Commit graph

2087 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
0b68784053
Merge pull request #7577 from mprse/ffdh_drivers
FFDH 3b: add driver testing (no TLS 1.3)
2023-06-01 10:26:08 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Przemek Stekiel
6efa608d20 Revert setting optimization flag(use O2)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-31 09:38:21 +02:00
Gilles Peskine
3c0e4effe4
Merge pull request #7512 from lpy4105/issue/7014/cert_audit-improvement
cert_audit: Improvements of audit script
2023-05-24 20:24:48 +02:00
Dave Rodgman
99318e6138 Add build test for armclang / Cortex-M0 / -Os
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-24 12:27:42 +01:00
Valerio Setti
e50a75f6ff test: add exception in analyze_outcomes.py and fix test for montgomery curves
The exception in analyze_outcomes.py follows previous commit in which
a test in test_suite_pkparse was set with the ECP_C guard for a different
parsing of the private key between the legacy and PSA implementations.

The wrong guard in test_suite_ecp.function instead was erroneously
added in a past commit and it was setting a non-existing symbol of
mbedTLS so those tests were basically never executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Yanray Wang
012b6bb99e all.sh: test AES built-in implementation in AES-128-bit key only
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-12 11:21:56 +08:00
Przemek Stekiel
dccb20204a Add test component for accelerated FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-11 11:31:51 +02:00
Yanray Wang
5dd429c8df generate_psa_tests.py: fix typo
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-10 09:58:51 +08:00
Pengyu Lv
a57f677474 cert_audit: Fix DER files missed from parsing
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
ee870a6e83 cert_audit: Remove merge_auditdata
We maintain a dict with unique AudiData objects
(AuditData with unique underlying X.509 objects).
We don't need merge_auditdata anymore.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e09d27e723 cert_audit: Use dictionary to store parsed AuditData
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
31e3d12be9 cert_audit: Output format improvement
We should print all the information for each objects
found every line. This makes it easy to analyze the
output.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
13f2ef4949 cert_audit: Calculate identifier for X.509 objects
The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fd72d9f556 cert_audit: Fix bug in check_cryptography_version
check_cryptography_version didn't provide helpful
message with Python < 3.6, because re.Match object
is not subscriptable.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
0b4832bbf5 cert_audit: Sort the outputs by not_valid_after date
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fe13bd3d0e cert_audit: Merge audit_data for identical X.509 objects
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e245c0c734 cert_audit: Support parsing file with multiple PEMs
Previously, if a file had multiple PEM objects, only
the first one would be parsed. This commit add the
support so that we could parse all the PEM objects
in the file.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Bence Szépkúti
ddfd0a27df
Merge pull request #7399 from lpy4105/issue/7014/certificate-audit-script
cert_audit: Add test certificate date audit script
2023-05-09 13:10:01 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Yanray Wang
374c3aec89 all.sh: add test for AES-128bit only without MBEDTLS_CTR_DRBG_C
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:26:20 +08:00
Yanray Wang
1ed226f790 Auto-enable CTR_DRBG_USE_128_BIT_KEY with AES_ONLY_128_BIT_KEY_LENGTH
This commit adds support to auto-enable
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, the corresponding check is removed in check_config.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:23:31 +08:00
Yanray Wang
3f41744730 generate_psa_tests.py: add extra dependencies based on key bit
This commit introduces a new function to generate extra dependencies
based on REGEX search pattern and predefined dependency list.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:32 +08:00
Arto Kinnunen
3eb50e7d75 all.sh: add test for AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:25 +08:00
Gilles Peskine
b70c4e07d0 Adjust code style for pointer types and casts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:59:28 +02:00
Gilles Peskine
2986accd20 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:57:50 +02:00
Gilles Peskine
8b32d20c50 Test the line number returned by parse_test_data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
6f5082bf4d Allow more signed integer types in test function arguments
Now that the C code supports the full range of intmax_t, allow any size of
signed integer type in the .data file parser.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
872948cc72 Support larger integer test arguments: C part
Change the type of signed integer arguments from int32_t to intmax_t.
This allows the C code to work with test function arguments with a range
larger than int32_t. A subsequent commit will change the .datax generator
to support larger types.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
4ea4ad082b parse_function_arguments: stricter type parsing
Use normalization the equality comparisons instead of loose regular
expressions to determine the type of an argument of a test function.

