Commit graph

2229 commits

Author SHA1 Message Date
Valerio Setti
a1a0b1b348 test: add a temporary test for checking conversion for new symbols
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
323ad1c416 psa: fixing psa_crypto_generate_key.generated
This is a temporary fix for not excluding tests which depend on
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY. This fix
can be reverted as soon as those _LEGACY symbols will be removed
from the code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
64f790f662 test: fix python script for PSA test generation
This is a temporary fix for replacing
PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR
with the temporary symbols
MBEDTLS_PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_LEGACY.

Once new PSA_WANT_KEY_TYPE_[RSA/ECC]_KEY_PAIR_yyy will be used
both in library's code and tests, then this fix will be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Valerio Setti
ff7f861761 tests: replace deprecated symbols with temporary _LEGACY ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-06-16 12:26:26 +02:00
Manuel Pégourié-Gonnard
24f467668e
Merge pull request #7672 from mpg/libtestdriver1-helpers
Libtestdriver1 helpers
2023-06-16 11:43:40 +02:00
Przemek Stekiel
1f5c2ba495 Add missing ECDH dependencies in ssl-opt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:16 +02:00
Przemek Stekiel
ce05f54283 Properly disable ECDH in only (psk) ephemeral ffdh key exchange components
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 16:44:08 +02:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Manuel Pégourié-Gonnard
8d645dcd77 Fix unintentional config reduction in prev commit
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-15 09:07:10 +02:00
Przemek Stekiel
a53dca125e Limit number ffdh test cases (ffdhe2048, ffdhe8192)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 20:53:09 +02:00
Przemek Stekiel
0c23147456 Disable MBEDTLS_DHM_C in component_test_tls13_only_psk
For details see the following comment: https://github.com/Mbed-TLS/mbedtls/pull/7627#issuecomment-1590792002

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 11:12:45 +02:00
Yanray Wang
4292441a42 all.sh: use clang for one test of AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-14 17:10:15 +08:00
Przemek Stekiel
422ab1f835 Add FFDH tests to ssl-opt
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 11:04:28 +02:00
Przemek Stekiel
ae3209c1e4 Add ffdh support yo generate_tls13_compat_tests.py
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 15:09:03 +02:00
Przemek Stekiel
a01c24227f Add test components: only PSK ephemeral ffdh, only ephemeral ffdh key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 10:46:48 +02:00
Manuel Pégourié-Gonnard
f8930e2c80 Fix special-case with all curves except one.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-13 09:51:32 +02:00
Manuel Pégourié-Gonnard
aed1d7875a Remove references to non-existing options
We no longer support TLS 1.0, TLS 1.1 or CBC record splitting since 3.0,
but those where still referenced here.

While at it, group things in a more logical way in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:22:24 +02:00
Manuel Pégourié-Gonnard
2336c8e929 Make -SE_C part of adjust_config
Several components needed to remove it, with the same comment every
time. It's probably just chance that other components happened to work
despite it being enabled.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:17:54 +02:00
Manuel Pégourié-Gonnard
8df87bf052 Group both configuration steps
Compared to the previous scheme, this avoid the problem of having to
warn about adjusting PSA_WANT in the wrong place.

Also, it allows enabling MBEDTLS_PSA_CRYPTO_CONFIG in adjust_config
rather than having to repeat it in every single component.

It also plays more nicely with components that have an associated
reference component and use a common config function. (Some of them were
already using the new order.)

Finally, "configure, build, run the tests" seems more natural than
"configure, build, configure, build, test" (and, coming back to the
initial point, it avoid questions about what to configure when).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-12 17:09:38 +02:00
Przemek Stekiel
1051f856dc Re-enable MBEDTLS_DHM_C in tls13_only_psk, tls13_only_psk_ephemeral, tls13_only_psk_all
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-11 20:32:28 +02:00
Tom Cosgrove
6ec39cacaa Remove the all.sh test for this, since armclang on CI is too old
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-06-09 15:34:31 +01:00
Tom Cosgrove
730addc203 Fix armc5-bin-dir and armc6-bin-dir options to all.sh
ARMC5_BIN_DIR and ARMC6_BIN_DIR were set in pre_parse_command_line() and used
by support_build_armcc() which is called by pre_initialize_variables() to
determines SUPPORTED_COMPONENTS.

