Commit graph

8929 commits

Author SHA1 Message Date
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Dave Rodgman
678e63007c Remove test-case for all-zero
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-20 12:28:59 +01:00
Jerry Yu
ad2091d9c2 fix grammar issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-20 10:01:42 +08:00
Dave Rodgman
d54cb83584 Fix tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-19 18:46:17 +01:00
Dave Rodgman
fe8a8cd100 Size/perf optimisation for mbedtls_mpi_core_clz
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-19 17:59:12 +01:00
Kusumit Ghoderao
7415539173 Fix code style
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-19 21:00:27 +05:30
Kusumit Ghoderao
3b27a7f6bf Fix hex_string converter
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-19 17:20:25 +05:30
Kusumit Ghoderao
a14ae5a0c9 Fix input_integer testing
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-19 14:16:26 +05:30
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00
Pengyu Lv
7a344dde0f New implementation for generate_test_code.FileWrapper
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:03:20 +08:00
Jerry Yu
d3c7d538f1 Improve comments about the time_delay test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-19 14:07:59 +08:00
Minos Galanakis
357b9e1342 test_suite_ecp: Refactored ecp_mod_p224k1 to alignt with ecp_mod_p192k1
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Minos Galanakis
e5dab975c6 ecp_curves: Added unit-tests for secp224k1
This patch introduces basic unit-testing for the `ecp_mod_p224k1()`.

The method is exposed through the ecp_invasive interface, and
the standard testing data is being provided by the python framework.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-18 14:13:20 +01:00
Andrzej Kurek
af04f6307f Add an IPv4 mapped IPv6 test
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-18 07:26:59 -04:00
Janos Follath
3c3b94a31b
Merge pull request #7424 from gabor-mezei-arm/7256_unit_tests_for_p192k1
Add unit tests for ecp_mod_p192k1()
2023-04-18 12:19:40 +01:00
Valerio Setti
2280895784 test: properly check written PEM buffer len
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 12:59:06 +02:00
Valerio Setti
232a006a46 test: fix extension in DER test files
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 12:53:19 +02:00
Manuel Pégourié-Gonnard
1b59e76a8f
Merge pull request #7431 from valeriosetti/issue7404
driver-only: ECP.PSA starter
2023-04-18 11:56:16 +02:00
Valerio Setti
15cac17da5 test: fix dependencies in DER and PEM tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 11:32:58 +02:00
Valerio Setti
c9cb5324b7 test: specify input file type through enum
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 11:20:36 +02:00
Jerry Yu
ed9b9a7579 Add warning to reserve the reason
The test has some issues we can not avoid. Put
it in code to avoid it is re-inroduced again

