diff --git a/Makefile b/Makefile index 67ad0b7b10..74e328af49 100644 --- a/Makefile +++ b/Makefile @@ -31,7 +31,10 @@ programs: lib mbedtls_test lib: $(MAKE) -C library -tests: lib mbedtls_test +ifndef PSASIM +tests: lib +endif +tests: mbedtls_test $(MAKE) -C tests mbedtls_test: @@ -168,7 +171,10 @@ else if exist visualc\VS2017\mbedTLS.sln del /Q /F visualc\VS2017\mbedTLS.sln endif -check: lib tests +ifndef PSASIM +check: lib +endif +check: tests $(MAKE) -C tests check test: check diff --git a/scripts/common.make b/scripts/common.make index ead1334ca3..077ac6f310 100644 --- a/scripts/common.make +++ b/scripts/common.make @@ -4,6 +4,8 @@ ifndef MBEDTLS_PATH MBEDTLS_PATH := .. endif +PSASIM_PATH=$(MBEDTLS_PATH)/tests/psa-client-server/psasim + ifeq (,$(wildcard $(MBEDTLS_PATH)/framework/exported.make)) # Use the define keyword to get a multi-line message. # GNU make appends ". Stop.", so tweak the ending of our message accordingly. @@ -26,19 +28,38 @@ LOCAL_CFLAGS = $(WARNING_CFLAGS) -I$(MBEDTLS_TEST_PATH)/include \ -I$(MBEDTLS_PATH)/tf-psa-crypto/drivers/builtin/include \ -D_FILE_OFFSET_BITS=64 LOCAL_CXXFLAGS = $(WARNING_CXXFLAGS) -I$(MBEDTLS_PATH)/include -I$(MBEDTLS_PATH)/tests/include -D_FILE_OFFSET_BITS=64 + +ifdef PSASIM +LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ + -L$(PSASIM_PATH)/client_libs \ + -lpsaclient \ + -lmbedtls$(SHARED_SUFFIX) \ + -lmbedx509$(SHARED_SUFFIX) \ + -lmbedcrypto$(SHARED_SUFFIX) +else LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ -L$(MBEDTLS_PATH)/library \ -lmbedtls$(SHARED_SUFFIX) \ -lmbedx509$(SHARED_SUFFIX) \ -lmbedcrypto$(SHARED_SUFFIX) +endif include $(MBEDTLS_PATH)/3rdparty/Makefile.inc LOCAL_CFLAGS+=$(THIRDPARTY_INCLUDES) -ifndef SHARED -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a $(MBEDTLS_PATH)/library/libmbedx509.a $(MBEDTLS_PATH)/library/libmbedtls.a +ifdef PSASIM +MBEDLIBS=$(PSASIM_PATH)/client_libs/libmbedcrypto.a \ + $(PSASIM_PATH)/client_libs/libmbedx509.a \ + $(PSASIM_PATH)/client_libs/libmbedtls.a \ + $(PSASIM_PATH)/client_libs/libpsaclient.a +else ifndef SHARED +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.a \ + $(MBEDTLS_PATH)/library/libmbedx509.a \ + $(MBEDTLS_PATH)/library/libmbedtls.a else -MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) +MBEDLIBS=$(MBEDTLS_PATH)/library/libmbedcrypto.$(DLEXT) \ + $(MBEDTLS_PATH)/library/libmbedx509.$(DLEXT) \ + $(MBEDTLS_PATH)/library/libmbedtls.$(DLEXT) endif ifdef DEBUG @@ -126,10 +147,17 @@ else endif # Auxiliary modules used by tests and some sample programs -MBEDTLS_CORE_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ +MBEDTLS_CORE_TEST_OBJS := $(patsubst %.c,%.o,$(wildcard \ ${MBEDTLS_TEST_PATH}/src/*.c \ ${MBEDTLS_TEST_PATH}/src/drivers/*.c \ )) +# Ignore PSA stubs when building for the client side of PSASIM (i.e. +# CRYPTO_CLIENT && !CRYPTO_C) otherwise there will be functions duplicates. +ifdef PSASIM +MBEDTLS_CORE_TEST_OBJS := $(filter-out \ + ${MBEDTLS_TEST_PATH}/src/psa_crypto_stubs.o, $(MBEDTLS_CORE_TEST_OBJS)\ + ) +endif # Additional auxiliary modules for TLS testing MBEDTLS_TLS_TEST_OBJS = $(patsubst %.c,%.o,$(wildcard \ ${MBEDTLS_TEST_PATH}/src/test_helpers/*.c \ diff --git a/tests/Makefile b/tests/Makefile index 7ab4d9c474..796d5fc9c0 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -177,6 +177,7 @@ $(BINARIES): %$(EXEXT): %.c $(MBEDLIBS) $(TEST_OBJS_DEPS) $(MBEDTLS_TEST_OBJS) clean: ifndef WINDOWS + $(MAKE) -C psa-client-server/psasim clean rm -rf $(BINARIES) *.c *.datax rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed* src/test_keys.h src/test_certs.h rm -f src/test_keys.h src/test_certs.h diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index 7306d8eb10..7393d81dc3 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -11,7 +11,7 @@ #include "test/helpers.h" -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include "test/psa_helpers.h" #include #endif @@ -38,12 +38,15 @@ mbedtls_psa_crypto_free(); \ } \ while (0) -#else /*MBEDTLS_PSA_CRYPTO_C */ +#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ +#define PSA_INIT() PSA_ASSERT(psa_crypto_init()) +#define PSA_DONE() mbedtls_psa_crypto_free(); +#else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ #define PSA_INIT() ((void) 0) #define PSA_DONE() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -313,7 +316,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); } \ while (0) -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /** \def USE_PSA_INIT * diff --git a/tests/psa-client-server/psasim/Makefile b/tests/psa-client-server/psasim/Makefile index 02b639f2c4..ec6691f422 100644 --- a/tests/psa-client-server/psasim/Makefile +++ b/tests/psa-client-server/psasim/Makefile @@ -1,11 +1,11 @@ CFLAGS += -Wall -Werror -std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L ifeq ($(DEBUG),1) -CFLAGS += -DDEBUG -O0 -g +override CFLAGS += -DDEBUG -O0 -g endif -LIBPSACLIENT := -Llibpsaclient/ -lmbedcrypto -lmbedx509 -lmbedtls -LIBPSASERVER := -Llibpsaserver/ -lmbedcrypto +CLIENT_LIBS := -Lclient_libs -lpsaclient -lmbedtls -lmbedx509 -lmbedcrypto +SERVER_LIBS := -Lserver_libs -lmbedcrypto MBEDTLS_ROOT_PATH = ../../.. COMMON_INCLUDE := -I./include -I$(MBEDTLS_ROOT_PATH)/include \ @@ -16,13 +16,14 @@ GENERATED_H_FILES = include/psa_manifest/manifest.h \ include/psa_manifest/pid.h \ include/psa_manifest/sid.h -PSA_CLIENT_COMMON_SRC = src/psa_ff_client.c \ - src/psa_sim_crypto_client.c \ - src/psa_sim_serialise.c +LIBPSACLIENT_SRC = src/psa_ff_client.c \ + src/psa_sim_crypto_client.c \ + src/psa_sim_serialise.c +LIBPSACLIENT_OBJS=$(LIBPSACLIENT_SRC:.c=.o) -PSA_CLIENT_BASE_SRC = $(PSA_CLIENT_COMMON_SRC) src/client.c +PSA_CLIENT_BASE_SRC = $(LIBPSACLIENT_SRC) src/client.c -PSA_CLIENT_FULL_SRC = $(PSA_CLIENT_COMMON_SRC) \ +PSA_CLIENT_FULL_SRC = $(LIBPSACLIENT_SRC) \ $(wildcard src/aut_*.c) PARTITION_SERVER_BOOTSTRAP = src/psa_ff_bootstrap_TEST_PARTITION.c @@ -32,21 +33,28 @@ PSA_SERVER_SRC = $(PARTITION_SERVER_BOOTSTRAP) \ src/psa_sim_crypto_server.c \ src/psa_sim_serialise.c -.PHONY: all clean libpsaclient libpsaserver +.PHONY: all clean client_libs server_libs all: test/seedfile: dd if=/dev/urandom of=./test/seedfile bs=64 count=1 -test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ +src/%.o: src/%.c $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) -c $< $(LDFLAGS) -o $@ -test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(LIBPSACLIENT) $(LDFLAGS) -o $@ +client_libs/libpsaclient: $(LIBPSACLIENT_OBJS) + mkdir -p client_libs + $(AR) -src client_libs/libpsaclient.a $(LIBPSACLIENT_OBJS) -test/psa_partition: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) test/seedfile - $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(LIBPSASERVER) $(LDFLAGS) -o $@ +test/psa_client_base: $(PSA_CLIENT_BASE_SRC) $(GENERATED_H_FILES) test/seedfile + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_BASE_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ + +test/psa_client_full: $(PSA_CLIENT_FULL_SRC) $(GENERATED_H_FILES) test/seedfile + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_CLIENT_FULL_SRC) $(CLIENT_LIBS) $(LDFLAGS) -o $@ + +test/psa_server: $(PSA_SERVER_SRC) $(GENERATED_H_FILES) + $(CC) $(COMMON_INCLUDE) $(CFLAGS) $(PSA_SERVER_SRC) $(SERVER_LIBS) $(LDFLAGS) -o $@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server.c tools/psa_autogen.py src/manifest.json @@ -56,17 +64,18 @@ $(PARTITION_SERVER_BOOTSTRAP) $(GENERATED_H_FILES): src/manifest.json src/server # # Note: these rules assume that mbedtls_config.h is already configured by all.sh. # If not using all.sh then the user must do it manually. -libpsaclient libpsaserver: +client_libs: client_libs/libpsaclient +client_libs server_libs: $(MAKE) -C $(MBEDTLS_ROOT_PATH)/library CFLAGS="$(CFLAGS)" LDFLAGS="$(LDFLAGS)" libmbedcrypto.a libmbedx509.a libmbedtls.a mkdir -p $@ cp $(MBEDTLS_ROOT_PATH)/library/libmbed*.a $@/ - $(MAKE) -C $(MBEDTLS_ROOT_PATH) clean -clean: - rm -f test/psa_client_base test/psa_client_full test/psa_partition +clean_server_intermediate_files: rm -f $(PARTITION_SERVER_BOOTSTRAP) - rm -rf libpsaclient libpsaserver rm -rf include/psa_manifest - rm -f test/psa_service_* test/psa_notify_* - rm -f test/*.log + +clean: clean_server_intermediate_files + rm -f test/psa_client_base test/psa_client_full test/psa_server + rm -rf client_libs server_libs + rm -f test/psa_service_* test/psa_notify_* test/*.log rm -f test/seedfile diff --git a/tests/psa-client-server/psasim/src/aut_psa_hash.c b/tests/psa-client-server/psasim/src/aut_psa_hash.c index 0446e7a76a..b429c0bc58 100644 --- a/tests/psa-client-server/psasim/src/aut_psa_hash.c +++ b/tests/psa-client-server/psasim/src/aut_psa_hash.c @@ -89,6 +89,43 @@ int psa_hash_main(void) mbedtls_printf("Multi-part hash operation successful!