Now declarations are parsed in a stricter way: there can't be ignored junk
at the beginning or at the end. For example, `long long unsigned int x`
was accepted as a test function argument (but not `long long unsigned x`),
although this was misleading since the value was truncated to the range of
int. Now only recognized types are accepted.

The new code is slightly looser in that it accepts `char const*` as well as
`const char*`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
47e2e8817d Support (void) as an argument list of a test function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
096f0ca7e5 parse_function_arguments: extract per-argument function
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
400cde607b parse_function_arguments: make local_vars a list
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
b3c2eaf00f Support different types in the parameter store
The test framework stores size_t and int32_t values in the parameter store
by converting them all to int. This is ok in practice, since we assume int
covers int32_t and we don't have test data larger than 2GB. But it's
confusing and error-prone. So make the parameter store a union, which allows
size_t values not to be potentially truncated and makes the code a little
clearer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
5226eb5cd3 Simplify parsing of integers in .datax files
In the .datax parser, since we're calling strtol() anyway, rely on it for
verification. This makes the .datax parser very slightly more
liberal (leading spaces and '+' are now accepted), and changes the
interpretation of numbers with leading zeros to octal.

Before, an argument like :0123: was parsed as decimal, but an argument like
:0123+1: was parsed as a C expression and hence the leading zero marked an
octal representation. Now, a leading zero is always interpreted according to
C syntax, namely indicating octal. There are no nonzero integer constants
with a leading zero in a .data file, so this does not affect existing test
cases.

In the .datax generator, allow negative arguments to be 'int' (before, they
were systematically treated as 'exp' even though they didn't need to be).

