From dcebefb7d7c4eb318848f3788b465949bb37add1 Mon Sep 17 00:00:00 2001 From: Jordan Yates Date: Sat, 22 Feb 2025 22:56:53 +1000 Subject: [PATCH] tests: secure_storage: test mbedtls ITS backend Ensure that the mbedtls backend passes the same tests as TF-M and the zephyr backend, with minor exceptions. Signed-off-by: Jordan Yates --- .../subsys/secure_storage/psa/its/src/main.c | 25 ++++++++++++++++--- .../secure_storage/psa/its/testcase.yaml | 6 +++++ 2 files changed, 28 insertions(+), 3 deletions(-) diff --git a/tests/subsys/secure_storage/psa/its/src/main.c b/tests/subsys/secure_storage/psa/its/src/main.c index 1fb1b522133e..0884778c9473 100644 --- a/tests/subsys/secure_storage/psa/its/src/main.c +++ b/tests/subsys/secure_storage/psa/its/src/main.c @@ -7,8 +7,11 @@ /* The flash must be erased after this test suite is run for the write-once entry test to pass. */ ZTEST_SUITE(secure_storage_psa_its, NULL, NULL, NULL, NULL, NULL); -#ifdef CONFIG_SECURE_STORAGE +#if defined(CONFIG_SECURE_STORAGE) #define MAX_DATA_SIZE CONFIG_SECURE_STORAGE_ITS_MAX_DATA_SIZE +#elif defined(CONFIG_MBEDTLS_PSA_ITS_BACKEND_MBEDTLS_FILE) +/* The backend supports arbitrarily large files, limit the value here for array sizes */ +#define MAX_DATA_SIZE 256 #else #define MAX_DATA_SIZE CONFIG_TFM_ITS_MAX_ASSET_SIZE #endif @@ -32,7 +35,7 @@ ZTEST(secure_storage_psa_its, test_all_sizes) fill_data_buffer(written_data); - for (unsigned int i = 0; i <= sizeof(written_data); ++i) { + for (unsigned int i = 1; i <= sizeof(written_data); ++i) { ret = psa_its_set(UID, i, written_data, PSA_STORAGE_FLAG_NONE); zassert_equal(ret, PSA_SUCCESS); @@ -41,9 +44,11 @@ ZTEST(secure_storage_psa_its, test_all_sizes) zassert_equal(ret, PSA_SUCCESS); zassert_equal(info.flags, PSA_STORAGE_FLAG_NONE); zassert_equal(info.size, i); +#ifndef CONFIG_MBEDTLS_PSA_ITS_BACKEND_MBEDTLS_FILE zassert_equal(info.capacity, i); +#endif - ret = psa_its_get(UID, 0, sizeof(read_data), read_data, &data_length); + ret = psa_its_get(UID, 0, i, read_data, &data_length); zassert_equal(ret, PSA_SUCCESS); zassert_equal(data_length, i); zassert_mem_equal(read_data, written_data, data_length); @@ -78,6 +83,14 @@ ZTEST(secure_storage_psa_its, test_all_offsets) ZTEST(secure_storage_psa_its, test_max_num_entries) { + if (IS_ENABLED(CONFIG_MBEDTLS_PSA_ITS_BACKEND_MBEDTLS_FILE)) { + /* The mbedtls file backend will happily fill your hard drive + * with as many entries as you have space. Skip this test. + */ + ztest_test_skip(); + return; + } + psa_status_t ret = PSA_SUCCESS; unsigned int i; struct psa_storage_info_t info; @@ -118,6 +131,12 @@ ZTEST(secure_storage_psa_its, test_write_once_flag) const uint8_t data[MAX_DATA_SIZE] = {}; struct psa_storage_info_t info; + if (IS_ENABLED(CONFIG_MBEDTLS_PSA_ITS_BACKEND_MBEDTLS_FILE)) { + /* The mbedtls file backend does not support this option */ + ztest_test_skip(); + return; + } + ret = psa_its_set(uid, sizeof(data), data, PSA_STORAGE_FLAG_WRITE_ONCE); zassert_equal(ret, PSA_SUCCESS, "%s%d", (ret == PSA_ERROR_NOT_PERMITTED) ? "Has the flash been erased since this test ran? " : "", ret); diff --git a/tests/subsys/secure_storage/psa/its/testcase.yaml b/tests/subsys/secure_storage/psa/its/testcase.yaml index bf72516e4b24..8f6a16070f2f 100644 --- a/tests/subsys/secure_storage/psa/its/testcase.yaml +++ b/tests/subsys/secure_storage/psa/its/testcase.yaml @@ -52,3 +52,9 @@ tests: integration_platforms: - nrf9151dk/nrf9151/ns extra_args: EXTRA_CONF_FILE=overlay-tfm.conf + + secure_storage.psa.its.mbedtls_file: + platform_allow: + - native_sim + extra_configs: + - CONFIG_MBEDTLS_PSA_ITS_BACKEND_MBEDTLS_FILE=y