\n"); } + /* A bit of white-box testing: ensure that we can abort an operation more + * times than there are operation slots on the simulator server. + */ + for (int i = 0; i < 200; i++) { + /* This should be a no-op */ + status = psa_hash_abort(&hash_operation); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_abort failed\n"); + goto cleanup; + } + } + + /* Compute hash using multi-part operation using the same operation struct */ + status = psa_hash_setup(&hash_operation, HASH_ALG); + if (status == PSA_ERROR_NOT_SUPPORTED) { + mbedtls_printf("unknown hash algorithm supplied\n"); + goto cleanup; + } else if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_setup failed: %d\n", status); + goto cleanup; + } + + status = psa_hash_update(&hash_operation, sample_message, sample_message_length); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_update failed\n"); + goto cleanup; + } + + /* Don't use psa_hash_finish() when going to check against an expected result */ + status = psa_hash_verify(&hash_operation, expected_hash, expected_hash_len); + if (status != PSA_SUCCESS) { + mbedtls_printf("psa_hash_verify failed: %d\n", status); + goto cleanup; + } else { + mbedtls_printf("Second multi-part hash operation successful!\n"); + } + /* Clear local variables prior to one-shot hash demo */ memset(hash, 0, sizeof(hash)); hash_length = 0; diff --git a/tests/psa-client-server/psasim/test/kill_server.sh b/tests/psa-client-server/psasim/test/kill_server.sh new file mode 100755 index 0000000000..7aba5a32ed --- /dev/null +++ b/tests/psa-client-server/psasim/test/kill_server.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +pkill psa_server || true + +# Remove temporary files and logs +rm -f psa_notify_* +rm -f psa_service_* +rm -f psa_server.log + +# Remove all IPCs +ipcs -q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true diff --git a/tests/psa-client-server/psasim/test/run_test.sh b/tests/psa-client-server/psasim/test/run_test.sh index 7c1011ead2..ac9c4c86ca 100755 --- a/tests/psa-client-server/psasim/test/run_test.sh +++ b/tests/psa-client-server/psasim/test/run_test.sh @@ -1,13 +1,13 @@ #!/bin/bash +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + # This is a simple bash script that tests psa_client/psa_server interaction. # This script is automatically executed when "make run" is launched by the # "psasim" root folder. The script can also be launched manually once # binary files are built (i.e. after "make test" is executed from the "psasim" # root folder). -# -# Copyright The Mbed TLS Contributors -# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later set -e @@ -16,26 +16,10 @@ cd "$(dirname "$0")" CLIENT_BIN=$1 shift -function clean_run() { - rm -f psa_notify_* - pkill psa_partition || true - pkill psa_client || true - ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true -} +ipcs | grep q | awk '{ printf " -q " $2 }' | xargs ipcrm > /dev/null 2>&1 || true -# The server creates some local files when it starts up so we can wait for this -# event as signal that the server is ready so that we can start client(s). -function wait_for_server_startup() { - while [ ! -f ./psa_notify_* ]; do - sleep 0.1 - done -} - -clean_run - -./psa_partition & -wait_for_server_startup +./start_server.sh ./$CLIENT_BIN "$@" # Kill server once client exited -pkill psa_partition +pkill psa_server diff --git a/tests/psa-client-server/psasim/test/start_server.sh b/tests/psa-client-server/psasim/test/start_server.sh new file mode 100755 index 0000000000..fcc8a97e9c --- /dev/null +++ b/tests/psa-client-server/psasim/test/start_server.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +# Copyright The Mbed TLS Contributors +# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later + +set -e + +# The server creates some local files when it starts up so we can wait for this +# event as signal that the server is ready so that we can start client(s). +function wait_for_server_startup() { + while [ $(find . -name "psa_notify_*" | wc -l) -eq 0 ]; do + sleep 0.1 + done +} + +$(dirname "$0")/kill_server.sh + +$(dirname "$0")/psa_server & +wait_for_server_startup diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 3bff3a8534..de74f97b6b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -217,6 +217,8 @@ pre_initialize_variables () { # defined in this script whose name starts with "component_". ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//') + PSASIM_PATH='tests/psa-client-server/psasim/' + # Delay determining SUPPORTED_COMPONENTS until the command line options have a chance to override # the commands set by the environment } @@ -356,6 +358,24 @@ cleanup() done } +# This is a helper function to be used in psasim builds. It is meant to clean +# up the library's workspace after the server build and before the client +# build. Built libraries (mbedcrypto, mbedx509 and mbedtls) are supposed to be +# already copied to psasim folder at this point. +helper_psasim_cleanup_before_client() { + # Clean up library files + make -C library clean + # Clean up intermediate files that were used to build the server + make -C $PSASIM_PATH clean_server_intermediate_files + # Restore files that were backup before building library files. This + # includes $CONFIG_H and $CRYPTO_CONFIG_H. + for x in $files_to_back_up; do + if [[ -e "$x$backup_suffix" ]]; then + cp -p "$x$backup_suffix" "$x" + fi + done +} + # Final cleanup when this script exits (except when exiting on a failure # in non-keep-going mode). final_cleanup () { @@ -948,11 +968,11 @@ helper_libtestdriver1_make_main() { make CC=$ASAN_CC CFLAGS="$ASAN_CFLAGS -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS" "$@" } -# $1: target which can be "client" or "server" -helper_crypto_client_build() { +# Set some default values $CONFIG_H in order to build server or client sides +# in PSASIM. There is only 1 mandatory parameter: +# - $1: target which can be "client" or "server" +helper_psasim_config() { TARGET=$1 - shift - TARGET_LIB=libpsa$TARGET if [ "$TARGET" == "client" ]; then scripts/config.py full @@ -976,8 +996,23 @@ helper_crypto_client_build() { # Also ensure MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER not set (to match client) scripts/config.py unset MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER fi +} - make -C tests/psa-client-server/psasim/ CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" +# Helper to build the libraries for client/server in PSASIM. If the server is +# being built, then it builds also the final executable. +# There is only 1 mandatory parameter: +# - $1: target which can be "client" or "server" +helper_psasim_build() { + TARGET=$1 + shift + TARGET_LIB=${TARGET}_libs + + make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" $TARGET_LIB "$@" + + # Build also the server application after its libraries have been built. + if [ "$TARGET" == "server" ]; then + make -C $PSASIM_PATH CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_server + fi } ################################################################ @@ -1037,6 +1072,24 @@ helper_get_psa_key_type_list() { echo "$loc_list" } +# Helper function for controlling (start & stop) the psasim server. +helper_psasim_server() { + OPERATION=$1 + if [ "$OPERATION" == "start" ]; then + ( + cd tests + msg "start server" + psa-client-server/psasim/test/start_server.sh + ) + else + ( + cd tests + msg "terminate server and cleanup" + psa-client-server/psasim//test/kill_server.sh + ) + fi +} + ################################################################ #### Basic checks ################################################################ @@ -1349,68 +1402,6 @@ component_build_psa_crypto_spm () { check_renamed_symbols tests/include/spe/crypto_spe.h library/libmbedcrypto.a } -# Get a list of library-wise undefined symbols and ensure that they only -# belong to psa_xxx() functions and not to mbedtls_yyy() ones. -# This function is a common helper used by both: -# - component_test_default_psa_crypto_client_without_crypto_provider -# - component_build_full_psa_crypto_client_without_crypto_provider. -common_check_mbedtls_missing_symbols() { - nm library/libmbedcrypto.a | grep ' [TRrDC] ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_def.txt - nm library/libmbedcrypto.a | grep ' U ' | grep -Eo '(mbedtls_|psa_).