diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h index a54e125ce..9c83af61d 100644 --- a/tests/include/test/psa_crypto_helpers.h +++ b/tests/include/test/psa_crypto_helpers.h @@ -11,7 +11,8 @@ #include "test/helpers.h" -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include "test/psa_helpers.h" #include #endif @@ -40,7 +41,7 @@ mbedtls_psa_crypto_free(); \ } \ while (0) -#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ +#elif MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT) #define PSA_INIT() PSA_ASSERT(psa_crypto_init()) #define PSA_DONE() mbedtls_psa_crypto_free(); #else /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */ @@ -48,7 +49,8 @@ #define PSA_DONE() ((void) 0) #endif /* MBEDTLS_PSA_CRYPTO_C */ -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C) @@ -253,16 +255,18 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param key_type Key type * \param key_bits Key length in number of bits. */ -#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) -#define MBEDTLS_TEST_HAVE_ALT_AES 1 +#if defined(MBEDTLS_AES_ALT) || \ + defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_AES) +#define MBEDTLS_TEST_HAVE_ACCEL_AES 1 #else -#define MBEDTLS_TEST_HAVE_ALT_AES 0 +#define MBEDTLS_TEST_HAVE_ACCEL_AES 0 #endif #define MBEDTLS_TEST_PSA_SKIP_IF_ALT_AES_192(key_type, key_bits) \ do \ { \ - if ((MBEDTLS_TEST_HAVE_ALT_AES) && \ + if ((MBEDTLS_TEST_HAVE_ACCEL_AES) && \ ((key_type) == PSA_KEY_TYPE_AES) && \ (key_bits == 192)) \ { \ @@ -295,7 +299,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * \param nonce_length The nonce length in number of bytes. */ -#if defined(MBEDTLS_PSA_ACCEL_ALG_GCM) +#if defined(MBEDTLS_GCM_ALT) || \ + defined(MBEDTLS_PSA_ACCEL_ALG_GCM) #define MBEDTLS_TEST_HAVE_ACCEL_GCM 1 #else #define MBEDTLS_TEST_HAVE_ACCEL_GCM 0 @@ -316,7 +321,22 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); } \ while (0) -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_CLIENT || MBEDTLS_PSA_CRYPTO_C */ + +#if MBEDTLS_VERSION_MAJOR >= 4 +/* Legacy PSA_INIT() / PSA_DONE() variants from 3.6 */ +#define USE_PSA_INIT() PSA_INIT() +#define USE_PSA_DONE() PSA_DONE() +#define MD_PSA_INIT() PSA_INIT() +#define MD_PSA_DONE() PSA_DONE() +#define BLOCK_CIPHER_PSA_INIT() PSA_INIT() +#define BLOCK_CIPHER_PSA_DONE() PSA_DONE() +#define MD_OR_USE_PSA_INIT() PSA_INIT() +#define MD_OR_USE_PSA_DONE() PSA_DONE() +#define AES_PSA_INIT() PSA_INIT() +#define AES_PSA_DONE() PSA_DONE() + +#else /* MBEDTLS_VERSION_MAJOR < 4 */ /** \def USE_PSA_INIT * @@ -335,9 +355,18 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #USE_PSA_INIT. */ -#if defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_USE_PSA_CRYPTO) #define USE_PSA_INIT() PSA_INIT() #define USE_PSA_DONE() PSA_DONE() +#elif defined(MBEDTLS_SSL_PROTO_TLS1_3) +/* TLS 1.3 must work without having called psa_crypto_init(), for backward + * compatibility with Mbed TLS <= 3.5 when connecting with a peer that + * supports both TLS 1.2 and TLS 1.3. See mbedtls_ssl_tls13_crypto_init() + * and https://github.com/Mbed-TLS/mbedtls/issues/9072 . */ +#define USE_PSA_INIT() ((void) 0) +/* TLS 1.3 may have initialized the PSA subsystem. Shut it down cleanly, + * otherwise Asan and Valgrind would notice a resource leak. */ +#define USE_PSA_DONE() PSA_DONE() #else /* MBEDTLS_USE_PSA_CRYPTO || MBEDTLS_SSL_PROTO_TLS1_3 */ /* Define empty macros so that we can use them in the preamble and teardown * of every test function that uses PSA conditionally based on @@ -409,13 +438,12 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); * This is like #PSA_DONE except it does nothing under the same conditions as * #MD_OR_USE_PSA_INIT. */ -#if defined(MBEDTLS_MD_SOME_PSA) || \ - defined(MBEDTLS_USE_PSA_CRYPTO) || defined(MBEDTLS_SSL_PROTO_TLS1_3) +#if defined(MBEDTLS_MD_SOME_PSA) #define MD_OR_USE_PSA_INIT() PSA_INIT() #define MD_OR_USE_PSA_DONE() PSA_DONE() #else -#define MD_OR_USE_PSA_INIT() ((void) 0) -#define MD_OR_USE_PSA_DONE() ((void) 0) +#define MD_OR_USE_PSA_INIT() USE_PSA_INIT() +#define MD_OR_USE_PSA_DONE() USE_PSA_DONE() #endif /** \def AES_PSA_INIT @@ -441,6 +469,8 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string); #define AES_PSA_DONE() ((void) 0) #endif /* MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO */ +#endif /* MBEDTLS_VERSION_MAJOR >= 4 */ + #if !defined(MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG) && \ defined(MBEDTLS_CTR_DRBG_C) && \ defined(MBEDTLS_CTR_DRBG_USE_PSA_CRYPTO) diff --git a/tests/src/drivers/hash.c b/tests/src/drivers/hash.c index 5d938ea57..54aec9322 100644 --- a/tests/src/drivers/hash.c +++ b/tests/src/drivers/hash.c @@ -13,8 +13,12 @@ #include "test/drivers/hash.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_hash.