yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29777 commits 89 branches 205 tags 114 MiB
Commit graph

1131 commits

Author SHA1 Message Date
Andrzej Kurek 934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Andrzej Kurek 9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt 
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Hannes Tschofenig fd6cca4448 CID update to RFC 9146 
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2022-09-07 17:15:05 +02:00
Jerry Yu e976492a11 Add session ticket tests for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Ronald Cron e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Jerry Yu 6a9bebaefd Add psk mode tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:42:19 +08:00
Zhangsen Wang 3f95d303d1 rebase with lastest development branch 2022-08-16 03:16:22 +00:00
Ronald Cron 295d93ebe8 Add psk handshake with gnutls 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Dave Rodgman 322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled 
Add ability to check if any/all configs are enabled/disabled for ssl-opt
 2022-08-11 09:40:38 +01:00
Jerry Yu 27d80927d5 fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-02 21:28:55 +08:00
Jerry Yu 2fcb056ea9 Add requires_{any,all}_configs_enabled functions 
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-31 12:23:39 +08:00
Jerry Yu d2d4110e8e Remove Teminated message from stdout 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-31 12:23:39 +08:00
Zhangsen Wang d5e8a482f9 delete whitespace in comment 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-07-29 07:53:36 +00:00
Zhangsen Wang baeffbbdd2 skip test with openssl client because it will timeout with certain seed due to an openssl bug 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-07-29 06:35:26 +00:00
Jerry Yu eec4f03c60 fix typo and changelog entry issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu 6455b687fe add rsa_pss_rsae_* test for tls12 server 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Ronald Cron e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
 2022-07-23 08:57:11 +02:00
Ronald Cron 340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu 24e385519e Add reconnect test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:09:37 +08:00
Ronald Cron 4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk 
Add psk code to tls13 client side
 2022-07-22 11:35:05 +02:00
Ronald Cron 34e90fac27 TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server 
Allow PSK exchange mode on GnuTLS server for
NewSessionTicket message test as otherwise
the GnuTLS server does not send tickets.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-21 15:31:14 +02:00
XiaokangQian 3ad67bf4e3 Rename functions and add test messages 
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian 088c92977e Remove useless force cipher suite 
Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian adab9a6440 Fix transcript issues and add cases against openssl 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian eb69aee6af Add psk code to tls13 client side 
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Jerry Yu 96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 18:00:13 +08:00
Jerry Yu 4a2ea16aed remove forcecipher for psk test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu 36847820fa add tests for offered psk parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu f7b5b59a92 Add tests for write new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:41:00 +08:00
Jerry Yu a357cf4d4c Rename new_session_ticket state 
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu 29ab32d0e5 Add client side tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu c52e3bd93b Improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-14 10:49:47 +08:00
Jerry Yu 299e31f10e fix various issue 
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-13 23:06:36 +08:00
Jerry Yu fe52e55301 redirect stderr output in ubuntu22.04 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:37 +00:00
Jerry Yu e36397d13b add tests for psk_key_exchange_mode 
To confirm, psk_key_exchange_modes were received and
parsed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:36 +00:00
Zhangsen Wang 91385121b9 delete openssl version requirement for openssl client, because the bug only occurs on openssl server 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-07-12 01:56:57 +00:00
Ronald Cron ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott 6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash 
Fix DTLS 1.2 session resumption
 2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard 4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Ronald Cron 0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Paul Elliott bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Neil Armstrong c67e6e96f8 Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 15:48:10 +02:00
Jerry Yu 7ac0d498de remove force_version for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 19:29:30 +08:00
Jerry Yu 52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong 7999cb3896 Remove auth_mode=required and client crt_file/key_file when testing server authentication 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:51:33 +02:00
Neil Armstrong 4b10209568 Use different certs for double opaque keys and check certificate issuer CN 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:48:09 +02:00
Neil Armstrong 1948a20796 Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:57 +02:00
Neil Armstrong 167d82c4df Add dual keys Opaque ssl-opt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:32:00 +02:00
Neil Armstrong 36b022334c Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:16:53 +02:00
Zhangsen Wang 9b64546eb2 Update tests/ssl-opt.sh, delete 1 blank line. 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-06-30 02:35:18 +00:00
Jerry Yu aae28f178b add tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:21:32 +08:00
Jerry Yu f55886a217 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu a6076aa8b8 Revert temp test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Jerry Yu 7ab7f2b184 Remove pkcs1 from certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:44 +08:00
