Commit graph

24015 commits

Author SHA1 Message Date
Dave Rodgman
2e8442565a Add PKCS #7 test files using expired cert
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 10:24:30 +00:00
Dave Rodgman
cc77fe8e52 Fix PKCS #7 tests when MBEDTLS_HAVE_TIME_DATE unset
Ensure that verification of an expired cert still fails, but
update the test to handle the different error code.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-11 09:46:13 +00:00
Dave Rodgman
9c9601bac5
Merge pull request #7247 from daverodgman/zero-signers 2023-03-10 18:44:11 +00:00
Dave Rodgman
d51b1c5666 Remove duplicate test macros
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 17:44:08 +00:00
Manuel Pégourié-Gonnard
2301a80a73
Merge pull request #7245 from mpg/driver-only-ecdsa-wrapup
Driver-only ecdsa wrapup
2023-03-10 17:23:29 +01:00
Dave Rodgman
ca43e0d0ac Fix test file extension
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 13:06:01 +00:00
Dave Rodgman
f2f2dbcfd7 Add test case for PKCS7 file with zero signers
The test file was created by manually modifying
tests/data_files/pkcs7_data_without_cert_signed.der, using
ASN.1 JavaScript decoder  https://lapo.it/asn1js/

Changes made:
The SignerInfos set was truncated to zero length.
All the parent sequences, sets, etc were then adjusted
for their new reduced length.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-10 12:52:00 +00:00
Manuel Pégourié-Gonnard
c2495f78e6 Add a ChangeLog entry for driver-only ECDSA
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:16 +01:00
Manuel Pégourié-Gonnard
439dbc5c60 Fix dependency for TLS 1.3 as well
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard
45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-10 12:37:15 +01:00
Dave Rodgman
ac447837d3
Merge pull request #7206 from xkqian/test_memory_management_in_pkcs7
Test memory management in pkcs7
2023-03-10 11:29:50 +00:00
Przemek Stekiel
e9254a0e55 Adapt driver dispatch documentation for user/peer getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
4cd20313fe Use user/peer instead role in jpake TLS code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
f3ae020c37 Use user/peer instead role in jpake driver-wrapper tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
af94c13b2c Add tests for user/peer input getters
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
1e7a927118 Add input getters for jpake user and peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
0c946e9aa9 Addapt jpake tests and add cases for set_user, set_peer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:03 +01:00
Przemek Stekiel
26c909d587 Enable support for user/peer for JPAKE
This is only partial support. Only 'client' and 'server' values are accepted for peer and user.
Remove support for role.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 09:18:02 +01:00
Gilles Peskine
a4c6a3c355
Merge pull request #7237 from davidhorstmann-arm/move-getting-started-guide
Move docs/getting_started.md to docs repo
2023-03-09 23:31:25 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Gilles Peskine
a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests
Interruptible_{sign|verify}_hash: Add public key verification tests
2023-03-09 20:48:13 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove
94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-09 17:17:42 +00:00
Dave Rodgman
8657e3280a Add corrupt PKCS #7 test files
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-09 15:59:15 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2 Move docs/getting_started.md to docs repo
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308
Update ChangeLog to make "fix" explicit
2023-03-09 08:47:49 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems
Fix mbedtls_bswap64() on 32-bit systems
2023-03-08 17:19:29 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba fix typos
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
75fba32cb3 ssl: use new macros for ECDSA capabilities
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Tom Cosgrove
b3c6a1e04a Update ChangeLog to make "fix" explicit
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Tom Cosgrove
6ef9bb3d74 Implement and use MBEDTLS_STATIC_ASSERT()
Fixes #3693

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 14:19:51 +00:00
Tom Cosgrove
bbe166e721 Fix mbedtls_bswap64() on 32-bit systems
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 13:23:24 +00:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-08 12:55:48 +00:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e ssl-opt: remove remaining redundant dependencies
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e ssl-opt: return to previous debug level in test
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 10:22:29 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-08 09:54:00 +01:00
Gilles Peskine
429e90153c Improve pip instructions
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.

Suggest --user by default. It's usually the right thing outside of venvs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-07 20:40:04 +01:00