In preparation for adding tf-psa-crypto/test/scripts/all.sh which will
run from tf-psa-crypto.
Use paths relative to the currently sourced file when including common
files (ie, those that will soon be moved to the framework). Otherwise,
use paths relative to the current directory, aka project's root.
Document that test/script/all.sh must be invoked from the project's root
(that was already the case, but implicit so far).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Skip 6144-bit and 8192-bit FFDH tests in MSan or Valgrind test
configurations. These test cases are slow and sometimes trigger GnuTLS's
built-in timeout (which cannot be configured until more recent versions).
Resolves#9742.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
generate_test_code.py doesn't support UTF-8 in .function files (but does
in .data files) when run in a non-UTF-8 locale with Python <=3.6.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Run the function on a few different curves with shorter, just-right and
larger buffer sizes. Perform some basic sanity checks on the output (which
is random).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Since PSA is always on in 4.x, *_PSA_INIT() and *_PSA_DONE() can be
simply aliased to PSA_INIT() and PSA_DONE() until such a time as we
remove them.
Simplify the login of these PSA_INIT/DONE variants by aliasing them in
4.x and keeping the more complex 3.6 logic entirely separate.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
- psa_crypto_helpers.h
mbedtls-3.6 branch misses some crypto client changes that has
been done in the development branch since the LTS release. Therefore
CRYPTO_C guard here is more accurate than CRYPTO_CLIENT.
- entropy.h
In the development branch MBEDTLS_ENTROPY_BLOCK_SIZE is defined
when PSA_WANT_ALG_SHA_[256/512] is defined while in the mbedtls-3.6
branch is guarded by MBEDTLS_MD_CAN_SHA[256/512] which is slightly
different. Since MBEDTLS_ENTROPY_BLOCK_SIZE is used in some tests's
data files, we need to have it defined also if the related test
is skipped. Therefore we add the PSA_WANT_ALG_SHA conditions together
with the MBEDTLS_MD_CAN_SHA ones to mimic the development behavior.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is only used in tests so it should
not be defined in a public header such as "crypto_extra.h".
"psa_crypto_helpers.h" is a better option.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE() is not defined when there
is no MBEDTLS_PSA_CRYPTO_CLIENT so we need this guard to
define MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096].
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of skipping some tests when !MBEDTLS_PSA_STATIC_KEY_SLOTS,
add a proper check in the depends_on to verify if
MBEDTLS_PSA_KEY_BUFFER_MAX_SIZE is actually large enough to contain
the key used in such test.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- MBEDTLS_TEST_STATIC_KEY_SLOTS_SUPPORT_RSA_[2048/4096] are always
defined because they are only used in test_suite_psa_crypto
tests.
- MBEDTLS_TEST_ALLOW_RSA_4096 was renamed as
MBEDTLS_TEST_PK_ALLOW_RSA_KEY_PAIR_4096 because this is only used in
PK related test suites.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
