Valerio Setti
a266332189
test: improve analyze_outcomes.py script
...
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:
- if the output file is already present, then only the analysis
is performed
- if the outfile does not exists, then tests are also executed
before doing the analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-24 09:31:38 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
...
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Manuel Pégourié-Gonnard
f0b883f0a9
Merge pull request #7312 from valeriosetti/issue7254
...
driver-only ECDH: enable TLS 1.3 key exchanges
2023-03-23 11:40:11 +01:00
Valerio Setti
226f9b903f
ssl_tls: fix guard in ssl_misc.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-23 09:28:51 +01:00
Manuel Pégourié-Gonnard
8e9fb2d51e
Merge pull request #7297 from valeriosetti/issue7253-part2
...
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 2
2023-03-22 14:47:12 +01:00
Valerio Setti
89029e7366
changelog: fix description for ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
080a22ba75
ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
8427b56d71
added changelog for accelerated ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
0c8ec3983e
ssl_tls: fix proper guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
90df310d89
ssl_tls13: fix guards for accel ECDH
...
These changes fix all failures found in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
4059aba353
accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
ccf0be28e8
fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:40:05 +01:00
Valerio Setti
da8535b74e
ecdh: simplify guards for the newly created PSA_HAVE_FULL_ECDH symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:40:05 +01:00
Valerio Setti
13ce40323f
test_suite_ssl: remove redundant dependencies when the key exchange is specified
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:40:05 +01:00
Valerio Setti
7a2f39692a
ecdhe: solve disparities in accelerated ECDHE vs reference
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:37:45 +01:00
Valerio Setti
d3f0b9e78c
ecdhe: fix guards for accelerated ECDHE key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Valerio Setti
a81130f159
test: enable ECDHE key exchanges for driver coverage tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Manuel Pégourié-Gonnard
5663682728
Merge pull request #7284 from mpg/use-md-can
...
Use md-can macros
2023-03-22 08:42:04 +01:00
Manuel Pégourié-Gonnard
8965b65bd8
Remove now-spurious dependencies
...
Now that HMAC-DRBG can use driver, so can deterministic ECDSA
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
91cc8bbc87
Enable ECDSA-det in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
d111fbdad1
Enable HMAC-DRBG in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
fbaf4e98d8
Enable PKCS7 in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
0d1921c4c2
Enable HKDF in driver-only hashes test
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
161dca63c3
Fix typos & improve wording in comments
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7d381f517a
MD: use MD_CAN in test suite and check for parity
...
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7224086ebc
Remove legacy_or_psa.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
23fc437037
SSL: fix test failures
...
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394
SSL: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
33a13028e5
X.509: fix test failures
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a946489efd
X.509: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fa99afa2bc
PK: fix test failures
...
Introduce MD_OR_USE_PSA_INIT/DONE. This will likely be used everywhere
in X.509 and SSL/TLS, but most places in PK only need USE_PSA_INIT/DONE.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0b8095d96a
PK: use MD_CAN macros
...
sed -i -f md.sed tests/suites/test_suite_pk{,parse,write}.*
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ebef58d301
OID + misc crypto: use MD_CAN and fix failures
...
After this, only PK, X.509 and TLS remain to be done.
Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.
Also, remove a special-purpose macro that's no longer needed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1d3bf24555
test_suite_psa_crypto: use PSA_WANT
...
Could use MD_CAN, as both are equivalent when MBEDTLS_PSA_CRYPTO_C is
defined, but using PSA_WANT is preferable in a PSA context.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a5f04621bd
PKCS5: use MD_CAN macros
...
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f
PKCS5: always use MD
...
As a consequence, MD_C is now enabled in component accel_hash_use_psa.
Fix guards in X.509 info function to avoid this causing a failure now.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
c1f10441e0
RSA: use MD_CAN macros
...
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db
RSA: always use MD light
...
Note: already auto-enabled in build_info.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
52d02a85d3
PEM: use MD_CAN macros
...
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37
PEM: always use MD light
...
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
0baad53ac9
PKCS12: use MD_CAN macros
...
sed -i -f md.sed library/pkcs12.c tests/suites/test_suite_pkcs12.* include/mbedtls/pkcs12.h
with md.sed as before.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4
PKCS12: always use MD light
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
b2eb1f7456
ECJPAKE: use MD_CAN macros
...
sed -i -f md.sed \
library/ecjpake.c \
include/medtls/ecjpake.h \
tests/suites/test_suite_ecjpake.*
With md.sed as follows:
s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g
s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g
s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g
s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e
ECJPAKE: always use MD light
...
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ffcda5679a
Make MD_PSA_INIT/DONE available to all suites
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
235a933f99
PSA hash algs must be a superset of built-ins
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
534d64d67e
MD no longer depends on a built-in hash
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
...
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
...
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
97fd217748
Merge pull request #7318 from tom-cosgrove-arm/update-mbedtls_have_asm-requirements-in-mbedtls_config.h
...
Note that MBEDTLS_HAVE_ASM is required by MBEDTLS_AESCE_C
2023-03-20 18:22:25 +00:00