yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option

Browse source 
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
Ronald Cron 2023-01-16 16:56:51 +01:00
parent 2f10fceccd
commit e6e6b75ad3
18 changed files with 62 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
docs/architecture/mbed-crypto-storage-specification.md
View file

@ -354,7 +354,7 @@ Supported features:
* [Persistent keys](#key-file-format-for-mbed-tls-2.25.0) designated by a [key identifier and owner](#key-names-for-mbed-tls-2.25.0). Keys can be:
* Transparent, stored in the export format.
* Opaque, using the unified driver interface with statically registered drivers (`MBEDTLS_PSA_CRYPTO_DRIVERS`). The driver determines the content of the opaque key blob.
* Opaque, using the PSA driver interface with statically registered drivers. The driver determines the content of the opaque key blob.
* Opaque, using the deprecated secure element interface with dynamically registered drivers (`MBEDTLS_PSA_CRYPTO_SE_C`). The driver picks a slot number which is stored in the place of the key material.
* [Nonvolatile random seed](#nonvolatile-random-seed-file-format-for-mbed-tls-2.25.0) on ITS only.

2
docs/proposed/psa-driver-developer-guide.md
View file

@ -7,7 +7,7 @@ This document describes how to write drivers of cryptoprocessors such as acceler
This document focuses on behavior that is specific to Mbed TLS. For a reference of the interface between Mbed TLS and drivers, refer to the [PSA Cryptoprocessor Driver Interface specification](psa-driver-interface.html).
The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled.
The interface is not fully implemented in Mbed TLS yet. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code.
## Introduction

13
docs/proposed/psa-driver-integration-guide.md
View file

@ -5,7 +5,7 @@ Building Mbed TLS with PSA cryptoprocessor drivers
This document describes how to build Mbed TLS with additional cryptoprocessor drivers that follow the PSA cryptoprocessor driver interface.
The interface is not fully implemented in Mbed TLS yet and is disabled by default. You can enable the experimental work in progress by setting `MBEDTLS_PSA_CRYPTO_DRIVERS` in the compile-time configuration. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code when `MBEDTLS_PSA_CRYPTO_DRIVERS` is enabled.
The interface is not fully implemented in Mbed TLS yet. Please note that the interface may still change: until further notice, we do not guarantee backward compatibility with existing driver code.
## Introduction
@ -19,21 +19,14 @@ Concretely speaking, a driver consists of one or more **driver description files
To build Mbed TLS with drivers:
1. Activate `MBEDTLS_PSA_CRYPTO_DRIVERS` in the library configuration.
```
cd /path/to/mbedtls
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
```
2. Pass the driver description files through the Make variable `PSA_DRIVERS` when building the library.
1. Pass the driver description files through the Make variable `PSA_DRIVERS` when building the library.
```
cd /path/to/mbedtls
make PSA_DRIVERS="/path/to/acme/driver.json /path/to/nadir/driver.json" lib
```
3. Link your application with the implementation of the driver functions.
2. Link your application with the implementation of the driver functions.
```
cd /path/to/application

16
include/mbedtls/mbedtls_config.h
View file

@ -1229,18 +1229,6 @@
*/
//#define MBEDTLS_PSA_CRYPTO_CLIENT
/** \def MBEDTLS_PSA_CRYPTO_DRIVERS
*
* Enable support for the experimental PSA crypto driver interface.
*
* Requires: MBEDTLS_PSA_CRYPTO_C
*
* \warning This interface is experimental. We intend to maintain backward
* compatibility with application code that relies on drivers,
* but the driver interfaces may change without notice.
*/
//#define MBEDTLS_PSA_CRYPTO_DRIVERS
/** \def MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
*
* Make the PSA Crypto module use an external random generator provided
@ -2981,8 +2969,8 @@
* Enable dynamic secure element support in the Platform Security Architecture
* cryptography API.
*
* \deprecated This feature is deprecated. Please switch to the driver
* interface enabled by #MBEDTLS_PSA_CRYPTO_DRIVERS.
* \deprecated This feature is deprecated. Please switch to the PSA driver
* interface.
