Skip to content

secure_storage: fix tests #20710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Mar 24, 2025
Merged

secure_storage: fix tests #20710

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
2ac369a
modules: tf-m: lower minimum allowed CONFIG_TFM_ITS_MAX_ASSET_SIZE
tomi-font Feb 13, 2025
b2c5637
manifest: zephyr: pull in fixes for secure storage tests
tomi-font Feb 14, 2025
5a4bd31
manifest: mbedtls: pull in md.h cleanup
tomi-font Feb 14, 2025
1fb3ef0
quarantine_zephyr: remove secure_storage on native_sim
tomi-font Feb 14, 2025
ea7896e
nrf_security: drivers: cracen: fix AEAD w/ zero-sized input
tomi-font Mar 3, 2025
f9cf0c9
nrf_security: core: oberon: build with -DBUILDING_MBEDTLS_CRYPTO
tomi-font Mar 3, 2025
fe07af0
quarantine_zephyr: quarantine all secure_storage tests on 54L15 cpuflpr
tomi-font Mar 4, 2025
14b68f5
nrf_security: auto-enable PSA_WANT_ALG_ECB_NO_PADDING
tomi-font Mar 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion modules/trusted-firmware-m/Kconfig
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -188,7 +188,7 @@ config TFM_ITS_VALIDATE_METADATA_FROM_FLASH
Validate filesystem metadata every time it is read from flash

config TFM_ITS_MAX_ASSET_SIZE
range 512 4096
range 256 4096
default 512
help
The maximum asset size to be stored in the Internal Trusted Storage. The maximum value
Expand Down
19 changes: 3 additions & 16 deletions scripts/quarantine_zephyr.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,14 +251,6 @@
- qemu_cortex_m3/ti_lm3s6965
comment: "https://nordicsemi.atlassian.net/browse/NCSDK-31671"

- scenarios:
- secure_storage.psa.its.secure_storage.*
- sample.psa.persistent_key.secure_storage.entropy_driver
- secure_storage.psa.crypto.secure_storage
platforms:
- native_sim/native
comment: "https://nordicsemi.atlassian.net/browse/NCSDK-31681"

- scenarios:
- init.check_init_priorities
- shell.device_filter
Expand Down Expand Up @@ -438,12 +430,7 @@
- net.http.server.crime
- drivers.gpio.build
- sample.perf
- sample.psa.its.secure_storage.entropy_not_secure
- sample.psa.persistent_key.secure_storage.entropy_not_secure
- secure_storage.psa.crypto.secure_storage
- secure_storage.psa.its.secure_storage.custom.both
- secure_storage.psa.its.secure_storage.custom.store
- secure_storage.psa.its.secure_storage.store.settings
- .*secure_storage.*
platforms:
- [email protected]/nrf54h20/cpuppr
comment: "region RAM/FLASH overflowed"
Expand Down Expand Up @@ -496,7 +483,7 @@
- sample.shell.shell_module
- sample.shell.shell_module.getopt
- sample.shell.shell_module.login
- secure_storage.psa.its.secure_storage.custom.store
- .*secure_storage.*
platforms:
- nrf54l15dk/nrf54l15/cpuflpr
comment: "region RAM/FLASH overflowed"
Expand Down Expand Up @@ -535,7 +522,7 @@
comment: "Unsupported device"

- scenarios:
- secure_storage.psa.its.secure_storage.*
- .*secure_storage.*
platforms:
- qemu_cortex_m3/ti_lm3s6965
- mps2/an521/cpu0
Expand Down
66 changes: 36 additions & 30 deletions subsys/nrf_security/Kconfig.psa.nordic
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -219,6 +219,42 @@ config PSA_WANT_ALG_XTS
bool "PSA XTS block cipher mode support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_ALG_ECB_NO_PADDING
bool "PSA ECB support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL
default y if MBEDTLS_BUILTIN && !MBEDTLS_FORCE_LEGACY_CIPHER && \
PSA_WANT_KEY_TYPE_AES && (PSA_WANT_ALG_GCM || PSA_WANT_ALG_CCM)

