail(int pk_type, int from_pair,
int usage_arg,
int expected_ret)
@ -2244,7 +2248,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
void pk_import_into_psa_lifetime(int from_opaque,
int from_persistent, /* when from opaque */
int from_exportable, /* when from opaque */
@ -2395,7 +2399,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_import_into_psa_fail(int pk_type, int from_pair,
int type_arg, int bits_arg,
int expected_ret)
@ -2490,7 +2494,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_from_psa_fail(void)
{
mbedtls_pk_context pk_ctx;
@ -2535,7 +2539,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
void pk_copy_from_psa_builtin_fail()
{
mbedtls_pk_context pk_ctx;
@ -2558,7 +2562,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
int key_alg_arg)
{
@ -2645,7 +2649,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg)
{
psa_key_type_t key_type = key_type_arg;

4
tests/suites/test_suite_psa_crypto_attributes.function
View File

@ -20,6 +20,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg,
psa_key_type_t type = type_arg;
size_t bits = bits_arg;
USE_PSA_INIT();
TEST_EQUAL(
MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
TEST_EQUAL(
@ -56,6 +58,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg,
TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
TEST_EQUAL(psa_get_key_type(&attributes), 0);
TEST_EQUAL(psa_get_key_bits(&attributes), 0);
USE_PSA_DONE();
}
/* END_CASE */

4
tests/suites/test_suite_psa_crypto_hash.function
View File

@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C
* depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
* END_DEPENDENCIES
*/
@ -35,7 +35,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */
void hmac(int alg_arg, char *input, data_t *expected_mac)
{
psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);

4
tests/suites/test_suite_ssl.data
View File

@ -561,11 +561,11 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg

2
tests/suites/test_suite_ssl.function
View File

@ -3297,7 +3297,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };