Dave Rodgman
aeaf1d79ba
Update license and copyright in config files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 11:40:56 +00:00
Dave Rodgman
af54378af4
README improvements to 3rdparty section
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 11:34:40 +00:00
Dave Rodgman
3f07074efb
Fix typos in changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 11:09:31 +00:00
Dave Rodgman
ce38adb731
Fix header in ssl_tls13_keys.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 10:29:25 +00:00
Dave Rodgman
fffeae8387
Update license for p256-m
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 09:31:36 +00:00
Dave Rodgman
f8be5f6ade
Fix overlooked files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
658bcff97c
Add Changelog for license
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:52:34 +00:00
Dave Rodgman
8ce51708da
Update documentation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:52:22 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Paul Elliott
fc31cb28ee
Merge pull request #8395 from tom-daubney-arm/modify_lcov_script_tf_psa_crypto
...
Modify lcov.sh to work in tf-psa-crypto as well
2023-11-02 15:56:21 +00:00
Valerio Setti
74d48c89fa
ssl_server2: small improvement of code readability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
Dave Rodgman
4472ce14b9
Merge pull request #8088 from tgonzalezorlandoarm/tg/check_test_cases-new
...
Make check_test_cases.py recognize test case name templates in ssl-opt.sh
2023-11-02 12:22:52 +00:00
Dave Rodgman
e91d7c5d68
Update comment to mention IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 10:36:38 +00:00
Tom Cosgrove
91aaba0172
Merge pull request #8457 from tom-cosgrove-arm/fix-broken-link-231031
...
Fix broken link to psa-driver-example-and-guide in psa-driver-wrappers-codegen-migration-guide.md
2023-11-01 11:02:51 +00:00
Pengyu Lv
59afe498d4
test: tls13: change server output check
...
tls13 server now does not parse pre-shared key extension unless
there are some psk key exchange modes really available.
For `ephemeral_all/psk_or_ephemeral` configuration pairs, there
wouldn't be any psk key exchange mode available, so the check
of "Pre shared key found" should be inverse.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-01 14:50:44 +08:00
Jerry Yu
960b7ebbcf
move psk check to EE message on client side
...
early_data extension is sent in EE. So it should
not be checked in SH message.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:18 +08:00
Jerry Yu
82fd6c11bd
Add selected key and ciphersuite check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9
move ticket version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25
fix various issues
...
- improve output message
- Remove unnecessary checks
- Simplify test command
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-01 10:28:43 +08:00
Dave Rodgman
9ba640d318
Simplify use of __has_builtin
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:34:02 +00:00
Dave Rodgman
90c8ac2205
Add case for MSVC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:24 +00:00
Dave Rodgman
64bdeb89b9
Use non-empty definition for fallback
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:27:04 +00:00
Dave Rodgman
52e7052b6c
tidy up comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 23:26:44 +00:00
Dave Rodgman
3e5cc175e0
Reduce code size in mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748
Restructure mbedtls_cipher_validate_values
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a
Introduce MBEDTLS_ASSUME
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-31 17:59:56 +00:00
Tom Cosgrove
6dcb63bc6d
Fix broken link to psa-driver-example-and-guide in psa-driver-wrappers-codegen-migration-guide.md
...
Fixes #8453
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-10-31 15:39:25 +00:00
Valerio Setti
ac7a809ac3
all.sh: remove leftover loc_curve_list usage
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-31 12:23:44 +01:00
Pengyu Lv
2151ba55f6
test_suite_x509write: use plaintext key file
...
Some test cases are using encrypted key file, thus have
dependency on low-level block cipher modules (e.g. AES).
This commit adds unencrypted key file so that we could
get rid of those dependencies.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 18:12:04 +08:00
Yanray Wang
5779096753
Merge remote-tracking branch 'origin/development' into adjust_tfm_configs
2023-10-31 13:39:07 +08:00
Pengyu Lv
78657d0c1d
Change base config to full minus SSL
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:29:41 +08:00
Pengyu Lv
f2814ff97b
Move common config to common function
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:29:41 +08:00
Pengyu Lv
dbd1e0d986
tls13: add helpers to check if psk[_ephemeral] allowed by ticket
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b
tls13: server: fully check ticket_flags with available kex mode.
...
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9
back.
Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 09:34:14 +08:00
Paul Elliott
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
...
Cleanups in test code
2023-10-30 18:08:01 +00:00
Paul Elliott
835edd627d
Merge pull request #8404 from paul-elliott-arm/fix_coverity_issues
...
Fix two coverity issues
2023-10-30 18:00:14 +00:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni
...
AES-NI: use target attributes for x86 32-bit intrinsics
2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge
...
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
2023-10-30 15:29:26 +00:00
Manuel Pégourié-Gonnard
1c6100240d
Merge pull request #8398 from mpg/analyze-outcome-ignore-re
...
In analyze_outcomes.py, add pattern-ignore
2023-10-30 12:46:35 +00:00
Valerio Setti
3d59ebef2c
ssl_helpers: remove CIPHER_C guards in mbedtls_test_ssl_build_transforms()
...
Use !USE_PSA_CRYPTO instead.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:59:37 +01:00
Valerio Setti
467271dede
ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:40:32 +01:00
Valerio Setti
847213120c
test_suite_psa_crypto_metadata: remove unnecessary CIPHER_C dependencies
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:37:09 +01:00
Valerio Setti
74d5f23c3f
test_suite_ssl: use new internal symbols in tests using CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
1ebb6cd68d
ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols
...
These are used in tests to determine whether there is support for
one of those keys for CBC mode.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
dc55470341
ssl_context_info: add guards for CIPHER_C
...
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
bdf04e840a
ssl_server2: support ticket_aead only when CIPHER_C is defined
...
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
31ad3a14cc
ssl_helpers: allow mbedtls_test_ssl_build_transforms to work without CIPHER_C
...
A new internal function is added to get cipher's info (mode, key bits and
iv len) without relying on CIPHER_C. This function is basically a lookup
table used only for test purposes.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
d531dab4f6
check_config: let SSL_TLS depend on either CIPHER_C or USE_PSA_CRYPTO
...
TLS code already implements proper dispatching to either
builtin or PSA implementations based on USE_PSA guards, so we can
improve the check_config guards to reflect this.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
852d26c70d
all.sh: enable SSL_TLS and SSL_TICKET in full_no_cipher with PSA_CRYPTO
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
3fe105b042
all.sh: fix test components using accelerated curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:08:12 +01:00