lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
23,903 Commits 176 Branches 276 Tags
cdaaef52f411c8e83669f9c7c5d4a0a849ab1de9
Commit Graph

906 Commits

Author SHA1 Message Date
Gilles Peskine
4da92832b0 Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Dave Rodgman
bf4016e5d5 Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Manuel Pégourié-Gonnard
289e5baa83 Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Przemek Stekiel
4aa99403f4 Fix configuration for accelerated jpake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-07 10:50:09 +01:00
Manuel Pégourié-Gonnard
a5ffa93e43 Merge pull request #7142 from mpg/driver-only-ecdh-starter 
Driver-only ECDH starter
 2023-03-07 09:14:38 +01:00
Manuel Pégourié-Gonnard
86393db84d Revert local experiment. 
This was never meant to be committed here.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 16:19:05 +01:00
Manuel Pégourié-Gonnard
07d92620d4 Fix some message strings and comments in all.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:38:55 +01:00
Manuel Pégourié-Gonnard
0d1f5be688 Add comment about shared config function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-06 13:35:21 +01:00
Dave Rodgman
45cef61fa4 Merge branch 'development' into md-light 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-03 14:28:13 +00:00
Dave Rodgman
1f39a62ce6 Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Dave Rodgman
0fddf829d5 Add more detailed comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 15:32:12 +00:00
Dave Rodgman
1c232a8311 Enable -Werror for armclang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 13:39:04 +00:00
Dave Rodgman
2f386c55ff Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-02 13:38:33 +00:00
Gilles Peskine
b52b788e55 Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension 
Add AES with armv8 crypto extension
 2023-02-28 18:16:37 +01:00
Manuel Pégourié-Gonnard
623c73b46d Remove config.py call on now-internal option 
It turns out config.py wouldn't complain, but it's still confusing.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 20:36:05 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros 
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-23 17:18:33 +01:00
Przemek Stekiel
bdc21e623e Disable MBEDTLS_PSA_CRYPTO_SE_C is ecdsa psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-23 17:12:19 +01:00
Manuel Pégourié-Gonnard
0d4152186d Make MBEDTLS_MD_LIGHT private for now. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-23 13:02:13 +01:00
Valerio Setti
6445912d9c test: enable ssl-opt in test_psa_crypto_config_[accel/reference]_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-22 12:35:16 +01:00
Przemek Stekiel
b45b8ce474 Disable MBEDTLS_PSA_CRYPTO_SE_C is hash psa builds 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
9dd2440c95 Change pake input: key_lifetime -> key attributes 
In the future key attributes will be available for opaque driver via psa_crypto_driver_pake_get_password_key().

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:32 +01:00
Przemek Stekiel
9a5b812aa8 Cleanup the code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:30:31 +01:00
Przemek Stekiel
03790029a6 Add test components to test accelerated pake and fallback 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-02-22 11:25:30 +01:00
Manuel Pégourié-Gonnard
e91bcf31b6 Add comparison of accel_ecdh_use_psa against ref 
With temporary exclusions to be lifted as follow-ups.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 13:07:19 +01:00
Manuel Pégourié-Gonnard
59a2b8fd57 Add component accel_ecdh_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:42:31 +01:00
Manuel Pégourié-Gonnard
e3095e7cb0 Add comments to accel_ecdh component 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-21 12:19:06 +01:00
Manuel Pégourié-Gonnard
9e04b5bcfc Disable MD-light in accel_hash_use_psa 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-20 12:53:23 +01:00
Manuel Pégourié-Gonnard
b9b630d628 Define "light" subset of MD 
See docs/architecture/psa-migration/md-cipher-dispatch.md

Regarding testing, the no_md component was never very useful, as that's
not something people are likely to want to do: it was mostly useful as
executable documentation of what depends on MD. It's going to be even
less useful when more and more modules auto-enable MD_LIGHT or even
MD_C. So, recycle it to test the build with only MD_LIGHT, which is
something that might happen in practice, and is necessary to ensure that
the division is consistent.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-16 22:30:06 +01:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4 Merge pull request #6970 from valeriosetti/issue6857 
driver-only ECDSA: get testing parity in PK
 2023-02-08 13:33:15 +01:00
Jerry Yu
e51eddce38 disable aesce when ASM not available 
Change-Id: Icd53a620cc3aed437b0e0e022ca5a36f29caeea1
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-07 17:11:53 +08:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE 
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host 
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-01 10:50:50 +08:00
Manuel Pégourié-Gonnard
aae61257d1 Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Manuel Pégourié-Gonnard
00d3e96042 Merge pull request #6855 from mpg/driver-only-ecdsa-starter 
Driver-only ECDSA starter
 2023-01-24 13:06:17 +01:00
Manuel Pégourié-Gonnard
d84902f4ef Add issue numbers to TODO comments 
In the python script I didn't use the word TODO because pylint doesn't
like that, but morally it's the same.

I removed the comment about "do we need a subset of compat.sh?" because
it turns out that `ssl-opt.sh` is already exercising all the key
exchanges:

    % sed -n 's/.*force_ciphersuite=TLS-\([^ ]*\)-WITH.*/\1/p' tests/ssl-opt.sh | sort -u
    DHE-PSK
    DHE-RSA
    ECDH-ECDSA
    ECDHE-ECDSA
    ECDHE-PSK
    ECDHE-RSA
    ECJPAKE
    PSK
    RSA
    RSA-PSK

(the only omission is ECDH-RSA which is not of interest here and does
not actually differ from ECDH-ECDSA). So, we don't need a subset of
compat.sh because we're already getting enough testing from ssl-opt.sh
(not to mention test_suite_ssl).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 13:03:13 +01:00
Manuel Pégourié-Gonnard
bc19a0b0d8 Fix missing SHA-224 in test driver build 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 12:54:24 +01:00
Manuel Pégourié-Gonnard
5a2e02635a Improve a few comments & documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-23 12:51:52 +01:00
Dave Rodgman
1a034dcc20 Add regression test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-01-20 13:18:05 +00:00
Valerio Setti
41b5fb6536 test: ensure X509 has no dependency on BIGNUM when built without MBEDTLS_DEPRECATED_REMOVED 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Gilles Peskine
c848d226bf Switch code style check to enforcement mode 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:14 +01:00
Gilles Peskine
3900bddd77 Merge pull request #6823 from mpg/unify-openssl-variables 
Use OPENSSL everywhere, not OPENSSL_CMD
 2023-01-10 22:10:19 +01:00
Manuel Pégourié-Gonnard
28d4d43416 Merge pull request #6863 from valeriosetti/issue6830 
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
 2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard
3368724ade Merge pull request #6870 from valeriosetti/issue6831 
Document/test dependencies on ECP & Bignum
 2023-01-10 09:25:41 +01:00
Manuel Pégourié-Gonnard
10e3963aa4 Add comparison of accel_ecdsa against reference 
For now, ignore test suites that don't have parity even is they should.
The purpose is just to prepare the infrastructure and map the work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
171c45feda Add component accel_ecdsa_use_psa 
This is the basis for future work, we'll want to make sure everything
passes in this component.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-05 12:55:08 +01:00
Manuel Pégourié-Gonnard
6d7db93bbb Enable TLS 1.3 in accelerated ECDSA test 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-01-05 12:55:08 +01:00