Commit graph

175 commits

Author SHA1 Message Date
Dave Rodgman
7565b54545 Move MBEDTLS_CIPHER modification to appropriate section
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
13d2633126 Fix MBEDTLS_NO_PLATFORM_ENTROPY for baremetal aarch64 with armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
b925d141de minor tidy-up
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
fc566605b6 Mention copyright in the readme
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
27a3785d98 Use verbatim TF-M configs from upstream
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Dave Rodgman
bff2a58b6e Add supporting files to enable use of verbatim TF-M config
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Valerio Setti
1e3fcc5692 config-tfm: fix typo in comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 11:56:08 +01:00
Valerio Setti
5e18b90c95 config-tfm: disable CIPHER_C
We also add a check in "all.sh" components:
- component_test_tfm_config_p256m_driver_accel_ec
- component_test_tfm_config
to ensure that CIPHER_C was not re-enabled accidentally.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 15:24:25 +01:00
Dave Rodgman
51e72456f9 Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:44:44 +00:00
Dave Rodgman
e4cf9b6f95 Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:43:20 +00:00
Dave Rodgman
2d9b7d491a Remove references to 3.4
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:42:44 +00:00
Dave Rodgman
c89f7817e1 Use common license header
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 16:10:44 +00:00
Dave Rodgman
4edcf693e7 Use latest TF-M config with bare-minimum changes
Move all changes local to Mbed TLS into config-tfm.h (except for commenting
out a couple of #include's).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Dave Rodgman
a326eb990d We no longer need to undef ALT defines
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Yanray Wang
6f6090d19b tf-m config: update and enable BLOCK_CIPHER_NO_DECRYPT
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-27 15:55:04 +08:00
Yanray Wang
8636d471b3 config-tfm.h: License Change
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-08 10:07:03 +08:00
Yanray Wang
30769696e7 Merge remote-tracking branch 'origin/development' into adjust_tfm_configs 2023-11-08 10:00:24 +08:00
Dave Rodgman
aeaf1d79ba Update license and copyright in config files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-03 11:40:56 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Yanray Wang
09f9300c01 config-tfm.h: remove PK_[PARSE/WRITE]_C
As we have removed PK_[PARSE_WRITE]_C in TF-M config, we do not have
to undef them in config-tfm.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
4419d38a15 config-tfm.h: include TF-M medium profile properly
config-tfm.h is copied into mbedtls_config.h in test-ref-config.pl.
The relative path is include/ not configs/.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
e23fa41f10 Documentation improvements
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
da26a5172c Disable PK_PARSE and PK_WRITE
This is what TF-M intended and they have done so since we copied the file.

It's either disable these options, or enable MBEDTLS_OID_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Gilles Peskine
5f573f8301 Fix broken test with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
When testing the lifecycle of a transient key, it doesn't make much sense to
try psa_open_key: that expects a persistent key and the lookup takes a
different path. The error from psa_open_key is also different depending on
whether MBEDTLS_PSA_CRYPTO_STORAGE_C is enabled.

To check that the key ownership is taken into account, try to access the
same key id with a different owner without expecting that this is a
persistent key. Just call psa_get_key_attributes, which works fine for a
transient key.

This fixes a test failure when MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER is
enabled and MBEDTLS_PSA_CRYPTO_STORAGE_C is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
0c98f9f842 test-ref-configs: test config-tfm.h
Tweak some configurations based on TF-M config in order to get a
successful build and test.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
b153aaed9e configs: add config_tfm.h which includes TFM configs
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Yanray Wang
2864823671 configs: move TFM config to a subdirectory
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-26 17:15:52 +08:00
Dave Rodgman
739d815b7f Remove PK options
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 17:40:24 +01:00
Dave Rodgman
84e8f1d618 Set MBEDTLS_MD_C
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-22 17:40:18 +01:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Valerio Setti
52e0fb4421 crypto_config_profile_medium: add comment for new KEY_PAIR symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-02 09:55:21 +02:00
Ronald Cron
2b25d36165 Fix PSA crypto configuration file name
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-20 09:09:10 +02:00
Ronald Cron
e501d0e71e Add change log and non-regression test
Add change log and non-regression test
for CCM* with no tag not supported in
CCM only configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-17 11:53:20 +02:00
Valerio Setti
ae064433be configs: adapt to new symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-30 10:16:22 +02:00
Aditya Deshpande
2f1ae5a86e Modify TFM files to allow them to build on baremetal with Mbed TLS and fix code style.
Also change the include path of crypto_spe.h in crypto_platform.h to allow the former file to be included in library-only builds.

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-05-23 15:40:11 +08:00
Aditya Deshpande
16a62e3129 Bring over both necessary medium config files (regular and PSA style) from TFM.
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-05-23 15:40:11 +08:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Valerio Setti
65287636f8 config: remove SHA224_C from some config files
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:29:40 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
Jacob Schloss
d8a573b9d9 Fix spelling of 'features' in comment
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-04-08 10:23:14 +01:00
Gilles Peskine
d725bf75d8 Minor documentation improvement
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 21:52:14 +02:00
Gilles Peskine
c6d197b68a ssl-opt needs debug messages
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:22:25 +01:00
Gilles Peskine
168f17c233 New sample/test configuration: small DTLS 1.2
1. Copy config-ccm-psk-tls1_2.h
2. Add DTLS support
3. Add some TLS and DTLS features that are useful in low-bandwidth,
   low-reliability networks
4. Reduce the SSL buffer to a very small size

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:11 +01:00
Gilles Peskine
7451e5a1c6 Minimal TLS configuration: documentation improvements
Some of the options have been moved around, but there are no semantic
changes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:05:37 +01:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:41 -05:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Bence Szépkúti
b2e23de0f3 Make config version symbols optional
Also remove them from the example configs, but keep the one in
mbedtls_config.h.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
c850054759 Remove reference to including check_config.h
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00