The dependencies declared in ci.requirements.txt are only used in
scripts that we run on the Linux CI.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Recent versions of cryptography require a Rust toolchain to install on
FreeBSD, which we do not have set up yet.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
The version was unspecified because of our use of Python 3.5 on the CI,
whichi has since been eliminated.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
Now that built-in entropy is a positive option
`MBEDTLS_PSA_BUILTIN_GET_ENTROPY` instead of a negative option
`MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES`, it needs to be enabled explicitly in
sample and test configurations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
- Replaced soon-deprecated mbedtls_md_list() in dlopen.c with psa_hash_compute()
- Added tfpsacrypto_dlopen.c as a PSA-only shared-library loading test
- Enabled -fPIC for tf-psa-crypto builtins to support shared linking
- Confirmed clean builds and successful dlopen() test execution.
Signed-off-by: Ari Weiler-Ofek <ari.weiler-ofek@arm.com>
Disable MBEDTLS_GENPRIME in the
test_psa_crypto_config_accel_rsa_crypto component.
This should likely have been the case already,
as all RSA crypto in this component is expected
to be provided by the test driver.
This change is necessary following the previous
commit to prevent analyze_outcomes.py from
complaining that, as MBEDTLS_GENPRIME tests are
passing in both the driver and reference
components, they should not be ignored.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
For the component test_psa_crypto_config_accel_rsa_crypto,
ignore the test cases depending on MBEDTLS_GENPRIME being
enabled. When all RSA crypto is provided by drivers
MBEDTLS_GENPRIME will not be enabled when it is not
a configuration option anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
For the test_psa_crypto_config_accel_rsa_crypto component,
ignore test cases that depend on MBEDTLS_GENPRIME being enabled.
When all RSA cryptographic operations are provided by drivers,
MBEDTLS_GENPRIME will not be enabled, as it will no longer be a configuration
option.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add warning log when disabling a configuration
option that does not exist.
When the removal of the legacy crypto config
options is completed, the warning will be
reverted to an error.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of the removal of the configuration
option MBEDTLS_POLY1305_C, disable it in
test_psa_crypto_config_accel_cipher_aead_cmac as
it will be not possible to enable it when
CHACHA20_POLY1305 is accelerated.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of the removal of MBEDTLS_ECP_DP_*
configuration options, replace them by their
PSA_WANT_ECC_* equivalent in dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
In preparation of the removal of MBEDTLS_RSA_C,
replace MBEDTLS_RSA_C by its PSA_WANT_ closest
equivalent PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
in dependencies.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove dependencies on MBEDTLS_CIPHER_MODE_CBC and
MBEDTLS_AES_C, as these options will no longer be
available once they are removed from the configuration.
The affected tests rely on the built-in CBC and AES
implementations. With the removal of
MBEDTLS_CIPHER_MODE_CBC and MBEDTLS_AES_C as
configuration options, there is no longer a mechanism
in ssl-opt.sh to express these dependencies.
As a result, filter out these tests at the all.sh
component level when the built-in CBC and AES
implementations are not available.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
To ease the removal of legacy crypto options, do not
fail in depends.py when disabling a non-existing option.
This mimics the behavior of 'config.py unset'.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Following the move of all crypto code to the
tfpsacrypto library, do not link against the
driver libraries anymore.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
