This commit moves the tf-psa-crypto configuration options
for this test to `crypto-config-ccm-aes-sha256.h`.
A blank MbedTLS configuration file is now used for the library
side.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Moving forward the MBEDTLS_PSA_CRYPTO_CONFIG_FILE now resides in the
ts-psa/crypto configuration. This patch removes it from the library
configuration files, and updates the tests to explicitely use it.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Remove the configuration option MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED and all
code guarded by it. This remove support for the RSA-PSK key exchange in TLS
1.2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that it's always on, this is no longer necessary.
Also this is a step towards no longer being able to set it, because it soon
won't be a selectable configuration option anymore.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove all.sh components that explicitly disable MBEDTLS_USE_PSA_CRYPTO, and
for which there is another component with MBEDTLS_USE_PSA_CRYPTO enabled
that does the same or more testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_DERIVE disabled, test TLS 1.3 and
USE_PSA TLS 1.2.
With PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE disabled, just test crypto,
because the TLS code needs that to generate ephemeral ECDH keys but this is
not tracked properly (the ephemeral ECDH code is only gated on having ECDH).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This value should be:
- OK for all EC/FFDH key pairs/public keys;
- OK for all supported public RSA keys;
- OK for RSA key pairs up to 2048 bits;
- FAIL for RSA key pairs above 2048 bits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Intentionally set MBEDTLS_PSA_STATIC_KEY_SLOT_BUFFER_SIZE slightly
smaller than the maximum RSA key pair size for an RSA key of 4096
bits. Also add a test in test_suite_psa_crypto to verify this
condition.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Disable all MBEDTLS_xxx symbols (keeping only the relevant ones enabled)
when building the main library.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit also fixes related errors in test suites. In all
cases those failures are related to the use of raw keys whose
size cannot be determined a-priori.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Use config_adjust_test_accelerators.h
to adjust the configuration needed for
test_psa_crypto_drivers all.sh component
with PSA_CRYPTO_CONFIG enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In the components migrated from test-ref-configs.pl, we don't need to
activate PSA: it's always on. Also, since there is no "_legacy" component to
contrast with, drop "_psa" from the component names.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Remove the components migrated from test-ref-configs.pl that use legacy
crypto (no enabling of MBEDTLS_USE_PSA_CRYPTO). In the 4.0 preparation
branch, we are no longer interested in such configurations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Rename the existing component_test_tfm_config which tests a modified version
of config-tfm.h for the sake of driver-vs-reference comparison.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In preparation of MBEDTLS_PSA_CRYPTO_CONFIG
being always on, enable MBEDTLS_PSA_CRYPTO_CONFIG
in build_aes_variations.
While enabling MBEDTLS_PSA_CRYPTO_CONFIG, disable
some PSA_WANT_ so that the configuration
remain the same for the modified component.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We were only testing the static key store (MBEDTLS_PSA_KEY_STORE_DYNAMIC
disabled) with configs/*.h. Add a component with the static key store and
everything else (including built-in keys), and a component with the static
key store and CTR_DBRG using PSA for AES (which means PSA uses a volatile
key internally).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
