Everything not TLS-related and not ALT-interface-related has been moved
out of tests/src and tests/include and into the framework, except for
the PSA test wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Incorrect usage of psa_key_id_t breaks ability to regenerate psa_sim
headers properly, should have been mbedtls_svc_key_id_t in the first
place, so replace with that.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be
simply aliased to PSA_INIT() and PSA_DONE() until such a time as we
remove them.
Simplify the login of these PSA_INIT/DONE variants by aliasing them in
4.x and keeping the more complex 3.6 logic entirely separate.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should
not be defined in a public header such as "crypto_extra.h".
"psa_crypto_helpers.h" is a better option.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there
is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to
define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096].
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always
defined because they are only used in test_suite_psa_crypto
tests.
- MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as
MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in
PK related test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In 4.x the semantics of MBEDTLS_PSA_CRYPTO_C and
MBEDTLS_PSA_CRYPTO_CLIENT are different compared with 3.6.
Where this is a problem, make guards more version-specific so that we
are guarding with MBEDTLS_PSA_CRYPTO_C for 3.6 and
MBEDTLS_PSA_CRYPTO_CLIENT for 4.x, keeping each branch the same as it
was formerly.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Allow tests/src and include/src to be Mbed TLS version-agnostic by:
* Sometimes accepting both an MBEDTLS_ and a PSA_ config option
* Sometimes using the version number to gate alternatives
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Without this, it's not at all obvious that turning on MBEDTLS_TEST_HOOKS
doesn't change the functional behavior of the code.
Signed-off-by: Janos Follath <janos.follath@arm.com>
When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for
AES, as currently implemented, there is one volatile key in permanent use
for the CTR_DRBG instance. Account for that in tests that want to know
exactly how many volatile keys are in use, or how many volatile keys can be
created.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible, but not officially supported, to switch the CTR_DRBG
module to PSA mode even if MBEDTLS_AES_C is defined. This is not really
useful in practice, but is convenient to test the PSA mode without setting
up drivers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
