Yanray Wang
fb0f47b1f8
tls13: srv: check tls version in ClientHello with min_tls_version
...
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-04 17:50:36 +08:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Dave Rodgman
422951b9ed
Merge pull request #8044 from daverodgman/msft-aarch64
...
Better support for MSVC aarch64 aka ARM64 and ARM64EC
2023-12-01 07:48:26 +00:00
Dave Rodgman
059f66ce7c
Remove redundant check
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 11:02:03 +00:00
Dave Rodgman
6eee57bc07
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 11:01:50 +00:00
Dave Rodgman
12d1c3ad4f
Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:38:38 +00:00
Dave Rodgman
d879b47b52
tidy up macros in mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:35:14 +00:00
Dave Rodgman
59059ec503
Merge remote-tracking branch 'origin/development' into msft-aarch64
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-30 09:34:41 +00:00
Yanray Wang
b3e207d762
tls13: early_data: cli: rename early_data parser in nst
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6
Revert "tls13: early_data: cli: remove nst_ prefix"
...
This reverts commit 3781ab40fb
.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:44:44 +08:00
Dave Rodgman
10dfe76425
Merge pull request #8573 from daverodgman/iar-aesce2
...
Disable hw AES on Arm for IAR
2023-11-30 08:22:09 +00:00
Dave Rodgman
f5e46fd45c
Merge pull request #8535 from daverodgman/update-tfm
...
Adjust to match current TF-M config
2023-11-29 16:14:06 +00:00
Gilles Peskine
18eab984c7
Merge pull request #8560 from lpy4105/issue/8423/optimize-analyze_outcomes_py
...
Optimize analyze_outcomes.py
2023-11-29 14:51:41 +00:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
...
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Dave Rodgman
fb96d800ab
Merge pull request #8569 from yuhaoth/pr/fix-warning-on-arm64-gcc-5.4
...
fix build warning with arm64 gcc 5.4
2023-11-29 11:52:18 +00:00
Gilles Peskine
172c0b930f
Merge pull request #8561 from ronald-cron-arm/fix-ciphersuites-list-in-ssl-opt
...
ssl-opt.sh: Fix getting the list of supported ciphersuites.
2023-11-29 11:31:33 +00:00
Pengyu Lv
5dcfd0c613
Some improvements
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-29 18:03:28 +08:00
Dave Rodgman
51e72456f9
Automatically set MBEDTLS_NO_PLATFORM_ENTROPY in TF-M config
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:44:44 +00:00
Dave Rodgman
e4cf9b6f95
Move MBEDTLS_BLOCK_CIPHER_NO_DECRYPT to correct section
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:43:20 +00:00
Dave Rodgman
2d9b7d491a
Remove references to 3.4
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-29 09:42:44 +00:00
Manuel Pégourié-Gonnard
6b5cedf51f
Merge pull request #8547 from valeriosetti/issue8483
...
[G2] Make PSA-AEAD work with cipher-light
2023-11-29 08:53:42 +00:00
Jerry Yu
92787e42c4
fix wrong gcc version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 16:30:38 +08:00
Jerry Yu
e743aa74b5
add non-gcc arm_neon support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 15:54:32 +08:00
Jerry Yu
71fada10e5
Guards neon path
...
Old GCC(<7.3) reports warning in NEON path
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 10:38:07 +08:00
Jerry Yu
5b96b81980
Revert "fix build warning with arm64 gcc 5.4"
...
This reverts commit da3c206ebd
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-29 10:25:00 +08:00
Pengyu Lv
550cd6f9b2
Use boolean hit
instead of int hits
...
Also fix a typo in the comments.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-29 09:17:59 +08:00
Ronald Cron
60f76663c0
Align forced ciphersuite with test description
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-28 17:52:42 +01:00
Dave Rodgman
c3cd410acf
Merge pull request #8286 from gilles-peskine-arm/check_mbedtls_calloc_overallocation-disable_with_asan
...
Fix test_suite_platform failure with Asan on modern Clang
2023-11-28 16:48:31 +00:00
Ronald Cron
29ad2d7609
ssl-opt.sh: Remove unnecessary symmetric crypto dependencies
...
Same test cases as in the previous commit.
Remove the redundant symmetric crypto dependency.
The dependency is ensured by the fact that:
1) the test case forces a cipher suite
2) ssl-opt.sh enforces automatically that the
forced ciphersuite is available.