As pre_initialize_variables() is called before pre_parse_command_line(),
support_build_armcc() failed to use the directories set on the command line.

However, we can't call pre_parse_command_line() before pre_initialize_variables()
since the former needs SUPPORTED_COMPONENTS!

Fix the circular dependency by parsing the command line twice, with the first
pass only to get these directories.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-06-09 14:20:18 +01:00
Tom Cosgrove
579e6e9a05 Merge the two ARM Compiler 6 - Target ARMv8.2-A - AArch64 builds
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-06-09 13:46:19 +01:00
Tom Cosgrove
46ed3a9834 Add an all.sh build test that catches the unterminated pragmas
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-06-09 13:46:19 +01:00
Gilles Peskine
95b43a04a9
Merge pull request #7651 from daverodgman/fix-armclang-compile-fail
Fix armclang compile fail
2023-06-08 14:36:18 +02:00
Manuel Pégourié-Gonnard
67f80372f0 Add size measurements per library
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 10:53:54 +02:00
Manuel Pégourié-Gonnard
7ae342f3f7 Use helper_libtestdriver1_adjust_config more
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 09:26:55 +02:00
Manuel Pégourié-Gonnard
981732e453 Fix some typos
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 09:26:51 +02:00
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Przemek Stekiel
5e2f816c39 Fix test configs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard
d4dff8b4de Update FFDH component
Was added while I was preparing this PR.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:19:37 +02:00
Manuel Pégourié-Gonnard
f5c5d971e7 Add documentation about libtestdriver1 usage
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:15:20 +02:00
Manuel Pégourié-Gonnard
239094d51c all.sh: make libtestdriver1 components more uniform
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:15:20 +02:00
Manuel Pégourié-Gonnard
27dd73fb91 all.sh: add helper_libtestdriver1_make_main()
Also, remove things that are redundant with ASAN_CFLAGS (-Werror, -O).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:15:20 +02:00
Manuel Pégourié-Gonnard
31639e49d2 all.sh: add helper_libtestdriver1_make_drivers()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:15:20 +02:00
Manuel Pégourié-Gonnard
27e1767c44 all.sh: add helper_libtestdriver1_adjust_config
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 11:15:20 +02:00
Manuel Pégourié-Gonnard
a14b8f0a17 Add total when printing sizes in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Dave Rodgman
b45d58b9a5 Add armclang -O0 build test
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-02 13:54:00 -04:00
Dave Rodgman
8c315f2f74 Add build tests for Thumb and Thumb2 with clang
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-02 13:53:27 -04:00
valerio
f1d29136ac test: remove debug echo in component
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-06-01 11:06:41 +02:00
Manuel Pégourié-Gonnard
0b68784053
Merge pull request #7577 from mprse/ffdh_drivers
FFDH 3b: add driver testing (no TLS 1.3)
2023-06-01 10:26:08 +02:00
Manuel Pégourié-Gonnard
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
Przemek Stekiel
6efa608d20 Revert setting optimization flag(use O2)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-31 09:38:21 +02:00
Gilles Peskine
3c0e4effe4
Merge pull request #7512 from lpy4105/issue/7014/cert_audit-improvement
cert_audit: Improvements of audit script
2023-05-24 20:24:48 +02:00
Dave Rodgman
99318e6138 Add build test for armclang / Cortex-M0 / -Os
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-05-24 12:27:42 +01:00
Valerio Setti
e50a75f6ff test: add exception in analyze_outcomes.py and fix test for montgomery curves
The exception in analyze_outcomes.py follows previous commit in which
a test in test_suite_pkparse was set with the ECP_C guard for a different
parsing of the private key between the legacy and PSA implementations.

