Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Actually not much to change there, from a high level perspective things are
quite simple: you used to be able to disable ECP_C, now you can disable
BIGNUM_C too.
There will be more to update in driver-only-build.md which is the right
place for a more detailed explanation of the limitations.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
We can't have a public header or library file reference our test
environment (except possibly under test-only options, and even so, it would
be with great reluctance). This breaks the build for other people.
Fix#8259.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Now that we are generating psa_crypto_driver_wrappers.h, we need to pass
build/library as an include directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
While this was arguably a bug as much as it is a change, I'm choosing
the "API changes" section in order to give this more visibility as it
seems likely to "break" (that is, compile in the built-implementation
when it isn't desired) the build of some people who were relying on the
old behaviour by not declaring which curves were accelerated (as most of
our tests did before this PR).
Said otherwise, as a user, I expect that most of the time "Bugfix" is
for things that were not working and are now working, but here
interested users are more likely to see it as "previously doing what I
want, but now no longer doing what I want unless I make changes to my
code". (Though of course there's no clear distinction, see xkcd 1172.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Also correct 'distro to 'dist' and update ubuntu to jammy and python
to 3.10 to attempt to fend off future issues. Too much got removed
when disabling travis and the Coverity scan build was failing on 'make
generated-files', due to lack of installed python dependencies.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
I chose to divide along the lines of Weierstrass vs other curve shapes
(currently just Montgomery), mainly because it's the first thing that
came to mind.
It happened to reveal an issue in the logic for when (deterministic)
ECDSA and ECJPAKE are built-in, which this commit is also fixing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
By default, we disable ASN1_[PARSE/WRITE]_C in common_tfm_config.
In fact, this is what happens for accelerated p256m driver, which
means all asn1[parse/write] tests are skipped in driver_accel test.
However, those two macros are automatically enabled for built-in
ECDSA via PSA, which means all asn1[parse/write] tests are passed
in tfm_config test.
This commit simply ignores the whole asn1[parse/write] test suite
when analyzing between driver and reference.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
{} are valid characters in test description, but they're not escaped
properly in python string format(). To resolve the bug of KeyError
when it tries to log test description which contains {}, we replace
{XXX} format with {{XXX}} in order to escape {} in python string
format() properly.
In addition, the calls to Results.log() are also handled to avoid
similar potential problems.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
In analyze_outcomes.py, if a test case passes in reference_test but
not in driver_test, we log the key by key.format in python.
However, this causes error because of the grammar {} in python
string format. So removing {} to avoid KeyError for
sys.stderr.write((fmt + '\n').format(*args, **kwargs))
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
pk_psa_sign is guarded by MBEDTLS_TEST_PK_PSA_SIGN which is set under:
- The build has PK_[PARSE/WRITE]_C for RSA or ECDSA signature.
- The build has built-in ECC and ECDSA signature.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Since we have removed PK_C, PK_[WRITE/PARSE]_C, there is no need to
define PK related configurations again. Therefore we removed them
in common_tfm_config to make a simpler.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This commit adds dependency check when PK_CAN_ECDSA_SIGN or
PK_CAN_ECDSA_VERIFY is enabled but no corresponding ASN1_WRITE_C
or ASN1_PARSE_C is enabled under PSA.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
We have set MBEDTLS_MD_C in tfm_mbedcrypto_config_profile_medium.h
so there is no need to enable it again.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
config-tfm.h is copied into mbedtls_config.h in test-ref-config.pl.
The relative path is include/ not configs/.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
This is what TF-M intended and they have done so since we copied the file.
It's either disable these options, or enable MBEDTLS_OID_C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.
To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.
This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
