Commit graph

967 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-23 12:51:52 +01:00
Dave Rodgman
1a034dcc20 Add regression test
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-20 13:18:05 +00:00
Valerio Setti
41b5fb6536 test: ensure X509 has no dependency on BIGNUM when built without MBEDTLS_DEPRECATED_REMOVED
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
c848d226bf Switch code style check to enforcement mode
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:14 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Manuel Pégourié-Gonnard
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade
Merge pull request #6870 from valeriosetti/issue6831
Document/test dependencies on ECP & Bignum
2023-01-10 09:25:41 +01:00
Manuel Pégourié-Gonnard
10e3963aa4 Add comparison of accel_ecdsa against reference
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
171c45feda Add component accel_ecdsa_use_psa
This is the basis for future work, we'll want to make sure everything
passes in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
6d7db93bbb Enable TLS 1.3 in accelerated ECDSA test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
200fd0f099 Add comments to accel_ecdsa component
Slightly re-organize (accel list at the top).

No need to disable USE_PSA or TLS 1.3 because they're already that way
in the default config.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
462e3a9931 all.sh: restore config_test_driver.h automatically
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-01-05 12:55:03 +01:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-04 17:36:00 +01:00
Valerio Setti
e1655b8132 test: add test for building without BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 16:20:43 +01:00
Valerio Setti
3322f611e6 test: verify that TLS and X509 are independent from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:42 +01:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
ea8c88fcbb test: fix some descriptions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-29 11:08:35 +01:00
Valerio Setti
c963bb11c7 test: remove SHA224 from default test driver config
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-28 12:58:14 +01:00
Manuel Pégourié-Gonnard
eab43a62c3
Merge pull request #6795 from gilles-peskine-arm/check_test_cases-quiet_ci
Hide check_test_cases warnings on the CI
2022-12-21 09:42:41 +01:00
Manuel Pégourié-Gonnard
c572246fa5 Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.

This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.

The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).

So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Gilles Peskine
031114d6ec Hide check_test_cases warnings on the CI
We aren't paying attention to the warnings. So hide them and save log size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-12-15 14:46:31 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Manuel Pégourié-Gonnard
cd98805bd7
Merge pull request #6683 from mpg/optimize-with-asan
Optimize with asan
2022-12-12 11:58:23 +01:00
Manuel Pégourié-Gonnard
182a23b1da Adjust all.sh now that restartable is in full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard
a6e3d3ec10 Disable restartable in build_module_alt
Previously we did not need that as restartable was excluded from full.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
a37398427b Remove check for tests disabled with USE_PSA
The previous commit declared that some tests cases in ssl-opt.sh depend
on USE_PSA being disabled, which is the right thing to do.

We had a check that forbade that - it was mainly meant to prevent
accidental re-introduction of such dependencies after we cleaned up a
number of cases where it was not warranted, but already at the time that
was controversial [1]. Now it's preventing us from doing the right
thing, so let's just remove it.

[1]: https://github.com/Mbed-TLS/mbedtls/pull/5742#discussion_r855112412

See also https://github.com/Mbed-TLS/mbedtls/pull/5907/ which also
removes this for a similar reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Dave Rodgman
1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests
Rationalize Valgrind tests
2022-12-06 18:39:32 +00:00
David Horstmann
92b5ac1a47 Add all.sh component to test with code style
Run the main test suites after running code style correction to check
that code style correction does not break these tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-12-06 17:44:30 +00:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
dc40bbc2d7 test: pake: remove redundant test for opaque passwords
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 15:25:49 +01:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
2022-12-01 11:40:52 +00:00
Valerio Setti
a6b69dabc5 test: psa_pake: add a separate test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-30 16:44:49 +01:00
Manuel Pégourié-Gonnard
fe549a76e4 Add comment about use of ASAN_CFLAGS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-30 12:38:58 +01:00
Manuel Pégourié-Gonnard
30d9466762 Only run what we need from compat.sh
Also, comment why we run those tests.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-30 12:38:58 +01:00
Gilles Peskine
0c67160b00 Valgrind for constant flow: skip non-CF test suites
When testing under Valgrind for constant flow, skip test suites that don't
have any constant-flow annotations, since the testing wouldn't do anything
more that testing with ordinary Valgrind (component_test_valgrind and
component_test_valgrind_psa). This is a significant time saving since
testing with Valgrind is very slow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 16:46:06 +01:00
Gilles Peskine
df3dd4c3bc Test MBEDTLS_USE_PSA_CRYPTO with Valgrind
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 16:46:06 +01:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard
66f09834ea Enable optimisation with Asan with make in all.sh
All builds using ASAN_CFLAGS were with Asan but no optimisation, making
them particularly slow. Indeed, we were overwriting CFLAGS which
defaults to -O2 and not using any -O in the replacement. (CMake already has
optimisations on with ASan.)