The wrong guard in test_suite_ecp.function instead was erroneously
added in a past commit and it was setting a non-existing symbol of
mbedTLS so those tests were basically never executed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-05-23 15:12:07 +02:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments.
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
2023-05-12 14:59:01 +01:00
Yanray Wang
012b6bb99e all.sh: test AES built-in implementation in AES-128-bit key only
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-12 11:21:56 +08:00
Przemek Stekiel
dccb20204a Add test component for accelerated FFDH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-05-11 11:31:51 +02:00
Yanray Wang
5dd429c8df generate_psa_tests.py: fix typo
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-10 09:58:51 +08:00
Pengyu Lv
a57f677474 cert_audit: Fix DER files missed from parsing
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
ee870a6e83 cert_audit: Remove merge_auditdata
We maintain a dict with unique AudiData objects
(AuditData with unique underlying X.509 objects).
We don't need merge_auditdata anymore.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e09d27e723 cert_audit: Use dictionary to store parsed AuditData
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
31e3d12be9 cert_audit: Output format improvement
We should print all the information for each objects
found every line. This makes it easy to analyze the
output.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
13f2ef4949 cert_audit: Calculate identifier for X.509 objects
The identifier is calculated SHA1 hex string from
the DER encoding of each X.509 objects. It's useful
for finding out the identical X.509 objects.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fd72d9f556 cert_audit: Fix bug in check_cryptography_version
check_cryptography_version didn't provide helpful
message with Python < 3.6, because re.Match object
is not subscriptable.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
0b4832bbf5 cert_audit: Sort the outputs by not_valid_after date
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
fe13bd3d0e cert_audit: Merge audit_data for identical X.509 objects
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Pengyu Lv
e245c0c734 cert_audit: Support parsing file with multiple PEMs
Previously, if a file had multiple PEM objects, only
the first one would be parsed. This commit add the
support so that we could parse all the PEM objects
in the file.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-05-10 09:41:33 +08:00
Bence Szépkúti
ddfd0a27df
Merge pull request #7399 from lpy4105/issue/7014/certificate-audit-script
cert_audit: Add test certificate date audit script
2023-05-09 13:10:01 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Yanray Wang
374c3aec89 all.sh: add test for AES-128bit only without MBEDTLS_CTR_DRBG_C
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:26:20 +08:00
Yanray Wang
1ed226f790 Auto-enable CTR_DRBG_USE_128_BIT_KEY with AES_ONLY_128_BIT_KEY_LENGTH
This commit adds support to auto-enable
MBEDTLS_CTR_DRBG_USE_128_BIT_KEY if
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH enabled.
Furthermore, the corresponding check is removed in check_config.h.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 16:23:31 +08:00
Yanray Wang
3f41744730 generate_psa_tests.py: add extra dependencies based on key bit
This commit introduces a new function to generate extra dependencies
based on REGEX search pattern and predefined dependency list.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:32 +08:00
Arto Kinnunen
3eb50e7d75 all.sh: add test for AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-05-05 11:21:25 +08:00
Gilles Peskine
801c4333ad Test MBEDTLS_PSA_INJECT_ENTROPY
Until now, we were never enabling this option in any test.

MBEDTLS_PSA_INJECT_ENTROPY requires MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES, so
it cannot be enabled in the full config and it gets its own component.