3) The fact that the forced ciphersuite is
available implies that the symmetric
cipher algorithm it uses is available as
well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-28 17:44:39 +01:00
Dave Rodgman
c89f7817e1
Use common license header
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 16:10:44 +00:00
Dave Rodgman
82d7a875ff
Update tests to refer to our tf-m config wrapper
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 16:10:37 +00:00
Ronald Cron
41bc42ac1b
ssl-opt.sh: Fix some symmetric crypto dependencies
...
Fix some dependencies on symmetric crypto that
were not correct in case of driver but not
builtin support. Revealed by "Analyze driver
test_psa_crypto_config_accel_cipher_aead vs reference
test_psa_crypto_config_reference_cipher_aead" in
analyze_outcomes.py.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-28 15:59:40 +01:00
Ronald Cron
5b73de8ddb
ssl-opt.sh: Add a check of the list of supported ciphersuites
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-11-28 15:59:03 +01:00
Dave Rodgman
410ad44725
Disable hw AES on Arm for IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 13:42:17 +00:00
Tom Cosgrove
9e1d2e5727
Merge pull request #8029 from gilles-peskine-arm/fix-MBEDTLS_HAS_MD5_VIA_LOWLEVEL_OR_PSA
...
Update old dependency to MBEDTLS_MD_CAN
2023-11-28 13:12:10 +00:00
Valerio Setti
919e3fa729
check_config: fix guards for PSA builtin implementation of cipher/AEAD
...
While the PSA builtin implementation of cipher still depends on
CIPHER_C, the same is no more true for AEADs. When CIPHER_C is not
defined, BLOCK_CIPHER_C is used instead, thus making it possible
to support AEADs without CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 11:45:38 +01:00
Valerio Setti
b1cf8aeda4
adjust_psa_from_legacy: add required CIPHER_C dependencies
...
Some PSA_WANT symbols do not have a 1:1 matching with legacy ones.
For example, previous to this commit:
- CCM_C enabled both PSA_WANT_ALG_CCM and PSA_WANT_ALG_CCM_STAR_NO_TAG
even thought the two are not equivalent (authenticated VS
non-authenticated).
- there was no legacy equivalent for ECB_NO_PADDING
What it is common to both PSA_WANT_ALG_CCM_STAR_NO_TAG and
PSA_WANT_ALG_ECB_NO_PADDING is the fact that the builtin implementation
depends on CIPHER_C. Therefore this commits adds this guards to
select whether or not to enable the above mentioned PSA_WANT symbols.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 11:45:38 +01:00
Valerio Setti
6632a12fa3
all.sh: re-enable CCM/GCM in test_full_no_cipher_with_crypto[_config]()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-28 11:45:38 +01:00
Dave Rodgman
4edcf693e7
Use latest TF-M config with bare-minimum changes
...
Move all changes local to Mbed TLS into config-tfm.h (except for commenting
out a couple of #include's).
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Dave Rodgman
a326eb990d
We no longer need to undef ALT defines
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:52 +00:00
Dave Rodgman
be5489ae98
Simplify test for building P256-M
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:37 +00:00
Dave Rodgman
897bb77c0c
Update tf-m tests in all.sh for P256-M
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-28 10:15:11 +00:00
Pengyu Lv
451ec8a4bc
Add comment to read_outcome_file in analyze_outcomes.py
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-28 17:59:05 +08:00
Pengyu Lv
c2e8f3a080
Add type annotations to analyze_outcomes.py
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-28 17:22:04 +08:00
Manuel Pégourié-Gonnard
11c3fd1f73
Merge pull request #8568 from yanrayw/issue/8356/block_cipher_no_decrypt_cleanup
...
Driver-only: G1: clean up for BLOCK_CIPHER_NO_DECRYPT
2023-11-28 08:49:48 +00:00
Manuel Pégourié-Gonnard
294f5d7ea9
Merge pull request #8540 from valeriosetti/issue8060
...
[G2] Make CCM and GCM work with the new block_cipher module
2023-11-28 08:18:45 +00:00
Pengyu Lv
20e3ca391e
Run tests for ref_vs_driver outside task function
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-28 15:30:03 +08:00
Jerry Yu
da3c206ebd
fix build warning with arm64 gcc 5.4
...
GCC 5.4 reports below warning on Arm64
```
warning: 'vst1q_u8' is static but used in inline function 'mbedtls_xor' which is not static
```
This inline function miss `static`, others have the keyword
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-28 14:28:03 +08:00
Pengyu Lv
18908ec276
Define named tuple for component outcomes
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-28 13:04:11 +08:00
Pengyu Lv
28ae4648a6
Use mutable set all the time
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-11-28 11:35:19 +08:00