Commit Graph

136 Commits

Author SHA1 Message Date
Valerio Setti
fdccbbb91f tests: scripts: configuration-crypto: fix paths after switch to CMake
Switching to CMake build caused some failures due to the fact that:

- binary objects in tf-psa-crypto are not in the same location as before;
- header files from "<mbedtls-root>/include" are no more included when
  building tf-psa-crypto ojects.

This commit fixes both problems.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-01-08 17:53:56 +01:00
Valerio Setti
059aac8680 tests: scripts: build with cmake in all components using Asan
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-01-08 14:33:30 +01:00
Valerio Setti
4d62c59a56 tests: scripts: add new component to test with only pkwrite disabled
This is similar to the already existing "component_full_no_pkparse_pkwrite".
The biggest difference is that this new component starts from "full" config
instead of "crypto_full" because we want to test also some TLS modules,
in particular "test_suite_debug" where the new function
"mbedtls_pk_write_pubkey_psa" has been introduced.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2026-01-08 10:32:57 +01:00
Gilles Peskine
40b11f59df Remove component_test_sha3_variations
TF-PSA-Crypto is getting a component with similar coverage in
https://github.com/Mbed-TLS/TF-PSA-Crypto/pull/618

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2026-01-06 17:07:17 +01:00
Valerio Setti
a7337251f7 tests: remove temporary fix for secp192 curves in test_psa_crypto_without_heap
secp192 curves are no more supported in tf-psa-crypto and also all the
temporary fixes has been removed. This one can be removed as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-12-11 17:37:06 +01:00
Manuel Pégourié-Gonnard
1c479f88d0 Avoid references to ecdh.o
We're going to remove ecdh.c soon, so use another way of testing whether
builtin ECDH is included in the build.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-12-05 09:23:39 +01:00
Valerio Setti
65ec4cc771 tests: scripts: make enabling of secp192 curves fault tolerant in test_psa_crypto_without_heap
This is temporary but still required in order to have this commit merged
before the crypto#570, where these curves are really removed.
These lines will be removed in a follow-up PR once crypto#570 is merged.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-11-20 13:20:40 +01:00
Minos Galanakis
0283fa0656 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-4.0.0.rc
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-10-11 21:41:49 +01:00
Ben Taylor
1317d7f14d Remove spurious make command
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-30 10:36:48 +01:00
Ben Taylor
c8e4fd3f1a Initial removal of DES from mbedtls
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-30 10:36:48 +01:00
Manuel Pégourié-Gonnard
9114d4ae0c all.sh: prepare component for hiding small curves
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-09-29 11:49:40 +02:00
Ronald Cron
90979728ee Merge pull request #10382 from ronald-cron-arm/deprecate-make
Deprecate Make build system and remove MS visual studio files
2025-09-23 08:14:28 +00:00
Ronald Cron
401f20fb35 Prepare test components to scripts/legacy.make
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-22 18:00:26 +02:00
Gilles Peskine
9da0dce845 Bypass config checks when setting a low-level option directly
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-09-22 15:55:10 +02:00
Gilles Peskine
a1d6b2733b Merge remote-tracking branch 'development' into restricted-mbedtls-merge-public-20250916
Conflicts:
* `tf-psa-crypto`: updated to the merge of `development` and
  `development-restricted`.
2025-09-16 16:24:09 +02:00
Ronald Cron
4fe3760a27 Cleanup following the removal of MBEDTLS_BIGNUM_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
feb5e26619 Cleanup following the removal of MBEDTLS_ECP_DP_.*_ENABLED options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
6cfab2880a Cleanup following the removal of MBEDTLS_ECP_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
2ad1e5c1a2 Cleanup following the removal of MBEDTLS_ECJPAKE_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
3c6bbddfd4 Cleanup following the removal of MBEDTLS_ECDSA_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
a19ee2819e Cleanup following the removal of MBEDTLS_ECDH_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Ronald Cron
919a1e4e22 Cleanup following the removal of RSA legacy options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-16 15:53:43 +02:00
Manuel Pégourié-Gonnard
1a81ab6390 Merge pull request #10379 from bjwtaylor/update-header-guards
Update header guard use in p256m test
2025-09-12 10:03:02 +00:00
Ben Taylor
59474406a6 Re-instate MBEDTLS_PKCS1_V15 unset
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
f57293654e Revert change to Everest test message back to ECDH
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
677994af64 Change ecdh to ecdhe on everest test
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
59213b66df Re-add everest test, as it was mislabelled
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
844a264317 Remove stray MBEDTLS_PKCS1_V15 and MBEDTLS_PKCS1_V21
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
fbd806ae95 Remove everest ECDH test as it is no longer required
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ben Taylor
15f1d7f812 Remove support for static ECDH cipher suites
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-11 13:22:40 +01:00
Ronald Cron
3b30643143 Adapt configurations to stricter compile-time checks
Adapt configurations to stricter compile-time checks
for entropy enablement and MBEDTLS_ENTROPY_NV_SEED
option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-10 15:23:32 +02:00
Ronald Cron
efcec8cecd Cleanup following the removal of MBEDTLS_ENTROPY_C option
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-09-10 15:23:32 +02:00
Ben Taylor
a2aa7daaca Change unset of MBEDTLS config to more standard method
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-04 11:22:52 +01:00
Ben Taylor
ecde0aaa41 replace undef with deletion in p256m test
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-02 11:13:05 +01:00
Ben Taylor
dfdac46163 Update header guard use in p256m test
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-09-02 11:13:05 +01:00
David Horstmann
f790fb84fc Merge pull request #10367 from davidhorstmann-arm/configuration-crypto-sh-legacy-ecdsa-deterministic
Remove component uses of `MBEDTLS_ECDSA_DETERMINISTIC`
2025-09-02 09:36:46 +00:00
David Horstmann
b907dbc4d3 Remove other cases of explicit crypto config file
Remove unnecessary passing of the crypto config filename either with the
'-f' or '-c' switch, throughout all of the all.sh component files.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-08-27 15:19:40 +01:00
David Horstmann
7cbeedc607 Remove uses of the -c $CRYPTO_CONFIG_H idiom
This is no longer needed as config.py knows where the crypto config file
is these days.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-08-26 17:27:49 +01:00
Ronald Cron
aad5f1bedd tests: Prepare to switch to SHA-256 as the default CTR_DRBG hash
Ensure that when we switch from SHA-512 to SHA-256
as the default CTR_DRBG hash, we still properly
test CTR_DRBG with SHA-512.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-08-25 15:35:42 +02:00
Minos Galanakis
5dbc24a255 components-configuration-crypto: Removed legacy options.
Removed setters for `MBEDTLS_CTR_DRBG_USE_128_BIT_KEY`
and `MBEDTLS_ENTROPY_FORCE_SHA256`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-08-21 15:56:59 +01:00
David Horstmann
3492807e0b Remove component uses of MBEDTLS_ECDSA_DETERMINISTIC
Remove all references to MBEDTLS_ECDSA_DETERMINISTIC from
components-configuration-crypto.sh. Replace them with
PSA_WANT_ALG_DETERMINISTIC_ECDSA.

