Most of them (2 exceptions, see below) are of the "driver + built-in"
type, so they're all a subset of test_psa_crypto_driver which tests
everything with driver + built-in at once.
Furthermore, all those components were build-only, while
test_psa_crypto_driver runs the test suites.
Special cases: two of the components looked like they were trying to go for
driver-only (ecdh disabling ECDH_C and hkdf disabling HKDF_C).
For ECDH, built-in would actually be re-enabled because not enough was
accelerated: you also need ECC key types and curves - see
component_test_psa_crypto_config_accel_ecdh which does this correctly.
For HKDF, we don't have test driver support for key derivation yet. I
guess that shows how little testing value these build-only components
really had.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
As the comment says, this component's only goal was to make sure the
legacy+driver test cases in test_suite_md.psa were executed.
But actually these are already executed in
component_test_psa_crypto_drivers which tests with everything having
both a driver and the built-in, as can be seen in the outcomes file.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Was missing several key types and algs. Also, list those that are not
implemented, but comment them out, to make it clearer what's not
implemented yet.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We use logical '&&' everywhere, let's be consistent.
(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
check_pair() is not supported by opaque RSA keys, but we want
to be sure that calling this functions fails nicely instead
for crashing.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
