2811 Commits

Author SHA1 Message Date
Minos Galanakis
a2a0c2cbe7 Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2025-03-12 15:25:06 +00:00
Gilles Peskine
2e5a7ea9bc Fix Doxygen markup
Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-03-05 17:02:18 +01:00
Valerio Setti
12e67eaa5b programs: remove DHM_C usage from selftest
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
73cd415c0b programs: remove DHM_C from ssl_client2 and ssl_server2
MBEDTLS_DHM_C is being removed so all its occurencies should be removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
540e7f3738 programs: remove dh_client and dh_server
These sample programs depend on MBEDTLS_DHM_C which is being removed, so
they should be as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-03-05 10:11:22 +01:00
Valerio Setti
f8244d49b0 programs: update .gitignore
Remove entry for benchmark program since it was moved to the tf-psa-crypto
repo.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-02-21 11:20:47 +01:00
Valerio Setti
34b4aa1f58 programs: move benchmark to tf-psa-crypto repo
This commit also removes references from Makefile and README.md.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2025-02-21 11:20:47 +01:00
Harry Ramsey
f6fb2f0cb4 Update documentation regarding test_zeroize
This commit updates the paths in documentation for test_zeroize since
it has been moved to MbedTLS Framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-19 15:30:25 +00:00
Harry Ramsey
53ba6ad106 Update paths for moved program files in CMakeLists
This commit fixes the paths of program files which were moved to the
MbedTLS Framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-19 15:30:24 +00:00
Harry Ramsey
c19b8e80e7 Update include paths in C files
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-19 15:25:44 +00:00
Harry Ramsey
2543ec0608 Update paths for moved program files in makefiles
This commit updates the file paths necessary for dlopen_demo.sh,
metatest.c query_compile_time_config.c, query_config.h,
query_included_headers.c and zeroize.c.

This commit also adds a CFLAG to find header files now contained in the
framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-19 15:25:44 +00:00
Harry Ramsey
b14141dd71 Move programs out of Mbed TLS
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2025-02-19 15:17:32 +00:00
Ben Taylor
837130cf65 Improve Changelog and correct alg selection
Improve the description of the API changes in the changelog and
fix some incorrect alg selection variables in ssl_server2.c.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-02-04 07:50:19 +00:00
Ben Taylor
0c29cf87b1 Move ssl_ticket to the PSA API
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
2025-01-30 08:22:40 +00:00
Gilles Peskine
bc7c523420 Remove uses of secp244k1
Remove all code guarded by `PSA_WANT_ECC_SECP_K1_224`, which is not and will
not be implemented. (It would be K1_225 anyway, but we don't intend to
implement it anyway.)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-08 16:51:23 +01:00
Ronald Cron
a747fa6127 make: Fix psa_constant_names_generated.c generation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:59:52 +01:00
Ronald Cron
5096b4cb4b Revert "Remove mbedtls_test"
This reverts commit 939ce9d0d543530b84eef05405ee21ee89eb8246.

Build mbedtls_test library of objects to link
with TLS and x509 test suites and programs
with mbedtls framework not TF-PSA-Crypto
one (when it will be there).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:56:49 +01:00
Ronald Cron
8392f189e2 Move build of PSA programs to tf-psa-crypto
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-10 16:54:05 +01:00
Ronald Cron
a13d4049ba
Merge pull request from Harry-Ramsey/move-programs-psa-tf-psa-crypto-development
Move programs/psa to tf-psa-crypto
2024-12-09 07:38:16 +00:00
Ronald Cron
1fe5277c88 Remove unnecessary error.h inclusions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
6924564970 Move back timing.c to mbedtls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Ronald Cron
d5331ff4e6 cmake: Move cert.o to mbedtls_test_helpers library of objects
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-12-04 14:25:02 +01:00
Harry Ramsey
af0594198b Revert program CC output in Makefile
This commit reverts tf-psa-crypto program CC output informing the user
what file is being compiled.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:21:35 +00:00
Harry Ramsey
20d3cf2300 Update programs/Makefile path
This commit updates a recipe path in programs/Makefile.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:21:35 +00:00
Harry Ramsey
8ee1b5d098 Update gitignore
Update gitignore in programs and tf-psa-crypto following the move of
multiple files.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:21:35 +00:00
Harry Ramsey
fb4824b496 Fix incorrect paths to generate_psa_constants.py
This commit fixes incorrect paths to generate_psa_constants.py after
being moves to tf-psa-crypto.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
91c0d4685f Use static paths in makefile for programs
This commit uses static paths in the makefile to create programs since
the script generate_visualc_files.pl cannot substitute variable paths.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
e1d6f74b92 Move generate_psa_constants.py to tf-psa-crypto
This commit moves generate_psa_constants.py to tf-psa-crypto and updates
the paths inside the script necessary for that move.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
fae7411429 Refactor programs/Makefile
This commit refactors the Makefile in the programs directory to remove
unused variables and consistent naming schemes.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
d66fb8475c Adjust psa program paths in CMakeLists
This commit adjusts the paths of programs/psa to tf-psa-crypto/programs
in CMakeLists.txt.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
e1d70a00d6 Adjust psa program paths in Makefile
This commit adjusts the paths of programs/psa to tf-psa-crypto/programs.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:20:52 +00:00
Harry Ramsey
ced26059e3 Move psa programs to tf-psa-crypto directory
This commit moves psa programs from the programs/psa directory to
tf-psa-crypto/programs/psa directory.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-11-20 16:12:43 +00:00
David Horstmann
b4dcb952ea Add SSL-related test includes to ssl programs
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-18 15:50:44 +00:00
David Horstmann
d2cabf2030 Add missing extra include path to fuzzer programs
The fuzzer needs both kinds of test helper so needs to include things
from both new and old locations.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-18 15:50:44 +00:00
David Horstmann
5b93d97b95 Update references to test helpers
Replace:
* tests/src -> framework/tests/src
* tests/include -> framework/tests/include