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" #endif +#endif mbedtls_test_driver_hash_hooks_t mbedtls_test_driver_hash_hooks = MBEDTLS_TEST_DRIVER_HASH_INIT; diff --git a/tests/src/drivers/test_driver_aead.c b/tests/src/drivers/test_driver_aead.c index 9c0677a7e..6992a066d 100644 --- a/tests/src/drivers/test_driver_aead.c +++ b/tests/src/drivers/test_driver_aead.c @@ -16,8 +16,12 @@ #include "mbedtls/constant_time.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_aead.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_aead.h" #endif +#endif mbedtls_test_driver_aead_hooks_t mbedtls_test_driver_aead_hooks = MBEDTLS_TEST_DRIVER_AEAD_INIT; diff --git a/tests/src/drivers/test_driver_asymmetric_encryption.c b/tests/src/drivers/test_driver_asymmetric_encryption.c index 32644009e..6fdbe43ae 100644 --- a/tests/src/drivers/test_driver_asymmetric_encryption.c +++ b/tests/src/drivers/test_driver_asymmetric_encryption.c @@ -16,8 +16,12 @@ #include "test/drivers/key_management.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_rsa.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #endif +#endif #define PSA_RSA_KEY_PAIR_MAX_SIZE \ PSA_KEY_EXPORT_RSA_KEY_PAIR_MAX_SIZE(PSA_VENDOR_RSA_MAX_KEY_BITS) diff --git a/tests/src/drivers/test_driver_cipher.c b/tests/src/drivers/test_driver_cipher.c index 136610b36..90256fc4e 100644 --- a/tests/src/drivers/test_driver_cipher.c +++ b/tests/src/drivers/test_driver_cipher.c @@ -19,8 +19,12 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_cipher.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_cipher.h" #endif +#endif #include diff --git a/tests/src/drivers/test_driver_key_agreement.c b/tests/src/drivers/test_driver_key_agreement.c index b99d7cdba..8a7a9ea52 100644 --- a/tests/src/drivers/test_driver_key_agreement.c +++ b/tests/src/drivers/test_driver_key_agreement.c @@ -20,10 +20,16 @@ #include #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/include/psa/crypto.h" +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" +#else #include "libtestdriver1/tf-psa-crypto/include/psa/crypto.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" #endif +#endif mbedtls_test_driver_key_agreement_hooks_t mbedtls_test_driver_key_agreement_hooks = MBEDTLS_TEST_DRIVER_KEY_AGREEMENT_INIT; diff --git a/tests/src/drivers/test_driver_key_management.c b/tests/src/drivers/test_driver_key_management.c index 337c25473..d2ca157b8 100644 --- a/tests/src/drivers/test_driver_key_management.c +++ b/tests/src/drivers/test_driver_key_management.c @@ -23,10 +23,16 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#include "libtestdriver1/library/psa_crypto_ffdh.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ffdh.h" #endif +#endif #include diff --git a/tests/src/drivers/test_driver_mac.c b/tests/src/drivers/test_driver_mac.c index 9b671b867..f1cf50430 100644 --- a/tests/src/drivers/test_driver_mac.c +++ b/tests/src/drivers/test_driver_mac.c @@ -13,8 +13,12 @@ #include "test/drivers/mac.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_mac.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_mac.h" #endif +#endif mbedtls_test_driver_mac_hooks_t mbedtls_test_driver_mac_hooks = MBEDTLS_TEST_DRIVER_MAC_INIT; diff --git a/tests/src/drivers/test_driver_pake.c b/tests/src/drivers/test_driver_pake.c index bcef6b5f4..c3ce326fe 100644 --- a/tests/src/drivers/test_driver_pake.c +++ b/tests/src/drivers/test_driver_pake.c @@ -14,8 +14,12 @@ #include "string.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_pake.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_pake.h" #endif +#endif mbedtls_test_driver_pake_hooks_t mbedtls_test_driver_pake_hooks = MBEDTLS_TEST_DRIVER_PAKE_INIT; diff --git a/tests/src/drivers/test_driver_signature.c b/tests/src/drivers/test_driver_signature.c index 92ec93bec..a6eef573b 100644 --- a/tests/src/drivers/test_driver_signature.c +++ b/tests/src/drivers/test_driver_signature.c @@ -26,10 +26,16 @@ #include "test/random.h" #if defined(MBEDTLS_TEST_LIBTESTDRIVER1) +#if MBEDTLS_VERSION_MAJOR < 4 +#include "libtestdriver1/library/psa_crypto_ecp.h" +#include "libtestdriver1/library/psa_crypto_hash.h" +#include "libtestdriver1/library/psa_crypto_rsa.h" +#else #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_ecp.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_hash.h" #include "libtestdriver1/tf-psa-crypto/drivers/builtin/src/psa_crypto_rsa.h" #endif +#endif #include diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c index ee8399722..032c48920 100644 --- a/tests/src/psa_exercise_key.c +++ b/tests/src/psa_exercise_key.c @@ -11,7 +11,8 @@ #include #include -#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) +#if (MBEDTLS_VERSION_MAJOR < 4 && defined(MBEDTLS_PSA_CRYPTO_C)) || \ + (MBEDTLS_VERSION_MAJOR >= 4 && defined(MBEDTLS_PSA_CRYPTO_CLIENT)) #include #include @@ -1332,4 +1333,4 @@ exit: } #endif /* MBEDTLS_PK_C */ -#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */ +#endif /* MBEDTLS_PSA_CRYPTO_C || MBEDTLS_PSA_CRYPTO_CLIENT */