Instead of copying the entire library & include folders twice
to build libraries for client and server:
- change the main config file (mbedtls_config.h)
- build in the root library folder
- move the generated library in the psasim folder
- use those library for linking the client/server binaries
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The goal is to keep psasim as simple as possible:
- do not build a separate lib for psa-ff; build those source
files as part of server or client
- do not have lot of different makefiles: just 1 that does all
we need
- do not have several subfolders for headers: only 1 is enough
for this kind of project
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is necessary because otherwise the library is not able to
find the seedfile at runtime and it fails the initialization.
However since this test runs on a standard PC we can rely on
platform entropy as source of entropy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit implements the first useful IPC communication between
the client and the server. The implemented command is simple,
psa_crypto_init(), and its return value is sent back to the client.
Note: the newly added file psa_functions_codes.h is temporary
and it's probably the one that needs to be automatically
generated by a python script to support all crypto functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Ensure that both server and client can call mbedtls_version_get_string_full()
to verify that they are linked against proper libraries.
Note: each side (client/server) performs the call against its own
MbedTLS library. There is no IPC communication involved in this
test. Client/server communication will come later.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
It includes changes to:
- tests/Makefile: build the library for client and server in different
folders. It mimica the libtestdriver1 behavior (without functions
renaming though).
- tests/scripts/all.sh: helper function to build for client and
server with some default configuration for each of them.
- crypto_spe.h: this is dummy file taken from the already existing
tests. It's just meant to pacify the compiler, not to provide
something useful. It will likely be changed in the future.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- remove new line at beginning of test_keys.h
- add footer at the end of both generated files
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps removing the previous pylint exception.
Also use "with" statement for opening the file in order to
ensure that all the content is flushed to the file before
exiting.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Without this fix keys could be listed differently on Ubuntu 16
between different runs therefore causing
check_generated_files() to fail.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is a temporary fix that will be reverted once the framework
repository will have CI checks.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- rewrite output file (do not append)
- remove useless "os" import
- move pylint for main() function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This allows many tests to pass with the system openssl and gnutls-*. As
before, not all test cases will pass due to differences between versions and
build options.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some OpenSSL or GnuTLS interoperability test cases fail if the other
implementation is recent enough to support TLS 1.3. Force those test cases
to use TLS 1.2 so that the script works with more recent $OPENSSL or
$GNUTLS_CLI or $GNUTLS_SERV than our official CI versions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This should be CRYPTO_CLIENT and not CRYPTO_C as this function
can be used even when CRYPTO_C is not defined.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
A bug existed previously where this guarantee was not met,
causing some issues in multi-threaded code.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If psa_get_and_lock_key_slot fails, the slot must be wiped.
This fixes a bug where a pointer to some valid key slot can
be incorrectly returned
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