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-18 17:09:03 +08:00
Valerio Setti
8b7d4323da test: add Makefile target for the generated DER files
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 11:08:44 +02:00
Jerry Yu
d1190a5af3 Update comments and remove delay seconds test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-18 17:01:50 +08:00
Pengyu Lv
8e6794ad56 cert_audit: Code refinement
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 17:00:47 +08:00
Valerio Setti
3401b306ab test: use proper macros for checks
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-18 10:42:53 +02:00
Pengyu Lv
f8e5e059c5 cert_audit: Improve documentation
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 16:24:02 +08:00
Jerry Yu
4852bb823f remove time delay tests
See #1517. They often failed on the CI.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-18 15:02:21 +08:00
Valerio Setti
28567abf4f test: add DER file format for pkwrite tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 18:43:55 +02:00
Valerio Setti
c60bc5e700 test: add support for DER format in pkwrite tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 18:43:06 +02:00
Valerio Setti
8959095e87 test: memory footprint optimization for pkwrite tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 17:34:42 +02:00
Paul Elliott
4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
2023-04-17 16:31:09 +01:00
Valerio Setti
2dbc3066c7 test: remove useless ECP_LIGHT guard in psa_exercise_key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 12:03:48 +02:00
Valerio Setti
e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 12:03:48 +02:00
Jerry Yu
2f1e85f47e fix comments issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-17 16:53:37 +08:00
Manuel Pégourié-Gonnard
6942cc3da7
Merge pull request #7410 from valeriosetti/issue7390
Define (private) "light" subset of ECP
2023-04-14 13:24:06 +02:00
Dave Rodgman
f33c7e3344 Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 15:34:43 +01:00
Dave Rodgman
9145dc46ed Ensure variables initialised
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 15:00:07 +01:00
Dave Rodgman
c07df36f9e More fixes for big-endian
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 14:54:12 +01:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Andrzej Kurek
fe050815c8 Introduce an additional test for IPV4 parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:05 -04:00
Andrzej Kurek
e404612580 Replace old macro in test_suite_x509parse
MD_CAN_SHAXXX should be now used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:19:58 -04:00
Dave Rodgman
b169671c50 Tidy-up
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 13:46:46 +01:00
Dave Rodgman
df2d5b1ca1 Fix compile error
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 13:41:09 +01:00
Dave Rodgman
0a05e703db Tidy-up
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 13:19:40 +01:00
Dave Rodgman
9dc8b6a6a2 Test fixes for big-endian
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-04-13 12:53:35 +01:00
Gabor Mezei
00c9c7a81b
Remove unneeded limb variables
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 13:13:14 +02:00
Gabor Mezei
b70f5f1881
Add checks to guarantee positive input parameters
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 13:12:00 +02:00
Gabor Mezei
b86ead3cb2
Add generated tests for ecp_mod_p192k1
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-13 12:47:59 +02:00
Pengyu Lv
7725c1d2a9 cert_audit: Output line/argument number for *.data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:55:30 +08:00
Pengyu Lv
57240958ed cert_audit: Make FILE as positional argument
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:46:14 +08:00
Janos Follath
6d3ec55849
Merge pull request #7329 from minosgalanakis/ecp/unify_test_cases
ecp: Unify test cases
2023-04-12 13:23:16 +01:00
Minos Galanakis
6d2ee70e75 test_suite_ecp: Removed MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED dependency.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-12 09:44:02 +01:00
Mukesh Bharsakle
b17f6a211d Updating makefile to document key generation
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
2023-04-12 00:05:45 +01:00
Stephan Koch
25c739baf7 Fix PSA AEAD ChaCha20 test dependency.
Signed-off-by: Stephan Koch <koch@oberon.ch>
2023-04-11 17:54:31 +02:00
Valerio Setti
9cea093700 test: resolve remaining disparities in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 16:19:11 +02:00
Glenn Strauss
7bd00e0708 use MBEDTLS_PK_CAN_ECDSA_SOME
instead of MBEDTLS_ECDSA_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:43 -04:00
Glenn Strauss
700ffa0744 use MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
instead of MBEDTLS_SHA256_C in test data dependencies

