commit 8d77ec2f7d7d1fc674a2a38ff3076569e7340eb5
author Gilles Peskine <Gilles.Peskine@arm.com> Wed Jul 26 18:45:20 2023 +0200
committer Gilles Peskine <Gilles.Peskine@arm.com> Wed Aug 23 18:23:20 2023 +0200
tree 9cdfc908b2db4f4806bc15598dbbb6c345e8dd6b
parent 56081de77983f9786086d67fcf863c18ddb8a34c

PSA_CRYPTO_DRIVER_TEST_ALL is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG

Explain how PSA_CRYPTO_DRIVER_TEST_ALL works and why we have it. Note that
it is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG.

MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS is in the full config, so there's no need to
add it explicitly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>

tests/configs/user-config-for-test.h

diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index fbec4f4..ed30be5 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -23,11 +23,31 @@
  */
 
 #if defined(PSA_CRYPTO_DRIVER_TEST_ALL)
+/* PSA_CRYPTO_DRIVER_TEST_ALL activates test drivers while keeping the
+ * built-in implementations active. Normally setting MBEDTLS_PSA_ACCEL_xxx
+ * would disable MBEDTLS_PSA_BUILTIN_xxx unless fallback is activated, but
+ * here we arrange to have both active so that psa_crypto_*.c includes
+ * the built-in implementations and the driver code can call the built-in
+ * implementations.
+ *
+ * The point of this test mode is to verify that the
+ * driver entry points are called when they should be in a lightweight
+ * way, without requiring an actual driver. This is different from builds
+ * with libtestdriver1, where we make a copy of the library source code
+ * and use that as an external driver.
+ */
 
 /* Enable the use of the test driver in the library, and build the generic
  * part of the test driver. */
 #define PSA_CRYPTO_DRIVER_TEST
 
+/* With MBEDTLS_PSA_CRYPTO_CONFIG, if we set up the acceleration, the
+ * built-in implementations won't be enabled. */
+#if defined(MBEDTLS_PSA_CRYPTO_CONFIG)
+#error \
+    "PSA_CRYPTO_DRIVER_TEST_ALL sets up a nonstandard configuration that is incompatible with MBEDTLS_PSA_CRYPTO_CONFIG"
+#endif
+
 /* Use the accelerator driver for all cryptographic mechanisms for which
  * the test driver implemented. */
 #define MBEDTLS_PSA_ACCEL_KEY_TYPE_AES

tests/scripts/all.sh

diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 7da895b..ae8dae5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -2916,17 +2916,16 @@
 }
 
 component_test_psa_crypto_drivers () {
-    msg "build: MBEDTLS_PSA_CRYPTO_DRIVERS w/ driver hooks"
+    msg "build: full + test drivers dispatching to builtins"
     scripts/config.py full
     scripts/config.py set MBEDTLS_PSA_CRYPTO_DRIVERS
-    scripts/config.py set MBEDTLS_PSA_CRYPTO_BUILTIN_KEYS
     loc_cflags="$ASAN_CFLAGS -DPSA_CRYPTO_DRIVER_TEST_ALL"
     loc_cflags="${loc_cflags} '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'"
     loc_cflags="${loc_cflags} -I../tests/include -O2"
 
     make CC=gcc CFLAGS="${loc_cflags}" LDFLAGS="$ASAN_CFLAGS"
 
-    msg "test: full + MBEDTLS_PSA_CRYPTO_DRIVERS"
+    msg "test: full + test drivers dispatching to builtins"
     make test
 }