Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

For test purposes only. Not for review. #13946

Closed
wants to merge 52 commits into from
Closed

For test purposes only. Not for review. #13946

wants to merge 52 commits into from

Conversation

SebastianBoe
Copy link
Contributor

For test purposes only. Not for review.

@github-actions github-actions bot added doc-required PR must not be merged without tech writer approval. manifest changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. labels Feb 9, 2024
mswarowsky and others added 3 commits February 13, 2024 09:22
@mswarowsky @SebastianBoe
nrf_security: Use MBEDTLS_PSA_CRYPTO_CONFIG_FILE
1e1e4b4 
So far the MBEDTLS_USER_CONFIG_FILE was used to pass the PSA
configuration to mbedTLS but with mbed TLS 3.5.2 it has its own
MBEDTLS_PSA_CRYPTO_CONFIG_FILE so changing the build system to use that
for passing the PSA_WANT configs which is now required for legacy and
PSA crypto builds.

The MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE is now used for the PSA_NEED
definitions.

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@Vge0rge @SebastianBoe
Revert "remove oberon_config.h since we don't use it"
2157dd8 
This reverts commit caff2f3cd82b22d419007514b38079e033b708ca.

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@Vge0rge @SebastianBoe
Revert "Remove crypto_driver_config.h, we don't use it"
c547a9f 
This reverts commit a655b29b185bc49afc9e3ad33dd06d3af603ff73.

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
Vge0rge and others added 23 commits February 13, 2024 09:44
@Vge0rge
ext: Update the Oberon PSA core to version 1.2.1
c81b38d 
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@Vge0rge
nrf_security: Adapt nrf_security to PSA core 1.2.1
3744ed4 
Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
samples: psa_tls: Remove RSA from the default config
f5fed07 
By setting CONFIG_PSA_WANT_KEY_TYPE_RSA_KEY_PAIR RSA got enabled by
default, moving it into the rsa.conf will only enabled it when needed.

Also adding the Key size 2048 as this is size of the used certificate

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
nrf_security: Adding Mbed TLS defines for TLS to nrf-config
c988975 
For TLS some Mbed TLS config defines are needed, even though PSA crypto
is used, as TLS is still using legacy crypto. So that mbedTLS legacy
crypto is added in the non-secure app. To configure it the Kconfig
options are set and the corresboding cmake defines, but they didn't
get parsed in the nrf-config.h file so adding this with this commit

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
nrf_security: Add MBEDTLS_PK_PARSE_EC_EXTENDED kconfig
ee79c1b 
Before this MBEDTLS option was enabled by default, causing build issues
Adding it as Kconfig enables it to be enabled when needed

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@Vge0rge
ext: oberon: Remove duplicate mbedtls header files
ebc50ba 
Remove header files which exist in the Oberon PSA core
under the mbedtls folder which are not modified by Oberon.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@SebastianBoe @Vge0rge
samples: rsa: Enable a key size of 2048 instead of 1024
ef9e305 
Enable a key size of 2048 instead of 1024 as the source code
explicitly uses this key size.

It is not clear how this has been passing CI earlier.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
samples: hmac: Add PSA_WANT_ALG_SHA_256
997263f 
The HMAC uses SHA-256 so we should also have it as a dependency

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@SebastianBoe @Vge0rge
quarantine: Stop testing redundant tests
574aed6 
Stop testing redundant tests. They are failing and don't provide
enough value to be maintained.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
ext: Fix C++ struct init in for PAKE operation
c8ba1c4 
openthread is build with C++ which has an issue with { 0 }
initialization if there are more then one struct nested inside another
struct. Therefor using {  } which should result in the same code and does
not result in a build warning

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
serial_lte_modem: Add CBC and PKCS7 dependencies
810811d 
PKCS7 is needed for certificate parsing, which also requires CBC mode,
therefore enabling both

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@mswarowsky @Vge0rge
samples: http_server: Add CBC and PKCS7 dependencies
20da623 
PKCS7 is needed for certificate parsing, which also requires CBC mode,
therefore enabling both

Signed-off-by: Markus Swarowsky <markus.swarowsky@nordicsemi.no>
@vlilleboe @Vge0rge
manifest: Matter update
54aff29 
Matter update to use the new Mbed TLS defines.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
@vlilleboe @Vge0rge
nrf_security: Add dependency for PKCS5
9bddb5e 
PKCS5 uses CBC with PKCS7 padding, so we're adding the dependency
to Kconfig.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
@Vge0rge
nrf_security: Remove alt platform zeorize function
090903f 
Since we don't provide the function anymore.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@Vge0rge
manifest: Bring mcuboot update
2028ba0 
We had a patch there because we enabled the
MBEDTLS_PLATFORM_ZEROIZE_ALT when CryptoCell
is enabled but we don't need this anymore since
the platform zeroize function not not provided
by the CryptoCell platform library anymore.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@Vge0rge
quarantine: Don't test uoscore
54f2dc5 
uoscore isn't ported to use NRF security so
it is not supported.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
@SebastianBoe @Vge0rge
nrf_security: add more of the legacy mbedtls sources
1911555 
The new mbedtls revision has brought in more mbedtls legacy
sources. Add these to the build as well.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@SebastianBoe @Vge0rge
nrf_security: Support using legacy mbedtls include paths
f4186c7 
We recently deleted the oberon "legacy mbedtls" header files, in this
patch we add some cmake code for also adding mbedtls "legacy mbedtls"
header files to path to replace these deleted files.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@SebastianBoe @Vge0rge
samples: net: download: Fix project config for wifi board
9ef5d95 
Fix project config for wifi board

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@SebastianBoe @Vge0rge
add missing deps in WPA_SUPP_CRYPTO_
cb08362 
add missing deps in WPA_SUPP_CRYPTO_

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@vlilleboe @Vge0rge
nrf_security: Legacy RSA APIs now depends on PSA
c953e20 
MBEDTLS_RSA_C is now partially implemented using PSA APIs, so we need to
add the requirement that these are enabled.

Signed-off-by: Vidar Lillebø <vidar.lillebo@nordicsemi.no>
@SebastianBoe
dump
1650cfc 
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
@SebastianBoe SebastianBoe deleted the fixing_the_sample branch February 13, 2024 10:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frkv frkv Awaiting requested review from frkv

@Vge0rge Vge0rge Awaiting requested review from Vge0rge

@mswarowsky mswarowsky Awaiting requested review from mswarowsky

@magnev magnev Awaiting requested review from magnev magnev is a code owner

@hakonfam hakonfam Awaiting requested review from hakonfam

@sigvartmh sigvartmh Awaiting requested review from sigvartmh

@tejlmand tejlmand Awaiting requested review from tejlmand

@lemrey lemrey Awaiting requested review from lemrey

@krish2718 krish2718 Awaiting requested review from krish2718

@jukkar jukkar Awaiting requested review from jukkar

@rado17 rado17 Awaiting requested review from rado17

@rlubos rlubos Awaiting requested review from rlubos

@anangl anangl Awaiting requested review from anangl

@carlescufi carlescufi Awaiting requested review from carlescufi

@SeppoTakalo SeppoTakalo Awaiting requested review from SeppoTakalo

Assignees
No one assigned
Labels
changelog-entry-required Update changelog before merge. Remove label if entry is not needed or already added. CI-force-downstream DNM doc-required PR must not be merged without tech writer approval. manifest manifest-matter manifest-mbedtls manifest-mcuboot manifest-nrfxlib manifest-psa-arch-tests manifest-trusted-firmware-m manifest-zephyr
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@SebastianBoe @NordicBuilder @mswarowsky @Vge0rge @vlilleboe