- smoke test client.c becomes a trivial call to psa_crypto_init()
- server.c now uses psa_sim_crypto_server.c's psa_crypto_call()
- Makefile is updated to build all the modules, and allow a different MAIN
- all.sh's test_psasim now tests the simulation of psa_hash_compute() too
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
A Perl script that creates them is also included as reference. This is not the
final script (that will be in Python) but a proof-of-concept to show that
creaation client and server wrappers can be scripted.
It is not hooked into the build: it must be run manually. It is not part of the
deliverables for this PR.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Some projects using Mbed TLS have migrated their configuration
file (config.h -> mbedtls_config.h, or MBEDTLS_CONFIG_FILE) from Mbed TLS
2.x, and kept including check_config.h. This is unnecessary since Mbed TLS
3.0, and increasingly in 3.x it may report spurious errors because the
configuration adjustments have not been done yet. This has led some
projects to include configuration adjustment headers manually, but only
partially or in the wrong order, which can result in silent inconsistencies.
Error out if this happens, with a message mentioning check_config.h since
that's the likely root cause.
```
perl -i -pe '$name = $ARGV; $name =~ s!include/!!; $name =~ s!_adjust_.*!_adjust_*.h!; $_ .= "\n#if !defined(MBEDTLS_CONFIG_FILES_READ)\n#error \"Do not include $name manually! This can lead to problems, \" \\\n \"up to and including runtime errors such as buffer overflows. \" \\\n \"If you're trying to fix a complaint from check_config.h, just remove it \" \\\n \"from your configuration file: since Mbed TLS 3.0, it is included \" \\\n \"automatically at the right time.\"\n#endif /* !MBEDTLS_CONFIG_FILES_READ */\n" if /^#define .*_H$/' include/*/*adjust*.h
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Including *adjust*.h directly is likely to cause them to be applied at the
wrong time, resulting in an invalid or unintended configuration.
Including check_config.h at the wrong time is likely to cause spurious
errors.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
psa_crypto_mac.c uses mbedtls_cipher_xxx() functions to perform
CMAC operations. Therefore we need to enable CIPHER_C when
PSA CMAC is builtin.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Alert if all tests are filtered out or skipped: that probably indicates a
test script that set up an unintended configuration or an overly strict
filter. You can pass `--min 0` to bypass this check. You can pass `--min`
with a larger value to require that many test cases to run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The Mbed TLS implementations of ALG_TLS12_PRF,
ALG_TLS12_PSK_TO_MS, ALG_HKDF, ALG_HKDF_EXTRACT,
ALG_HKDF_EXPAND and ALG_PBKDF2 rely on HMAC
operations through the driver interface. Thus
if one of these algorithms is enabled and not
accelerated, we need ALG_HMAC to be enabled
(PSA_WANT_ALG_HMAC and PSA_WANT_KEY_TYPE_HMAC
defined). As HMAC operations occur through
the driver interface, HMAC operations can be
accelerated even if the caller algorithm
is not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
While at this, fix also Makefile so that "make clean" does not
complain if some of the files to be cancelled do not exist.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Enable MBEDTLS_PSA_CRYPTO_C and MBEDTLS_USE_PSA_CRYPTO
is reference configurations as we are working towards
removing (always on) them.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Change the way we decide if for a given
configuration we need to run tests with
and without MBEDTLS_USE_PSA_CRYPTO enabled.
That makes the script suitable for 3.6 and
development branch.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
