Dave Rodgman
2e8442565a
Add PKCS #7 test files using expired cert
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52
Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
...
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers
2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666
Remove duplicate test macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup
...
Driver-only ecdsa wrapup
2023-03-10 17:23:29 +01:00
Dave Rodgman
ca43e0d0ac
Fix test file extension
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7
Add test case for PKCS7 file with zero signers
...
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder https://lapo.it/asn1js/
Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6
Add a ChangeLog entry for driver-only ECDSA
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60
Fix dependency for TLS 1.3 as well
...
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.
Also update docs/use-psa-crypto.md accordingly.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8
Fix dependencies of 1.2 ECDSA key exchanges
...
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...
Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
...
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
e9254a0e55
Adapt driver dispatch documentation for user/peer getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
4cd20313fe
Use user/peer instead role in jpake TLS code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
f3ae020c37
Use user/peer instead role in jpake driver-wrapper tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c
Add tests for user/peer input getters
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118
Add input getters for jpake user and peer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9
Addapt jpake tests and add cases for set_user, set_peer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587
Enable support for user/peer for JPAKE
...
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
...
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
...
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
...
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch
2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d
Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
...
Fixes #7234
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Dave Rodgman
8657e3280a
Add corrupt PKCS #7 test files
...
Generated by running "make <filename>" and commiting the result.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-09 15:59:15 +00:00
valerio
2bf85e349d
ssl-opt: enable test for accelerated ECDH + USE_PSA
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128
ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Przemek Stekiel
b8eaf635ba
Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2
Move docs/getting_started.md to docs repo
...
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308
...
Update ChangeLog to make "fix" explicit
2023-03-09 08:47:49 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
...
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems
...
Fix mbedtls_bswap64() on 32-bit systems
2023-03-08 17:19:29 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055
...
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba
fix typos
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6
test: fix disparities in test_suite_ssl
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
75fba32cb3
ssl: use new macros for ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
30c4618970
Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21
test: enable ECDSA based key exchanges in driver coverage tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Tom Cosgrove
b3c6a1e04a
Update ChangeLog to make "fix" explicit
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
...
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Tom Cosgrove
6ef9bb3d74
Implement and use MBEDTLS_STATIC_ASSERT()
...
Fixes #3693
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 14:19:51 +00:00
Tom Cosgrove
bbe166e721
Fix mbedtls_bswap64() on 32-bit systems
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 13:23:24 +00:00
Tom Cosgrove
c15a2b949d
Update the text about gcc5 support for Armv8 CE
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 12:55:48 +00:00
Valerio Setti
733de595e3
psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
c0e7da55c5
test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b
psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1
test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e
ssl-opt: remove remaining redundant dependencies
...
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.
After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e
ssl-opt: return to previous debug level in test
...
This was a leftover from some debug activity that unfortunately ended up
in previous commits.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:22:29 +01:00
Przemek Stekiel
691e91adac
Further pake code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Gilles Peskine
429e90153c
Improve pip instructions
...
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.
Suggest --user by default. It's usually the right thing outside of venvs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-07 20:40:04 +01:00