Andrzej Kurek
140b589ec6
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
...
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:02:36 -04:00
XiaokangQian
129aeb9b0e
Update test cases and support sni ca override
...
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-02 09:29:18 +00:00
XiaokangQian
f4f0f6961a
Enable requires_openssl_tls1_3 in sni test cases
...
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-01 00:42:27 +00:00
XiaokangQian
ac41edfc5e
Enable requires_gnutls_tls1_3 in sni test cases
...
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 13:22:13 +00:00
XiaokangQian
2ccd97b8ef
Change test case name to sni
...
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 08:30:17 +00:00
XiaokangQian
d5d5b60c07
Add comprehensive test cases for TLS1.3 server side
...
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
XiaokangQian
f2a942073e
Fix SNI test failure
...
Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
9a4e1dd8a6
Add back openssl client auth test
...
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:58:11 +00:00
XiaokangQian
aca9048b5f
Change base on review
...
Fix comments
Add test cases for client authentication with empty certificate
Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f
Remove useless guards and refine checking
...
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07
Remove coordinate functions and change state machine in server side
...
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
...
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
Jerry Yu
5491f857d2
skip openssl client auth test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 22:36:16 +08:00
Jerry Yu
090378c685
change exit code of cli auth test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 21:03:52 +08:00
Jerry Yu
7eaadae941
fix no x509 info fail.
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 16:17:25 +08:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
...
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Jerry Yu
36becb1b81
update hrr tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
a7abc5eaa8
fix ci test fails
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
155493d4f5
fix openssl test fail.
...
different version openssl client return
different output. remove string check
to workaround it
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
6622049bcc
test:add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
4d8567fa9e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
...
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Przemek Stekiel
8da6da3da2
ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-16 14:37:50 +02:00
Jerry Yu
b89125b81a
Add test without server certificate
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-13 15:50:04 +08:00
Jerry Yu
c450566b85
Update client auth tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Jerry Yu
c8bdbf72d3
test:add state check for certificate and verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-12 14:44:59 +08:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Paul Elliott
d1a954d243
Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request
...
TLS1.3: Add HelloRetryRequest Write
2022-05-10 17:25:33 +01:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Jerry Yu
ede50ea891
move hrr tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:49:09 +08:00
XiaokangQian
a987e1d2f8
Change state machine after encrypted extension and update cases
...
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3
Update test cases and encrypted extension state set
...
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f
Update status and add test cases for client certificate request
...
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
...
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Neil Armstrong
cd05f0b9e5
Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Jerry Yu
7c0da07445
Update state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:08:54 +08:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
...
RSA-PSS sign 2: TLS 1.3 integration testing
2022-04-28 18:16:44 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
...
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Jerry Yu
cef55dbd6a
ssl-opt: add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Jerry Yu
955ddd75a3
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
85d46fe6cf
ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b6a0503dda
ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
b270b56372
ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
8e0495e0f4
ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Jerry Yu
8b9fd374b8
Add P_CLI test to easy debug
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
abf20c7564
add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
7f6f672d7e
Add Opaque PK test case for TLS 1.3
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
...
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
XiaokangQian
e8ff350698
Update code to align with tls13 coding standard
...
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6
Fix test failure issue and update code styles
...
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
XiaokangQian
3f84d5d0cd
Update test cases and fix the test failure
...
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8
Fix comments and remove hrr related code
...
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023
Update based on comments
...
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello
Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38
Rebase and solve conflicts and issues
...
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12
Add test cases for server side parse client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
df5f8681cc
ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Gilles Peskine
5bd0b51048
Use terse output from lsof
...
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731 , on the other hand it may
hide clues as to why lsof wouldn't be working as expected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:34:23 +02:00
Neil Armstrong
eed1c6255d
Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled
...
Those were disabled in original submission, but it works fine
with PSA crypto enabled.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 09:30:31 +02:00
Gilles Peskine
2ecf4ff349
Restore explicit version requirement on 1.3 HelloRetryRequest tests
...
A concurrent branch changes the way the test cases run to no longer use
force_version=tls13, so the automatic version requirement detection will no
longer work after that branch is merged. Therefore, keep the manual
requirement (at least until automatic detection gets smarter).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 19:08:38 +02:00
Gilles Peskine
c912673f8d
Automatically detect protocol version requirement from force_version
...
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.
An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Gilles Peskine
740b734f25
Move ticket, alpn detection into maybe_requires_ciphersuite_enabled
...
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Gilles Peskine
b898b3df90
Prepare to generalize maybe_requires_ciphersuite_enabled
...
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Neil Armstrong
a4dbfddba2
Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Neil Armstrong
3e9a142017
Add RSA Opaque PK key tests variants in ssl-opt.sh
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
...