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Glenn Strauss
6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-04-11 08:29:42 -04:00
Eugene K
3208b0b391 add IP SAN tests changes per mbedTLS standards
Signed-off-by: Eugene K <eugene.kobyakov@netfoundry.io>
2023-04-11 08:29:42 -04:00
Valerio Setti
a9aafd4807 test: revert undesired debug change in ssl-opt
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 12:30:45 +02:00
Valerio Setti
0c477d32e2 test: include also test_suite_ecp for the coverage analysis
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
5278986d2d psa: fix ECP guards for key derivation
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Manuel Pégourié-Gonnard
6a327a5fdc
Merge pull request #7393 from valeriosetti/issue7389
PK tests: use PSA to generate keypairs when USE_PSA is enabled
2023-04-11 11:27:14 +02:00
Pengyu Lv
3179232211 cert_audit: Disable pylint error for importing cryptography
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 16:30:54 +08:00
Gilles Peskine
02c52a08cd
Merge pull request #7287 from yanrayw/7285-followup-of-PR6500
6500 follow-up: enhancements to the new ssl_helpers test module
2023-04-11 09:31:37 +02:00
Valerio Setti
7816c24f2d test: fix guards position in test_suite_pk
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
b3f20da313 test: fix error handling in the new pk_genkey_ec() function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
12a063abb7 test: use proper macros for PSA init/done
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
0b304421d8 ecp: revert changes to ECP module and related tests/programs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Valerio Setti
b6891b13f6 pk: add alternate function for keypair generation using PSA
Instead of using the legacy mbedtls_ecp_gen_keypair() which makes
use of ECP's math, when USE_PSA_CRYPTO is enabled then the new
function pk_genkey_ec() is used in test_suite_pk.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 09:16:24 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388
PK: use PSA to complete public key when USE_PSA is enabled
2023-04-11 09:09:06 +02:00
Pengyu Lv
cb8fc3275a cert_audit: Fill validity dates in AuditData constructor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 15:05:29 +08:00
Jerry Yu
c9c3e62b3e workaround the assert fail with tollerance
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-11 14:08:23 +08:00
Pengyu Lv
ebf011f43e cert_audit: Introduce not-[before|after] option
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 14:07:50 +08:00
Jerry Yu
fce8577f73 try to reproduce random assert fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-04-11 14:07:38 +08:00
Mukesh Bharsakle
1a4cc5e92c updating test-ca.key to use AES instead of DES
Signed-off-by: Mukesh Bharsakle <bharsaklemukesh975@gmail.com>
2023-04-10 14:05:42 +01:00
Pengyu Lv
30f2683d18 cert_audit: Parse more information from test suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-07 18:04:07 +08:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
2023-04-07 10:17:18 +02:00
Valerio Setti
3fddf250dc test: use proper macros for PSA init/done
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-07 08:45:34 +02:00
Minos Galanakis
92278dc407 test_suite_ecp: Updated dependency macros for ecp_raw_generic.
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-06 16:27:44 +01:00
Minos Galanakis
1358648f77 test_suite_ecp: Introduced ecp_mod_p_generic_raw
This patch replaces similiarly structured test functions
for:

* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1

with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.

The python test framework has been updated to provide that extra field.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-06 16:27:12 +01:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation
TLS: TLS 1.2 / 1.3 version negotiation on server side
2023-04-06 16:26:19 +01:00
Kusumit Ghoderao
02326d5083 Test key_derivation_input_integer function
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-04-06 17:47:59 +05:30
Ronald Cron
8c1ce223eb tests: ssl: Restore !MBEDTLS_SSL_PROTO_TLS1_3 dependency
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 13:20:40 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d120bd646c ssl-opt.sh: Add version selection by the server tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
43263c045a tests: ssl: Extend move to handshake state tests
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
c341ad717e ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
ea8a1ea17a tests: ssl: Add some missing dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
a697a71a14 tests: ssl: Move min/max TLS version setting to endpoint init
Move min/max TLS version setting to endpoint init
where it fits better: before the call to
mbedtls_ssl_setup() and available for all tests
not only those calling perform_handshake().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Pengyu Lv
45e32033db cert_audit: Support audit on test suite data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 14:33:41 +08:00
Pengyu Lv
7f6933a227 cert_audit: Initial script for auditing expiry date
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 13:38:56 +08:00
Minos Galanakis
00bd8925a7 bignum: Removed merge scaffolding.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-05 16:13:11 +01:00
Przemek Stekiel
39dbe23845 Release memory for subject alt name in test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
79354c3c4d Use MBEDTLS_MD_CAN_SHA1 macro as test dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
09720e2228 Remove redundant test cases
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
019842119d Adapt test for authority_key_id (parsing subject alt name)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
75653b1df0 Add indication of extension error while parsing authority/subject key id
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
6ec839a1f9 x509_get_authority_key_id: add length check + test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
8661fed943 Fix tests dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
240cbe4040 Remove generation of authorityKeyId_subjectKeyId.crt from makefile
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
Przemek Stekiel
9a511c5bdf Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 17:48:28 +02:00
toth92g
9085cff438 Removing obsolete test after merging and correcting missing macro
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
8d435a0c8b Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type.
Also updated the x509_get_general_names function to be able to parse rfc822Names

Test are also updated according these changes.

