CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_BASIC is promptless so it cannot
be selected. Moreover it's also automatically enabled by
CONFIG_PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_GENERATE in the same overlay file
so there would be no need to explicitly enable it.
As for the IMPORT, EXPORT, DERIVE they are needed for the TLS connection
to work properly. Previously it was working because at least IMPORT and
EXPORT are internally enabled by Mbed TLS at build time. So here we
are basically doing the same enablements with Kconfigs in clear.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Since the same test might be run in parallel on different platforms,
the one that it's started later will fail due to port re-use for
the OpenSSL server.
Since it's not really required to run the tests on native_sim and
native_sim/native/64, the latter is removed in order to solve this
problem.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit adds a test to showcase how to configure TLS 1.2 and 1.3
socket connections against an OpenSSL server. Only a limited number
of combinations are available for now:
- TLS 1.2
- RSA certificate and key exchange.
- ECDSA certificate and ECDHE key exchange.
- TLS 1.3 only supports ephemeral (ECDHE) key exchange with/without
session tickets.
Since the goal is to test TLS connection and not low level ethernet
functionalities or similar, the only supported platform is "native_sim"
where Linux sockets are used to connect to the OpenSSL server locally.
The idea is that the Zephyr application acts a client and tries to connect
to the OpenSSL server running on the same PC. For sake of simplificity a
bash script is provided to start the OpenSSL server properly.
For completeness a bash script is also provided to re-generate
certificates and keys.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
