yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
29227 commits 89 branches 205 tags 114 MiB
Commit graph

214 commits

Author SHA1 Message Date
Ronald Cron a8dd81b4de tests: tls13: Add early data unit test 
This aims to provide a basis for negative
testing around TLS 1.3 early data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron d903a86e52 tests: tls13: Add session resume with ticket unit test 
This aims to provide a basis for negative testing
around TLS 1.3 ticket, replacing eventually the
negative tests done in ssl-opt.sh using the
dummy_ticket option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Pengyu Lv 2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros 
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:21:19 +08:00
Pengyu Lv ba6825e37b ssl: use MBEDTLS_SSL_HAVE_* in tests 
Done by commands:

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:09:16 +08:00
Valerio Setti 74d5f23c3f test_suite_ssl: use new internal symbols in tests using CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Minos Galanakis 1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Valerio Setti db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti 6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Gilles Peskine a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:23:13 +02:00
Gilles Peskine 9d5952dba8 Fix some dependencies on symmetric crypto in some TLS 1.3 tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-21 17:50:49 +02:00
Valerio Setti 6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Yanray Wang a9808ce4b4 Add AES 128-bit key dependency in test_suite_ssl.data 
Since handshake_fragmentation uses cipher
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" by default.
The corresponding test should be skipped when
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:31 +08:00
Yanray Wang ecb6a02fa9 Add AES 128-bit key dependency for tests data 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:30 +08:00
Valerio Setti 9cea093700 test: resolve remaining disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 16:19:11 +02:00
Ronald Cron 097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 43263c045a tests: ssl: Extend move to handshake state tests 
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron ea8a1ea17a tests: ssl: Add some missing dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Valerio Setti 13ce40323f test_suite_ssl: remove redundant dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:40:05 +01:00
Valerio Setti 7a2f39692a ecdhe: solve disparities in accelerated ECDHE vs reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:37:45 +01:00
Manuel Pégourié-Gonnard bef824d394 SSL: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Valerio Setti fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 866aa187e8 ecdh: solve disparities in accelerated ECDH vs reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti 2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti 1b08d421a7 test: fix: replace CAN_ECDSA_SOME with CAN_ECDSA_SIGN+CAN_ECDSA_VERIFY when both are needed 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Valerio Setti d928aeb9ac test_suite_ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 15:35:37 +01:00
Andrzej Kurek 723b8779f9 Add missing key exchange requirements to test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-01-19 18:31:00 -05:00
Andrzej Kurek 714ae6551e Add missing key exchange requirements to test_suite_ssl 
Some of the tests use mbedtls_test_cli_key_rsa_der and
mbedtls_test_cli_crt_rsa_der, and these can be used with
specific ciphersuites.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-01-17 10:38:11 -05:00
Valerio Setti 2c12185b88 test: fix dependencies on function and data files 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-09 18:00:39 +01:00
Valerio Setti 73260b6e65 test: extend test_suite_ssl for testing new functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-03 16:05:02 +01:00
Manuel Pégourié-Gonnard c98624af3c
Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Dave Rodgman 1fe45295d7
Merge pull request #6685 from gilles-peskine-arm/valgrind-cf-skip-tests 
Rationalize Valgrind tests
 2022-12-06 18:39:32 +00:00
Valerio Setti e7518ba28e test: pake: reshaping the ssl_ecjpake_set_password() 
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 12:09:43 +01:00
Valerio Setti 4452e98ec1 test: pake: add tests for set password functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 15:08:35 +01:00
Gilles Peskine 3ffd6bce81 Create a separate test suite for constant-time functions 
This is the first step in arranging that functions from constant_time.c are
tested in test_suite_constant_time.function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 15:44:21 +01:00
Gilles Peskine 77e68c3176 Move constant-time HMAC testing to its own suite 
These are very CPU-intensive, so make it easy to skip them. And conversely,
make it easy to run them without the growing body of SSL tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 15:42:36 +01:00
Aditya Deshpande d1b72a7b83 Merge branch 'development' into driver-wrapper-key-agreement 2022-11-07 17:36:23 +00:00
Aditya Deshpande ec6bb5879a Disabled tests in test_suite_ssl that won't work without builtin ECDH 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-07 17:11:48 +00:00
Ronald Cron 928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron f64cc03b09 tests: ssl: Add missing dependencies on certificate based handshake 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:47:00 +02:00
Ronald Cron 457fb7a523 tests: ssl: Fix ciphersuite identifier 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:44:45 +02:00
Andrzej Kurek 658442fe78 Remove unnecessary ECP_C dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek e5a5cc1944 Remove the dependency of tls1_3 key evolution tests on curve25519 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek daf43fbe21 Move the location of MBEDTLS_ECP_C dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek e64bd43495 Add missing ECP and ECDH dependencies in ssl test suites 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 8e44139ca0 Add missing CURVE25519 requirements to TLS 1.3 tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek e38b788b79 Add missing key exchange dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek 90e8204476 Add missing SHA256 and ECDSA_C dependencies in test_suite_ssl 
Most of the tests (including those using endpoint_init functions) parse
certificates that require MBEDTLS_SHA256_C to be present.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek f502bcb13e Fix missing AES dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00