tests: fix guards in test suites to allow testing with PSASIM

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>

tests/include/test/psa_crypto_helpers.h

@@ -11,7 +11,7 @@
 
 #include "test/helpers.h"
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 #include "test/psa_helpers.h"
 #include <psa/crypto.h>
 #endif
@@ -38,12 +38,15 @@
         mbedtls_psa_crypto_free();                                      \
     }                                                                   \
     while (0)
-#else /*MBEDTLS_PSA_CRYPTO_C */
+#elif defined(MBEDTLS_PSA_CRYPTO_CLIENT) /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
+#define PSA_INIT() PSA_ASSERT(psa_crypto_init())
+#define PSA_DONE() mbedtls_psa_crypto_free();
+#else  /* MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C */
 #define PSA_INIT() ((void) 0)
 #define PSA_DONE() ((void) 0)
 #endif /* MBEDTLS_PSA_CRYPTO_C */
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 #if defined(MBEDTLS_PSA_CRYPTO_STORAGE_C)
 
@@ -313,7 +316,7 @@ uint64_t mbedtls_test_parse_binary_string(data_t *bin_string);
     }                                                                      \
     while (0)
 
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 /** \def USE_PSA_INIT
  *

tests/src/psa_exercise_key.c

@@ -11,7 +11,7 @@
 #include <test/macros.h>
 #include <test/psa_exercise_key.h>
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 
 #include <mbedtls/asn1.h>
 #include <psa/crypto.h>
@@ -1332,4 +1332,4 @@ exit:
 }
 #endif /* MBEDTLS_PK_C */
 
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */

tests/suites/test_suite_debug.function

@@ -59,7 +59,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
     mbedtls_ssl_config conf;
     struct buffer_data buffer;
 
-    MD_PSA_INIT();
+    MD_OR_USE_PSA_INIT();
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
@@ -86,7 +86,7 @@ void debug_print_msg_threshold(int threshold, int level, char *file,
 exit:
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    MD_PSA_DONE();
+    MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -98,7 +98,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
     mbedtls_ssl_config conf;
     struct buffer_data buffer;
 
-    MD_PSA_INIT();
+    MD_OR_USE_PSA_INIT();
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
@@ -122,7 +122,7 @@ void mbedtls_debug_print_ret(char *file, int line, char *text, int value,
 exit:
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    MD_PSA_DONE();
+    MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -134,7 +134,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
     mbedtls_ssl_config conf;
     struct buffer_data buffer;
 
-    MD_PSA_INIT();
+    MD_OR_USE_PSA_INIT();
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
@@ -158,7 +158,7 @@ void mbedtls_debug_print_buf(char *file, int line, char *text,
 exit:
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    MD_PSA_DONE();
+    MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -211,7 +211,7 @@ void mbedtls_debug_print_mpi(char *value, char *file, int line,
     struct buffer_data buffer;
     mbedtls_mpi val;
 
-    MD_PSA_INIT();
+    MD_OR_USE_PSA_INIT();
 
     mbedtls_ssl_init(&ssl);
     mbedtls_ssl_config_init(&conf);
@@ -239,6 +239,6 @@ exit:
     mbedtls_mpi_free(&val);
     mbedtls_ssl_free(&ssl);
     mbedtls_ssl_config_free(&conf);
-    MD_PSA_DONE();
+    MD_OR_USE_PSA_DONE();
 }
 /* END_CASE */

tests/suites/test_suite_lmots.function

@@ -37,6 +37,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
 
     mbedtls_lmots_public_init(&pub_ctx);
     mbedtls_lmots_private_init(&priv_ctx);
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
                                                   key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -48,6 +49,7 @@ void lmots_sign_verify_test(data_t *msg, data_t *key_id, int leaf_id,
 exit:
     mbedtls_lmots_public_free(&pub_ctx);
     mbedtls_lmots_private_free(&priv_ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -60,6 +62,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
 
