mbedtls

Author	SHA1	Message	Date
Ronald Cron	bc5adf4ef8	ssl-opt.sh: Add dependencies on handshake with cert Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:47:00 +02:00
Xiaokang Qian	ed0620cb13	Refine code base on comments Move code to proper macro guards protection Fix typo issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:51 +00:00
Xiaokang Qian	2f9efd3038	Address comments base on review Change function name to ssl_session_set_hostname() Remove hostname_len Change hostname to c_string Update test cases to multi session tickets Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:49 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Jerry Yu	25ab654781	Add dummy ticket support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Ronald Cron	77c691f099	Merge pull request #6194 from xkqian/tls13_add_psk_client_cases TLS 1.3: Add PSK client cases	2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Xiaokang Qian	e12d30d751	Move psk related cases into tls13-kex-modes.sh Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 11:34:14 +00:00
Xiaokang Qian	cffb18cee7	Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	edc35e7ffd	Refine the psk test cases for m->G Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
XiaokangQian	335cfaadf9	Finalize client side code for psk Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-09-23 01:48:26 +00:00
Ronald Cron	50969e3af5	ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 15:57:57 +02:00
Ronald Cron	277cdcbcde	ssl-opt.sh: tls13 opaque key: Enable client authentication Enable client authentication in TLS 1.3 opaque key tests to use the opaque key on client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	e3196d270c	ssl-opt.sh: tls13 opaque key: Do not force version on client side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	6ec2123bf3	ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests Align prefix of TLS 1.3 opaque key tests with the prefix of the othe TLS 1.3 tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	067a1e735e	tls13: Try reasonable sig alg for CertificateVerify signature Instead of fully validating beforehand signature algorithms with regards to the private key, do minimum validation and then just try to compute the signature. If it fails try another reasonable algorithm if any. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	67ea2543ed	tls13: server: Add sig alg checks when selecting best certificate When selecting the server certificate based on the signature algorithms supported by the client, check the signature algorithms as close as possible to the way they are checked to compute the signature for the server to prove it possesses the private key associated to the certificate. That way we minimize the odds of selecting a certificate for which the server will not be able to compute the signature to prove it possesses the private key associated to the certificate. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:26:32 +02:00
Jerry Yu	7a51305478	Add multi-session tickets test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:26:07 +08:00
Ronald Cron	be0224aef3	Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets	2022-09-18 21:18:13 +02:00
Przemek Stekiel	c454aba203	ssl-opt.sh: add tests for key_opaque_algs option Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:22:29 +02:00
Jerry Yu	a02841bb8a	revert changes on PSK tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 11:07:27 +08:00
Andrzej Kurek	d681746a51	Split some ssl-opt.sh test cases into two There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE that has to be handled. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:37:46 -04:00
Andrzej Kurek	934e9cd47f	Switch to the new version of hash algorithm checking in ssl-opt.sh Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:34:23 -04:00
Andrzej Kurek	9c061a2d19	Add a posibility to check for the availability of hash algs to ssl-opt The new function now dispatches a check for either an MBEDTLS or PSA define to check for SHA_XXX. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:34:23 -04:00
Hannes Tschofenig	fd6cca4448	CID update to RFC 9146 The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content. Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>	2022-09-07 17:15:05 +02:00
Jerry Yu	e976492a11	Add session ticket tests for client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Jerry Yu	6a9bebaefd	Add psk mode tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:42:19 +08:00
Zhangsen Wang	3f95d303d1	rebase with lastest development branch	2022-08-16 03:16:22 +00:00
Ronald Cron	295d93ebe8	Add psk handshake with gnutls Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Dave Rodgman	322a7a19e7	Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled Add ability to check if any/all configs are enabled/disabled for ssl-opt	2022-08-11 09:40:38 +01:00
Jerry Yu	27d80927d5	fix wrong typo Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-02 21:28:55 +08:00
Jerry Yu	2fcb056ea9	Add requires_{any,all}_configs_enabled functions - requires_any_configs_enabled - requires_all_configs_enabled - requires_any_configs_disabled - requires_all_configs_disabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-31 12:23:39 +08:00