Ronald Cron 7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Glenn Strauss bd10c4e2af Test accessors to config DN hints for cert request 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-29 02:54:28 -04:00
Zhangsen Wang 87a9c86d87 Re-enable five tests disabled because of an old OpenSSL bug 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-06-29 02:23:22 +00:00
Neil Armstrong ed917bf548 Update description for negative key_opaque_algs tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong eb4390b27c Add Cipersuite selection negative testing by using invalid algs for server-side opaque key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:10:48 +02:00
Gabor Mezei 9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:22:14 +02:00
Gabor Mezei f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Ronald Cron b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Ronald Cron a8d79b9eb6 ssl-opt.sh: Remove one pattern check 
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:05:35 +02:00
Ronald Cron c78511b59a ssl-opt.sh: Enable some authentication tests for TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron 1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron a4417c13a1 ssl-opt.sh: Add Small/Large packets TLS 1.3 tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron ba80d4d60b ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3 
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron 2cffd284bc ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3 
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
XiaokangQian 95d5f549f1 Fix coding styles 
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 05:42:15 +00:00
XiaokangQian c740345c5b Adress review comments 
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-23 03:24:12 +00:00
Ronald Cron f9c13fe69f ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-22 17:36:21 +02:00
Ronald Cron ba65fbbe30 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-22 17:36:12 +02:00
Gabor Mezei 7e2dbafe2d
Add test for dummy CCS records 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-22 17:07:21 +02:00
XiaokangQian acb3992251 Add ALPN extension to the server side 
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-22 06:34:58 +00:00
Ronald Cron d28f5a98f1 ssl-opt.sh: Add certificate key usage tests for TLS 1.3 
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
  side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
  as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
  usage is never acceptable

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-17 08:46:27 +02:00
Ronald Cron ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name 
Tls13 add server name
 2022-06-16 08:30:09 +02:00
Ronald Cron 4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases 
Tls13 add comprehensive cases
 2022-06-15 09:18:11 +02:00
Andrzej Kurek 7cf872557a Rearrange the session resumption code 
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-14 08:26:19 -04:00
XiaokangQian 3ed16231ab Refine server side SNI test cases 
Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-14 08:24:04 +00:00
Jerry Yu b7c12a466f Refactor compat scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-12 20:53:02 +08:00
XiaokangQian fb1a3fe7f3 Address comments about python syntax 
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-10 02:27:52 +00:00
XiaokangQian b1847a234e Re-structure to share more common code 
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-09 02:53:23 +00:00
XiaokangQian 96287d98d8 Remove the certificate key check against the received signature 
Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-08 08:37:53 +00:00
XiaokangQian 9850fa8e8d Refine ssl_tls13_pick_cert() 
Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-08 07:02:41 +00:00
XiaokangQian 23c5be6b94 Enable SNI test for both tls12 and tls13 
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-07 09:43:13 +00:00
Andrzej Kurek 140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell 
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:02:36 -04:00
XiaokangQian 129aeb9b0e Update test cases and support sni ca override 
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-02 09:29:18 +00:00
XiaokangQian f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases 
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-01 00:42:27 +00:00
XiaokangQian ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases 
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 13:22:13 +00:00
XiaokangQian 2ccd97b8ef Change test case name to sni 
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 08:30:17 +00:00
XiaokangQian d5d5b60c07 Add comprehensive test cases for TLS1.3 server side 
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 02:51:26 +00:00
XiaokangQian f2a942073e Fix SNI test failure 
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 40a3523eb7 Add support of server name extension to server side 
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-30 08:07:16 +00:00
XiaokangQian 9a4e1dd8a6 Add back openssl client auth test 
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:58:11 +00:00
XiaokangQian aca9048b5f Change base on review 
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:11 +00:00
XiaokangQian c3017f620f Remove useless guards and refine checking 
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:47:10 +00:00
XiaokangQian 189ded2b07 Remove coordinate functions and change state machine in server side 
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:46:13 +00:00
Paul Elliott 8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup 
TLS 1.3: Add Finished Message and wrapup
 2022-05-25 12:02:06 +01:00
Jerry Yu 5491f857d2 skip openssl client auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 22:36:16 +08:00
Jerry Yu 090378c685 change exit code of cli auth test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 21:03:52 +08:00
Jerry Yu 7eaadae941 fix no x509 info fail. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-23 16:17:25 +08:00
Manuel Pégourié-Gonnard 6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests 
RSA decrypt 2: TLS 1.2 integration testing
 2022-05-18 12:58:50 +02:00
Jerry Yu 36becb1b81 update hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu a7abc5eaa8 fix ci test fails 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 155493d4f5 fix openssl test fail. 