Test with MBEDTLS_USE_PSA_CRYPTO enabled, since MBEDTLS_PSA_INJECT_ENTROPY
is a very PSA feature (which can break non-PSA applications), and Mbed
OS (for whch MBEDTLS_PSA_INJECT_ENTROPY was designed) enables
MBEDTLS_USE_PSA_CRYPTO when it enables MBEDTLS_PSA_INJECT_ENTROPY.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-29 00:28:34 +02:00
Gilles Peskine
4bdb254887 Regroup component that had gotten separated from its close siblings
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-28 19:25:25 +02:00
Gilles Peskine
b70c4e07d0 Adjust code style for pointer types and casts
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:59:28 +02:00
Gilles Peskine
2986accd20 typo
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:57:50 +02:00
Gilles Peskine
8b32d20c50 Test the line number returned by parse_test_data
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
6f5082bf4d Allow more signed integer types in test function arguments
Now that the C code supports the full range of intmax_t, allow any size of
signed integer type in the .data file parser.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
872948cc72 Support larger integer test arguments: C part
Change the type of signed integer arguments from int32_t to intmax_t.
This allows the C code to work with test function arguments with a range
larger than int32_t. A subsequent commit will change the .datax generator
to support larger types.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
4ea4ad082b parse_function_arguments: stricter type parsing
Use normalization the equality comparisons instead of loose regular
expressions to determine the type of an argument of a test function.

Now declarations are parsed in a stricter way: there can't be ignored junk
at the beginning or at the end. For example, `long long unsigned int x`
was accepted as a test function argument (but not `long long unsigned x`),
although this was misleading since the value was truncated to the range of
int. Now only recognized types are accepted.

The new code is slightly looser in that it accepts `char const*` as well as
`const char*`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
47e2e8817d Support (void) as an argument list of a test function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
096f0ca7e5 parse_function_arguments: extract per-argument function
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
400cde607b parse_function_arguments: make local_vars a list
Internal refactoring only, no behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
b3c2eaf00f Support different types in the parameter store
The test framework stores size_t and int32_t values in the parameter store
by converting them all to int. This is ok in practice, since we assume int
covers int32_t and we don't have test data larger than 2GB. But it's
confusing and error-prone. So make the parameter store a union, which allows
size_t values not to be potentially truncated and makes the code a little
clearer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
5226eb5cd3 Simplify parsing of integers in .datax files
In the .datax parser, since we're calling strtol() anyway, rely on it for
verification. This makes the .datax parser very slightly more
liberal (leading spaces and '+' are now accepted), and changes the
interpretation of numbers with leading zeros to octal.

Before, an argument like :0123: was parsed as decimal, but an argument like
:0123+1: was parsed as a C expression and hence the leading zero marked an
octal representation. Now, a leading zero is always interpreted according to
C syntax, namely indicating octal. There are no nonzero integer constants
with a leading zero in a .data file, so this does not affect existing test
cases.

In the .datax generator, allow negative arguments to be 'int' (before, they
were systematically treated as 'exp' even though they didn't need to be).

In the .datax parser, validate the range of integer constants. They have to
fit in int32_t. In the .datax generator, use 'exp' instead of 'int' for
integer constants that are out of range.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:40:02 +02:00
Gilles Peskine
ca25deee12 Factor get_function_info out of gen_from_test_data
No intended behavior change. This commit is mainly to satisfy pylint, which
complains that gen_from_test_data now has too many variables. But it's a
good thing anyway to make the function a little more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:41 +02:00
Gilles Peskine
8542f5c81f Add line number to a few error messages
This is just a quick improvement, not meant to tackle the problem as a
whole.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-04-26 19:38:40 +02:00
Pengyu Lv
1d4cc917ce cert_audit: Reword the options and their descriptions
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 15:17:19 +08:00
Pengyu Lv
1381598aa3 cert_audit: Check the version of cryptography
The script requires cryptography >= 35.0.0, we
need to check the version and provide meaningful
error message when the package version was too
old.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-25 14:55:38 +08:00
Manuel Pégourié-Gonnard
feb941a77a
Merge pull request #7465 from valeriosetti/issue7460-part3
Check remaning dependencies on ECP in PK module
2023-04-24 13:06:09 +02:00
valerio
0b0486452c improve syms.sh script for external dependencies analysis
It is now possible to analyze also modules and not only
x509 and tls libraries.