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9
Make mbedtls_ssl_get_bytes_avail tests more independent
...
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.
Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:39:06 +02:00
Gilles Peskine
c8d242f625
set_maybe_calc_verify: $1 is intended to be auth_mode
...
Document that this is what it is. Don't allow made-up numerical values.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 22:23:45 +02:00
Gilles Peskine
1438e1620a
Add requirements of "Default"
...
The log checks require a specific hash and a specific curve.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:32 +02:00
Gilles Peskine
59601d76ad
Documentation improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:17 +02:00
Andrzej Kurek
8db7c0e9ac
Fix an off-by-one error in ssl-opt.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-01 08:55:40 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
...
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Ronald Cron
cbd7bfd30e
ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
...
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80
ssl-opt.sh: Fix "no TLS 1.3 server support" test check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Dave Rodgman
017a19997a
Update references to old Github organisation
...
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
b7b549aa71
Force server-side TLS1.2 for ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
023bf8d7c2
Add ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Ronald Cron
a1b8f6e914
ssl-opt.sh: Do not force TLS 1.3 on client
...
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde
ssl-opt.sh: Force TLS 1.2 on server
...
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399
Allow hybrid TLS 1.3 + TLS 1.2 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b
ssl_tls12_client.c: Switch to generic Client Hello state handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f
ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
086ee0be0e
ssl_tls.c: Reject TLS 1.3 version configuration for server
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Jerry Yu
3a58b462b6
add pss_rsae_sha{384,512}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
919130c035
Add rsa_pss_rsae_sha256 support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection
...
TLS Cipher 2a: tickets: use PSA for protection
2022-03-17 09:50:09 +01:00
Gilles Peskine
6f160cab59
Skip some DTLS reordering tests in PSK-only builds
...
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 20:32:20 +01:00
Gilles Peskine
309ca65846
calc_verify is only called in some configurations
...
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 20:32:20 +01:00
Gilles Peskine
aa162b5bea
Remove negative check for a message that no longer exists
...
The message was removed in 6be9cf542f
without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gabor Mezei
49c8eb3a5a
Enable chachcapoly cipher for SSL tickets
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-10 17:09:59 +01:00
Gabor Mezei
2fa1c311cd
Remove test dependency
...
The SSL ticket rotation test case is enabled when PSA is used.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
Glenn Strauss
6989407261
Add accessor to retrieve SNI during handshake
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Gilles Peskine
588d7a7538
Add a missing requires_max_content_len
...
Slightly reduce the amount of data so that the test passes with 512.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:23:25 +01:00
Gilles Peskine
6e86e54abb
Adapt tests for PSK in PSK-only builds
...
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.
This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
2fe796f1b7
Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE
...
This commit is not necessarily complete, but it's a step forward.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
3561526249
Only run "Default" tests if the expected ciphersuite is enabled
...
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
a165b5ced6
Automatically skip tests for some absent features: tickets, ALPN
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
82a4ab2486
ssl-opt: automatically skip DTLS tests in builds without DTLS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Jerry Yu
2ff6ba1df0
Remove rsa_pss_rsae_sha256 support.
...
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
Jerry Yu
ccb005e35f
fix missing feedback address
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 17:38:34 +08:00
Jerry Yu
819f29730a
fix various issues in ssl-opt
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06
Add sha384 and sha512 case
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92
Add non support sig alg check and test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0
Add client version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1
update ssl-opt test cases
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920
remove duplicate test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3
remove useless config option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc
remove RSA not found test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c
add rsa_pss_rsae_sha256 write support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f
Add test cases
...
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5
Change state machine
...
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0
Add rsa key check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571
add empty client certificate tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487
change expect exit value
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47
Add client certificate file
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5
Add more tests for CertificateRequest
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc
Add tests for no middlebox mode
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:57 +08:00
Gilles Peskine
860429f8af
Add version number debug check to the GnuTLS interop test as well
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
c63a1e0e15
Fix mbedtls_ssl_get_version() for TLSv1.3
...
Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Jerry Yu
baa4934e7b
Add check tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
ab08290c09
tls13_only: skip tls12 tests.
...
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
8a497205cc
tls13_only: tls 1.3 suite pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735
tls13_only: simple test pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
...
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
...
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
lhuang04
86cacac91a
Port ALPN support for tls13 client from tls13-prototype
...
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
Ronald Cron
135427cb35
Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Glenn Strauss
e328245618
Add test case use of mbedtls_ssl_ticket_rotate
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
...
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
...
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel
2cb59df939
ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
XiaokangQian
a909061c2a
Refine HRR parse successfully message in test cases
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
7bae3b616c
Add more ciphersuites into test cases for hrr
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d
Change code base on comments
...
