In public headers, we want to avoid things that are not standard C++,
including features that GCC and Clang support as extensions, such as
flexible array members. So compile with `-pedantic`.
Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9020.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Implement `psa_generate_key_custom()` and
`psa_key_derivation_output_key_custom()`. These functions replace
`psa_generate_key_ext()` and `psa_key_derivation_output_key_ext()`.
They have the same functionality, but a slightly different interface:
the `ext` functions use a structure with a flexible array member to pass
variable-length data, while the `custom` functions use a separate parameter.
Keep the `ext` functions for backward compatibility with Mbed TLS 3.6.0.
But make them a thin wrapper around the new `custom` functions.
Duplicate the test code and data. The test cases have to be duplicated
anyway, and the test functions are individually more readable this way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Generate option-on and option-off cases for test_suite_config, for all
boolean options (MBEDTLS_xxx and PSA_WANT_xxx, collected from the mbedtls
and PSA config files).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Fix PSA_CRYPTO_CONFIG_H being treated as a configuration setting in
include/psa/crypto_config.h.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When running a git hook, git sets certain environment variables (such
as GIT_INDEX_FILE) which force git to look at the main repository,
overriding other options. This trips up code_style.py whenever it
tries to run a git command on the framework submodule.
Fix this by explicitly clearing git-related environment-variables
before running git commands on the framework. This is recommended
by git's documentation[1]:
> Environment variables, such as GIT_DIR, GIT_WORK_TREE, etc., are
> exported so that Git commands run by the hook can correctly locate
> the repository. If your hook needs to invoke Git commands in a
> foreign repository or in a different working tree of the same
> repository, then it should clear these environment variables so
> they do not interfere with Git operations at the foreign location.
[1] https://git-scm.com/docs/githooks
Signed-off-by: David Horstmann <david.horstmann@arm.com>
To deal with situations where we are comparing revisions before and
after the move of generate_psa_tests.py to the framework, look for
it in both the old and new locations.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This name is more descriptive of its purpose, since it actually adds
framework/scripts to the path rather than just framework/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This allows scripts in the scripts/ directory to get the path to the
mbedtls_framework module in framework/scripts/
Signed-off-by: David Horstmann <david.horstmann@arm.com>
- Embed input arguments inside the script so as to simplify the
calls in Makefiles/CMakeLists.
- add a new "--list-dependencies" command line option to print
out the list of dependencies.
- Modify tests/Makefile accordinlgy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
asymmetric_key_data.py already provides EC/RSA key pair values that
are suitable for generate_test_keys.py. So instead of re-generating
the keys using gen_key program, we use those keys.
This commit also:
- extends asymmetric_key_data.py to introduce
RSA bit sizes that are used in test_suite_pk but were missing from
asymmetric_key_data.py.
- updates test_keys.h with new keys.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The #ifdef guard in the get_builtin_key() should be
PSA_CRYPTO_ACCELERATOR_DRIVER_PRESENT to allow for
multiple drivers to be plugged into the wrapper.
Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
lcov had a bug whereby it tries to create the output file relative to /
if it has emitted a warning. We do CI runs on Ubuntu 16.04 which is too
old to have the fix. As a quick fix for the CI, work around the bug.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
"Key generation method" was misleading since it also applies to key
derivation. Change "key generation" to "key production", which we aren't
using yet and has roughly the right intuition. Change "method" to
"parameters" which there seems to be a slight preference for. Discussion
thread: https://github.com/Mbed-TLS/mbedtls/pull/8815#discussion_r1486524295
Identifiers renamed:
psa_key_generation_method_t → psa_key_production_parameters_t
psa_key_generation_method_s → psa_key_production_parameters_s
PSA_KEY_GENERATION_METHOD_INIT → PSA_KEY_PRODUCTION_PARAMETERS_INIT
method → params
method_data_length → params_data_length
default_method → default_production_parameters
psa_key_generation_method_is_default → psa_key_production_parameters_are_default
setup_key_generation_method → setup_key_production_parameters
key_generation_method_init → key_production_parameters_init
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