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-04-24 10:34:08 +02:00
Pengyu Lv
c34b9ac18c cert_audit: Clarify the abstraction of Auditor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 14:57:30 +08:00
Pengyu Lv
28fe957239 cert_audit: Add simple parser of suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-23 13:56:25 +08:00
Gilles Peskine
935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip
x509 SAN IP parsing
2023-04-21 22:00:58 +02:00
Pengyu Lv
2d487217cd cert_audit: Improve the method to find tests folder
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 12:41:24 +08:00
Pengyu Lv
a228cbcecc cert_audit: Add data-files and suite-data-files options
The commit adds '--data-files' and '--suite-data-files'
options so that we could pass names for the two types
of files separately. Additionally, the commit improves
the documentation in the script.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:59:25 +08:00
Pengyu Lv
fcda6d4f51 cert_audit: Enable logging module
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-21 11:04:07 +08:00
Pengyu Lv
ad30679d9e cert_audit: Reuse generate_test_code.FileWrapper
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:07:03 +08:00
Pengyu Lv
7a344dde0f New implementation for generate_test_code.FileWrapper
We get some performance benefit from the Buffered I/O.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-19 15:03:20 +08:00
Pengyu Lv
8e6794ad56 cert_audit: Code refinement
This commit is a collection of code refinements
from review comments.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 17:00:47 +08:00
Pengyu Lv
f8e5e059c5 cert_audit: Improve documentation
This commit is a collection of improving the documentation in the
script:

  * Restore uppercase in the license header.
  * Reword the script description.
  * Reword the docstring of AuditData.fill_validity_duration
  * Rename AuditData.filename to *.location

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-18 16:24:02 +08:00
Valerio Setti
e618cb0a0b test: add coverage's analysis framework for accel EC algs w/o ECP
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-17 12:03:48 +02:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-13 09:20:15 -04:00
Pengyu Lv
7725c1d2a9 cert_audit: Output line/argument number for *.data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:55:30 +08:00
Pengyu Lv
57240958ed cert_audit: Make FILE as positional argument
Make FILE as positional argument so that we can
pass multiple files to the script. This commit
also contains some help message improvements.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-13 15:46:14 +08:00
Valerio Setti
0c477d32e2 test: include also test_suite_ecp for the coverage analysis
Only some test cases are skipped for which ECP_C is mandatory,
but the other ones are included.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Valerio Setti
29b395c854 test: let test_psa_crypto_config_accel_all_ec_algs_use_psa use ECP_LIGHT
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Pengyu Lv
3179232211 cert_audit: Disable pylint error for importing cryptography
This is to make CI happy. The script requires cryptography
>= 35.0.0, which is only available for Python >= 3.6. But
both ubuntu-16.04 and Travis CI are using Python 3.5.x.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 16:30:54 +08:00
Pengyu Lv
cb8fc3275a cert_audit: Fill validity dates in AuditData constructor
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 15:05:29 +08:00
Pengyu Lv
ebf011f43e cert_audit: Introduce not-[before|after] option
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-11 14:07:50 +08:00
Pengyu Lv
30f2683d18 cert_audit: Parse more information from test suite data file
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-07 18:04:07 +08:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Pengyu Lv
45e32033db cert_audit: Support audit on test suite data files
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 14:33:41 +08:00
Pengyu Lv
7f6933a227 cert_audit: Initial script for auditing expiry date
We introduce the script to audit the expiry date of X509 files
(i.e. crt/crl/csr files) in tests/data_files/ folder.

