Commit graph

802 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
6a543ba1d3 Remove redundant component in all.sh
CID is now enabled in the default config (as well as full), so it's
already tested in numerous all.sh components, not need to add one for
that.

We need a component for the legacy/compat option though as it's never
enabled in existing components. So, keep that one, but adjust the name
and fix a typo in a message.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:48:17 +01:00
Hannes Tschofenig
df84bb30ab Removed MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH from CID tests in all.sh
Added also extra text.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:11 +01:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Gilles Peskine
da6017cbe3 Group cpp_dummy_build test into an existing component
No need to do yet another build just to compile an additional trivial program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-30 21:18:14 +01:00
Gilles Peskine
78e06a1054 Remove redundant TLS 1.3 components
* component_test_tls13_with_padding: just explicitly sets some options that
  are identical with full.
* component_test_tls13_with_ecp_restartable: redundant since TLS 1.3 doesn't
  have any support for restartable ECC.
* component_test_tls13_with_everest: not useful since TLS 1.3 doesn't call
  ECDH directly, it just relies on the PSA abstraction.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:57:18 +02:00
Gilles Peskine
8a4fd0e7a9 Remove redundant build-only driver interface component
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:51:19 +02:00
Gilles Peskine
4bb369c4eb Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:48:20 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
Dave Rodgman
1df7070acc Fix all.sh dependency on DTLS connection ID
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-26 17:08:54 +01:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Andrzej Kurek
29c002ebdf Remove unused perl dependency scripts
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-26 08:26:58 -04:00
Andrzej Kurek
7cb0077c5d Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-26 08:26:58 -04:00
Gilles Peskine
b06f0717b3 PSA service config build: disable more modules not used by PSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:06:11 +02:00
Gilles Peskine
649e04e3d1 PSA service config build: note why we aren't disabling cipher and md
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:05:57 +02:00
Gilles Peskine
1f10807837 Disable pk in the PSA service config build
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:56 +02:00
Gilles Peskine
78bffd1ff5 Fix spelling of a disabled option
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:33 +02:00
Ronald Cron
c3f43b663e all.sh: Add components testing TLS 1.3 kex partial enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Gilles Peskine
fc4f11b5d0 Improve test component name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 19:34:54 +02:00
Manuel Pégourié-Gonnard
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded
Unified tests/scripts/depends.py - reloaded
2022-10-21 10:17:58 +02:00
Andrzej Kurek
fcbd2acbc2 Split depends.py all.sh job into seven
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
3cca0c8e68 Add an all.sh component running depends.pl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Manuel Pégourié-Gonnard
0dc40773d6 Improve comments & messages
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard
d92fb01419 Skip bits not needed in outcome-analysis.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Gilles Peskine
fa65237fd4 Fix which config header MBEDTLS_LMS_xxx is unset from
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
Raef Coles
d1c1f7f7be
Disable LMS in all.sh tests that lack _WANT_SHA256
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:31 +01:00
Raef Coles
b4568c5423
Disable LMS in PSA crypto client test
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:07 +01:00
Raef Coles
47bccb7e47
Disable LMS_PRIVATE in all.sh when LMS is disabled
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:06 +01:00
Raef Coles
a7e03adef5
Disable LMS in all.sh when PSA isn't enabled
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:04 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Przemek Stekiel
072fad12d9 Disable MBEDTLS_SSL_TICKET_C in aead driver test.
MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C.
All features are disabled in this config.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-13 09:59:52 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Przemek Stekiel
ee1bb4145f Make sure that disabled features are not included in image and fix test config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-12 10:15:59 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
aef1ba679d Add build with a typical configuration for a PSA crypto service
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.

This serves as a non-regression test for #6408 and #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:21 +02:00
Przemek Stekiel
52a428b824 Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 11:23:18 +02:00
Przemek Stekiel
6a5cc74cc4 Fix typos and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
Przemek Stekiel
e290f2ea14 all.sh: add testing of AEAD drivers with libtestdriver1
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
Przemek Stekiel
48a6a666a0 Add ssl-opt tls 1.2 tests for single cipher builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:33 +02:00
Przemek Stekiel
8d4b241028 Remove redundant indirect dependencies after optimizing setup for one cipher components
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 10:13:40 +02:00
Przemek Stekiel
68db0d2f67 Optimize one cipher only components and adapt nemes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
Przemek Stekiel
0cc3466c9e Change testing strategy to default + one cypher only (psa/no psa)
In full config TLS 1.2 is disabled.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
Przemek Stekiel
b0de1c040b Add components to build and test default/full config with legacy-ccm cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 11:15:16 +02:00
Przemek Stekiel
9550c05757 Add component to build and test full config with stream cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Przemek Stekiel
d582a01073 Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
11c362a050 Add component to build and test default config with stream cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:08 +02:00
Gilles Peskine
f70f4ead7f
Merge pull request #6248 from gilles-peskine-arm/all-sh-force-3.2
Fix all.sh --force
2022-09-23 17:04:00 +02:00