Do not assume that tests with !PSA_WANT_ALG_TLS12_PRF will not
be executed in AnalyzeCoverage task.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should
not be defined in a public header such as "crypto_extra.h".
"psa_crypto_helpers.h" is a better option.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there
is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to
define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096].
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always
defined because they are only used in test_suite_psa_crypto
tests.
- MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as
MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in
PK related test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly
smaller than the maximum RSA key pair size for an RSA key of 4096
bits. Also add a test in test_suite_psa_crypto to verify this
condition.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled)
when building the main library.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit also fixes related errors in test suites. In all
cases those failures are related to the use of raw keys whose
size cannot be determined a-priori.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
With the `depend.py` using the crypto config the `PBKDF2_HMAC` can be
enabled so thest cases can be run.
The equivalence (synonym) between `PSA_WANT_ALG_RSA_PSS_ANY_SALT` and
`PSA_WANT_ALG_RSA_PSS` is now done properly, the test can be run.
Dependencies for `MBEDTLS_CIPHER_PADDING_PKCS7' has been updated and
now it can be actually disabled.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
The PSA and MbedTLS options can switch the same functionality separately
so add a check to ensure the cpnsistency.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
We cannot add the equivalent of
cmake_package_install yet as the build in
tf-psa-crypto still references some headers
in ./include/mbedtls like mbedtls_config.h.
We cannot add the equivalent of
cmake_subproject yet as currently only
the case of the Mbed TLS parent project is
supported.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Let the projects using some CMakeLists.txt files
without the top CMakeLists.txt define the variables
that the top CMakeLists.txt set for all.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Without quotes, when the variable is empty, the shell will see three
tokens: [, -n, ]. After skipping ] as usual, it will see a single token,
so it will consider it not as command, but a string to be tested for "is
it empty", and since "-n" is not empty, the command will return true.
With quotes it see 4 tokens: [, -n, <empty string>, ] and interprets -n
as desired.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Replace obvious additions of an `MBEDTLS_ERR_xxx` constant by a call to
`MBEDTLS_ERROR_ADD`.
Skip `case` statements since `MBEDTLS_ERROR_ADD(pp_constant)` is not a
preprocessor constant.
This commit does not replace additions split over lines. Those will be
handled in a subsequent commit.
```
git ls-files '*.h' '*.c' '*.function' '*.data' |
xargs perl -i -pe '
next if /\bcase\b/;
s/\b(MBEDTLS_ERR_\w+)\s*\+\s*(\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g;
s/\b(\w+)\s*\+\s*(MBEDTLS_ERR_\w+)\b/MBEDTLS_ERROR_ADD($1, $2)/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This aligns development and 3.6 in preparation for moving to the
framework repo.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Use config_adjust_test_accelerators.h
to adjust the configuration needed for
test_psa_crypto_drivers all.sh component
with PSA_CRYPTO_CONFIG enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
As we move to PSA_CRYPTO_CONFIG always on,
the way to configure the build with both
the builtin drivers and the transparent test
drivers (that are wrappers around the
builtin drivers) cannot be done through the
MBEDTLS_USER_CONFIG_FILE mechanism anymore.
With this mechanism and PSA_CRYPTO_CONFIG
enabled, the PSA_ACCEL_ macros are defined
before including config_adjust_legacy_from_psa.h
and the builtin implementations are removed.
Thus, we will rather define the PSA_ACCEL_
just after the inclusion of
config_adjust_legacy_from_psa.h through the
dedicated config_adjust_test_accelerators.h
header introduced by this commit.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