This commit add basic classes and the framework for auditing
and "-a" option to list all valid crt/crl/csr files it found.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-04-06 13:38:56 +08:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard
86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622
Some MAX_SIZE macros are too small when PSA ECC is accelerated
2023-04-03 16:23:27 +02:00
Valerio Setti
c6ecdad42d test: disable all RSA algs and fix tests
All RSA associated algs are now forcedly disabled both on library
and driver sides.
Some PSA driver tests required to be fixed because they were just
requiring for not having the built-in version, but they didn't check
if the driver one was present (kind of assuming that RSA was always
supported on the driver side).

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 08:26:35 +02:00
Ronald Cron
32a432af95 all.sh: Fix test component name
The component_test_psa_crypto_drivers was
renamed component_test_psa_crypto_builtin_keys
in a previous commit. This was misleading as
the goal of the component is not to test
the builtin keys but to run the PSA unit
tests with the test drivers doing the
cryptographic operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Manuel Pégourié-Gonnard
1640682a53
Merge pull request #7334 from valeriosetti/analyze_outcomes_improvement
Improve analyze_outcomes.py script
2023-03-30 09:17:39 +02:00
Valerio Setti
846118b98d test: remove old component errouneously reintroduced during rebase
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 13:46:59 +02:00
Valerio Setti
f109c66d73 Use proper log function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:44 +02:00
Valerio Setti
22992a04f1 Fix function description
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 11:15:28 +02:00
Valerio Setti
5aab43f1cd test: fix/improve comments in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:42:07 +02:00
Valerio Setti
1f1420df36 test: fix text output
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
d0c644db69 test: minor refactoring
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
ee97a1ef47 test: improve comments and code in newly added helper function
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:39 +02:00
Valerio Setti
e4758aa34b test: add a companion test for another curve (x25519) and fix issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:28:06 +02:00
Valerio Setti
3ebecc9513 test: disable proper key exchanges while testing accel EC algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
5360886ad3 test: minor fixes to all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b7e9544194 test: add specific test with only accel EC curves and algs
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-29 10:27:18 +02:00
Valerio Setti
b76672dd52 test: fix wrong accelerated SHA1 symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
6d687b98cf test: simplify comment in test_psa_crypto_config_accel_all_ec_algs_use_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
c762797856 test: removing test with all accel EC algs without USE_PSA
We keep tests without USE_PSA for single accel components (i.e.
ECDH, ECDSA, ECJPAKE), but when testing for all 3 accelerated
at the same time we use USE_PSA for better test coverage.
However for this purpose there is already the:

component_test_psa_crypto_config_[reference/accel]_all_ec_algs_use_psa()

so we can delete this extra component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
4fa6d0bb88 test: moving accel ECJPAKE test close to accel ECDH and ECDSA ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77bdff1963 test: improve comment in the added test
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
2495cdbcc2 test: remove unused tasks in analyze_outcomes.py
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
44b178ca60 test: fix erroneous changes in all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
6f820cccb8 test: fix comments in test_psa_crypto_config_accel_ecc()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1c3de61ba8 test: remove previous tests for accelerated ECDSA/ECDH/ECJPAKE coverage analysis
All these EC based algs are now tested all at once in
test_psa_crypto_config_[accel/reference]_all_ec_algs_use_psa()
functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
42d5f1959f test: add a test with all EC based algs accelerated
Actually this adds both the accelerated test as well as the
reference. Both of them are used to evaluate the driver's
coverage with analyze_outcomes.py script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Manuel Pégourié-Gonnard
5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
c584c27426 Disable built-in SHA-256 in accel_hash too
Now that Entropy doesn't need it any more, we can have driver-only
SHA-256 (and 224 with it) in the non-USE_PSA component too.

