`psa_get_key_attributes` depends on some built-in
implementation of RSA. Guard the check with coresponding
macros.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
After adding a check in ssl_conf_check(), we have configured RNG via
mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function
and test_suite_debug.function. As a result, rng_get() is not only
available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled.
Therefore, we remove the guard for rng_get() to make it accessible for
TLS tests which have call for mbedtls_ssl_setup().
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
To simplify the logic, `collect_from_script` should take
the responsiblity to parse script outputs to suite name
and test case description.
Also define new Error class ScriptOutputError for
error handling.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
