All PSA crypto error codes fit comfortably in 16 bits and we have no plans
to ever change this. So use 16 bits to store them, which reduces
mbedtls_error_pair_t from 8 bytes to 4 bytes.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This change affects:
- both PEM and DER files, since they contain the same public key
only in different formats
- "ec_pub.comp.pem" since it's the same as "ec_pub.pem" but in
compressed format
The makefile was also updated accordingly to reflect these
dependencies.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
The test framework leaves the seed file behind (like it does with the
corresponding file in the legacy API, namely seedfile), so ignore it.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The seed file is part of the stable interface of PSA_CRYPTO_INJECT_ENTROPY,
because it has to survive a library upgrade on a device. So check that its
existence and content are as expected at each point in the tested life cycle.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This function was written before the PSA storage layer switched to the PSA
ITS API as its storage abstraction. Now we can just call PSA ITS functions
unconditionally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Until now, we were never enabling this option in any test.
MBEDTLS_PSA_INJECT_ENTROPY requires MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES, so
it cannot be enabled in the full config and it gets its own component.
Test with MBEDTLS_USE_PSA_CRYPTO enabled, since MBEDTLS_PSA_INJECT_ENTROPY
is a very PSA feature (which can break non-PSA applications), and Mbed
OS (for whch MBEDTLS_PSA_INJECT_ENTROPY was designed) enables
MBEDTLS_USE_PSA_CRYPTO when it enables MBEDTLS_PSA_INJECT_ENTROPY.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When MBEDTLS_PSA_INJECT_ENTROPY is enabled, we disable standard entropy
sources, so mbedtls_entropy_func() doesn't work out of the box. Disable
tests that rely on it. MBEDTLS_PSA_INJECT_ENTROPY is intended for PSA-only
environments anyway, so it doesn't matter if some legacy features don't work
normally.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The seed file must exist before running tests. Because the location is
somewhat platform- and configuration-dependent, and to be friendly to
developers who run test suites individually and aren't familiar with this
feature, rely on the test framework code rather than on test scripts to
create the seed file.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The build option MBEDTLS_PSA_INJECT_ENTROPY requires some extra platform
functions, for historical reasons. To enable us to test this option, provide
a version of these functions for testing.
(These versions would actually work in production, but providing them in the
library in a way that doesn't break existing users might be slightly tricky,
so it's out of scope of this commit.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
