5f573f8301
When testing the lifecycle of a transient key, it doesn't make much sense to try psa_open_key: that expects a persistent key and the lookup takes a different path. The error from psa_open_key is also different depending on whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled. To check that the key ownership is taken into account, try to access the same key id with a different owner without expecting that this is a persistent key. Just call psa_get_key_attributes, which works fine for a transient key. This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> |
||
|---|---|---|
| .. | ||
| ext | ||
| config-ccm-psk-dtls1_2.h | ||
| config-ccm-psk-tls1_2.h | ||
| config-no-entropy.h | ||
| config-suite-b.h | ||
| config-symmetric-only.h | ||
| config-tfm.h | ||
| config-thread.h | ||
| crypto-config-ccm-aes-sha256.h | ||
| README.txt | ||
This directory contains example configuration files.
The examples are generally focused on a particular usage case (eg, support for
a restricted number of ciphersuites) and aim at minimizing resource usage for
this target. They can be used as a basis for custom configurations.
These files are complete replacements for the default mbedtls_config.h. To use one of
them, you can pick one of the following methods:
1. Replace the default file include/mbedtls/mbedtls_config.h with the chosen one.
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
For example, using make:
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" make
Or, using cmake:
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
CFLAGS="-I$PWD/configs -DMBEDTLS_CONFIG_FILE='<foo.h>'" cmake .
make
Note that the second method also works if you want to keep your custom
configuration file outside the Mbed TLS tree.