different version openssl client return
different output. remove string check
to workaround it

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 6622049bcc test:add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Jerry Yu 4d8567fa9e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-18 09:58:48 +08:00
Paul Elliott a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify 
TLS1.3:Add Certificate and CertificateVerify message on Server Side
 2022-05-17 15:47:36 +01:00
Przemek Stekiel 8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-16 14:37:50 +02:00
Jerry Yu b89125b81a Add test without server certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-13 15:50:04 +08:00
Jerry Yu c450566b85 Update client auth tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Jerry Yu c8bdbf72d3 test:add state check for certificate and verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-12 14:44:59 +08:00
Andrzej Kurek 5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Paul Elliott d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request 
TLS1.3: Add  HelloRetryRequest Write
 2022-05-10 17:25:33 +01:00
Manuel Pégourié-Gonnard 9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks 
Unify non-opaque and opaque PSKs
 2022-05-09 10:15:16 +02:00
Jerry Yu ede50ea891 move hrr tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-09 15:49:09 +08:00
XiaokangQian a987e1d2f8 Change state machine after encrypted extension and update cases 
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 45c22201b3 Update test cases and encrypted extension state set 
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
XiaokangQian 2f150e184f Update status and add test cases for client certificate request 
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-07 01:37:04 +00:00
Ronald Cron 25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext 
TLS1.3: add writing encrypted extensions on server side.
 2022-05-06 13:54:45 +02:00
Neil Armstrong cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-04 11:08:41 +02:00
Jerry Yu 7c0da07445 Update state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-03 15:08:54 +08:00
Manuel Pégourié-Gonnard 67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Gilles Peskine 4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls 
RSA-PSS sign 2: TLS 1.3 integration testing
 2022-04-28 18:16:44 +02:00
Manuel Pégourié-Gonnard ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa 
Fixup or re-enable tests with Use PSA
 2022-04-28 09:57:13 +02:00
Jerry Yu cef55dbd6a ssl-opt: add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-25 19:41:47 +08:00
Jerry Yu 955ddd75a3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 22:27:33 +08:00
Przemek Stekiel 85d46fe6cf ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel b6a0503dda ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:53:55 +02:00
Przemek Stekiel b270b56372 ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel 8e0495e0f4 ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Jerry Yu 8b9fd374b8 Add P_CLI test to easy debug 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Jerry Yu abf20c7564 add state check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-04-22 16:45:01 +08:00
Ronald Cron 38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Neil Armstrong 7f6f672d7e Add Opaque PK test case for TLS 1.3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard 21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 
RSA sign 3b: TLS 1.2 integration testing
 2022-04-22 10:05:43 +02:00
XiaokangQian e8ff350698 Update code to align with tls13 coding standard 
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-22 02:34:40 +00:00
Gilles Peskine afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
XiaokangQian 318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian 3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian 5e4528cd12 Add test cases for server side parse client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron df5f8681cc ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Gilles Peskine 5bd0b51048 Use terse output from lsof 
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may
hide clues as to why lsof wouldn't be working as expected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-16 11:34:23 +02:00
Neil Armstrong eed1c6255d Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled 
Those were disabled in original submission, but it works fine
with PSA crypto enabled.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-15 09:30:31 +02:00
Gilles Peskine 2ecf4ff349 Restore explicit version requirement on 1.3 HelloRetryRequest tests 
A concurrent branch changes the way the test cases run to no longer use
force_version=tls13, so the automatic version requirement detection will no
longer work after that branch is merged. Therefore, keep the manual
requirement (at least until automatic detection gets smarter).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 19:08:38 +02:00
Gilles Peskine c912673f8d Automatically detect protocol version requirement from force_version 
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.

An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 16:14:01 +02:00
Gilles Peskine 740b734f25 Move ticket, alpn detection into maybe_requires_ciphersuite_enabled 
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:32:46 +02:00
Gilles Peskine b898b3df90 Prepare to generalize maybe_requires_ciphersuite_enabled 
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:32:46 +02:00
Neil Armstrong a4dbfddba2 Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Neil Armstrong 3e9a142017 Add RSA Opaque PK key tests variants in ssl-opt.sh 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Gilles Peskine 8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt 
Fix an off-by-one error in ssl-opt.sh
 2022-04-07 16:20:55 +02:00
Manuel Pégourié-Gonnard 1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh 
TLS ECDH 3b: server-side static ECDH (1.2)
 2022-04-07 11:46:25 +02:00
Gilles Peskine d2d90af7d9 Make mbedtls_ssl_get_bytes_avail tests more independent 
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:39:06 +02:00
Gilles Peskine c8d242f625 set_maybe_calc_verify: $1 is intended to be auth_mode 
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 22:23:45 +02:00
Gilles Peskine 1438e1620a Add requirements of "Default" 
The log checks require a specific hash and a specific curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 22:00:32 +02:00
Gilles Peskine 59601d76ad Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 22:00:17 +02:00
Andrzej Kurek 8db7c0e9ac Fix an off-by-one error in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-01 08:55:40 -04:00
Ronald Cron 0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Ronald Cron cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests 
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron 634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Dave Rodgman 017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Neil Armstrong b7b549aa71 Force server-side TLS1.2 for ECDH- Opaque PK key test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong 023bf8d7c2 Add ECDH- Opaque PK key test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Ronald Cron a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client 
