- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit
- Reverts changes previously done to psa_crypto_helpers.[c,h]
- Implements a new check for open key slots in
mbedtls_test_helper_is_psa_leaking():
- when CTR_DRBG does not use AES_C or PSA does not have an external
RNG, then we allow 1 key slot (it's the one holding the AES key)
- when the above conditions are not met, then we fallback to the
usual check for "no open key slots remaining"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When AES_C is not defined CTR_DRBG relies on PSA to get AES-ECB. This
means that, when AES-ECB is accelerated, each random operation goes through
driver access as well. This might result in unexpectedly increased
counters for driver's access.
We add extra counters in test_driver_[cipher/key_management].c to be
more specific on which driver functions are accessed and ignore
extra accesses due to CTR_DRBG.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
When AES_C is not defined, CTR_DRBG relies on PSA to get AES-ECB. This means
that PSA holds an open AES key since psa_crypto_init() is called, which
- reduces the maximum number of available key slots
- shifts the 1st available index
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This commit also adds AES_PSA_[INIT/DONE] in "psa_crypto_helpers.h". Its
scope is to call PSA_[INIT/DONE] only when AES_C is not defined (which is
when PSA is effectively required for CTR_DRBG).
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
After adding a check in ssl_conf_check(), we have configured RNG via
mbedtls_ssl_conf_rng() for TLS tests in both test_suite_ssl.function
and test_suite_debug.function. As a result, rng_get() is not only
available when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED enabled.
Therefore, we remove the guard for rng_get() to make it accessible for
TLS tests which have call for mbedtls_ssl_setup().
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
To simplify the logic, `collect_from_script` should take
the responsiblity to parse script outputs to suite name
and test case description.
Also define new Error class ScriptOutputError for
error handling.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Asan poisons memory with an 8-byte granularity. We want to make sure that
the whole specified region is poisoned (our typical use case is a
heap-allocated object, and we want to poison the whole object, and we don't
care about the bytes after the end of the object and up to the beginning of
the next object). So align the start and end of the region to (un)poison to
an 8-byte boundary.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
While an area of memory is poisoned, reading or writing from it triggers a
sanitizer violation.
Implemented for ASan.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
