1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-10 10:40:59 +03:00
Commit Graph

12456 Commits

Author SHA1 Message Date
0a57a253cc Fix psa_ff_server.c to calculate the amount of data from client correctly
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-05-28 14:31:48 +03:00
b7e5f31e2a Replace final sprintf() with snprintf() in psa_ff_server.c
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2024-05-28 14:31:48 +03:00
473dea26a6 Remove unnecessary testing and documentation
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-05-28 11:15:21 +00:00
c7569a8c4b Merge pull request #9159 from gilles-peskine-arm/analyze_outcomes-generate_files
Generate test data before coverage analysis
2024-05-23 12:08:15 +00:00
39c5207d79 ssl-opt.sh, compat.sh: Error out if not executing any tests
Alert if all tests are filtered out or skipped: that probably indicates a
test script that set up an unintended configuration or an overly strict
filter. You can pass `--min 0` to bypass this check. You can pass `--min`
with a larger value to require that many test cases to run.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-23 13:38:26 +02:00
f5473a0260 Merge pull request #9057 from Ryan-Everett-arm/crypto-config-test_ref_configs
Update the reference configs to use `MBEDTLS_PSA_CRYPTO_CONFIG`
2024-05-23 05:58:55 +00:00
77bd479825 Change mbedtls_mpi_core_mla() to be constant time
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-05-23 00:22:44 +00:00
2ad2f3207e Pacify pylint
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-22 09:35:11 +02:00
78ae4f6fe1 Generate test data before coverage analysis
Fixes #8300.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-21 20:26:18 +02:00
e27738308c Merge mbedtls_mpi_core_sub() constant time testing and functional testing
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-05-21 16:05:52 +00:00
df1bfec990 Merge pull request #9121 from valeriosetti/issue8963
Add client-server build to all.sh
2024-05-20 07:14:37 +00:00
27098b458b fix typo
Signed-off-by: Turiiya <34311583+ttytm@users.noreply.github.com>
2024-05-18 18:08:12 +02:00
a8004f27b7 Add additional CCM unset
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-17 14:48:47 +01:00
8f83ba08e2 Change the way CBC is set
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-17 14:44:15 +01:00
b30cd3bb8f Improve test-ref-configs.pl
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-17 14:34:11 +02:00
1f3c99c774 psa_autogen.py: improve management of output files
While at this, fix also Makefile so that "make clean" does not
complain if some of the files to be cancelled do not exist.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-16 16:13:38 +02:00
1f95ede98c Fix "maybe-uninitialized" warning with GCC 11.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16 08:12:03 +02:00
a33a824d8a Resolve PBKDF2_AES_CMAC_PRF_128 dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16 08:12:03 +02:00
4dd6631aac test-ref-configs.pl: Detect automatically test with USE_PSA enabled
Change the way we decide if for a given
configuration we need to run tests with
and without MBEDTLS_USE_PSA_CRYPTO enabled.
That makes the script suitable for 3.6 and
development branch.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16 08:12:03 +02:00
640276268d Fix compat.sh filters
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-05-16 08:12:03 +02:00
bdce65700e Merge pull request #9067 from gilles-peskine-arm/ssl-opt-server2-detection
Fix skipped tests in configurations without RSA
2024-05-15 12:06:31 +00:00
69ca57eadc Fix typo
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-14 16:29:23 +01:00
b7c624ddd8 Remove _use_psa suffix from remaining components
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-14 16:11:00 +01:00
5f2595a018 Remove non- _use_psa versions of components
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-14 16:09:34 +01:00
87d99fbd6c psasim: create a seedfile to be used for the crypto server
This allows to re-enable MBEDTLS_ENTROPY_NV_SEED since the
seedfile is correctly found in the "test" folder at runtime.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-14 10:57:35 +02:00
dce6b85af8 psa_ff_client: fix typos and useless blank lines
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-14 10:43:14 +02:00
f57afd5acd all.sh: improvements
- add quotes to the $@ parameter in helper_crypto_client_build()
- instead of copying mbedtls_config.h to build static libraries,
  we rely on the already existing backup/cleanup mechanism which
  is available in all.sh.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-14 10:39:20 +02:00
fc73aa02b0 Add missing dependency that isn't autodetected
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-13 21:18:41 +02:00
f5a30afdae Remove redundant RSA dependency
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-13 21:18:28 +02:00
d9c7be775e Explicitly use TLS 1.2 on <=1.2-specific keyUsage/extKeyusage tests
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-13 21:17:35 +02:00
f9f3d21a67 Fix PSK invocation: GnuTLS PSK length (more)
Replace more sample PSK by longer (GnuTLS-compatible) strings, taking care
of keeping distinct PSK distinct for wrong-PSK tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-05-13 21:06:26 +02:00
3235165e07 Change mpi_core_check_sub to be constant time
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-05-13 13:47:04 +00:00
299e741e8e Add mbedtls_framework to mypy checks
Since this python module resides in the framework submodule we must
add an extra explicit path to it for mypy.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-13 14:43:38 +01:00
cd84bb287b Update references to mbedtls_dev
Change these to point to the new mbedtls_framework module in the
framework submodule.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-13 14:43:29 +01:00
1131318b72 Add framework/scripts to scripts_path.py
This allows test scripts to find the new mbedtls_framework module.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-13 13:48:13 +01:00
a621fd9df3 gitignore: ignore test_keys.h and test_certs.h
These files are automatically generated at build time so they
do not need to be tracked.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-13 11:13:36 +02:00
2cdc8f7aa5 Merge pull request #9122 from davidhorstmann-arm/fix-fuzzing-build-failures
Move some test data generation to main CMakeLists.txt (/ fix fuzzing build failures)
2024-05-12 18:56:11 +00:00
cbea7d6e67 Add note explaining component purpose
We are testing that we don't break OSS-Fuzz, primarily.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-10 15:37:57 +01:00
c98f8ab5f7 crypto-client: allow debug build of libraries and test binaries
Add DEBUG=1 in test_psasim() to helpers and final make to build
the libraries and the final binaries with debug symbols
enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 15:53:40 +02:00
041ed42555 Add all.sh component for programs without tests
Check that we can build under CMake with ENABLE_TESTING=OFF but
ENABLE_PROGRAMS=ON.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-10 14:37:48 +01:00
1238b37573 Move test generated files to main CMakeLists.txt
Move the generation of tests/src/test_certs.h and tests/src/test_keys.h
to the main CMakeLists.txt. This is required because these files are
needed both by tests and programs, whereas tests/CMakeLists.txt is only
included when ENABLE_TESTING is on.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-05-10 14:23:16 +01:00
9b5768782e Merge pull request #9104 from valeriosetti/issue8962
Add a component to all.sh to build and run psasim
2024-05-10 12:45:04 +00:00
237a64ef07 crypto-client: remove log files on "make clean"
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 12:32:10 +02:00
400168cd1a crypto-client: fix the SID
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 12:31:41 +02:00
cd89c1ffc8 crypto-client: simplify build of mbedtls static libraries
Instead of copying the entire library & include folders twice
to build libraries for client and server:

- change the main config file (mbedtls_config.h)
- build in the root library folder
- move the generated library in the psasim folder
- use those library for linking the client/server binaries

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 11:23:30 +02:00
66fb1c17ff crypto-client: reorganize source files/folders
The goal is to keep psasim as simple as possible:

- do not build a separate lib for psa-ff; build those source
  files as part of server or client
- do not have lot of different makefiles: just 1 that does all
  we need
- do not have several subfolders for headers: only 1 is enough
  for this kind of project

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 07:59:22 +02:00
dde9579fab all.sh: crypto-client: keep NV_SEED disabled in the server lib
This is necessary because otherwise the library is not able to
find the seedfile at runtime and it fails the initialization.
However since this test runs on a standard PC we can rely on
platform entropy as source of entropy.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 05:22:33 +02:00
655b9793c0 crypto-client test: implement the first IPC call for psa_crypto_init()
This commit implements the first useful IPC communication between
the client and the server. The implemented command is simple,
psa_crypto_init(), and its return value is sent back to the client.

Note: the newly added file psa_functions_codes.h is temporary
and it's probably the one that needs to be automatically
generated by a python script to support all crypto functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-10 05:22:23 +02:00
67338c050a Restore toggling of MBEDTLS_CIPHER_MODE_CBC
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-05-09 15:21:14 +01:00
4362aaef7f crypto-client test: ensure that client/server are linked against proper MbedTLS libraries
Ensure that both server and client can call mbedtls_version_get_string_full()
to verify that they are linked against proper libraries.

Note: each side (client/server) performs the call against its own
MbedTLS library. There is no IPC communication involved in this
test. Client/server communication will come later.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-05-09 09:23:46 +02:00