Change functions name
Change some comments
Improve hrr test case for gnutls
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81
Update code base on comments
...
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
6db08dd2cb
Change ssl-opt.sh to make hrr tests pass
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c
Replace curve_list with group_list and add update test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
Xiaofei Bai
69fcd39774
Update CertificateRequest tests and the parsing function
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:32:29 +00:00
Xiaofei Bai
5d8598e090
update certificate request tests
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Gilles Peskine
05bf89da34
Clarify key types message from ssl_client2 and ssl_server2
...
If no key is loaded in a slot, say "none", not "invalid PK".
When listing two key types, use punctuation that's visibly a sequence
separator (",").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard
24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive
...
Add positive test case with self-signed certificates
2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
...
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a
Add tests for accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:29:58 +01:00
Gilles Peskine
e1cc60eca9
Add positive test case with self-signed certificates
...
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 23:10:56 +01:00
Gilles Peskine
5eb2b02862
Report correct test suite names for opt-testcases/* in outcome file
...
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.
This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
2baaf60c5d
Don't error out if no opt-testcases/*.sh is found
...
This can happen in an insufficiently populated out-of-tree build.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 15:46:12 +01:00
Jerry Yu
136320ba0b
fix ci fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 17:09:00 +08:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
...
Add list config function
2021-12-10 18:30:06 +00:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Jerry Yu
2e8b00172b
Beauty source code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:29:02 +08:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
...
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Jerry Yu
d0fcf7f6a0
fix ci fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 18:45:51 +08:00
Ronald Cron
9eab5a6f11
tests: TLS 1.3: Remove unnecessary test requirement
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:25 +01:00
Jerry Yu
d04fd35c06
Replace configs_enabled check with query_compile_time_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:31:04 +08:00
Jerry Yu
bc8b22ecc8
fix tls13 test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 15:54:38 +08:00
Jerry Yu
cdcc55f46f
update test check strings
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:02 +08:00
Jerry Yu
e3b3412bc4
Add tests for enum helper
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Ronald Cron
a55c5a1152
ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f
ssl-opt.sh: TLS 1.3: Add some missing test dependencies
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381
ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled
...
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Jerry Yu
52a6e7ea00
Replace tls1_3 with tls13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:42:47 +08:00
Jerry Yu
c502dff71c
fix TLS1.3 name issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:22:51 +08:00
Jerry Yu
cdcb683568
Update generate scripts and tls13 test cases
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81
Add tls13 compat tests with bash scripts
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2
tls13_compat_tests:Add generate all option
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a
Remove rsa_pss_rsae_sha256 test from ssl-opt.sh
...
It has been covered by tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
305bfc3dfd
Add tls13 compat tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
8c5559d700
Add HelloRetryRequst tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
936dffd77e
Add certificate request check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
8f9d7dbfd0
Add unsupported version check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:29 +08:00
Xiaofei Bai
8b5c3824ee
Fix (d)tls1_2 into (d)tls12 in version options
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 13:22:18 +00:00
Xiaofei Bai
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
XiaokangQian
30f556059a
Reverse the cert file
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-24 01:54:50 +00:00
XiaokangQian
f9fca8a791
Add back cipher suite information in ssh-opt.sh
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 23:21:27 +00:00
XiaokangQian
25476a48b9
Change code based on review
...
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 14:01:21 +00:00
XiaokangQian
07c554748a
Change cert file to server2-sha256.crt
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:30:14 +00:00
XiaokangQian
a27b3526bf
Disable PSA_CRYPTO in tls1.3 tests
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 02:27:07 +00:00
XiaokangQian
bdf26de384
Fix test failure and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
3887ab5bcc
Use O_NEXT_SRV to support ciphersuite option
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 07:14:39 +00:00
XiaokangQian
22dd68c2b5
Rebase code and run through the whole test flow
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:54:50 +00:00
XiaokangQian
d15018972c
Change script to solve G_NEXT_SRV_RSA not set issue
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:13 +00:00
XiaokangQian
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
XiaokangQian
d940e641ed
Add test script for RSA signature
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Jerry Yu
6d38c19582
Add http connection pass check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
Jerry Yu
e1b1e2de65
Add minimal feature sets test
...
Replace original negative test with work test.
Now, we can work with the simple test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
XiaokangQian
3306284776
Change code base on comments
...
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 03:37:45 +00:00
XiaokangQian
d0aa3e9307
Inprove code base on review comments
...
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 06:17:40 +00:00
Jerry Yu
5398c10b89
Add return value check for cerificate verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-05 13:32:38 +08:00
Jerry Yu
834886d211
Add certificate verify check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-30 13:26:15 +08:00