     mbedtls_lmots_public_init(&pub_ctx);
     mbedtls_lmots_private_init(&priv_ctx);
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_lmots_generate_private_key(&priv_ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
                                                   key_id->x, leaf_id, seed->x, seed->len), 0);
@@ -71,6 +74,7 @@ void lmots_sign_verify_null_msg_test(data_t *key_id, int leaf_id, data_t *seed)
 exit:
     mbedtls_lmots_public_free(&pub_ctx);
     mbedtls_lmots_private_free(&priv_ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -83,6 +87,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
     unsigned char *tmp_sig = NULL;
 
     mbedtls_lmots_public_init(&ctx);
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
 
@@ -137,6 +142,7 @@ void lmots_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
 exit:
     mbedtls_free(tmp_sig);
     mbedtls_lmots_public_free(&ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -149,6 +155,8 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
     size_t exported_pub_key_size;
 
     mbedtls_lmots_public_init(&ctx);
+    USE_PSA_INIT();
+
     TEST_EQUAL(mbedtls_lmots_import_public_key(&ctx, pub_key->x, pub_key->len),
                expected_import_rc);
 
@@ -192,6 +200,7 @@ void lmots_import_export_test(data_t *pub_key, int expected_import_rc)
 exit:
     mbedtls_lmots_public_free(&ctx);
     mbedtls_free(exported_pub_key);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -202,6 +211,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
     unsigned char sig[MBEDTLS_LMOTS_SIG_LEN(MBEDTLS_LMOTS_SHA256_N32_W8)];
 
     mbedtls_lmots_private_init(&ctx);
+    USE_PSA_INIT();
     TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
                                                   key_id->x, leaf_id, seed->x,
                                                   seed->len), 0);
@@ -217,6 +227,7 @@ void lmots_reuse_test(data_t *msg, data_t *key_id, int leaf_id, data_t *seed)
 
 exit:
     mbedtls_lmots_private_free(&ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -233,6 +244,7 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
     memset(sig, 0x7E, sizeof(sig));
 
     mbedtls_lmots_private_init(&ctx);
+    USE_PSA_INIT();
     TEST_EQUAL(mbedtls_lmots_generate_private_key(&ctx, MBEDTLS_LMOTS_SHA256_N32_W8,
                                                   key_id->x, leaf_id, seed->x,
                                                   seed->len), 0);
@@ -242,5 +254,6 @@ void lmots_signature_leak_test(data_t *msg, data_t *key_id, int leaf_id,
 exit:
     mbedtls_lmots_private_free(&ctx);
     mbedtls_lmots_sign_private_key_invalidated_hook = NULL;
+    USE_PSA_DONE();
 }
 /* END_CASE */

tests/suites/test_suite_lms.function

@@ -17,6 +17,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed)
 
     mbedtls_lms_public_init(&pub_ctx);
     mbedtls_lms_private_init(&priv_ctx);
+    USE_PSA_INIT();
 
     /* Allocation failure isn't a test failure, since it likely just means
      * there's not enough memory to run the test.
@@ -38,6 +39,7 @@ void lms_sign_verify_test(data_t *msg, data_t *seed)
 exit:
     mbedtls_lms_public_free(&pub_ctx);
     mbedtls_lms_private_free(&priv_ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -50,6 +52,7 @@ void lms_sign_verify_null_msg_test(data_t *seed)
 
     mbedtls_lms_public_init(&pub_ctx);
     mbedtls_lms_private_init(&priv_ctx);
+    USE_PSA_INIT();
 
     /* Allocation failure isn't a test failure, since it likely just means
      * there's not enough memory to run the test.
@@ -71,6 +74,7 @@ void lms_sign_verify_null_msg_test(data_t *seed)
 exit:
     mbedtls_lms_public_free(&pub_ctx);
     mbedtls_lms_private_free(&priv_ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -83,6 +87,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
     unsigned char *tmp_sig = NULL;
 
     mbedtls_lms_public_init(&ctx);
+    USE_PSA_INIT();
 
     TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len), 0);
 
@@ -139,6 +144,7 @@ void lms_verify_test(data_t *msg, data_t *sig, data_t *pub_key,
 exit:
     mbedtls_free(tmp_sig);
     mbedtls_lms_public_free(&ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */
 
@@ -151,6 +157,7 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
     unsigned char *exported_pub_key = NULL;
 
     mbedtls_lms_public_init(&ctx);
+    USE_PSA_INIT();
     TEST_EQUAL(mbedtls_lms_import_public_key(&ctx, pub_key->x, pub_key->len),
                expected_import_rc);
 
@@ -194,5 +201,6 @@ void lms_import_export_test(data_t *pub_key, int expected_import_rc)
 exit:
     mbedtls_free(exported_pub_key);
     mbedtls_lms_public_free(&ctx);
+    USE_PSA_DONE();
 }
 /* END_CASE */

tests/suites/test_suite_pk.data

@@ -95,11 +95,11 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE/ECDSA(ANY_HASH), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE/ECDSA(SHA256), check ECDSA(SHA256)
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_ECDSA(PSA_ALG_SHA_256):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: ECDSA(SHA256)/NONE, invalid check ECDSA(ANY)
@@ -147,15 +147,15 @@ depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDH:PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE|SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+SIGN
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: ECDH/ECDSA(ANY), check ECDSA(SHA256)+DERIVE
-depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1
+depends_on:MBEDTLS_PK_CAN_ECDSA_SIGN:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1):PSA_KEY_USAGE_DERIVE|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_ECDH:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):256:PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_KEY_USAGE_DERIVE:1
 
 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/NONE, check not allowed COPY usage
@@ -195,11 +195,11 @@ depends_on:MBEDTLS_RSA_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE, RSA_PKCS1V15_SIGN(ANY), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE, RSA_PKCS1V15_SIGN(SHA256), check RSA_PKCS1V15_SIGN(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: RSA_PKCS1V15_SIGN(SHA256)/NONE, invalid check RSA_PKCS1V15_SIGN(ANY)
@@ -235,11 +235,11 @@ depends_on:MBEDTLS_RSA_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_ALG_NONE:1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE, RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: NONE, RSA_PSS(SHA256), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_NONE:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: RSA_PSS(SHA256)/NONE, invalid check RSA_PSS(ANY)
@@ -283,11 +283,11 @@ depends_on:MBEDTLS_RSA_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
 
 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PKCS1V15_CRYPT
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_KEY_USAGE_DECRYPT:1
 
 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_DECRYPT:1
 
 PK can do ext: RSA_PKCS1V15_CRYPT/RSA_PSS(ANY), check non allowed ENCRYPT usage
@@ -295,7 +295,7 @@ depends_on:MBEDTLS_RSA_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_ENCRYPT|PSA_KEY_USAGE_DECRYPT|PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_ENCRYPT:0
 
 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PSS(SHA256)
-depends_on:MBEDTLS_RSA_C
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PSA_CRYPTO_C
 pk_can_do_ext:1:PSA_KEY_TYPE_RSA_KEY_PAIR:PSA_KEY_USAGE_SIGN_HASH:PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):1024:PSA_ALG_RSA_PSS(PSA_ALG_SHA_256):PSA_KEY_USAGE_SIGN_HASH:1
 
 PK can do ext: RSA_PKCS1V15_SIGN(ANY)/RSA_PSS(ANY), check RSA_PKCS1V15_SIGN(SHA256)

tests/suites/test_suite_pk.function

@@ -45,7 +45,7 @@
 #define MBEDTLS_TEST_PK_PSA_SIGN
 #endif
 
-#if defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
 /* Pick an elliptic curve that's supported by PSA. Note that the curve is
  * not guaranteed to be supported by the ECP module.
  *
@@ -153,7 +153,7 @@
 #define MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
 #endif
 
