We actually only need two invocations.
This also moves all the default tests to OPENSSL_NEXT, which is good
because OPENSSL is ancient.
I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server,
because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is
what we are using) should do it, and indeed
$OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n'
lists NULL ciphersuites, and also they work client-side with
OPENSSL_NEXT...
[1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Also, while at it, remove partial invocation (only non-default) from one
component, as we already have a full invocation in the same config (plus
ASan) in another component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Remove static declaration of look-up table from test_suite_pk
and generate it automatically with Python.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is to manage RSA and EC keys in the same way in order to
prepare for the following commits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Most of them (2 exceptions, see below) are of the "driver + built-in"
type, so they're all a subset of test_psa_crypto_driver which tests
everything with driver + built-in at once.
Furthermore, all those components were build-only, while
test_psa_crypto_driver runs the test suites.
Special cases: two of the components looked like they were trying to go for
driver-only (ecdh disabling ECDH_C and hkdf disabling HKDF_C).
For ECDH, built-in would actually be re-enabled because not enough was
accelerated: you also need ECC key types and curves - see
component_test_psa_crypto_config_accel_ecdh which does this correctly.
For HKDF, we don't have test driver support for key derivation yet. I
guess that shows how little testing value these build-only components
really had.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
As the comment says, this component's only goal was to make sure the
legacy+driver test cases in test_suite_md.psa were executed.
But actually these are already executed in
component_test_psa_crypto_drivers which tests with everything having
both a driver and the built-in, as can be seen in the outcomes file.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
asymmetric_key_data.py already provides EC/RSA key pair values that
are suitable for generate_test_keys.py. So instead of re-generating
the keys using gen_key program, we use those keys.
This commit also:
- extends asymmetric_key_data.py to introduce
RSA bit sizes that are used in test_suite_pk but were missing from
asymmetric_key_data.py.
- updates test_keys.h with new keys.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- remove BEGIN_FILE/END_FILE lines from output header file.
- add single disclaimer at the beginning of the file instead
of having it repeated for every array.
- improved exception message for missing key generation program.
This commits also regenerates "test_keys.h" in order to fully
comply with the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.
tests/src/test_keys.h is automatically generated using the
above mentioned script.
test_suite_pk is updated in order to use the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.
- Both of them check that the missing symbols at link time (if any)
belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
then runs test suites.
- The latter only perform the builds using the full config and then
it checks that PK-PSA bridge functions are present.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.
This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