This reveals a missing PSA_INIT in a PK test using SHA-256.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5d0d641332 Test entropy.c with driver-only hashes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Valerio Setti
a266332189 test: improve analyze_outcomes.py script
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:

- if the output file is already present, then only the analysis
  is performed
- if the outfile does not exists, then tests are also executed
  before doing the analysis

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-24 09:31:38 +01:00
Manuel Pégourié-Gonnard
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
Valerio Setti
4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
a81130f159 test: enable ECDHE key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:36:59 +01:00
Manuel Pégourié-Gonnard
91cc8bbc87 Enable ECDSA-det in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:06 +01:00
Manuel Pégourié-Gonnard
d111fbdad1 Enable HMAC-DRBG in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
fbaf4e98d8 Enable PKCS7 in driver-only hashes component
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
0d1921c4c2 Enable HKDF in driver-only hashes test
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:42:05 +01:00
Manuel Pégourié-Gonnard
7d381f517a MD: use MD_CAN in test suite and check for parity
Split the part the varies between driver/built-in builds to a separate
file for convenience. Fix analyze_outcomes.py to be able to exclude
specific data files and not just a whole family at once.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Valerio Setti
53a5844abc test: enable ECDH key exchanges for driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Manuel Pégourié-Gonnard
4ebe2a7372
Merge pull request #7300 from valeriosetti/issue7281
Driver only EC JPAKE: re-enable the EC J-PAKE key exchange and get test parity
2023-03-20 09:54:47 +01:00
Manuel Pégourié-Gonnard
e91aadaeed
Merge pull request #7299 from valeriosetti/issue7280
Driver only EC JPAKE: enable ssl-opt.sh and get test parity
2023-03-20 09:51:11 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Manuel Pégourié-Gonnard
0f60d09aa8 Add a test with all of ECC accelerated
Note that ECC key derivation is not using drivers yet, as we don't have driver support for
cooked key derivation acceleration, see
https://github.com/Mbed-TLS/mbedtls/pull/5451 and follow-ups.

So, we still need MBEDTLS_ECP_C enabled at least for this, and probably
in several other places for now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:23:17 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Manuel Pégourié-Gonnard
0d957d3a83
Merge pull request #7275 from valeriosetti/issue7255
Driver-only EC JPAKE: starter
2023-03-17 10:01:38 +01:00
Manuel Pégourié-Gonnard
1b5ffc63cc Avoid double definition of MD_LIGHT
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Valerio Setti
943f8ddf81 test: remove leftovers from debug sessions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 16:47:17 +01:00
Manuel Pégourié-Gonnard
54e3c6593e Fix failures in signature accel test
The test driver library tries to only build what's necessary, but must
use the same PSA_WANT macros as the main library. So, for things that
are not needed, it undefines MBEDTLS_PSA_BUILTIN_xxx and defines
MBEDTLS_PSA_ACCEL_xxx, unless the ACCEL symbol was defined on the
command line, in which case it undefines it and defineds BUILTIN
instead. This negation happens in crypto_config_test_driver_extension.h
and reflects the fact that what we want accelerated in the main library
is what we want built-in in the driver library (and vice versa if we
want to minimize the size of the driver library).

So, the ACCEL symbols in inside the test driver library (while it's
being built, not those on the command line) are a bit of a white lie:
they don't actually mean "there's an accelerator for this" but instead
"I won't include a built-in for this even though the corresponding
PSA_WANT symbol is defined".

This was quite harmless until MD started making dispatch decisions based
on the ACCEL symbols: when it tries to dispatch to an accelerator that
doesn't actually exist, things tend to go badly.

The minimal fix for this is to change how we enable extra hashes in the
test driver library: by defining the ACCEL symbol on the command line,
in the build we'll end up with the BUILTIN symbol (and implementation!)
and no ACCEL symbol, which is exactly what we want.

