Commit graph

28541 commits

Author SHA1 Message Date
Gilles Peskine
da6e7a2ac2 More consistent usage of volatile
Fix MSVC warning C4090.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 10:09:27 +01:00
Manuel Pégourié-Gonnard
5c6f787caa all.sh: robustness improvement
The original pattern would catch any extension, which could include
things like editor backup files etc, that we'd rather ignore.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 10:04:22 +01:00
Manuel Pégourié-Gonnard
a742337ef6 all.sh: add diff to can_keep_going_after_failure
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-10 09:58:31 +01:00
Yanray Wang
cd25d22526 cipher.c: remove checks for CBC,XTS,KW,KWP in cipher_setkey
We have checks for CBC, XTS and KW modes in check_config.h. This
means we should never get a successful build with above three modes.
Therefore, the checks in cipher_setkey is not necessary as other
error will be emitted if asking for those modes in the cipher.
Additionally, removing the checks can save extra code size.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:40:58 +08:00
Valerio Setti
73d053123f ssl-opt: set proper cipher dependencies in tests using ticket_aead parameters
Check either legacy or PSA symbols based on USE_PSA_CRYPTO

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:45 +01:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Valerio Setti
01c4fa3e88 ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Valerio Setti
dd43d7b3a4 ssl-opt: set proper dependencies on tests with encrypted server5 key
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Valerio Setti
f941455e3b all.sh: enable ssl-opt testing in psa_crypto_config_[accel/reference]_cipher_aead
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:12:07 +01:00
Valerio Setti
ec9b25877f all.sh: disable CIPHER_C in test_psa_crypto_config_accel_cipher_aead
Extra features that depend on CIPHER_C are disabled also in the
reference component in order to get test parity.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:08:43 +01:00
Yanray Wang
111159b89c BLOCK_CIPHER_NO_DECRYPT: call encrypt direction unconditionally
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Yanray Wang
799bd84b0d all.sh: resue support_build_armcc for *_armcc test
For time being, pre_check_tools check armcc and armclang together.
Therefore, we can resue support_build_armcc even if the test only
needs armclang.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Yanray Wang
4cd1b1617d all.sh: check additional symbols in asece for block_cipher_no_decrypt
check
 - mbedtls_aesce_inverse_key
 - aesce_decrypt_block

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:23 +08:00
Yanray Wang
49cd4b5f7d all.sh: refine and simplify component for block_cipher_no_decrypt
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-10 15:03:10 +08:00
Gilles Peskine
d2fa698155 Strengthen against possible compiler optimizations
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-09 21:46:24 +01:00
Matthias Schulz
5ffc42442d Fix preprocessor syntax error.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:44:24 +01:00
Matthias Schulz
2e068cef09 fixes invalid default choice of thumb assembler syntax.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:25:52 +01:00
Matthias Schulz
ee10b8470a Fix compiler error on gcc 4.5.2.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 15:19:28 +01:00
Matthias Schulz
9916b06ce7 Fix uninitialized variable warnings.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-09 14:25:01 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls
[G3] Driver-only cipher+aead: TLS: main test suite
2023-11-09 11:10:34 +00:00
Yanray Wang
9938554577 BLOCK_CIPHER_NO_DECRYPT: rephrase ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-09 17:18:30 +08:00
Yanray Wang
70743b02df psa_information: compile a regex instead of using string directly
Compiling a regex improves performance and avoids accidentally
combining it with a string. This commit makes this change.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-09 16:13:55 +08:00
Yanray Wang
6cdfe9d51f tls1.3: early data: rephrase ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-09 16:00:39 +08:00
Yanray Wang
f03b49122c aes.c: guard RSb and RTx properly
If we enabled AES_DECRYPT_ALT and either AES_SETKEY_DEC_ALT or
AES_USE_HARDWARE_ONLY, this means RSb and RTx are not needed.
This commit extends how we guard RSb and RTx for the combinations of
these configurations.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-09 11:43:21 +08:00
Jerry Yu
de7ead0a64
Update license
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-09 10:10:33 +08:00
Gilles Peskine
4dec9ebdc2
Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377
Fixes "CSR parsing with critical fields fails"
2023-11-08 18:07:04 +00:00
Gilles Peskine
c75ee77dbb
Merge pull request #8439 from yuhaoth/pr/add-test-suite-parameter-to-ssl-opt
Add test-suite parameter to filter tests
2023-11-08 18:05:44 +00:00
Gilles Peskine
b97058e2d5
Merge pull request #8496 from ronald-cron-arm/remove-cocci-files
Remove unused *.cocci files
2023-11-08 18:05:13 +00:00
Dave Rodgman
0d22539de0
Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr
Mbed TLS 3.5.1
2023-11-08 18:01:32 +00:00
Ryan Everett
5567e3a34b Make empty key slots explicit
Add new status field to key slots, and use it.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2023-11-08 13:28:20 +00:00
Valerio Setti
b9015385fd test_driver_extension: use same def/undef pattern for all accelerated symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-08 13:11:10 +01:00
Manuel Pégourié-Gonnard
3e1d39b332 Add check about legacy dependencies in PSA tests
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:54:02 +01:00
Dave Rodgman
9eb2abd1e0 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:17 +00:00
Dave Rodgman
9f747537cf Update BRANCHES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:11 +00:00
Dave Rodgman
28d40930ae Restore bump version
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:08 +00:00
Dave Rodgman
39b2a38076 Restore 3.5.1 ChangeLog
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:40:04 +00:00
Dave Rodgman
a2d14ef764 Merge remote-tracking branch 'origin/development' into mbedtls-3.5.1-pr
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:39:53 +00:00
Dave Rodgman
47854e638b Revert back to v3.5.0
git revert v3.5.0..v3.5.1
git rebase to combine the resulting revert commits