While at it, also remove -Wall -Wextra which are redundant as they are
already part of WARNING_CFLAGS which we are not overwriting.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-29 09:12:12 +01:00
Manuel Pégourié-Gonnard
6a543ba1d3 Remove redundant component in all.sh
CID is now enabled in the default config (as well as full), so it's
already tested in numerous all.sh components, not need to add one for
that.

We need a component for the legacy/compat option though as it's never
enabled in existing components. So, keep that one, but adjust the name
and fix a typo in a message.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:48:17 +01:00
Hannes Tschofenig
df84bb30ab Removed MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH from CID tests in all.sh
Added also extra text.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:11 +01:00
Bence Szépkúti
ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
Aditya Deshpande
5e3c70e3be Merge branch 'development' into driver-wrapper-key-agreement 2022-11-22 17:58:52 +00:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Ronald Cron
c2e110f445 tls13: Disable MBEDTLS_SSL_EARLY_DATA by default
Eventually we want it to be enabled by default
when TLS 1.3 is enabled but currently the
feature is on development thus it should not be
enabled by default.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-11-22 09:01:46 +01:00
Aditya Deshpande
39e08d4094 Add tests for the key agreement driver wrapper to test_suite_psa_crypto_driver_wrappers
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-21 19:39:35 +00:00
Manuel Pégourié-Gonnard
ba7c006222
Merge pull request #6466 from mprse/driver-only-hash-ci
Driver-only hashes: test coverage in the CI
2022-11-18 09:31:13 +01:00
Przemek Stekiel
52d8e96ff6 Disable PSA_WANT_ALG_STREAM_CIPHER, PSA_WANT_ALG_ECB_NO_PADDING also in reference config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 14:56:26 +01:00
Przemek Stekiel
f3be7ccade Keep drivers enabled also in reference build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-16 12:53:20 +01:00
Xiaokang Qian
e7bab00825 Update enabled guards for early data cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 10:06:50 +00:00
Xiaokang Qian
2dbfedae4a Update early data test cases with latest code message
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 02:01:49 +00:00
Valerio Setti
9f0ec53c4c add a test for EC-JPAKE compatibility in TLS1.2
This is to ensure that the MbedTLS based implementation of EC-JPAKE
is compatible with the PSA crypto one

