Commit graph

1003 commits

Author SHA1 Message Date
Tom Cosgrove
fc0e79e70f Have compat.sh and ssl-opt.sh not return success for > 255 errors
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-01-13 12:13:41 +00:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Jerry Yu
a15af37867 Change time resolution of reco_delay from second to millionseconds
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of #6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
Manuel Pégourié-Gonnard
c572246fa5 Use OPENSSL everywhere, not OPENSSL_CMD
These variables were both uses to select the default version of OpenSSL
to use for tests:
- when running compat.sh or ssl-opt.sh directly, OPENSSL_CMD was used;
- when running all.sh, OPENSSL was used.

This caused surprising situations if you had one but not the other set
in your environment. For example I used to have OPENSSL_CMD set but not
OPENSSL, so ssl-opt.sh was failing in some all.sh components but passing
when I ran it manually in the same configuration and build, a rather
unpleasant experience.

The natural name would be OPENSSL, and that's what set in the Docker
images used by the CI. However back in the 1.3.x days, that name was
already used in library/Makefile, so it was preferable to pick a
different one, hence OPENSSL_CMD. However the build system has not been
using this name since at least Mbed TLS 2.0.0, so it's now free for use
again (as demonstrated by the fact that it's been set in the CI without
causing any trouble).

So, unify things and use OPENSSL everywhere. Just leave an error message
for the benefit of developers which might have OPENSSL_CMD, not OPENSSL,
set in their environment from the old days.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-19 11:42:12 +01:00
Gilles Peskine
d1dd41f3fc
Merge pull request #6723 from mpg/restartable-vs-use-psa
Document ECP_RESTARTABLE and make it compatible with USE_PSA
2022-12-15 19:47:44 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Manuel Pégourié-Gonnard
55a188b420 Clarify the "restart vs use PSA" situation in TLS
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-09 10:09:33 +01:00
Jerry Yu
ddda050604 tls13: Upstream various fix in prototype
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
Valerio Setti
f11e05a413 test: psa: minor improvements to test
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:45 +01:00
Manuel Pégourié-Gonnard
2b7ad6472b Document all effects of MBEDTLS_ECP_RESTARTABLE
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.

Fix that.

While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.

We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.

Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-12-06 10:54:35 +01:00
Valerio Setti
70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 16:21:56 +01:00
Valerio Setti
b287ddff7e test: psa_pake: add more tests for opaque password setting
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not

Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-01 16:18:12 +01:00
Valerio Setti
a6b69dabc5 test: psa_pake: add a separate test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-30 16:44:49 +01:00
Valerio Setti
661b9bca75 test: psa_pake: add specific log message for the opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
d572a82df9 tls: psa_pake: add test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard
5a454f7781 Remove redundant tests in ssl-opt.sh
We don't need to have two copies of the test with one of them depending
on legacy/compat CID: we can have just one copy, but make sure we run
ssl-opt.sh both in a build with standard CID and in a build with
legacy/compat - that's the job of all.sh (see next commit).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:48:17 +01:00
Hannes Tschofenig
db01d05011 Removal of redundant DTLS CID test in ssl-opt.sh
Per suggestion from Manuel, I removed this redundant test.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-11-25 11:19:19 +01:00
Gilles Peskine
4bdb9fbfa2 Enable all ciphers in OpenSSL >=1.1.0
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.

The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.

With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-24 22:41:55 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
2022-11-23 12:12:02 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Jerry Yu
dddd35ccf3 remvoe unrelative change
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-20 12:31:45 +08:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
c5826eaba2 Add debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:35 +08:00
Jerry Yu
6969eee5d2 Remove Terminated message on 22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-19 20:12:34 +08:00
Paul Elliott
f6e342cae2 Add test for single signature alg with openssl
Test supplied by Gilles Peskine. Also rename previous test to fit to
naming pattern.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
3b4cedaa71 Add SSL_SRV requirement to test
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Andrzej Kurek
ec71b0937f Introduce a test for single signature algorithm correctness
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Xiaokang Qian
f3cefb4f4c Move early data test cases to tls13-misc.sh
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 03:23:46 +00:00
Xiaokang Qian
2dbfedae4a Update early data test cases with latest code message
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 02:01:49 +00:00
Xiaokang Qian
9a0aafbe79 Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-14 17:43:15 +00:00
Xiaokang Qian
50a47940b6 Update early data test case with gnutls
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
f447e8a8d3 Address comments base on reviews
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
b0c32d8b20 Update early data test cases
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Paul Elliott
aeb8bf2ab0
Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser
TLS 1.3: Add extension check for message parsers
2022-11-11 19:00:46 +00:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Jerry Yu
f467d46bbb move get_srv_psk_list
It can be reused in other test-suites

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-07 13:17:08 +08:00
Jerry Yu
ad9e99bd2e fix session resumption fail when hostname is not localhost
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:30:58 +08:00
Ronald Cron
a709a0f2c6 tls13: Declare PSK ephemeral key exchange mode first
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 19:05:26 +02:00
Ronald Cron
454eb9172d ssl-opt.sh: Fix list of TLS 1.2 key exchanges with cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
70ed41754d ssl-opt.sh: Simplify TLS 1.3 dependencies
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
5de538c9dd ssl-opt.sh: Remove requires_key_exchange_with_cert_in_tls12_enabled
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
89ca977128 ssl-opt.sh: Improve dependencies of some TLS 1.3 test cases
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
bc5adf4ef8 ssl-opt.sh: Add dependencies on handshake with cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00