-#endif /* defined(MBEDTLS_PSA_CRYPTO_C) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
+#endif /* defined(MBEDTLS_PSA_CRYPTO_CLIENT) && defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY) */
 
 /* Always define the macros so that we can use them in test data. */
 #if !defined(MBEDTLS_TEST_PSA_ECC_ONE_FAMILY)
@@ -220,7 +220,7 @@ exit:
     return MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
 }
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
                                psa_key_type_t type, psa_key_usage_t usage,
                                psa_algorithm_t alg, mbedtls_svc_key_id_t *key)
@@ -239,7 +239,7 @@ psa_status_t pk_psa_import_key(const unsigned char *key_data, size_t key_len,
 
     return status;
 }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 /** Setup the provided PK context.
  *
@@ -305,7 +305,7 @@ exit:
     return ret;
 }
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 /** Create a PSA key of the desired type and properties.
  *
  * - For RSA and EC keys predefined key data is used (as in the pk_setup() above).
@@ -465,7 +465,7 @@ static int pk_public_same(const mbedtls_pk_context *pk1,
 exit:
     return ok;
 }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
 #if defined(MBEDTLS_RSA_C)
 int mbedtls_rsa_decrypt_func(void *ctx, size_t *olen,
@@ -499,7 +499,7 @@ typedef enum {
     FROM_PAIR = 1
 } from_pair_t;
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
                              mbedtls_pk_context *pk, psa_key_type_t *psa_type)
 {
@@ -567,9 +567,9 @@ static int pk_setup_for_type(mbedtls_pk_type_t pk_type, int want_pair,
 exit:
     return MBEDTLS_ERR_ERROR_GENERIC_ERROR;
 }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
 /* Create a new PSA key which will contain only the public part of the private
  * key which is provided in input. For this new key:
  * - Type is the public counterpart of the private key.
@@ -636,7 +636,7 @@ exit:
     psa_reset_key_attributes(&new_attr);
     return new_key_id;
 }
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -1753,7 +1753,7 @@ void pk_rsa_alt()
     TEST_ASSERT(mbedtls_pk_get_type(&alt) == MBEDTLS_PK_RSA_ALT);
     TEST_ASSERT(strcmp(mbedtls_pk_get_name(&alt), "RSA-alt") == 0);
 
-#if defined(MBEDTLS_PSA_CRYPTO_C)
+#if defined(MBEDTLS_PSA_CRYPTO_CLIENT)
     psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
     TEST_EQUAL(mbedtls_pk_get_psa_attributes(&alt,
                                              PSA_KEY_USAGE_ENCRYPT,
@@ -1762,7 +1762,7 @@ void pk_rsa_alt()
     mbedtls_svc_key_id_t key_id = MBEDTLS_SVC_KEY_ID_INIT;
     TEST_EQUAL(mbedtls_pk_import_into_psa(&alt, &attributes, &key_id),
                MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE);
-#endif /* MBEDTLS_PSA_CRYPTO_C */
+#endif /* MBEDTLS_PSA_CRYPTO_CLIENT */
 
     /* Test signature */
 #if SIZE_MAX > UINT_MAX
@@ -2107,7 +2107,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
 void pk_get_psa_attributes(int pk_type, int from_pair,
                            int usage_arg,
                            int to_pair, int expected_alg)
@@ -2155,7 +2155,11 @@ void pk_get_psa_attributes(int pk_type, int from_pair,
                mbedtls_pk_get_bitlen(&pk));
     TEST_EQUAL(psa_get_key_usage_flags(&attributes), expected_usage);
     TEST_EQUAL(psa_get_key_algorithm(&attributes), expected_alg);
+#if defined(MBEDTLS_PSA_CRYPTO_C)
     TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), PSA_ALG_NONE);
+#else /* MBEDTLS_PSA_CRYPTO_C */
+    TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes), 42);
+#endif /* MBEDTLS_PSA_CRYPTO_C */
 
