PSA compliance tests suite

[orenc17]

Description

Add PSA compliance tests suite.
Note: this PR has been expanded to contain the entire suite.
This PR include tests for:

1. PSA internal-trusted-storage.
2. PSA Crypto
3. PSA Attestation

Relies on PRs
#9708 (merged)
#9795 (merged)
#9668 (merged)
#9822 (merged)
upcoming mbedTLS release
Note: this PR will not build without these PRs

Pull request type

[ ] Fix
[ ] Refactor
[ ] Target update
[ ] Functionality change
[ ] Docs update
[X] Test update
[ ] Breaking change

Reviewers

@alzix @jaypit02 @dreemkiller

[jaypit02]

Added review comments

[jaypit02]

These structures are common to all tests. Therefore, these can be moved to a common file. Moving to common file is more scalable to consume any addition/deletion of an element.

Also you may want add copyright header to such files.

[orenc17]

I prefer to generate the structure for each test
That way it won't mistakenly compiled to an mbed-app and waste flash

[orenc17]

after a check I've moved the struct to the framework directory

[jaypit02]

As per the latest PSA FF spec, out_vec parameter is no more "const". It is now:

Suggested change

	const psa_outvec *out_vec,
	psa_outvec *out_vec,

[jaypit02]

FYI- These macros definition will be available in pal_config.h in PSA compliance test suite release. Once you have pal_config.h, this json may not be required.

[orenc17]

This is the "mbed way" for configuration
We could add platform specific configuration in the future through this file

[jaypit02]

Is is possible to maintain test specific mbed_lib.json to pass ITS_TEST macro?
Idea is to avoid test editing.

[orenc17]

No

[alzix]

test_s001 name does not describe it actually tests PSA ITS implementation.
please rename TESTS/psa-compliance/test_s001 to TESTS/psa-compliance/psa-ist-s001 and fix the importer

[alzix]

@orenc17 - ping

[cmonr]

Making a note here. I think this now relies on #9192 instead.

[mikisch81]

@cmonr actually like many others, it depends on #9529

[0xc0170]

@orenc17 What is the status for this PR? The dependencies were integrated, weren't they?

[orenc17]

the porting is being continued by another team.. i believe they use this PR as a base

[cmonr]

@orenc17 They'll still hit the same problem once they introduce a PR.

[0xc0170]

the porting is being continued by another team.. i believe they use this PR as a base

Shall this be closed?

[cmonr]

@orenc17 This became unblocked once #9529 came in.

Any updates?

[amiraloosh]

Yes, we will continue with this PR. The PSA team will update tomorrow.

[NirSonnenschein]

Hi @cmonr , @jaypit02 @alzix,
This PR has been forced pushed with multiple changes (multiple additional tests added for attestation and crypto modules as well as its), please re-review the new version.

[NirSonnenschein]

FYI @netanelgonen

[cmonr]

Checking in, this is still waiting on two other PRs before it can progress, correct?

[0xc0170]

Very last dependency here: #9668 - is now in CI. Will this fix also astyle issues in Travis?

[NirSonnenschein]

@0xc0170 , this should fix most of the issues, I'm adding an astyle ignore rule to ignore the style of the imported compliance tests shortly.

[alekla01]

exporter likely needs to be restarted, as it probably has incorrectly status as pending after the license issues.

[cmonr]

CI job restarted: jenkins-ci/mbed-os-ci_exporter

[cmonr]

Restarted CI.

Was getting odd null pointer exception issue when restarting single job.

[mbed-ci]

Test run: SUCCESS

Summary: 13 of 13 test jobs passed
Build number : 8
Build artifacts

[NirSonnenschein]

This is a hard-coded attestation key used for testing the attestation feature. it was randomly generated.
The specific key chosen shouldn't matter to the test it just needs a key to be injected before it is run (in practice each decide is expected to have it's own randomly generated key).

[cmonr]

Seems odd that this was needed.

[NirSonnenschein]

if you mean the explicit return, you are right, it should not be needed.
It is likely an artifact from the previous implementation of the function. - Fixed

[cmonr]

I'm probably missing something, but how would this ever not be true?

boot_t boot isn't static.

[NirSonnenschein]

good point this check should be removed - fixed

[cmonr]

Why should the handle be closed here instead of outside of the function?

[NirSonnenschein]

this function is called from a pointer to function in the original attestation test framework (prior to our adaptation to greentea) in the struct val_api_t. The original implementation had the calling semantic that this function frees the handle inside and we preserved this for future compatibility (had we implemented the test framework we would have done many things very differently).

[cmonr]

} // extern "C"

[NirSonnenschein]

good point, fixed

[cmonr]

Seems weird that this and the following line of code are indented.

[NirSonnenschein]

you are right, however this file has since been replaced (git move) with the file pal_mbed_os_intf.cpp which has been refactored and no longer contains this anomaly

[cmonr]

@orenc17 A couple of questions/nits, but just looking for answers before merging.

[orenc17]

@cmonr i've handed over the PR to @NirSonnenschein
i'm no longer working on this PR, we kept it open for convenience

[NirSonnenschein]

Thanks @cmonr

[NirSonnenschein]

you are right, however this file has since been replaced (git move) with the file pal_mbed_os_intf.cpp which has been refactored and no longer contains this anomaly

[NirSonnenschein]

if you mean the explicit return, you are right, it should not be needed.
It is likely an artifact from the previous implementation of the function. - Fixed

[NirSonnenschein]

good point this check should be removed - fixed

[NirSonnenschein]

This is a hard-coded attestation key used for testing the attestation feature. it was randomly generated.
The specific key chosen shouldn't matter to the test it just needs a key to be injected before it is run (in practice each decide is expected to have it's own randomly generated key).

[NirSonnenschein]

this function is called from a pointer to function in the original attestation test framework (prior to our adaptation to greentea) in the struct val_api_t. The original implementation had the calling semantic that this function frees the handle inside and we preserved this for future compatibility (had we implemented the test framework we would have done many things very differently).

[NirSonnenschein]

good point, fixed

[NirSonnenschein]

restarted CI on review fixes

[alekla01]

Restarted jenkins-ci/exporter

[mbed-ci]

Test run: FAILED

Summary: 1 of 13 test jobs failed
Build number : 10
Build artifacts

Failed test jobs:

• jenkins-ci/mbed-os-ci_exporter

[NirSonnenschein]

CI has passed again on the CR changes, @cmonr please take a look, if all is ok we can proceed.

[cmonr]

#9312 (comment)

@NirSonnenschein It would be good to capture this as a comment in the file, but that can be added in a seperate PR.

Not going to block the PR on that.