*
* Module: library/psa_crypto_se.c
*

6
library/psa_crypto_slot_management.c
View file

@ -438,14 +438,8 @@ psa_status_t psa_validate_key_location(psa_key_lifetime_t lifetime,
(void) p_drv;
#endif /* MBEDTLS_PSA_CRYPTO_SE_C */
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
/* Key location for external keys gets checked by the wrapper */
return PSA_SUCCESS;
#else /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* No support for external lifetimes at all, or dynamic interface
* did not find driver for requested lifetime. */
return PSA_ERROR_INVALID_ARGUMENT;
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
} else {
/* Local/internal keys are always valid */
return PSA_SUCCESS;

2
scripts/data_files/driver_templates/psa_crypto_driver_wrappers.c.jinja
View file

@ -37,7 +37,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_C)
/* BEGIN-driver headers */
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS)
{% for driver in drivers -%}
/* Headers for {{driver.prefix}} {{driver.type}} driver */
{% if driver['mbedtls/h_condition'] is defined -%}
@ -50,7 +49,6 @@
#endif
{% endif -%}
{% endfor %}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS */
/* END-driver headers */
/* Auto-generated values depending on which drivers are registered.

77
tests/scripts/all.sh
View file

@ -2078,7 +2078,6 @@ component_test_psa_crypto_config_accel_ecdsa () {
# --------------------------------------
# Start from default config (no USE_PSA) + driver support + TLS 1.3
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_SSL_PROTO_TLS1_3
@ -2123,8 +2122,7 @@ component_test_psa_crypto_config_accel_ecdh () {
# Configure and build the main libraries
# --------------------------------------
# Start from default config (no USE_PSA or TLS 1.3) + driver support
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
# Start from default config (no USE_PSA or TLS 1.3)
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Disable the module that's accelerated
@ -2166,7 +2164,6 @@ component_test_psa_crypto_config_accel_pake() {
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Make build-in fallback not available
@ -2200,7 +2197,6 @@ config_psa_crypto_config_all_ec_algs_use_psa () {
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
if [ "$DRIVER_ONLY" -eq 1 ]; then
# Disable modules that are accelerated
scripts/config.py unset MBEDTLS_ECDSA_C
@ -2333,7 +2329,6 @@ component_test_psa_crypto_config_accel_rsa_signature () {
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Mbed TLS library build
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Remove RSA support and its dependencies
@ -2375,7 +2370,6 @@ component_test_psa_crypto_config_accel_hash () {
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_MD5_C
scripts/config.py unset MBEDTLS_RIPEMD160_C
@ -2413,7 +2407,6 @@ component_test_psa_crypto_config_accel_hash_keep_builtins () {
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
@ -2429,7 +2422,6 @@ config_psa_crypto_hash_use_psa () {
scripts/config.py full
# enable support for drivers and configuring PSA-only algorithms
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
if [ "$DRIVER_ONLY" -eq 1 ]; then
# disable the built-in implementation of hashes
scripts/config.py unset MBEDTLS_MD5_C
@ -2519,7 +2511,6 @@ component_test_psa_crypto_config_accel_cipher () {
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# There is no intended accelerator support for ALG STREAM_CIPHER and
@ -2560,7 +2551,6 @@ component_test_psa_crypto_config_accel_aead () {
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_GCM_C
@ -2583,17 +2573,37 @@ component_test_psa_crypto_config_accel_aead () {
make test
}
component_test_psa_crypto_config_no_driver() {
# full plus MBEDTLS_PSA_CRYPTO_CONFIG
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py unset MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
component_test_psa_crypto_config_accel_pake() {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
msg "test: full + MBEDTLS_PSA_CRYPTO_CONFIG minus MBEDTLS_PSA_CRYPTO_DRIVERS"
# Start with full
scripts/config.py full
# Disable ALG_STREAM_CIPHER and ALG_ECB_NO_PADDING to avoid having
# partial support for cipher operations in the driver test library.
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
loc_accel_list="ALG_JPAKE"
loc_accel_flags=$( echo "$loc_accel_list" | sed 's/[^ ]* */-DLIBTESTDRIVER1_MBEDTLS_PSA_ACCEL_&/g' )