In the .datax parser, validate the range of integer constants. They have to
fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for
integer constants that are out of range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
ca25deee12 Factor get_function_info out of gen_from_test_data
No intended behavior change. This commit is mainly to satisfy pylint, which
complains that gen_from_test_data now has too many variables. But it's a
good thing anyway to make the function a little more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:41 +02:00
Gilles Peskine
8542f5c81f Add line number to a few error messages
This is just a quick improvement, not meant to tackle the problem as a
whole.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:40 +02:00
Pengyu Lv
1d4cc917ce cert_audit: Reword the options and their descriptions
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 15:17:19 +08:00
Pengyu Lv
1381598aa3 cert_audit: Check the version of cryptography
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 14:55:38 +08:00
Manuel Pégourié-Gonnard
feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3
Check remaning dependencies on ECP in PK module
2023-04-24 13:06:09 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Pengyu Lv
c34b9ac18c cert_audit: Clarify the abstraction of Auditor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 14:57:30 +08:00
Pengyu Lv
28fe957239 cert_audit: Add simple parser of suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 13:56:25 +08:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Pengyu Lv
2d487217cd cert_audit: Improve the method to find tests folder
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 12:41:24 +08:00
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00
Pengyu Lv
7a344dde0f New implementation for generate_test_code.FileWrapper
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:03:20 +08:00
Pengyu Lv
8e6794ad56 cert_audit: Code refinement
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 17:00:47 +08:00
Pengyu Lv
f8e5e059c5 cert_audit: Improve documentation
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 16:24:02 +08:00
Valerio Setti
e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 12:03:48 +02:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Pengyu Lv
7725c1d2a9 cert_audit: Output line/argument number for *.data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:55:30 +08:00
Pengyu Lv
57240958ed cert_audit: Make FILE as positional argument
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:46:14 +08:00
Valerio Setti
0c477d32e2 test: include also test_suite_ecp for the coverage analysis
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Pengyu Lv
3179232211 cert_audit: Disable pylint error for importing cryptography
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 16:30:54 +08:00
Pengyu Lv
cb8fc3275a cert_audit: Fill validity dates in AuditData constructor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 15:05:29 +08:00
Pengyu Lv
ebf011f43e cert_audit: Introduce not-[before|after] option
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 14:07:50 +08:00
Pengyu Lv
30f2683d18 cert_audit: Parse more information from test suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-07 18:04:07 +08:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Pengyu Lv
45e32033db cert_audit: Support audit on test suite data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 14:33:41 +08:00
Pengyu Lv
7f6933a227 cert_audit: Initial script for auditing expiry date
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 13:38:56 +08:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
c6ecdad42d test: disable all RSA algs and fix tests
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 08:26:35 +02:00
Ronald Cron
32a432af95 all.sh: Fix test component name
The component_test_psa_crypto_drivers was
renamed component_test_psa_crypto_builtin_keys
in a previous commit. This was misleading as
the goal of the component is not to test
the builtin keys but to run the PSA unit
tests with the test drivers doing the
cryptographic operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
1640682a53
Merge pull request #7334 from valeriosetti/analyze_outcomes_improvement
Improve analyze_outcomes.py script
2023-03-30 09:17:39 +02:00
Valerio Setti
846118b98d test: remove old component errouneously reintroduced during rebase
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 13:46:59 +02:00
Valerio Setti
f109c66d73 Use proper log function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:44 +02:00
Valerio Setti
22992a04f1 Fix function description
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:28 +02:00
Valerio Setti
5aab43f1cd test: fix/improve comments in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:42:07 +02:00
Valerio Setti
1f1420df36 test: fix text output
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
d0c644db69 test: minor refactoring
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
ee97a1ef47 test: improve comments and code in newly added helper function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
e4758aa34b test: add a companion test for another curve (x25519) and fix issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
3ebecc9513 test: disable proper key exchanges while testing accel EC algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
5360886ad3 test: minor fixes to all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b7e9544194 test: add specific test with only accel EC curves and algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b76672dd52 test: fix wrong accelerated SHA1 symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
6d687b98cf test: simplify comment in test_psa_crypto_config_accel_all_ec_algs_use_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
c762797856 test: removing test with all accel EC algs without USE_PSA
We keep tests without USE_PSA for single accel components (i.e.
ECDH, ECDSA, ECJPAKE), but when testing for all 3 accelerated
at the same time we use USE_PSA for better test coverage.
However for this purpose there is already the:

component_test_psa_crypto_config_[reference/accel]_all_ec_algs_use_psa()

so we can delete this extra component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
4fa6d0bb88 test: moving accel ECJPAKE test close to accel ECDH and ECDSA ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77bdff1963 test: improve comment in the added test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
2495cdbcc2 test: remove unused tasks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
44b178ca60 test: fix erroneous changes in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
6f820cccb8 test: fix comments in test_psa_crypto_config_accel_ecc()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1c3de61ba8 test: remove previous tests for accelerated ECDSA/ECDH/ECJPAKE coverage analysis
All these EC based algs are now tested all at once in
test_psa_crypto_config_[accel/reference]_all_ec_algs_use_psa()
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
42d5f1959f test: add a test with all EC based algs accelerated
Actually this adds both the accelerated test as well as the
reference. Both of them are used to evaluate the driver's
coverage with analyze_outcomes.py script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Manuel Pégourié-Gonnard
5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
c584c27426 Disable built-in SHA-256 in accel_hash too
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5d0d641332 Test entropy.c with driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Valerio Setti
a266332189 test: improve analyze_outcomes.py script
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:

- if the output file is already present, then only the analysis
  is performed
- if the outfile does not exists, then tests are also executed
  before doing the analysis

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-24 09:31:38 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Valerio Setti
4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00