The main problem of MBEDTLS_PSA_CRYPTO_LEGACY_RNG is that it
brings in some legacy modules (entropy + ctr_drbg/hmac_drbg)
which means extra ROM/RAM footprint.
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG instead simply calls to the
CSPRNG which makes it definitely smaller.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
Since the same test might be run in parallel on different platforms,
the one that it's started later will fail due to port re-use for
the OpenSSL server.
Since it's not really required to run the tests on native_sim and
native_sim/native/64, the latter is removed in order to solve this
problem.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit adds a test to showcase how to configure TLS 1.2 and 1.3
socket connections against an OpenSSL server. Only a limited number
of combinations are available for now:
- TLS 1.2
- RSA certificate and key exchange.
- ECDSA certificate and ECDHE key exchange.
- TLS 1.3 only supports ephemeral (ECDHE) key exchange with/without
session tickets.
Since the goal is to test TLS connection and not low level ethernet
functionalities or similar, the only supported platform is "native_sim"
where Linux sockets are used to connect to the OpenSSL server locally.
The idea is that the Zephyr application acts a client and tries to connect
to the OpenSSL server running on the same PC. For sake of simplificity a
bash script is provided to start the OpenSSL server properly.
For completeness a bash script is also provided to re-generate
certificates and keys.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
