ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-11 01:11:42 +08:00
Code Issues Releases Wiki Activity
mbedtls/tests/psa-client-server/psasim
History
Valerio Setti 405d4adff2 psasim: add timeout while waiting for psa_server to start 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-04-29 11:01:46 +02:00
..
include
Revert "Adapt psasim"
2024-07-22 12:29:17 +02:00
src
[development] Remove code relating to MBEDTLS_PSA_INJECT_ENTROPY
2025-03-28 09:01:05 +01:00
test
psasim: add timeout while waiting for psa_server to start
2025-04-29 11:01:46 +02:00
tools
psa_autogen.py: improve management of output files
2024-05-16 16:13:38 +02:00
.gitignore
psa-client-server: move psasim from framework repo to the mbedtls one
2024-05-03 17:28:04 +02:00
Makefile
Revert "Adapt psasim"
2024-07-22 12:29:17 +02:00
README.md
psasim: update README file
2025-03-05 11:02:32 +01:00

README.md

psasim

PSASIM holds necessary C source and header files which allows to test Mbed TLS in a "pure crypto client" scenario, i.e MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C. In practical terms it means that this allow to build PSASIM with Mbed TLS sources and get 2 Linux applications, a client and a server, which are connected through Linux's shared memeory, and in which the client relies on the server to perform all PSA Crypto operations.

The goal of PSASIM is not to provide a ready-to-use solution for anyone looking to implement the pure crypto client structure (see Limitations for details), but to provide an example of TF-PSA-Crypto RPC (Remote Procedure Call) implementation using Mbed TLS.

Limitations

In the current implementation:

  • Only Linux PC is supported.
  • There can be only 1 client connected to 1 server.
  • Shared memory is the only communication medium allowed. Others can be implemented (ex: net sockets), but in terms of simulation speed shared memory proved to be the fastest.
  • Server is not secure at all: keys and operation structs are stored on the RAM, so they can easily be dumped.

Testing

Please refer to tests/scripts/components-psasim.sh for guidance on how to build & test PSASIM:

  • component_test_psasim(): builds the server and a couple of test clients which are used to evaluate some basic PSA Crypto API commands.
  • component_test_suite_with_psasim(): builds the server and all the usual test suites (those found under the <mbedtls-root>/tests/suites/* folder) which are used by the CI and runs them. A small subset of test suites (test_suite_constant_time_hmac,test_suite_lmots,test_suite_lms) are being skipped, for CI turnover time optimization. They can be run locally if required.

How to update automatically generated files

A significant portion of the intermediate code of PSASIM is auto-generated using Perl. In particular:

  • psa_sim_serialise.[c|h]:
    • Generated by psa_sim_serialise.pl.
    • These files provide the serialisation/deserialisation support that is required to pass functions' parameters between client and server.
  • psa_sim_crypto_[client|server].c and psa_functions_codes.h:
    • Generated by psa_sim_generate.pl.
    • psa_sim_crypto_[client|server].c provide interfaces for PSA Crypto APIs on client and server sides, while psa_functions_codes.h simply enumerates all PSA Crypto APIs.

These files need to be regenerated whenever some PSA Crypto API is added/deleted/modified. The procedure is as follows:

  • psa_sim_serialise.[c|h]:
    • go to <mbedtls-root>/tests/psa-client-server/psasim/src/
    • run ./psa_sim_serialise.pl h > psa_sim_serialise.h
    • run ./psa_sim_serialise.pl c > psa_sim_serialise.c
  • psa_sim_crypto_[client|server].c and psa_functions_codes.h:
    • go to Mbed TLS' root folder
    • run ./tests/psa-client-server/psasim/src/psa_sim_generate.pl