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-15 16:49:55 +01:00
Przemek Stekiel
aa88e0b86b Make configurations (driver, reference) as close as possible
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-11-15 13:21:14 +01:00
Xiaokang Qian
9a0aafbe79 Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Dave Rodgman
71565cff3a Disable PKCS7 for some TLS 1.3 tests
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-11 10:37:38 +00:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Nick Child
89e82e1685 pkcs7: Add dependecy on MBEDTLS_MD_C
Signed-off-by: Nick Child <nick.child@ibm.com>
2022-11-09 10:36:10 -06:00
Aditya Deshpande
d1b72a7b83 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-07 17:36:23 +00:00
Aditya Deshpande
ec6bb5879a Disabled tests in test_suite_ssl that won't work without builtin ECDH
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-07 17:11:48 +00:00
Aditya Deshpande
3f1606a1f6 Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA.
Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2022-11-07 09:22:52 +00:00
Gilles Peskine
da6017cbe3 Group cpp_dummy_build test into an existing component
No need to do yet another build just to compile an additional trivial program.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-30 21:18:14 +01:00
Gilles Peskine
78e06a1054 Remove redundant TLS 1.3 components
* component_test_tls13_with_padding: just explicitly sets some options that
  are identical with full.
* component_test_tls13_with_ecp_restartable: redundant since TLS 1.3 doesn't
  have any support for restartable ECC.
* component_test_tls13_with_everest: not useful since TLS 1.3 doesn't call
  ECDH directly, it just relies on the PSA abstraction.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:57:18 +02:00
Gilles Peskine
8a4fd0e7a9 Remove redundant build-only driver interface component
component_build_psa_accel_alg_ecdsa is subsumed by
component_test_psa_crypto_config_accel_ecdsa, which has the same
configuration and additionally runs the unit tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:51:19 +02:00
Gilles Peskine
4bb369c4eb Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-29 17:48:20 +02:00
Przemek Stekiel
120ed8f8fa Add comments to explan the purpose of the reference component
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 10:29:15 +02:00
Przemek Stekiel
5f6f32a0ad Remove hidden option to skip ssl-opt and compat tests
Also remove compat tests from reference component as results from this run are not included in outcome file.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-27 08:24:43 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
Dave Rodgman
1df7070acc Fix all.sh dependency on DTLS connection ID
Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-26 17:08:54 +01:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2
PSA with RSA requires PK_WRITE and PK_PARSE
2022-10-26 14:57:36 +02:00
Andrzej Kurek
29c002ebdf Remove unused perl dependency scripts
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-26 08:26:58 -04:00
Andrzej Kurek
7cb0077c5d Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-26 08:26:58 -04:00
Gilles Peskine
b06f0717b3 PSA service config build: disable more modules not used by PSA
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:06:11 +02:00
Gilles Peskine
649e04e3d1 PSA service config build: note why we aren't disabling cipher and md
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:05:57 +02:00
Gilles Peskine
1f10807837 Disable pk in the PSA service config build
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:56 +02:00
Gilles Peskine
78bffd1ff5 Fix spelling of a disabled option
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-25 21:02:33 +02:00
Przemek Stekiel
ab0451bc2c Fix build command in test_psa_crypto_config_reference_hash_use_psa
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-24 11:29:35 +02:00
Ronald Cron
c3f43b663e all.sh: Add components testing TLS 1.3 kex partial enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Gilles Peskine
fc4f11b5d0 Improve test component name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 19:34:54 +02:00
Przemek Stekiel
01df9ddda7 Add test component: component_test_psa_crypto_config_reference_hash_use_psa
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-21 13:43:13 +02:00
Manuel Pégourié-Gonnard
45c6792faf
Merge pull request #6385 from AndrzejKurek/depends-py-reloaded
Unified tests/scripts/depends.py - reloaded
2022-10-21 10:17:58 +02:00
Andrzej Kurek
fcbd2acbc2 Split depends.py all.sh job into seven
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
3cca0c8e68 Add an all.sh component running depends.pl
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Manuel Pégourié-Gonnard
0dc40773d6 Improve comments & messages
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-19 12:12:21 +02:00
Manuel Pégourié-Gonnard
d92fb01419 Skip bits not needed in outcome-analysis.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-10-18 12:10:45 +02:00
Gilles Peskine
8874cd570e
Merge pull request #4826 from RcColes/development
Add LMS implementation
2022-10-14 18:33:01 +02:00
Manuel Pégourié-Gonnard
b3c30907d6
Merge pull request #6383 from mprse/aead_driver_test
Enable testing of AEAD drivers with libtestdriver1
2022-10-14 11:11:01 +02:00
Gilles Peskine
fa65237fd4 Fix which config header MBEDTLS_LMS_xxx is unset from
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-13 22:05:38 +02:00
Raef Coles
d1c1f7f7be
Disable LMS in all.sh tests that lack _WANT_SHA256
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:30:31 +01:00
Raef Coles
b4568c5423
Disable LMS in PSA crypto client test
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:07 +01:00
Raef Coles
47bccb7e47
Disable LMS_PRIVATE in all.sh when LMS is disabled
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:06 +01:00
Raef Coles
a7e03adef5
Disable LMS in all.sh when PSA isn't enabled
Signed-off-by: Raef Coles <raef.coles@arm.com>
2022-10-13 14:29:04 +01:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Przemek Stekiel
072fad12d9 Disable MBEDTLS_SSL_TICKET_C in aead driver test.
MBEDTLS_SSL_TICKET_C depends now on: MBEDTLS_GCM_C || MBEDTLS_CCM_C || MBEDTLS_CHACHAPOLY_C.
All features are disabled in this config.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-13 09:59:52 +02:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Przemek Stekiel
ee1bb4145f Make sure that disabled features are not included in image and fix test config
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-12 10:15:59 +02:00
Gilles Peskine
fcee740b83 Automatically enable PK_PARSE for RSA in PSA
PSA crypto currently needs MBEDTLS_PK_PARSE_C to parse RSA keys to do almost
anything with them (import, get attributes, export public from private, any
cryptographic operations). Force it on, for symmetry with what we're doing
for MBEDTLS_PK_WRITE_C. Fixes #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:15:24 +02:00
Gilles Peskine
aef1ba679d Add build with a typical configuration for a PSA crypto service
Disable non-crypto features that can't be called through the PSA API, as
well as algorithms that have no PSA interface.