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron f3b425bbde ssl-opt.sh: Force TLS 1.2 on server 
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu 919130c035 Add rsa_pss_rsae_sha256 support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Manuel Pégourié-Gonnard 7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Gilles Peskine 6f160cab59 Skip some DTLS reordering tests in PSK-only builds 
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 20:32:20 +01:00
Gilles Peskine 309ca65846 calc_verify is only called in some configurations 
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 20:32:20 +01:00
Gilles Peskine aa162b5bea Remove negative check for a message that no longer exists 
The message was removed in 6be9cf542f without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 19:49:18 +01:00
Gabor Mezei 49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei 2fa1c311cd
Remove test dependency 
The SSL ticket rotation test case is enabled when PSA is used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Paul Elliott 17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Glenn Strauss 6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Gilles Peskine 588d7a7538 Add a missing requires_max_content_len 
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:23:25 +01:00
Gilles Peskine 6e86e54abb Adapt tests for PSK in PSK-only builds 
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine 2fe796f1b7 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE 
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine 3561526249 Only run "Default" tests if the expected ciphersuite is enabled 
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine a165b5ced6 Automatically skip tests for some absent features: tickets, ALPN 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine 82a4ab2486 ssl-opt: automatically skip DTLS tests in builds without DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Jerry Yu 2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Jerry Yu ccb005e35f fix missing feedback address 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 17:38:34 +08:00
Jerry Yu 819f29730a fix various issues in ssl-opt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 562a0fddf0 Add client version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 6c3d821ff1 update ssl-opt test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 46b53b9920 remove duplicate test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 4bfa22aeb3 remove useless config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 42ea733fdc remove RSA not found test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 37987ddd0f Add test cases 
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 22abd06cd0 Add rsa key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu aa6214a571 add empty client certificate tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu c19884f487 change expect exit value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 25e0ddcf47 Add client certificate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 200b47b8f5 Add more tests for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 960bc28bcc Add tests for no middlebox mode 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:57 +08:00
Gilles Peskine 860429f8af Add version number debug check to the GnuTLS interop test as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Jerry Yu baa4934e7b Add check tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu ab08290c09 tls13_only: skip tls12 tests. 
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu 8a497205cc tls13_only: tls 1.3 suite pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c10f6b4735 tls13_only: simple test pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard 3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Ronald Cron a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix 
Fix test suite name reporting of opt-testcases/tls13-compat.sh
 2022-02-15 13:53:10 +01:00
lhuang04 86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Ronald Cron 135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:44 +01:00
Glenn Strauss e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Ronald Cron 6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard 45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard 6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel 2cb59df939 ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
XiaokangQian a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian 7bae3b616c Add more ciphersuites into test cases for hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian 355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian 78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian 6db08dd2cb Change ssl-opt.sh to make hrr tests pass 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian 0b56a8f85c Replace curve_list with group_list and add update test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
Xiaofei Bai 69fcd39774 Update CertificateRequest tests and the parsing function 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:32:29 +00:00
Xiaofei Bai 5d8598e090 update certificate request tests 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Gilles Peskine 05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard 24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive 
Add positive test case with self-signed certificates
 2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets 
TLS Cipher 1a: extend testing of tickets
 2022-01-24 10:25:29 +01:00
Glenn Strauss 6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Gabor Mezei 6e5aae63f8
Add tests for ticket_aead option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:29:58 +01:00
Gilles Peskine e1cc60eca9 Add positive test case with self-signed certificates 
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 23:10:56 +01:00
Gilles Peskine 5eb2b02862 Report correct test suite names for opt-testcases/* in outcome file 
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.

This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 18:34:12 +01:00
Gilles Peskine 2baaf60c5d Don't error out if no opt-testcases/*.sh is found 
This can happen in an insufficiently populated out-of-tree build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 15:46:12 +01:00
Jerry Yu 136320ba0b fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 17:09:00 +08:00
paul-elliott-arm f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function 
Add list config function
 2021-12-10 18:30:06 +00:00
Ronald Cron 6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu 2e8b00172b Beauty source code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:29:02 +08:00
Dave Rodgman 76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated 
Add debug helpers generated
 2021-12-10 11:56:55 +00:00
Jerry Yu d0fcf7f6a0 fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:45:51 +08:00
Ronald Cron 9eab5a6f11 tests: TLS 1.3: Remove unnecessary test requirement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 10:27:25 +01:00
Jerry Yu d04fd35c06 Replace configs_enabled check with query_compile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:31:04 +08:00
Jerry Yu bc8b22ecc8 fix tls13 test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 15:54:38 +08:00