Since CRYPTO_CLIENT can only be tested when CRYPTO_C is enabled,
this means that CRYPTO_C is used on tests.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
pk: mbedtls_pk_can_do_ext() should be guarded by CRYPTO_CLIENT instead
of CRYPTO_C.
test: since the functions using opaque keys are now guarded by CRYPTO_C
and since CRYPTO_CLIENT is automatically enabled as soon as
CRYPTO_C is, then CRYPTO_CLIENT guards can be removed.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
psa_crypto_helpers: to include "psa_helpers.h" as soon as CRYPTO_CLIENT
is enabled.
test_suite_psa_crypto_low_hash: add MBEDTLS_PSA_CRYPTO_C as dependency
for test functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This dependency is required when pk_can_do_ext() use opaque keys
since these are generated through PSA.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Albeit this function is very likely to be deprecated soon (#8848)
it is still used in test suites to generate opaque keys so its
guard must be aligned as well in order to have a better test
coverage of opaque keys.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When MBEDTLS_PSA_CRYPTO_CLIENT is enabled but MBEDTLS_PSA_CRYPTO_C is
disabled, the PSA functions are missing, but there is code in the pk module
that call PSA functions.
When building such a configuration, let the test code provide stub functions
that just return an error. This way, we can link and run programs in this
configuration. The programs will fail at runtime if they try to invoke a PSA
function, so any testing that involves running PSA functions must still be
guarded by MBEDTLS_PSA_CRYPTO_C, not MBEDTLS_PSA_CRYPTO_CLIENT.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
PK should only dispatch non-opaque operations to PSA when
MBEDTLS_USE_PSA_CRYPTO is enabled. When MBEDTLS_USE_PSA_CRYPTO is disabled
but MBEDTLS_PSA_CRYPTO_CLIENT is enabled, MBEDTLS_PK_OPAQUE should be
available but non-opaque operations should still dispatch to the built-in
legacy code. This commit fixes PK dispatch when CLIENT && !USE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit also solves related issues in order to have test
components related to CRYPTO_CLIENT passing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In both cases we check that both libmbedcrypto is build without
missing any mbedtls_xxx() function. Only psa_yyy() are allowed
to be missing due to the lack of PSA provider in the builds.
Note: the component testing the default configuration now is
"downgraded" to only building the library because in the upcoming
commits this would become untestable as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This also fixes guards in psa_util that were discovered by the
new component_build_full_psa_crypto_client_without_crypto_provider().
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PK_WRITE_C requires MBEDTLS_ASN1_WRITE_C, but there is no
corresponding check in check_config.h. In addition, corresponding
documentation for `Requires` is updated in mbedtls_config.h.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
- check_config.h: combine separate check for MBEDTLS_PK_PARSE_C
- mbedtls_config.h: update documentation for `Requires`
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In pk.h, MBEDTLS_PK_HAVE_ECC_KEYS is enabled if ECP_C is defined or
USE_PSA_CRYPTO && PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY are defined.
But this logic is duplicate with its definition in
config_adjust_legacy_crypto.h.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In valid_parameters_pkwrite, we first parse a public key then test
with mbedtls_pk_write_xxx functions. So valid_parameters_pkwrite
should depend on both MBEDTLS_PK_WRITE_C and MBEDTLS_PK_PARSE_C.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
When PK_HAVE_ECC_KEYS is set with PK_[PARSE/WRITE]_C, it needs OID_C
to be enabled. This commit adds proper checks in check_config.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Calling mbedtls_test_fail() attempts to lock the test data mutex.
Unfortunately we were calling this from places where we already held
this mutex, and this mutex is not recursive, so this deadlocks. Split
out mbedtls_test_fail() into mbedtls_test_fail_internal() in order to
address this.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Do for public keys what
"Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes"
did for key pairs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