*' | sort -u > sym_undef.txt - comm sym_def.txt sym_undef.txt -13 > linking_errors.txt - not grep mbedtls_ linking_errors.txt - - rm sym_def.txt sym_undef.txt linking_errors.txt -} - -component_test_default_psa_crypto_client_without_crypto_provider () { - msg "build: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C - scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3 - scripts/config.py set MBEDTLS_PSA_CRYPTO_CLIENT - scripts/config.py unset MBEDTLS_LMS_C - - make - - msg "check missing symbols: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - common_check_mbedtls_missing_symbols - - msg "test: default config - PSA_CRYPTO_C + PSA_CRYPTO_CLIENT" - make test -} - -component_build_full_psa_crypto_client_without_crypto_provider () { - msg "build: full config - PSA_CRYPTO_C" - - # Use full config which includes USE_PSA and CRYPTO_CLIENT. - scripts/config.py full - - scripts/config.py unset MBEDTLS_PSA_CRYPTO_C - scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C - # Dynamic secure element support is a deprecated feature and it is not - # available when CRYPTO_C and PSA_CRYPTO_STORAGE_C are disabled. - scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C - - # Since there is no crypto provider in this build it is not possible to - # build all the test executables and progrems due to missing PSA functions - # at link time. Therefore we will just build libraries and we'll check - # that symbols of interest are there. - make lib - - msg "check missing symbols: full config - PSA_CRYPTO_C" - - common_check_mbedtls_missing_symbols - - # Ensure that desired functions are included into the build (extend the - # following list as required). - grep mbedtls_pk_get_psa_attributes library/libmbedcrypto.a - grep mbedtls_pk_import_into_psa library/libmbedcrypto.a - grep mbedtls_pk_copy_from_psa library/libmbedcrypto.a -} - component_test_no_rsa_key_pair_generation() { msg "build: default config minus PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_GENERATE" scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG @@ -6029,20 +6020,16 @@ component_check_test_helpers () { } component_test_psasim() { - msg "build library for server" + msg "build server library and application" scripts/config.py crypto - helper_crypto_client_build server + helper_psasim_config server + helper_psasim_build server - msg "build server" - make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_partition - - # cleanup() will restore some backed-up files which include $CONFIG_H and - # $CRYPTO_CONFIG_H. Built libraries were already copied to psasim at this - # point. - cleanup + helper_psasim_cleanup_before_client msg "build library for client" - helper_crypto_client_build client + helper_psasim_config client + helper_psasim_build client msg "build basic psasim client" make -C tests/psa-client-server/psasim CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" test/psa_client_base @@ -6057,6 +6044,38 @@ component_test_psasim() { make -C tests/psa-client-server/psasim clean } +component_test_suite_with_psasim() +{ + msg "build server library and application" + helper_psasim_config server + # Modify server's library configuration here (if needed) + helper_psasim_build server + + helper_psasim_cleanup_before_client + + msg "build client library" + helper_psasim_config client + # PAKE functions are still unsupported from PSASIM + scripts/config.py -f $CRYPTO_CONFIG_H unset PSA_WANT_ALG_JPAKE + scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + helper_psasim_build client + + msg "build test suites" + make PSASIM=1 CFLAGS="$ASAN_CFLAGS" LDFLAGS="$ASAN_CFLAGS" tests + + helper_psasim_server start + + # psasim takes an extremely long execution time on some test suites so we + # exclude them from the list. + SKIP_TEST_SUITES="constant_time_hmac,lmots,lms" + export SKIP_TEST_SUITES + + msg "run test suites" + make PSASIM=1 test + + helper_psasim_server kill +} + ################################################################ #### Termination ################################################################ diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index 937bd45d22..b2232764a7 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -11,7 +11,7 @@ #include #include -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) #include #include @@ -1332,4 +1332,4 @@ exit: } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 70e7badca5..982be3c6e5 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -59,7 +59,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -86,7 +86,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -98,7 +98,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -122,7 +122,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -134,7 +134,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, mbedtls_ssl_config conf; struct buffer_data buffer; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -158,7 +158,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text, exit: mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ @@ -211,7 +211,7 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line, struct buffer_data buffer; mbedtls_mpi val; - MD_PSA_INIT(); + MD_OR_USE_PSA_INIT(); mbedtls_ssl_init(&ssl); mbedtls_ssl_config_init(&conf); @@ -239,6 +239,6 @@ exit: mbedtls_mpi_free(&val); mbedtls_ssl_free(&ssl); mbedtls_ssl_config_free(&conf); - MD_PSA_DONE(); + MD_OR_USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_lmots.function b/tests/suites/test_suite_lmots.function index 293287aab9..c81501c4d5 100644 --- a/tests/suites/test_suite_lmots.function +++ b/tests/suites/test_suite_lmots.function @@ -37,6 +37,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id, mbedtls_lmots_public_init(&pub_ctx); mbedtls_lmots_private_init(&priv_ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -48,6 +49,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id, exit: mbedtls_lmots_public_free(&pub_ctx); mbedtls_lmots_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -60,6 +62,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed) mbedtls_lmots_public_init(&pub_ctx); mbedtls_lmots_private_init(&priv_ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -71,6 +74,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed) exit: mbedtls_lmots_public_free(&pub_ctx); mbedtls_lmots_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -83,6 +87,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, unsigned char *tmp_sig = NULL; mbedtls_lmots_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0); @@ -137,6 +142,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key, exit: mbedtls_free(tmp_sig); mbedtls_lmots_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -149,6 +155,8 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) size_t exported_pub_key_size; mbedtls_lmots_public_init(&ctx); + USE_PSA_INIT(); + TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), expected_import_rc); @@ -192,6 +200,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc) exit: mbedtls_lmots_public_free(&ctx); mbedtls_free(exported_pub_key); + USE_PSA_DONE(); } /* END_CASE */ @@ -202,6 +211,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed) unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)]; mbedtls_lmots_private_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -217,6 +227,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed) exit: mbedtls_lmots_private_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -233,6 +244,7 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id, memset(sig, 0x7E, sizeof(sig)); mbedtls_lmots_private_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8, key_id->x, leaf_id, seed->x, seed->len), 0); @@ -242,5 +254,6 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id, exit: mbedtls_lmots_private_free(&ctx); mbedtls_lmots_sign_private_key_invalidated_hook = NULL; + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_lms.function b/tests/suites/test_suite_lms.function index 7116f61810..377efcd9b2 100644 --- a/tests/suites/test_suite_lms.function +++ b/tests/suites/test_suite_lms.function @@ -17,6 +17,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed) mbedtls_lms_public_init(&pub_ctx); mbedtls_lms_private_init(&priv_ctx); + USE_PSA_INIT(); /* Allocation failure isn't a test failure, since it likely just means * there's not enough memory to run the test. @@ -38,6 +39,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed) exit: mbedtls_lms_public_free(&pub_ctx); mbedtls_lms_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -50,6 +52,7 @@ void lms_sign_verify_null_msg_test(data_t *seed) mbedtls_lms_public_init(&pub_ctx); mbedtls_lms_private_init(&priv_ctx); + USE_PSA_INIT(); /* Allocation failure isn't a test failure, since it likely just means * there's not enough memory to run the test. @@ -71,6 +74,7 @@ void lms_sign_verify_null_msg_test(data_t *seed) exit: mbedtls_lms_public_free(&pub_ctx); mbedtls_lms_private_free(&priv_ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -83,6 +87,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, unsigned char *tmp_sig = NULL; mbedtls_lms_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0); @@ -139,6 +144,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key, exit: mbedtls_free(tmp_sig); mbedtls_lms_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ @@ -151,6 +157,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) unsigned char *exported_pub_key = NULL; mbedtls_lms_public_init(&ctx); + USE_PSA_INIT(); TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), expected_import_rc); @@ -194,5 +201,6 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc) exit: mbedtls_free(exported_pub_key); mbedtls_lms_public_free(&ctx); + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index 2bc3848f37..6911265f09 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -95,11 +95,11 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256) -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256) -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY) @@ -147,15 +147,15 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE -depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1 +depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage @@ -195,11 +195,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY) @@ -235,11 +235,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY) @@ -283,11 +283,11 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage @@ -295,7 +295,7 @@ depends_on:MBEDTLS_RSA_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256) -depends_on:MBEDTLS_RSA_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256) diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 38c27e399e..5f4267780b 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -45,7 +45,7 @@ #define MBEDTLS_TEST_PK_PSA_SIGN #endif -#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) /* Pick an elliptic curve that's supported by PSA. Note that the curve is * not guaranteed to be supported by the ECP module. * @@ -153,7 +153,7 @@ #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS #endif -#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ +#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */ /* Always define the macros so that we can use them in test data. */ #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY) @@ -220,7 +220,7 @@ exit: return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE; } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, psa_key_type_t type, psa_key_usage_t usage, psa_algorithm_t alg, mbedtls_svc_key_id_t *key) @@ -239,7 +239,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len, return status; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /** Setup the provided PK context. * @@ -305,7 +305,7 @@ exit: return ret; } -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /** Create a PSA key of the desired type and properties. * * - For RSA and EC keys predefined key data is used (as in the pk_setup() above). @@ -465,7 +465,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1, exit: return ok; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ #if defined(MBEDTLS_RSA_C) int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen, @@ -499,7 +499,7 @@ typedef enum { FROM_PAIR = 1 } from_pair_t; -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, mbedtls_pk_context *pk, psa_key_type_t *psa_type) { @@ -567,9 +567,9 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair, exit: return MBEDTLS_ERR_ERROR_GENERIC_ERROR; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* Create a new PSA key which will contain only the public part of the private * key which is provided in input. For this new key: * - Type is the public counterpart of the private key. @@ -636,7 +636,7 @@ exit: psa_reset_key_attributes(&new_attr); return new_key_id; } -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -1753,7 +1753,7 @@ void pk_rsa_alt() TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT); TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0); -#if defined(MBEDTLS_PSA_CRYPTO_C) +#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT; TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt, PSA_KEY_USAGE_ENCRYPT, @@ -1762,7 +1762,7 @@ void pk_rsa_alt() mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT; TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id), MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE); -#endif /* MBEDTLS_PSA_CRYPTO_C */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ /* Test signature */ #if SIZE_MAX > UINT_MAX @@ -2107,7 +2107,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_get_psa_attributes(int pk_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2155,7 +2155,11 @@ void pk_get_psa_attributes(int pk_type, int from_pair, mbedtls_pk_get_bitlen(&pk)); TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage); TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg); +#if defined(MBEDTLS_PSA_CRYPTO_C) TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE); +#else /* MBEDTLS_PSA_CRYPTO_C */ + TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42); +#endif /* MBEDTLS_PSA_CRYPTO_C */ TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0); if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) { @@ -2170,7 +2174,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */ void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair, int usage_arg, int to_pair, int expected_alg) @@ -2218,7 +2222,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_get_psa_attributes_fail(int pk_type, int from_pair, int usage_arg, int expected_ret) @@ -2244,7 +2248,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */ void pk_import_into_psa_lifetime(int from_opaque, int from_persistent, /* when from opaque */ int from_exportable, /* when from opaque */ @@ -2395,7 +2399,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_import_into_psa_fail(int pk_type, int from_pair, int type_arg, int bits_arg, int expected_ret) @@ -2490,7 +2494,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/ void pk_copy_from_psa_fail(void) { mbedtls_pk_context pk_ctx; @@ -2535,7 +2539,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */ void pk_copy_from_psa_builtin_fail() { mbedtls_pk_context pk_ctx; @@ -2558,7 +2562,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */ void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg, int key_alg_arg) { @@ -2645,7 +2649,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/ void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg) { psa_key_type_t key_type = key_type_arg; diff --git a/tests/suites/test_suite_psa_crypto_attributes.function b/tests/suites/test_suite_psa_crypto_attributes.function index c933cb7242..bc7adb4a20 100644 --- a/tests/suites/test_suite_psa_crypto_attributes.function +++ b/tests/suites/test_suite_psa_crypto_attributes.function @@ -20,6 +20,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg, psa_key_type_t type = type_arg; size_t bits = bits_arg; + USE_PSA_INIT(); + TEST_EQUAL( MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0); TEST_EQUAL( @@ -56,6 +58,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg, TEST_EQUAL(psa_get_key_algorithm(&attributes), 0); TEST_EQUAL(psa_get_key_type(&attributes), 0); TEST_EQUAL(psa_get_key_bits(&attributes), 0); + + USE_PSA_DONE(); } /* END_CASE */ diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function index 20167fdaba..c7c72f43dd 100644 --- a/tests/suites/test_suite_psa_crypto_hash.function +++ b/tests/suites/test_suite_psa_crypto_hash.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_PSA_CRYPTO_C + * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT * END_DEPENDENCIES */ @@ -35,7 +35,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */ void hmac(int alg_arg, char *input, data_t *expected_mac) { psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg); diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index c96b4adad8..b4d3451862 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -561,11 +561,11 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC: handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384 -depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO +depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 840af7d2d9..8125e5833e 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -3297,7 +3297,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */ +/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */ void raw_key_agreement_fail(int bad_server_ecdhe_key) { enum { BUFFSIZE = 17000 };