     TEST_EQUAL(mbedtls_pk_import_into_psa(&pk, &attributes, &new_key_id), 0);
     if (!mbedtls_test_key_consistency_psa_pk(new_key_id, &pk)) {
@@ -2170,7 +2174,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V21 */
 void pk_rsa_v21_get_psa_attributes(int md_type, int from_pair,
                                    int usage_arg,
                                    int to_pair, int expected_alg)
@@ -2218,7 +2222,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
 void pk_get_psa_attributes_fail(int pk_type, int from_pair,
                                 int usage_arg,
                                 int expected_ret)
@@ -2244,7 +2248,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PSA_CRYPTO_STORAGE_C */
 void pk_import_into_psa_lifetime(int from_opaque,
                                  int from_persistent, /* when from opaque */
                                  int from_exportable, /* when from opaque */
@@ -2395,7 +2399,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
 void pk_import_into_psa_fail(int pk_type, int from_pair,
                              int type_arg, int bits_arg,
                              int expected_ret)
@@ -2490,7 +2494,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
 void pk_copy_from_psa_fail(void)
 {
     mbedtls_pk_context pk_ctx;
@@ -2535,7 +2539,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT:MBEDTLS_PSA_ACCEL_ALG_RSA_PKCS1V15_SIGN:MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR_BASIC:!MBEDTLS_RSA_C */
 void pk_copy_from_psa_builtin_fail()
 {
     mbedtls_pk_context pk_ctx;
@@ -2558,7 +2562,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT */
 void pk_copy_from_psa_success(data_t *priv_key_data, int key_type_arg,
                               int key_alg_arg)
 {
@@ -2645,7 +2649,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C*/
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_CLIENT*/
 void pk_copy_public_from_psa(data_t *priv_key_data, int key_type_arg)
 {
     psa_key_type_t key_type = key_type_arg;

tests/suites/test_suite_psa_crypto_attributes.function

@@ -20,6 +20,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg,
     psa_key_type_t type = type_arg;
     size_t bits = bits_arg;
 
+    USE_PSA_INIT();
+
     TEST_EQUAL(
         MBEDTLS_SVC_KEY_ID_GET_KEY_ID(psa_get_key_id(&attributes)), 0);
     TEST_EQUAL(
@@ -56,6 +58,8 @@ void attributes_set_get(int owner_id_arg, int id_arg, int lifetime_arg,
     TEST_EQUAL(psa_get_key_algorithm(&attributes), 0);
     TEST_EQUAL(psa_get_key_type(&attributes), 0);
     TEST_EQUAL(psa_get_key_bits(&attributes), 0);
+
+    USE_PSA_DONE();
 }
 /* END_CASE */
 

tests/suites/test_suite_psa_crypto_hash.function

@@ -6,7 +6,7 @@
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_PSA_CRYPTO_C
+ * depends_on:MBEDTLS_PSA_CRYPTO_CLIENT
  * END_DEPENDENCIES
  */
 
@@ -35,7 +35,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE */
+/* BEGIN_CASE depends_on: MBEDTLS_PSA_CRYPTO_C */
 void hmac(int alg_arg, char *input, data_t *expected_mac)
 {
     psa_algorithm_t alg = PSA_ALG_HMAC(alg_arg);

tests/suites/test_suite_ssl.data

@@ -561,11 +561,11 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PSA_CRYPTO_C
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
-depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
+depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTSL_PSA_CRYPTO_C
 handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
 
 Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg

tests/suites/test_suite_ssl.function

@@ -3297,7 +3297,7 @@ exit:
 }
 /* END_CASE */
 
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
+/* BEGIN_CASE depends_on:MBEDTLS_PSA_CRYPTO_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
 void raw_key_agreement_fail(int bad_server_ecdhe_key)
 {
     enum { BUFFSIZE = 17000 };