This serves as a non-regression test for #6408 and #6409.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-11 21:09:21 +02:00
Przemek Stekiel
52a428b824 Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 11:23:18 +02:00
Przemek Stekiel
6a5cc74cc4 Fix typos and comments
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-03 09:04:16 +02:00
Przemek Stekiel
e290f2ea14 all.sh: add testing of AEAD drivers with libtestdriver1
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-02 20:58:39 +02:00
Przemek Stekiel
48a6a666a0 Add ssl-opt tls 1.2 tests for single cipher builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 15:29:33 +02:00
Przemek Stekiel
8d4b241028 Remove redundant indirect dependencies after optimizing setup for one cipher components
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 10:13:40 +02:00
Przemek Stekiel
68db0d2f67 Optimize one cipher only components and adapt nemes
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-29 08:32:25 +02:00
Przemek Stekiel
0cc3466c9e Change testing strategy to default + one cypher only (psa/no psa)
In full config TLS 1.2 is disabled.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 12:06:57 +02:00
Przemek Stekiel
b0de1c040b Add components to build and test default/full config with legacy-ccm cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 11:15:16 +02:00
Przemek Stekiel
9550c05757 Add component to build and test full config with stream cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 09:51:55 +02:00
Manuel Pégourié-Gonnard
f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2
Ad-hoc KDF for EC J-PAKE in TLS 1.2
2022-09-28 09:47:32 +02:00
Przemek Stekiel
d582a01073 Make MBEDTLS_SSL_CONTEXT_SERIALIZATION dependent on AEAD
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-28 07:59:01 +02:00
Przemek Stekiel
a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:14 +02:00
Przemek Stekiel
11c362a050 Add component to build and test default config with stream cipher only
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-27 15:04:08 +02:00
Gilles Peskine
f70f4ead7f
Merge pull request #6248 from gilles-peskine-arm/all-sh-force-3.2
Fix all.sh --force
2022-09-23 17:04:00 +02:00
Manuel Pégourié-Gonnard
73f9233a73 Use full config for testing driver-only hashes
Stating from the default config means a few things are implicitly
excluded; starting from the full config makes it all fully explicit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 10:47:05 +02:00
Manuel Pégourié-Gonnard
79e1467799 Fix include path for programs
Same problem as #6101, same fix (the second commit of #6111).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-19 09:27:53 +02:00
Gilles Peskine
ef843f2b0c MBEDTLS_PLATFORM_VSNPRINTF_ALT requires MBEDTLS_PLATFORM_C
mbedtls_vsnprintf replacement works like mbedtls_snprintf replacement, so
copy the requirements for MBEDTLS_PLATFORM_VSNPRINTF_ALT.