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
5042b104c2 - Removing obsolete test files (DER strings are used instead of them to minimize resource usage)
- Renaming test functions to match the naming conventions

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:28 +02:00
toth92g
357b297b16 Correcting tests:
- Wrong condition was checked (ref_ret != 0 instead of ref_ret == 0)
- tags were not checked (nor lengths)
- Using ASSERT_COMPARE where possible

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
2d2fb3a5a7 Correting findings: Using DER format instead of PEM while testing to minimize the resource usage. Comparation of byte arrays in test are now done via the dedicated ASSERT_COMPARE test macro for better understanding
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
0e2e2d6841 x509parse tests used only last 16 bits of the return values. They are updated to check the whole 32 bit value
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
3c2243c6d5 Replacing hard-coded literals with macros of the library in the new x509parse tests
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
toth92g
a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId).
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Dave Rodgman
56f59d749c
Merge pull request #7394 from mprse/fix_pkcs7_test_alloc
Fix memory allocations in pkcs7_verify test
2023-04-04 15:46:59 +01:00
Janos Follath
13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul
Bignum: extract core_mul from the prototype
2023-04-04 13:36:22 +01:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Valerio Setti
98680fc2ed ecp: revert changes to ECP module and test suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:22:59 +02:00
Przemek Stekiel
9735be5ef3 Fix memory allocations in pkcs7_verify test
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-04 09:07:10 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
0fe1ee27e5 pk: add an alternative function for checking private/public key pairs
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.

Tests were also fixed accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 15:00:21 +02:00
Gabor Mezei
f8b55d6358
Fix code style issues
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-03 14:13:46 +02:00
Valerio Setti
c6ecdad42d test: disable all RSA algs and fix tests
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 08:26:35 +02:00
Dave Rodgman
dd48c6e3df
Merge pull request #7385 from daverodgman/timing_alignment
Fix cast alignment warning in timing.c
2023-03-31 19:48:34 +01:00
Dave Rodgman
d43b42ebfa Whitespace fix
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-31 18:04:34 +01:00
Dave Rodgman
4ffc9d80f7 Test that setting reset actually does something
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-31 17:07:26 +01:00
Gabor Mezei
87223ab1ce
Add generated test for core_mul
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:17:06 +02:00
Tom Cosgrove
e16a945421
Add unit tests for mbedtls_mpi_core_mul()
The test cases use the following MPI values.

The .data file only includes those (a, b) values where a <= b; the test code
does a * b and b * a.

    0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
    20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
    10000000000000000 10000000000000001 1234567890abcdef0
    fffffffffffffffffefefefefefefefe 100000000000000000000000000000000
    1234567890abcdef01234567890abcdef0
    ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
    1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
    4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b

The lines in the .data file were generated by the following script

```
    #!/usr/bin/env perl
    #
    # mpi-test-core-mul.pl - generate MPI tests in Perl for mbedtls_mpi_core_mul()
    #
    use strict;
    use warnings;
    use Math::BigInt;
    use sort 'stable';

    my $echo = 0;

    my @mul_mpis = qw(
        0 1 80 ff 100 fffe ffff 10000 ffffffff 100000000
        20000000000000 7f7f7f7f7f7f7f7f 8000000000000000 ffffffffffffffff
        10000000000000000 10000000000000001 1234567890abcdef0 fffffffffffffffffefefefefefefefe
        100000000000000000000000000000000 1234567890abcdef01234567890abcdef0
        ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
        1234567890abcdef01234567890abcdef01234567890abcdef01234567890abcdef0
        4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b
    );

    generate_tests();

    sub generate_tests {
        generate_mbedtls_mpi_core_mul();
    }

    sub generate_mbedtls_mpi_core_mul {

        my $sub_name = (caller(0))[3];      # e.g. main::generate_mbedtls_mpi_sub_mpi
        my ($ignore, $test_name) = split("main::generate_", $sub_name);

        my @cases = ();

        for my $ah (@mul_mpis) {
            for my $bh (@mul_mpis) {

                my $a = Math::BigInt->from_hex($ah);
                my $b = Math::BigInt->from_hex($bh);
                next if $a > $b;		# don't need to repeat test cases

                my $r = $a * $b;
                my $rh = $r->to_hex();

                my $desc = "$test_name #NUMBER: 0x$ah * 0x$bh = 0x$rh";
                my $case = output($test_name, str($ah), str($bh), str($rh));

                push(@cases, [$case, $desc]);
            }
        }

        output_cases("", @cases);
    }

    sub output_cases {

        my ($explain, @cases) = @_;

        my $count = 1;
        for my $c (@cases) {

            my ($case, $desc, $dep) = @$c;
            $desc =~ s/NUMBER/$count/; $count++;
            if (defined($explain) && $desc =~ /EXPLAIN/) {
                $desc =~ s/EXPLAIN/$explain/;
                $explain = "";
            }

            my $depends = "";
            $depends = "depends_on:$dep\n" if defined($dep) && length($dep);

            print <<EOF;

    $desc
    $depends$case
    EOF
        }
    }

    sub output {
        return join(":", @_);
    }

    sub str {
        return '"' . $_[0] . '"';
    }
```