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
# Make build-in fallback not available
scripts/config.py unset MBEDTLS_ECJPAKE_C
scripts/config.py unset MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
# Dynamic secure element support is a deprecated feature and needs to be disabled here.
# This is done to have the same form of psa_key_attributes_s for libdriver and library.
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
loc_accel_flags="$loc_accel_flags $( echo "$loc_accel_list" | sed 's/[^ ]* */-DMBEDTLS_PSA_ACCEL_&/g' )"
make CFLAGS="$ASAN_CFLAGS -Werror -I../tests/include -I../tests -I../../tests -DPSA_CRYPTO_DRIVER_TEST -DMBEDTLS_TEST_LIBTESTDRIVER1 $loc_accel_flags" LDFLAGS="-ltestdriver1 $ASAN_CFLAGS"
not grep mbedtls_ecjpake_init library/ecjpake.o
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated PAKE"
make test
}
@ -2617,7 +2627,6 @@ component_build_psa_accel_alg_ecdh() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_ECDH without MBEDTLS_ECDH_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_ECDH_C
@ -2636,7 +2645,6 @@ component_build_psa_accel_key_type_ecc_key_pair() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_KEY_PAIR"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_KEY_PAIR 1
@ -2651,7 +2659,6 @@ component_build_psa_accel_key_type_ecc_public_key() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 1
@ -2666,7 +2673,6 @@ component_build_psa_accel_alg_hmac() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HMAC"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
# Need to define the correct symbol and include the test driver header path in order to build with the test driver
@ -2680,7 +2686,6 @@ component_build_psa_accel_alg_hkdf() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_HKDF without MBEDTLS_HKDF_C"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py unset MBEDTLS_HKDF_C
@ -2696,7 +2701,6 @@ component_build_psa_accel_alg_md5() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_MD5 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160
@ -2718,7 +2722,6 @@ component_build_psa_accel_alg_ripemd160() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RIPEMD160 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2740,7 +2743,6 @@ component_build_psa_accel_alg_sha1() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_1 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2762,7 +2764,6 @@ component_build_psa_accel_alg_sha224() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_224 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2781,7 +2782,6 @@ component_build_psa_accel_alg_sha256() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_256 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2800,7 +2800,6 @@ component_build_psa_accel_alg_sha384() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_384 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2821,7 +2820,6 @@ component_build_psa_accel_alg_sha512() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_SHA_512 - other hashes"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_MD5
@ -2843,7 +2841,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_crypt() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_CRYPT + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_CRYPT 1
@ -2860,7 +2857,6 @@ component_build_psa_accel_alg_rsa_pkcs1v15_sign() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PKCS1V15_SIGN + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PKCS1V15_SIGN 1
@ -2877,7 +2873,6 @@ component_build_psa_accel_alg_rsa_oaep() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_OAEP + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_OAEP 1
@ -2894,7 +2889,6 @@ component_build_psa_accel_alg_rsa_pss() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_ALG_RSA_PSS + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@ -2911,7 +2905,6 @@ component_build_psa_accel_key_type_rsa_key_pair() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_KEY_PAIR + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@ -2926,7 +2919,6 @@ component_build_psa_accel_key_type_rsa_public_key() {
msg "build: full + MBEDTLS_PSA_CRYPTO_CONFIG + PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY + PSA_WANT_ALG_RSA_PSS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
scripts/config.py -f include/psa/crypto_config.h set PSA_WANT_ALG_RSA_PSS 1
@ -3253,10 +3245,9 @@ component_test_se_default () {
make test
}
component_test_psa_crypto_drivers () {
msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
component_test_psa_crypto_builtin_keys () {