Except for occurrences of:
* tests/src/test_helpers (since this only contains ssl_helpers.c)
* tests/src/test_certs.h
* tests/include/alt_dummy

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-11-18 15:50:44 +00:00
Ronald Cron
939ce9d0d5 Remove mbedtls_test
Use tf_psa_crypto_test instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 13:52:36 +01:00
Ronald Cron
8126a686d9 cmake: Rename mbedcrypto library to tfpsacrypto
Do not do the same in the make build system yet,
cmake build system only scope for this PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:28:27 +01:00
Ronald Cron
b7d0e52e16 cmake: Rename mbedcrypto target to tfpsacrypto
Rename mbedcrypto target to tfpsacrypto and
prefix all cmake related variables with
tfpsacrypto instead of mbedcrypto.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-11-14 09:28:27 +01:00
Paul Elliott
fc140d0c6b
Merge pull request from gilles-peskine-arm/coverity-20241004
Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
2024-11-06 19:03:13 +00:00
Bence Szépkúti
cd0fb1d178
Merge pull request from jetm/ssl-client2-get-req-host
ssl_client2: Add Host to HTTP GET request
2024-10-31 11:32:49 +00:00
Ronald Cron
3e9cc2c213 key_ladder_demo: Initialize additional data to all zeroes
The header structure was initialized only field by
field. This does not initialized the padding bytes
and MemSan was complaining with use of
uninitialized data in test_memsan all.sh component.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-25 18:09:40 +02:00
Ronald Cron
b2478989e2 cmake: GNU GCC: Set base compile options target by target
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-10-25 18:09:33 +02:00
Harry Ramsey
9c66405098 Disable strerror in test programs
This commit disables printing strerror messages in test programs. This
is due to moving the functions back to Mbed TLS and wanting to keep
dependencies of programs small. The code has not been removed but simply
commented out for when these functions are reimplemented.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-18 11:17:50 +01:00
Harry Ramsey
3901af52b8 Add x509 library to utility programs
This commit adds Mbed TLS x509 as a library dependency for utility
programs. This is necessary for strerror.c to work correctly.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-18 08:19:50 +01:00
Gilles Peskine
1392017263 Remove unreachable assignments
This is harmless, but we might as well remove the unreachable line. If we
ever add a break to the loop and we don't think of changing the surrounding
code, it would make more sense not to set exit_code to SUCCESS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-07 11:23:39 +02:00
Gilles Peskine
713127de4c dtls_server: allow unexpected messages during handshake
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.

Fixes .

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-10-02 11:09:20 +02:00
Gilles Peskine
5333425891 Always call psa_crypto_init before using TLS
In Mbed TLS 4.0, all cryptography goes through PSA, so calling
psa_crypto_init() is now mandatory before starting a TLS connection (as was
the case in Mbed TLS 3.x with MBEDTLS_USE_PSA_CRYPTO enabled).

Switch the TLS sample programs to calling psa_crypto_init() unconditionally.
Otherwise TLS 1.3 connections fail, and (D)TLS 1.2 connections soon will.

This commit omits the test programs ssl_client2 and ssl_server2, which don't
require a change right now. They will be covered when we make
MBEDTLS_USE_PSA_CRYPTO always on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 21:12:57 +02:00
Gilles Peskine
6e3de21492 dtls_client: don't force the use of IPv6
Default to connecting to "localhost", like ssl_client1.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 18:05:17 +02:00
Gilles Peskine
530cb417fe ssl_server: Allow the client to close the connection first
This is necessary when testing against OpenSSL 1.0.2g.

In the server, flush more often. Otherwise, when stdout is redirected to a
file, the server gets killed before it writes important information, such as
the logs that we expect in the test cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 18:05:17 +02:00
Gilles Peskine
6b4d6931e7 Test dtls_server
Test against both OpenSSL and GnuTLS.

Don't use a proxy. It's not particularly useful here, and would complicate
figuring out port numbers.

Clean up compile-time requirements dtls_server.c: any certificate-based key
exchange is ok, so don't insist on built-in RSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-09-25 18:05:17 +02:00