(MBEDTLS_PLATFORM_xxx_MACRO shouldn't require MBEDTLS_PLATFORM_C, but that's
a separate preexisting problem which I do not try address at this time.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-18 14:05:23 +02:00
Andrzej Kurek
4ba0e45f8e all.sh: don't build with ECJPAKE_TO_PMS if SHA256 is not available
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-14 14:58:49 -04:00
Przemek Stekiel
dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-13 18:08:54 +02:00
Andrzej Kurek
07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Manuel Pégourié-Gonnard
f6a6a2d815
Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat
TLS without MD - compat.sh addition to all.sh hash acceleration tests
2022-09-12 10:23:49 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2022-09-07 17:15:05 +02:00
Andrzej Kurek
5e0654a324 Add a compat.sh run to psa_crypto_config_accel_hash_use_psa
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-04 09:31:17 -04:00
Andrzej Kurek
37a17e890c Enable PKCS5 in no-md builds in all.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-02 04:05:33 -04:00
Manuel Pégourié-Gonnard
97fc247d6a
Merge pull request #6232 from AndrzejKurek/pkcs12-no-md
Remove MD dependency from pkcs12 module
2022-09-02 09:43:13 +02:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-01 08:57:41 -04:00
Gilles Peskine
076f7257e9 Don't remove programs/fuzz/Makefile
Other programs/*/Makefile are only created by CMake, but programs/fuzz has
its own Makefile in the repository. Fixes #6247.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-08-30 21:02:44 +02:00
Gilles Peskine
dd06efbb8d Don't try restoring a file if no backup is available
This caused `all.sh --force` to fail on a clean build tree.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-08-30 21:02:00 +02:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard
a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa
Programs don't build with libtestdriver and USE_PSA
2022-08-30 12:29:01 +02:00
Andrzej Kurek
180b6b9608 Enable TLS 1.2 tests without MD and with USE_PSA in all.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Neil Armstrong
7b044c1bbf Enable ECJPAKE in test_crypto_full_no_md () & test_psa_crypto_config_accel_hash_use_psa () components
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-19 11:49:22 +02:00
Przemek Stekiel
b792cfd423 component_test_psa_crypto_config_accel_hash_use_psa: stop removing all X.509 modules from the build
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-19 10:15:56 +02:00
Dave Rodgman
92cd8642fa
Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a
Remove encoding width suffix from Arm bignum assembly
2022-08-18 08:48:03 +01:00
Dave Rodgman
03f7a6e086 Add armcc plain armv7-m target; tidy up arg order
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 14:35:29 +01:00
Manuel Pégourié-Gonnard
7a27e85f5c Fix failure of RSA accel test
Previously MD_C was auto-enabled based on the fact that ALG_RSA_PSS was
requested, but that's no longer the case since the previous commit.

We can fix this in one of two ways: either enable MD_C, or enable all
the PSA_WANT_ALG_SHA_xxx that are needed for test. Go for MD_C because
it's a single line and avoids having to enumerate a list that might grow
in the future.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Neil Armstrong
d86b8ac111 Fix test_psa_crypto_config_accel_hash_use_psa build when including libtestdriver1 PSA headers from programs
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Hanno Becker
f0762e929e Enable inline assembly in armcc all.sh component
The test script all.sh contains the component

   component_build_armcc

testing that Mbed TLS builds using Arm Compiler 5 and 6,
on a variety of platforms.

However, the component does not exercise inline assembly
for Arm, since
- MBEDTLS_HAVE_ASM is unset, and
- Some Arm inline assembly is only used if the level of
  optimization is not 0.

This commit changes the test component to ensure that
inline assembly is built by setting MBEDTLS_HAVE_ASM
as well as enabling optimization level 1 (-O1).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-07-15 12:08:19 +01:00
Manuel Pégourié-Gonnard
7b0825d180 Build with SHA-256 accelerated too
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
f0f63bc1b6 Test without MD_C
test_suite_pk still passes, with the same number of skipped tests as in
the default config minus PKCS#1v2.1

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
525add631e Add component with accelerated hashes and USE_PSA
Currently the test suites are passing because a lot of tests
functions/cases explicitly depend on SHAxxx_C, resulting in them being
skipped in this build. The goal of the next few commits is going to make
them pass and achieve test parity with a non-accelerated build for
selected modules.

Note: compared to the previous component, I'm using 'make tests' not
'make' (ie not building program) because I'm betting build failures
(some header not found) in programs which are not my interest atm.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
97ab2a3ae2 Clean up two accel tests in all.sh
- TLS versions earlier than 1.2 have been removed
- fix a copy-paste typo

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
46a295422d Build and test RSA PKCS#1v1.5 without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
b86279fc63 Build and test PK without MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00