Resolve to run the legacy only test cases with PSA_WANT macros
#9251
Conversation
With replacing the `MD_CAN` macros with `PSA_WANT` counterparts the pure legacy test cases are needing the config options from `crypto_config.h`. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
gabor-mezei-arm
added
enhancement
needs-ci
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
gabor-mezei-arm
added
needs-review
tests/scripts/all.sh
Outdated
| @@ -1711,20 +1711,32 @@ component_test_crypto_full_md_light_only () { | |||
| make test | |||
| } | |||
|
|
|||
| component_test_full_no_cipher_no_psa_crypto () { | |||
| component_test_full_no_cipher_with_legacy () { | |||
There was a problem hiding this comment.
In #9185 I just remove this component as it is not relevant anymore in 4.0 context.
configs/config-no-entropy.h
Outdated
| @@ -17,6 +17,9 @@ | |||
| * See README.txt for usage instructions. | |||
| */ | |||
|
|
|||
| #define MBEDTLS_PSA_CRYPTO_CONFIG_FILE "../configs/crypto-config-no-entropy.h" | |||
| #define MBEDTLS_PSA_CRYPTO_CONFIG | |||
There was a problem hiding this comment.
As we have done for other configuration files you need to enable MBEDTLS_PSA_CRYPTO_C and
MBEDTLS_USE_PSA_CRYPTO which requires MBEDTLS_ENTROPY_C defeating the purpose of this configuration. I think we have some plans to be able to initialize and use only PSA APIs that do not rely on some entropy but in the mean time not sure what we should do with this configuration. @gilles-peskine-arm what do you think?
There was a problem hiding this comment.
We can have a PSA-based configuration without entropy.c by using MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG, which is a simulated entropy source (encapsulated in a simulated RNG). But we already have components with that option, and it's not the goal here. The goal here is to enable the parts of the library that don't require entropy.
In the future, we'll have a way to make PSA crypto work without a RNG, which will allow to do the same things that config-no-entropy.h currently does (hash, MAC, symmetric ciphers, KDF, signature verification, X.509 verification). But that requires work on splitting psa_crypto_init, and we haven't done that work yet (we were thinking of doing it in Q3, but I suspect it'll get delayed to Q4 so we can focus on the repo split).
For now, we can either keep config-no-entropy.h as is, or remove it but file an issue to re-create it when we can, i.e. as part of the split-init epic. I think re-creating it later is the way to go, because keeping legacy config options for some time would hurt other work.
gabor-mezei-arm
force-pushed
the
update_test_full_no_cipher_no_psa_crypto
branch
from
2102d29 to
1b646c2
Compare
There was a problem hiding this comment.
We have #9284 to not forget about adding back an equivalent configuration when the PSA implementation is ready for that thus I am happy with this change, thanks.
tom-daubney-arm
removed
the
needs-reviewer
tom-daubney-arm
added
approved
Description
In
all.shupdate thetest_full_no_cipher_no_psa_cryptotest component and updateconfig-no-entropy.hconfig with crypto config.With replacing the
MD_CANmacros withPSA_WANTcounterparts the pure legacy test cases intest_suite_md.psaare need to update the config options fromcrypto_config.h.PR checklist
Please tick as appropriate and edit the reasons (e.g.: "backport: not needed because this is a new feature")