When PSA uses CTR_DRBG for its random generator and CTR_DRBG uses PSA for
AES, as currently implemented, there is one volatile key in permanent use
for the CTR_DRBG instance. Account for that in tests that want to know
exactly how many volatile keys are in use, or how many volatile keys can be
created.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Make it possible, but not officially supported, to switch the CTR_DRBG
module to PSA mode even if MBEDTLS_AES_C is defined. This is not really
useful in practice, but is convenient to test the PSA mode without setting
up drivers.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove static declaration of look-up table from test_suite_pk
and generate it automatically with Python.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is to manage RSA and EC keys in the same way in order to
prepare for the following commits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
asymmetric_key_data.py already provides EC/RSA key pair values that
are suitable for generate_test_keys.py. So instead of re-generating
the keys using gen_key program, we use those keys.
This commit also:
- extends asymmetric_key_data.py to introduce
RSA bit sizes that are used in test_suite_pk but were missing from
asymmetric_key_data.py.
- updates test_keys.h with new keys.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- remove BEGIN_FILE/END_FILE lines from output header file.
- add single disclaimer at the beginning of the file instead
of having it repeated for every array.
- improved exception message for missing key generation program.
This commits also regenerates "test_keys.h" in order to fully
comply with the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.
tests/src/test_keys.h is automatically generated using the
above mentioned script.
test_suite_pk is updated in order to use the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
All current usages have this parameter set to 0 (this means the tests are unchanged).
Remove the GENERIC_ERROR return behaviour, in favour of returning the actual status.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
All current usages have this parameter set to 0 (meaning the behaviour
of these tests hasn't changed). We also now return the actual error code, not GENERIC_ERROR
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
All current usages have this parameter set to 0 (in this case the behaviour of
the test is unchanged)
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1), we test that
psa_cipher_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
If the key has been destroyed (and the new parameter is 1) then we test that
psa_mac_abort succeeds in this scenario.
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
This will allow us to use this smoke test to ensure that key slot content reads are
only performed when we are registered to read a full slot. We will destroy the key
on another thread while the key is being exercised, and fail the test if an unexpected
error code is hit. Future commits will incrementally implement this new parameter.
All current usages of this function have this parameter set to 0, in which case
the new behaviour must be the same as the old behaviour
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
