This allows to re-enable MBEDTLS_ENTROPY_NV_SEED since the
seedfile is correctly found in the "test" folder at runtime.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- add quotes to the $@ parameter in helper_crypto_client_build()
- instead of copying mbedtls_config.h to build static libraries,
we rely on the already existing backup/cleanup mechanism which
is available in all.sh.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Since this python module resides in the framework submodule we must
add an extra explicit path to it for mypy.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add DEBUG=1 in test_psasim() to helpers and final make to build
the libraries and the final binaries with debug symbols
enabled.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of copying the entire library & include folders twice
to build libraries for client and server:
- change the main config file (mbedtls_config.h)
- build in the root library folder
- move the generated library in the psasim folder
- use those library for linking the client/server binaries
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This is necessary because otherwise the library is not able to
find the seedfile at runtime and it fails the initialization.
However since this test runs on a standard PC we can rely on
platform entropy as source of entropy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit implements the first useful IPC communication between
the client and the server. The implemented command is simple,
psa_crypto_init(), and its return value is sent back to the client.
Note: the newly added file psa_functions_codes.h is temporary
and it's probably the one that needs to be automatically
generated by a python script to support all crypto functions.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Ensure that both server and client can call mbedtls_version_get_string_full()
to verify that they are linked against proper libraries.
Note: each side (client/server) performs the call against its own
MbedTLS library. There is no IPC communication involved in this
test. Client/server communication will come later.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
It includes changes to:
- tests/Makefile: build the library for client and server in different
folders. It mimica the libtestdriver1 behavior (without functions
renaming though).
- tests/scripts/all.sh: helper function to build for client and
server with some default configuration for each of them.
- crypto_spe.h: this is dummy file taken from the already existing
tests. It's just meant to pacify the compiler, not to provide
something useful. It will likely be changed in the future.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- remove new line at beginning of test_keys.h
- add footer at the end of both generated files
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps removing the previous pylint exception.
Also use "with" statement for opening the file in order to
ensure that all the content is flushed to the file before
exiting.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Without this fix keys could be listed differently on Ubuntu 16
between different runs therefore causing
check_generated_files() to fail.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
On the CI, the git version when running on
Ubuntu 16.04 is 2.7 and it does not support
the "--recurse-submodules" option of
"git ls-files" thus do not use it.
Another argument to not use it is that
when TF-PSA-Crypto will be a submodule of
mbedtls we will not want check_files.py to
check the TF-PSA-Crypto files as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
- rewrite output file (do not append)
- remove useless "os" import
- move pylint for main() function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
- Embed input arguments inside the script so as to simplify the
calls in Makefiles/CMakeLists.
- add a new "--list-dependencies" command line option to print
out the list of dependencies.
- Modify tests/Makefile accordinlgy.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The previous commit had:
- one obvious mistake (-f NULL with default -e runs nothing)
- one unforeseen issue: OPENSSL_NEXT skips static ECDH
- arguably scope creep: the stated goal was to simplify the full
invocation (in particular, make it obvious that everything is run
without having to remember the default value of EXCLUDE), but it also
made an unrelated change: running most tests with OPENSSL_NEXT (hence
the previous point).
This commit should fix all this, in particular it switches back to
running most tests with OPENSSL and using OPENSSL_NEXT only when needed.
Hopefully in the future we'll do the opposite: most tests will run with
a recent OpenSSL, and only those that need an older one will use
something older. But that will be another PR.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Prepare this component for PSA_CRYPTO_CONFIG to be on by default.
Rename it so that the name is still accurate when we remove legacy symbols
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
We actually only need two invocations.
This also moves all the default tests to OPENSSL_NEXT, which is good
because OPENSSL is ancient.
I have no idea why NULL doesn't work with OPENSSL_NEXT (1.1.1a) server,
because according to the manpage [1], "ALL,COMPLEMENTOFALL" (which is
what we are using) should do it, and indeed
$OPENSSL_NEXT ciphers "ALL,COMPLEMENTOFALL" | tr ':' '\n'
lists NULL ciphersuites, and also they work client-side with
OPENSSL_NEXT...
[1] https://www.openssl.org/docs/man1.1.1/man1/ciphers.html
Also, while at it, remove partial invocation (only non-default) from one
component, as we already have a full invocation in the same config (plus
ASan) in another component.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