This is safe because:
* MBEDTLS_ECDSA_DETERMINISTIC is only ever unset in components in order
  to avoid errors from disabling its dependency MBEDTLS_HMAC_DRBG_C.
* MBEDTLS_ECDSA_DETERMINISTIC is only ever defined in
  config_adjust_legacy_from_psa.h, and only if
  PSA_WANT_ALG_DETERMINISTIC_ECDSA is defined.

Therefore PSA_WANT_ALG_DETERMINISTIC_ECDSA's dependencies are a superset
of MBEDTLS_ECDSA_DETERMINISTIC's dependencies and must include
MBEDTLS_HMAC_DRBG_C, so disabling PSA_WANT_ALG_DETERMINISTIC_ECDSA is a
sufficient substitute for disabling MBEDTLS_ECDSA_DETERMINISTIC.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2025-08-20 10:26:11 +01:00
Minos Galanakis
f3486e198b components-configuration-crypto.sh: Added setters for MBEDTLS_PSA_CRYPTO_RNG_HASH
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-08-20 00:04:35 +01:00
Manuel Pégourié-Gonnard
73728d56cf Make test more robust
This will be needed when we change how many times some functions are
callled in ecp.c, making them more susceptible to inlining.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-08-14 09:30:52 +02:00
Valerio Setti
a785eea41f tests: configuration-crypto: enable p192 curves in test_psa_crypto_without_heap
Enable p192[k|r]1 curves which are disabled by default in tf-psa-crypto.
This is required to get the proper test coverage otherwise there are
tests in 'test_suite_psa_crypto_op_fail' that would never be executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-08-13 10:57:46 +02:00
Valerio Setti
981a0c46b2 tests: remove leftover from debug session and extra spaces
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-08-12 11:31:11 +02:00
Valerio Setti
37a4281710 tests: configuration_crypto: fix selection of EC/DH group to accelerate
Some EC/DH group might be disabled in default configuration in
"crypto_config.h" so before running "helper_get_psa_key_type_list" and/or
"helper_get_psa_curve_list" it's better to set/unset what's required
for that test component and only then parse the enabled groups.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-08-12 09:36:45 +02:00
Minos Galanakis
2fc59949b2 Added MBEDTLS_PSA_CRYPTO_RNG_STRENGTH to tests.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-08-06 10:50:27 +01:00
Ronald Cron
fb03d1391b depends.py: Remove cipher_padding domain
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-24 08:42:16 +02:00
Ronald Cron
0668036ada Replace MBEDTLS_AES_C
Replace the remaining instances of MBEDTLS_AES_C
as a configuration option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-24 08:42:16 +02:00
Ronald Cron
e13c7015ea all.sh: Remove unset of now removed legacy symmetric crypto options
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2025-07-24 08:42:16 +02:00