config PSA_WANT_ALG_CHACHA20
bool "PSA CHACHA20 stream cipher support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_ALG_SHAKE256_512
bool "PSA SHAKE256 512 bits support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_ALG_AES_KW
bool "AES key wrap support (NIST-SP-800-38F and RFC3394)" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_AES_KWP
bool "AES key wrap support (NIST-SP-800-38F and RFC5649)" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_WPA3_SAE_PT
bool "WPA3-SAE-PT support" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_WPA3_SAE
bool "WPA3-SAE support" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_SP800_108_COUNTER_CMAC
bool "NIST SP 800-108 conformant CMAC based KDF" if !MBEDTLS_PROMPTLESS

config PSA_WANT_ALG_SP800_108_COUNTER_HMAC
bool "NIST SP 800-108 conformant HMAC based KDF" if !MBEDTLS_PROMPTLESS

comment "Nordic added ECC curve types"

config PSA_WANT_ECC_BRAINPOOL_P_R1_160
Expand Down Expand Up @@ -298,36 +334,6 @@ config PSA_WANT_ECC_SECT_R2_163
config PSA_WANT_ECC_FRP_V1_256
bool "PSA ECC FRP256v1 support" if !PSA_PROMPTLESS

config PSA_WANT_ALG_CHACHA20
bool "PSA CHACHA20 stream cipher support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_ALG_SHAKE256_512
bool "PSA SHAKE256 512 bits support" if !PSA_PROMPTLESS
default y if PSA_CRYPTO_ENABLE_ALL

config PSA_WANT_ALG_AES_KW
bool "AES key wrap support (NIST-SP-800-38F and RFC3394)" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_AES_KWP
bool "AES key wrap support (NIST-SP-800-38F and RFC5649)" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_WPA3_SAE_PT
bool "WPA3-SAE-PT support" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_WPA3_SAE
bool "WPA3-SAE support" if !MBEDTLS_PROMPTLESS
select EXPERIMENTAL

config PSA_WANT_ALG_SP800_108_COUNTER_CMAC
bool "NIST SP 800-108 conformant CMAC based KDF" if !MBEDTLS_PROMPTLESS

config PSA_WANT_ALG_SP800_108_COUNTER_HMAC
bool "NIST SP 800-108 conformant HMAC based KDF" if !MBEDTLS_PROMPTLESS

comment "Nordic addded RNG configuration"

config PSA_WANT_GENERATE_RANDOM
Expand Down
6 changes: 5 additions & 1 deletion subsys/nrf_security/src/core/nrf_oberon/CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,11 @@ target_compile_options(oberon_psa_core
-Wno-strict-aliasing
)

target_compile_definitions(oberon_psa_core
PRIVATE
BUILDING_MBEDTLS_CRYPTO
)

target_link_libraries(oberon_psa_core
PRIVATE
psa_crypto_library_config
Expand All @@ -53,4 +58,3 @@ target_link_libraries(${mbedcrypto_target}
PRIVATE
oberon_psa_core
)

1 change: 1 addition & 0 deletions subsys/nrf_security/src/drivers/cracen/cracenpsa/src/aead.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -516,6 +516,7 @@ psa_status_t cracen_aead_update(cracen_aead_operation_t *operation, const uint8_
* of AD buffered before creating/verifying the tag
*/
if (input_length == 0) {
*output_length = 0;
return PSA_SUCCESS;
}

Expand Down
4 changes: 2 additions & 2 deletions west.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,7 +65,7 @@ manifest:
# https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/zephyr/guides/modules.html
- name: zephyr
repo-path: sdk-zephyr
revision: c9113a87822e123bd287568c957d92b35502e5d1
revision: bd1cf27b22f1003d58ecf4af81961722e1eb9949
import:
# In addition to the zephyr repository itself, NCS also
# imports the contents of zephyr/west.yml at the above
Expand Down Expand Up @@ -136,7 +136,7 @@ manifest:
- name: mbedtls
path: modules/crypto/mbedtls
repo-path: sdk-mbedtls
revision: v3.6.2-ncs2
revision: f109c9bac0bdb9699854e88a9c14772cbbdffb4f
- name: oberon-psa-crypto
path: modules/crypto/oberon-psa-crypto
repo-path: sdk-oberon-psa-crypto
Expand Down