66300d6f40
Force SHA-256 for entropy in libtestdriver1
...
We only enable SHA-256, so let's use that.
Previously the entropy module was deciding which hash to use based on
MBEDTLS_xxx_C feature macros, and since only SHA256_C was defined in
config_test_driver.h, it used that and things worked.
However since entropy was changed to use MD light, and
MBEDTLS_MD_CAN_xxx feature macros, we had an issue: when building
libtestdriver1 with its default config, MBEDTLS_PSA_ACCEL_ALG_SHA_512 is
defined even though there's no actual accelerator in the build. (This is
done so that PSA_WANT_ALG_SHA_512 can remain defined in order to match
the application's config, while not defining
MBEDTLS_PSA_BUILTIN_ALG_SHA_512 in order to only include what we need in
the build of libtestdriver1.) This will cause MD to dispatch to PSA in
order to take advantage of the accelerator, which will then fail because
there is no accelerator not builtin for this hash.
In the long-term, perhaps it would be best to address the root of the
issue: defining MBEDTLS_PSA_ACCEL_ALG_SHA_512 in a build that doesn't
actually have a SHA-512 accelerator is a lie. But that would require
significant changes in libtestdriver1. So for now, just fix the most
obvious symptom (picking a non-supported hash in entropy.h) by forcing
the choice of hash to match what's in the libtestdriver1 config.
Note: if the copy of entropy module in libtestdriver1 doesn't work,
we'll get a failure when calling libtestdriver1_psa_crypto_init(), which
we do, from mbedtls_test_transparent_init(), indirectly called by our
psa_crypto_init() which will then fail.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-24 10:43:40 +01:00
5d0d641332
Test entropy.c with driver-only hashes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-24 10:43:40 +01:00
2334d3a9b1
Fix driver_wrappers test
...
These were assuming that psa_crypto_init() doesn't call hashes, which is
not always correct.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-24 10:43:40 +01:00
5cd4b6403b
Use MD-light in entropy.c
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-24 10:43:40 +01:00
a266332189
test: improve analyze_outcomes.py script
...
Allow the script to also execute the tests needed for the following
analysis. It doesn't affect the previous usage of this script:
- if the output file is already present, then only the analysis
is performed
- if the outfile does not exists, then tests are also executed
before doing the analysis
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-24 09:31:38 +01:00
f9fca53cb4
ecp_curves: Updated ecp_mod_p384_raw documentation
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-23 12:17:17 +00:00
ac6db4d649
Merge pull request #7317 from mpg/lift-exclusions
...
Lift exclusions from driver-only hash component
2023-03-23 12:01:01 +01:00
df2b5da57f
Add generated files
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-23 10:58:43 +00:00
b6264f3847
Update BRANCHES.md
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-23 10:58:20 +00:00
db67e99bbf
Bump library, libcrypto and libx509 versions
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-23 10:57:39 +00:00
dbe435cda0
Assemble Changelog for 3.4.0 release
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-23 10:46:10 +00:00
f0b883f0a9
Merge pull request #7312 from valeriosetti/issue7254
...
driver-only ECDH: enable TLS 1.3 key exchanges
2023-03-23 11:40:11 +01:00
226f9b903f
ssl_tls: fix guard in ssl_misc.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-23 09:28:51 +01:00
5038a38695
ssl_cache: Return standard mbedtls error code
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-23 15:53:43 +08:00
cdf06f69dd
Improve function return value description
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-23 11:15:24 +08:00
4903139bc4
Add security entry to ChangeLog for AES-NI
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-03-22 17:43:40 +00:00
a9c58584be
Add security entry to ChangeLog for AES-CE
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-03-22 17:42:17 +00:00
1c693d4371
Improve positioning of GENERATE_XML option
...
It is clearer to have this option next to the GENERATE_LATEX option.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-03-22 17:35:14 +00:00
5158bd8ac8
Remove Exhale from requirements and regenerate
...
Regenerate the requirements.txt with Exhale removed and also with Python
3.9 instead of 3.8, for parity with Read The Docs.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-03-22 17:30:22 +00:00
e214827347
Add TLS1.2 Opaque ECJPAKE changelog entry
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-22 15:03:32 +00:00
8e9fb2d51e
Merge pull request #7297 from valeriosetti/issue7253-part2
...
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 2
2023-03-22 14:47:12 +01:00
68d64a10b6
ecp_curves: Re-introduced mbedtls_ecp_fix_negative()
...
This patch re-introduces `mbedtls_ecp_fix_negative` and
appropriately adjusts its' define guards.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-22 11:28:15 +00:00
89029e7366
changelog: fix description for ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
080a22ba75
ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
8427b56d71
added changelog for accelerated ECDH changes
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
0c8ec3983e
ssl_tls: fix proper guards for accelerated ECDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
90df310d89
ssl_tls13: fix guards for accel ECDH
...
These changes fix all failures found in test_suite_ssl
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
4059aba353
accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:48:34 +01:00
ccf0be28e8
fix typo
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:40:05 +01:00
da8535b74e
ecdh: simplify guards for the newly created PSA_HAVE_FULL_ECDH symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:40:05 +01:00
13ce40323f
test_suite_ssl: remove redundant dependencies when the key exchange is specified
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:40:05 +01:00
7a2f39692a
ecdhe: solve disparities in accelerated ECDHE vs reference
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:37:45 +01:00
d3f0b9e78c
ecdhe: fix guards for accelerated ECDHE key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:36:59 +01:00
a81130f159
test: enable ECDHE key exchanges for driver coverage tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-03-22 10:36:59 +01:00
5663682728
Merge pull request #7284 from mpg/use-md-can
...
Use md-can macros
2023-03-22 08:42:04 +01:00
1b5957165a
Add Changelog for PSA to Mbed TLS error translation unification
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-21 16:38:31 +00:00
c4d759b697
Update AESCE changelog entry
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-03-21 16:31:18 +00:00
dcc0ee1a1e
Update changelog entry, splitting into two sections
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-03-21 15:52:20 +00:00
8d3fa9bd7b
Add changelog entry for #6932 and #7203
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-03-21 15:52:08 +00:00
4af90bbcda
EcpP384R1Raw: Added test case for 2nd round of carry reduction.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-21 15:46:51 +00:00
37f4cb6d0e
ecp_curves: Minor rework for p384
...
This patch adjusts formatting, documentation and testing.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-21 15:46:50 +00:00
3201f56952
Rename misnamed changelog entries
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-03-21 15:46:33 +00:00
f359c91f9b
ecp test generator: Added EcpPp384R1Raw().
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-21 15:45:18 +00:00
619385d8bc
test_suite_ecp: Added ecp_mod_p384_raw() test case.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-21 15:45:17 +00:00
8965b65bd8
Remove now-spurious dependencies
...
Now that HMAC-DRBG can use driver, so can deterministic ECDSA
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:42:06 +01:00
91cc8bbc87
Enable ECDSA-det in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:42:06 +01:00
d111fbdad1
Enable HMAC-DRBG in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:42:05 +01:00
fbaf4e98d8
Enable PKCS7 in driver-only hashes component
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:42:05 +01:00
0d1921c4c2
Enable HKDF in driver-only hashes test
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:42:05 +01:00
6fb105fb2e
ecp_curves: Ported prototypes
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2023-03-21 15:41:26 +00:00