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:16:05 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Ronald Cron
32a432af95 all.sh: Fix test component name
The component_test_psa_crypto_drivers was
renamed component_test_psa_crypto_builtin_keys
in a previous commit. This was misleading as
the goal of the component is not to test
the builtin keys but to run the PSA unit
tests with the test drivers doing the
cryptographic operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Paul Elliott
03d557db35
Merge pull request #6900 from AndrzejKurek/san-dirname
Add support for directoryName subjectAltName
2023-03-30 18:37:26 +01:00
Janos Follath
54118a1720
Merge pull request #7352 from gabor-mezei-arm/6349_fix_merge
Remove obsolete ecp_fix_negative function
2023-03-30 14:48:13 +01:00
Manuel Pégourié-Gonnard
99771a3593
Merge pull request #7336 from yanrayw/6500-gitignore-fix
fix: ignore *.o under tests/src/test_helpers
2023-03-30 09:20:13 +02:00
Manuel Pégourié-Gonnard
1640682a53
Merge pull request #7334 from valeriosetti/analyze_outcomes_improvement
Improve analyze_outcomes.py script
2023-03-30 09:17:39 +02:00
Andrzej Kurek
303704ef4a Remove unnecessary tabs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:41:34 -04:00
Andrzej Kurek
43d7131c14 Fix rfc822name test arguments
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:41:32 -04:00
Andrzej Kurek
532b8d41af Move an x509 malformation test
Now, that the errors are not silently ignored
anymore, instead of expecting a <malformed>
tag in parsed data, the test case returns
an error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:40:36 -04:00
Andrzej Kurek
d90376ef46 Add a test for a malformed directoryname sequence
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:38:45 -04:00
Andrzej Kurek
d348632a6a Switch from PEM to DER format for new x509 directoryname test
This simplifies generating malformed data and doesn't require
the PEM support for tests.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
151d85d82c Introduce a test for a malformed directoryname SAN
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
d40c2b65a6 Introduce proper memory management for SANs
DirectoryName parsing performs allocation that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
4a4f1ec8e9 Add the original certificate to be malformed for x509 tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
e12b01d31b Add support for directoryName subjectAltName
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Valerio Setti
846118b98d test: remove old component errouneously reintroduced during rebase
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 13:46:59 +02:00
Valerio Setti
f109c66d73 Use proper log function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:44 +02:00
Valerio Setti
22992a04f1 Fix function description
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:28 +02:00
Valerio Setti
5aab43f1cd test: fix/improve comments in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:42:07 +02:00
Valerio Setti
1f1420df36 test: fix text output
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
d0c644db69 test: minor refactoring
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
ee97a1ef47 test: improve comments and code in newly added helper function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
e4758aa34b test: add a companion test for another curve (x25519) and fix issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
659aa686c8 test: use BUILTIN symbols in as weierstrass key derivation guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
3ebecc9513 test: disable proper key exchanges while testing accel EC algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
5360886ad3 test: minor fixes to all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
a532983e56 test: add legacy dependency for weierstrass key derivation
Weierstrass key derivation still depends on ECP_C (no driver dispatch
yet), so the legacy dependency is still mandatory here.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b7e9544194 test: add specific test with only accel EC curves and algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Gabor Mezei
df9c029dd5
Remove obsolete ecp_fix_negative function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 18:43:07 +02:00
Valerio Setti
b76672dd52 test: fix wrong accelerated SHA1 symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
6d687b98cf test: simplify comment in test_psa_crypto_config_accel_all_ec_algs_use_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
c762797856 test: removing test with all accel EC algs without USE_PSA
We keep tests without USE_PSA for single accel components (i.e.
ECDH, ECDSA, ECJPAKE), but when testing for all 3 accelerated
at the same time we use USE_PSA for better test coverage.
However for this purpose there is already the:

component_test_psa_crypto_config_[reference/accel]_all_ec_algs_use_psa()

so we can delete this extra component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
4fa6d0bb88 test: moving accel ECJPAKE test close to accel ECDH and ECDSA ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77bdff1963 test: improve comment in the added test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
2495cdbcc2 test: remove unused tasks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
44b178ca60 test: fix erroneous changes in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
6f820cccb8 test: fix comments in test_psa_crypto_config_accel_ecc()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1c3de61ba8 test: remove previous tests for accelerated ECDSA/ECDH/ECJPAKE coverage analysis
All these EC based algs are now tested all at once in
test_psa_crypto_config_[accel/reference]_all_ec_algs_use_psa()
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
42d5f1959f test: add a test with all EC based algs accelerated
Actually this adds both the accelerated test as well as the
reference. Both of them are used to evaluate the driver's
coverage with analyze_outcomes.py script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Janos Follath
0f5086847c
Merge pull request #7343 from minosgalanakis/ecp/sec-384-update-test-macro-deps
ecp: Updated ecp384 depedency macro
2023-03-28 15:04:10 +01:00
Paul Elliott
f04848cc3b Revert "Add generated files"
This reverts commit df2b5da57f.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-27 21:20:52 +01:00
Minos Galanakis
37bdd93730 ecp_mod_p224_raw: Added MBEDTLS_ECP_DP_SECP224R1_ENABLED as a dependency
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-27 18:19:22 +01:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Janos Follath
445c3bfcac
Merge pull request #7222 from minosgalanakis/bignum/6851_extract_Secp384r1_fast_reduction
Bignum:  Extract secp384r1 fast reduction from the prototype
2023-03-27 16:56:30 +01:00
Yanray Wang
5663e74f91 tests/.gitignore: ignore *.o under tests/src/test_helpers
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-24 18:03:48 +08:00
Manuel Pégourié-Gonnard
5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
c584c27426 Disable built-in SHA-256 in accel_hash too
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
e9319772b3 Fix failures in test_suite_random
Appeared after the dependencies were changed to use MD_CAN.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
33783b4646 Manually fix two remaining instances of old macros
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:

    git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'

and I think all the files listed fall into one of the following
acceptable categories:

- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
  check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
  set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
  corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
  suites
- two example programs using a low-level hash API: hash/hello.c,
  pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
  implementations
- a function in test_suite_psa_crypto_storage_format that is
  specifically for checking if the hash is built in.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
66300d6f40 Force SHA-256 for entropy in libtestdriver1
We only enable SHA-256, so let's use that.

Previously the entropy module was deciding which hash to use based on
MBEDTLS_xxx_C feature macros, and since only SHA256_C was defined in
config_test_driver.h, it used that and things worked.

However since entropy was changed to use MD light, and
MBEDTLS_MD_CAN_xxx feature macros, we had an issue: when building
libtestdriver1 with its default config, MBEDTLS_PSA_ACCEL_ALG_SHA_512 is
defined even though there's no actual accelerator in the build. (This is
done so that PSA_WANT_ALG_SHA_512 can remain defined in order to match
the application's config, while not defining
MBEDTLS_PSA_BUILTIN_ALG_SHA_512 in order to only include what we need in
the build of libtestdriver1.) This will cause MD to dispatch to PSA in
order to take advantage of the accelerator, which will then fail because
there is no accelerator not builtin for this hash.

