This commit adds "generate_test_keys.py" script to generate
predefined keys used in test_suite_pk. Keys are generated with
"programs/pkey/gen_key" tool and converted to C array using
the python script.
tests/src/test_keys.h is automatically generated using the
above mentioned script.
test_suite_pk is updated in order to use the new format.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Instead of using PK module to import/export the key in a PSA friendly
format:
- for RSA keys we use the DER input data directly;
- for EC keys we extract the private key manually.
This helps avoiding dependencies from PK_WRITE and PK_PARSE.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add pk_info parameter in order to ease the requirements on the provided
PK context. Now it can simply be initialized, but not setup.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
This helps dropping dependency on FS_IO.
This commit also removes DER files that were previusly added and which
are not more needed/used.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Skipping DTLS 1.2 with old versions was already done, but now properly
test support only once and use the results.
Note that historically, this script's policy was that it's the user's
job to find the right value of -e (EXCLUDE) for their version for
OpenSSL & config. Now it's a weird mix of that and the script doing some
detection and skipping.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Fix documentation of mbedtls_ssl_session_set()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
It was eventually decided to not support multiple
tickets in TLS 1.3 ClientHello messages thus
removing the parts in mbedtls_ssl_session_set()
documentation that were anticipating that.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix documentation of mbedtls_ssl_session_get()
regarding its interaction with session
ticket enablement.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The API has eventually not been changed to
return multiple tickets through multiple
subsequent call to it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix documentation of mbedtls_ssl_session_save()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 session case.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
We use logical '&&' everywhere, let's be consistent.
(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- "in-driver" test should depend on the present
of a driver.
- add new counter in key manangement driver test
hook which counts the calls of generate_key.
- We only care about the hits when processing
`psa_generate_key`.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