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:38:57 +00:00
Dave Rodgman
edb8fec988 Add docs re Everest license
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-08 11:36:00 +00:00
Gilles Peskine
1d6de4ceb7 No more limitations accelerated algorithms using a built-in hash
It used to be the case that when an algorithm that uses a hash inside was
accelerated through a PSA driver, it might end up calling a hash algorithm
that is not available from the driver. Since we introduced MBEDTLS_MD_LIGHT,
this no longer happens: PSA accelerated hashes are available to callers of
the MD module, so the test driver can use all available hash algorithms.
Hence the workaround to skip testing certain accelerated cases is no longer
needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
fcc5f31bb8 Rm unjustified MD_C dependencies in PSA test
RSA will auto-enable MD_LIGHT, we don't need to list MD_C as a
dependency here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
af302b9e5d Rm unjustified PK_C dependencies in PSA tests
Some are about raw or AES keys where PK seems really unrelated.

The others are about RSA where PK may be relevant, but the necessary
bits of PK are auto-enabled when RSA key types are requested, so we
shouldn't need to list them as dependencies in tests.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:52 +01:00
Manuel Pégourié-Gonnard
433150e8f2 Rm redundant ECC dependencies in psa_crypto tests
Since _DERIVE can't be accelerated now, in
config_adjust_legacy_from_psa.h we will notice and auto-enable ECP_LIGHT
as well as the built-in version of each curve that's supported in this
build. So, we don't need to list those as dependencies here - and they
would cause issues when we add support for _DERIVE drivers.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Manuel Pégourié-Gonnard
59a8b41ca3 Fix incorrect RSA dependencies in psa_crypto tests
There's no reason the tests would depend specifically on our built-in
implementation and not work with drivers, so replace the RSA_C
dependency with the correct PSA_WANT dependencies.

Those 6 cases use two different test functions, but both of those
functions only do `psa_import()`, so all that's needed is PUBLIC_KEY or
KEYPAIR_IMPORT (which implies KEYPAIR_BASIC) depending on the kind of
key being tested.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Manuel Pégourié-Gonnard
0d9a3618bd Rm unneeded dep on PK_PARSE_C in psa crypto tests
Most of them were removed in 7162, not sure how these ones slipped in.

There's no reason deterministic ECDSA verification would need PK parse
more than the other tests. The following finds no match:

    grep -i pk_parse library/ecdsa.c library/psa_crypto_ecp.c

Even if PK parse was actually needed for this, the right way would be to
auto-enable it based on PSA_WANT symbols, and then only depend on
PSA_WANT symbols here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-11-08 12:30:51 +01:00
Yanray Wang
d137da5a93 check_config: make error message in BLOCK_CIPHER_NO_DECRYPT clearer
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:17:44 +08:00
Yanray Wang
004a60c087 aes.c: remove non-functional code
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 19:05:31 +08:00
Yanray Wang
65f7653bdd tls1.3: early data: rephrase ChangeLog
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 18:48:33 +08:00
Ronald Cron
f95b678729 Remove unused *.cocci files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-08 10:08:09 +01:00
Ronald Cron
c27a4ce3dd
Merge pull request #8429 from gilles-peskine-arm/fix-test_suite_constant_time_hmac-not-executed
Fix test suite never executed due to an undefined symbol
2023-11-08 09:05:12 +00:00