In the long-term, perhaps it would be best to address the root of the
issue: defining MBEDTLS_PSA_ACCEL_ALG_SHA_512 in a build that doesn't
actually have a SHA-512 accelerator is a lie. But that would require
significant changes in libtestdriver1. So for now, just fix the most
obvious symptom (picking a non-supported hash in entropy.h) by forcing
the choice of hash to match what's in the libtestdriver1 config.

Note: if the copy of entropy module in libtestdriver1 doesn't work,
we'll get a failure when calling libtestdriver1_psa_crypto_init(), which
we do, from mbedtls_test_transparent_init(), indirectly called by our
psa_crypto_init() which will then fail.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5d0d641332 Test entropy.c with driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
2334d3a9b1 Fix driver_wrappers test
These were assuming that psa_crypto_init() doesn't call hashes, which is
not always correct.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b Use MD-light in entropy.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Valerio Setti
a266332189 test: improve analyze_outcomes.py script
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:

- if the output file is already present, then only the analysis
  is performed
- if the outfile does not exists, then tests are also executed
  before doing the analysis

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-24 09:31:38 +01:00
Przemek Stekiel
038a3a6b95 Extend j-pake input getters tests for user and peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Przemek Stekiel
b175b146a2 Remove driver_pake_get_role function
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Przemek Stekiel
43af7c8a8a Adapt pake tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 13:37:18 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Paul Elliott
df2b5da57f Add generated files
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:58:43 +00:00
Paul Elliott
db67e99bbf Bump library, libcrypto and libx509 versions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:57:39 +00:00
Przemek Stekiel
69aba90e5b Add tests case for step with different buffer size
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-23 08:06:09 +01:00
Valerio Setti
4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
13ce40323f test_suite_ssl: remove redundant dependencies when the key exchange is specified
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:40:05 +01:00
Valerio Setti
7a2f39692a ecdhe: solve disparities in accelerated ECDHE vs reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:37:45 +01:00
Valerio Setti
a81130f159 test: enable ECDHE key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Minos Galanakis
37f4cb6d0e ecp_curves: Minor rework for p384
This patch adjusts formatting, documentation and testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:46:50 +00:00
Minos Galanakis
619385d8bc test_suite_ecp: Added ecp_mod_p384_raw() test case.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:45:17 +00:00
Manuel Pégourié-Gonnard
8965b65bd8 Remove now-spurious dependencies
Now that HMAC-DRBG can use driver, so can deterministic ECDSA

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
91cc8bbc87 Enable ECDSA-det in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
d111fbdad1 Enable HMAC-DRBG in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
fbaf4e98d8 Enable PKCS7 in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
0d1921c4c2 Enable HKDF in driver-only hashes test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
161dca63c3 Fix typos & improve wording in comments
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7d381f517a MD: use MD_CAN in test suite and check for parity
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
23fc437037 SSL: fix test failures
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.

2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.

3. Add missing include in ssl_test_lib.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
33a13028e5 X.509: fix test failures
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a946489efd X.509: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fa99afa2bc PK: fix test failures
Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere
in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0b8095d96a PK: use MD_CAN macros
sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1d3bf24555 test_suite_psa_crypto: use PSA_WANT
Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is
defined, but using PSA_WANT is preferable in a PSA context.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a5f04621bd PKCS5: use MD_CAN macros
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
c1f10441e0 RSA: use MD_CAN macros
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db RSA: always use MD light
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
52d02a85d3 PEM: use MD_CAN macros
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37 PEM: always use MD light
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0baad53ac9 PKCS12: use MD_CAN macros
sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h

with md.sed as before.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
b2eb1f7456 ECJPAKE: use MD_CAN macros
sed -i -f md.sed \
    library/ecjpake.c \
    include/medtls/ecjpake.h \
    tests/suites/test_suite_ecjpake.*

With md.sed as follows:

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ffcda5679a Make MD_PSA_INIT/DONE available to all suites
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Valerio Setti
fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
2f8eb62946 ssl-opt: remove leftover debug commands and fix comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
866aa187e8 ecdh: solve disparities in accelerated ECDH vs reference
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
6ba247c236 ssl-opt: solve errors in ECDH reference tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Valerio Setti
53a5844abc test: enable ECDH key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00