msg "build: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS"
scripts/config.py full
scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
@ -3264,7 +3255,7 @@ component_test_psa_crypto_drivers () {
make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
msg "test: full + MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS"
make test
}

4
tests/src/drivers/hash.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_hash.h"
#include "test/drivers/hash.h"
@ -208,4 +208,4 @@ psa_status_t mbedtls_test_transparent_hash_abort(
return mbedtls_test_driver_hash_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_aead.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_aead.h"
#include "psa_crypto_core.h"
@ -469,4 +469,4 @@ psa_status_t mbedtls_test_transparent_aead_abort(
return mbedtls_test_driver_aead_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_asymmetric_encryption.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "mbedtls/rsa.h"
#include "psa_crypto_rsa.h"
@ -160,4 +160,4 @@ psa_status_t mbedtls_test_opaque_asymmetric_decrypt(
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_cipher.c
View file

@ -20,7 +20,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_cipher.h"
#include "psa_crypto_core.h"
@ -433,4 +433,4 @@ psa_status_t mbedtls_test_opaque_cipher_finish(
(void) output_length;
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_key_agreement.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
@ -123,4 +123,4 @@ psa_status_t mbedtls_test_opaque_key_agreement(
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_key_management.c
View file

@ -20,7 +20,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
@ -748,4 +748,4 @@ psa_status_t mbedtls_test_opaque_copy_key(
return PSA_SUCCESS;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_mac.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_mac.h"
#include "test/drivers/mac.h"
@ -431,4 +431,4 @@ psa_status_t mbedtls_test_opaque_mac_abort(
return mbedtls_test_driver_mac_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_pake.c
View file

@ -19,7 +19,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa_crypto_pake.h"
#include "test/drivers/pake.h"
@ -209,4 +209,4 @@ psa_status_t mbedtls_test_transparent_pake_abort(
return mbedtls_test_driver_pake_hooks.driver_status;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/src/drivers/test_driver_signature.c
View file

@ -21,7 +21,7 @@
#include <test/helpers.h>
#if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
#if defined(PSA_CRYPTO_DRIVER_TEST)
#include "psa/crypto.h"
#include "psa_crypto_core.h"
#include "psa_crypto_ecp.h"
@ -414,4 +414,4 @@ psa_status_t mbedtls_test_opaque_signature_verify_hash(
return PSA_ERROR_NOT_SUPPORTED;
}
#endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
#endif /* PSA_CRYPTO_DRIVER_TEST */

4
tests/suites/test_suite_psa_crypto.data
View file

@ -1436,10 +1436,6 @@ Copy fail: AES, invalid persistent key identifier in attributes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_LIFETIME_PERSISTENT:PSA_ERROR_INVALID_ARGUMENT
Copy fail: AES, invalid lifetime (unknown location) in attributes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C:!MBEDTLS_PSA_CRYPTO_DRIVERS
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION(PSA_KEY_PERSISTENCE_DEFAULT, 11):PSA_ERROR_INVALID_ARGUMENT
Copy fail: AES, copy to a readonly lifetime in attributes
depends_on:PSA_WANT_ALG_CTR:PSA_WANT_KEY_TYPE_AES:MBEDTLS_PSA_CRYPTO_STORAGE_C
copy_fail:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:0:PSA_KEY_TYPE_AES:"404142434445464748494a4b4c4d4e4f":PSA_KEY_TYPE_AES:0:PSA_KEY_USAGE_COPY | PSA_KEY_USAGE_ENCRYPT | PSA_KEY_USAGE_EXPORT:PSA_ALG_CTR:0:1:PSA_KEY_LIFETIME_FROM_PERSISTENCE_AND_LOCATION( PSA_KEY_PERSISTENCE_READ_ONLY, 0 ):PSA_ERROR_INVALID_ARGUMENT

6
tests/suites/test_suite_psa_crypto_driver_wrappers.function
View file

@ -484,7 +484,7 @@ exit:
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_CRYPTO_DRIVERS:PSA_CRYPTO_DRIVER_TEST
* depends_on:MBEDTLS_PSA_CRYPTO_C:PSA_CRYPTO_DRIVER_TEST
* END_DEPENDENCIES
*/
@ -2130,7 +2130,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
void builtin_key_export(int builtin_key_id_arg,
int builtin_key_type_arg,
int builtin_key_bits_arg,
@ -2181,7 +2181,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_DRIVERS:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
/* BEGIN_CASE depends_on:PSA_CRYPTO_DRIVER_TEST:MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS */
void builtin_pubkey_export(int builtin_key_id_arg,
int builtin_key_type_arg,
int builtin_key_bits_arg,