Long version: https://arm-ce.slack.com/archives/GTM3SM1K5/p1675071671707599

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Valerio Setti
fea765ba17 test: enable ec-jpake key exchanges in driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-16 07:45:23 +01:00
Valerio Setti
d8c2800f58 ecjpake: add ssl-opt tests for driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-15 19:09:35 +01:00
Manuel Pégourié-Gonnard
2a13cfd2b0
Merge pull request #7243 from valeriosetti/issue7148
driver-only ECDH: enable ssl-opt.sh with parity
2023-03-14 11:07:56 +01:00
Gilles Peskine
8128037017
Merge pull request #7163 from lpy4105/issue/all_sh-do-not-list-unsupported-cases
all.sh: Do not list unsupported cases
2023-03-14 10:34:04 +01:00
Manuel Pégourié-Gonnard
ca3e32aaa8
Merge pull request #7207 from valeriosetti/issue7140
Handle output consistently in analyze_outcomes.py
2023-03-14 09:43:45 +01:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Valerio Setti
3951d1bcce analyze_outcomes: symplify log functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 18:37:34 +01:00
Valerio Setti
d0fffc56c3 analyze_outcomes: add coverage test for ecjpake
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 16:08:03 +01:00
Valerio Setti
a9c9deccb9 ecjpake: add tests for driver coverage analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 16:05:49 +01:00
Gilles Peskine
4da92832b0
Merge pull request #7117 from valeriosetti/issue6862
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
2023-03-09 20:49:44 +01:00
Dave Rodgman
bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-07 10:50:09 +01:00
Manuel Pégourié-Gonnard
a5ffa93e43
Merge pull request #7142 from mpg/driver-only-ecdh-starter
Driver-only ECDH starter
2023-03-07 09:14:38 +01:00
Manuel Pégourié-Gonnard
86393db84d Revert local experiment.
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 16:19:05 +01:00
Manuel Pégourié-Gonnard
07d92620d4 Fix some message strings and comments in all.sh
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard
0d1f5be688 Add comment about shared config function
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-06 13:35:21 +01:00
Valerio Setti
5d8d1a7f60 analyze_outcomes: print all output on stderr
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-06 11:08:17 +01:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Dave Rodgman
45cef61fa4
Merge branch 'development' into md-light
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-03 14:28:13 +00:00
Dave Rodgman
1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt
Allow alternative names for overridable PSA headers
2023-03-03 12:37:51 +00:00
Dave Rodgman
e965c3c4bd
Merge pull request #7197 from daverodgman/armclang-sha-warning
Enable -Werror in all.sh for armclang
2023-03-03 09:01:41 +00:00
Dave Rodgman
0fddf829d5 Add more detailed comment
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 15:32:12 +00:00
Gilles Peskine
57897b8d6a
Merge pull request #6493 from AndrzejKurek/pymod
Use `config.py` as a module in `depends.py`
2023-03-02 15:38:47 +01:00
Dave Rodgman
1c232a8311 Enable -Werror for armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:39:04 +00:00
Dave Rodgman
2f386c55ff Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-02 13:38:33 +00:00
Pengyu Lv
c6298ad46a Use parentheses to avoid executing the output
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-01 10:31:29 +08:00
Pengyu Lv
c2b1864ceb Revert "Check if the license server is available for armcc"
This reverts commit 55c4fa4f41.

After discussion, We decided not to check the availability
of the license server for the impacts on CI and user usages.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-01 10:25:08 +08:00
Gilles Peskine
b52b788e55
Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension
Add AES with armv8 crypto extension
2023-02-28 18:16:37 +01:00
Pengyu Lv
55c4fa4f41 Check if the license server is available for armcc
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 18:31:50 +08:00
Pengyu Lv
df07003c49 all.sh: add support function for build_armcc
With this change, "--list-components" will not list
"build_armcc" on the system which is not installed
with Arm Compilers.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 16:03:31 +08:00
Pengyu Lv
51b5f00a43 all.sh: Skip build_mingw correctly
If i686-w64-mingw32-gcc is not installed, then
build_mingw should be unsupported.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-24 15:38:52 +08:00
Manuel Pégourié-Gonnard
623c73b46d Remove config.py call on now-internal option
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-23 20:36:05 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Przemek Stekiel
bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-02-23 17:12:19 +01:00