In preparation for reworking mbedtls_ssl_prepare_handshake_record(),
don't assert negatively on "reassembled record".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak
the "waiting for more handshake fragments" log message in
ssl_consume_current_message(), and add a similar one in
mbedtls_ssl_prepare_handshake_record(). Assert both.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The symmetric encryption used for transportation matters for TLS 1.2
defragmentation, since the code is sensitive to the presence of an
explicit IV. So have separate test cases for each class of symmetric
encryption.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The output is identical to the manually written tests in
`tests/opt-testcases/handshake-manual.sh`, except that the script doesn't
generate explanatory comments (they're in the generator script instead).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit updates the filepath to demo_common.sh in dlopen_demo.sh and
the comment in demo_common.sh regarding how to use demo_common.sh.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
This commit moves user-config-zeroize-memset.h to TF-PSA-Crypto where it
more appropriately belongs.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
components-compliance.sh has been moved from the Mbed TLS repo to the
TF-PSA-Crypto one. This means that the test_psa_compliance.py script
can be executed in the following scenarios:
* TF-PSA-Crypto repo in development branch;
* Mbed TLS repo in mbedtls-3.6 branch.
This commit includes all the required changes to make the script working
in both scenarios. It also fixes some paths management making them more
pythonic.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit adapts the scripts apidoc_full.sh and doxygen.sh to run for
TF-PSA-Crypto out of source builds.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
Hanshake serialization requires that the selected ciphersuite uses
an AEAD algorithm. However, following the DHE-RSA removal, trying to
still use RSA signature might select a ciphersuite which is not using
AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c").
This is especially problematic in tests scenarios where both GCM and
ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm.
Ciphersuites using RSA signature and CCM are very low on the preference
list, so very unlikely to be picked in tests. This cause a CBC one to
be selected in this case and the handshake_serialization() function
to fail.
In order to prevent failures from happening, in this commit we require
that either GCM or ChaChaPoly are enabled, so that ciphersuites using one
of these are likely to be picked.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
In this commit also MBEDTLS_KEY_EXCHANGE_SOME_DHE_ENABLED is removed.
This cause some code in "ssl_ciphersuites_internal.h" and
"ssl_tls12_server.c" to became useless, so these blocks are removed
as well.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
Gilles Peskine