Jerry Yu	d2d4110e8e	Remove `Teminated` message from stdout Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-31 12:23:39 +08:00
Zhangsen Wang	d5e8a482f9	delete whitespace in comment Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-07-29 07:53:36 +00:00
Zhangsen Wang	baeffbbdd2	skip test with openssl client because it will timeout with certain seed due to an openssl bug Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-07-29 06:35:26 +00:00
Jerry Yu	eec4f03c60	fix typo and changelog entry issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	6455b687fe	add rsa_pss_rsae_* test for tls12 server Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	24e385519e	Add reconnect test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:09:37 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
Ronald Cron	34e90fac27	TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server Allow PSK exchange mode on GnuTLS server for NewSessionTicket message test as otherwise the GnuTLS server does not send tickets. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-21 15:31:14 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	088c92977e	Remove useless force cipher suite Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Jerry Yu	96a2e368dc	TLS 1.3: Add pre-shared-key multiple psk parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 18:00:13 +08:00
Jerry Yu	4a2ea16aed	remove forcecipher for psk test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	36847820fa	add tests for offered psk parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	f7b5b59a92	Add tests for write new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	29ab32d0e5	Add client side tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c52e3bd93b	Improve comment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-14 10:49:47 +08:00
Jerry Yu	299e31f10e	fix various issue - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-13 23:06:36 +08:00
Jerry Yu	fe52e55301	redirect stderr output in ubuntu22.04 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:37 +00:00
Jerry Yu	e36397d13b	add tests for psk_key_exchange_mode To confirm, psk_key_exchange_modes were received and parsed. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:36 +00:00
Zhangsen Wang	91385121b9	delete openssl version requirement for openssl client, because the bug only occurs on openssl server Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-07-12 01:56:57 +00:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Neil Armstrong	c67e6e96f8	Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 15:48:10 +02:00
Jerry Yu	7ac0d498de	remove force_version for client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 19:29:30 +08:00
Jerry Yu	52b7d923fe	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 18:12:44 +08:00
Neil Armstrong	7999cb3896	Remove auth_mode=required and client crt_file/key_file when testing server authentication Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 09:51:33 +02:00
Neil Armstrong	4b10209568	Use different certs for double opaque keys and check certificate issuer CN Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 09:48:09 +02:00
Neil Armstrong	1948a20796	Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 18:05:57 +02:00
Neil Armstrong	167d82c4df	Add dual keys Opaque ssl-opt tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 11:32:00 +02:00
Neil Armstrong	36b022334c	Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 11:16:53 +02:00
Zhangsen Wang	9b64546eb2	Update tests/ssl-opt.sh, delete 1 blank line. Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-06-30 02:35:18 +00:00
Jerry Yu	aae28f178b	add tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:21:32 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	a6076aa8b8	Revert temp test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Zhangsen Wang	87a9c86d87	Re-enable five tests disabled because of an old OpenSSL bug Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-06-29 02:23:22 +00:00
Neil Armstrong	ed917bf548	Update description for negative key_opaque_algs tests Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	eb4390b27c	Add Cipersuite selection negative testing by using invalid algs for server-side opaque key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	9e4b7bd199	Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:22:14 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Ronald Cron	a8d79b9eb6	ssl-opt.sh: Remove one pattern check In "Authentication: client cert not trusted, server required" ssl-opt.sh test, depending on client and server execution speed, the handshake on the client side may complete successfully: the TLS connection is aborted by the server because it is not able to authenticate the client but at that time the client may have completed the handshake on its side. Thus, do not check that the client handshake failed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:05:35 +02:00
Ronald Cron	c78511b59a	ssl-opt.sh: Enable some authentication tests for TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	a4417c13a1	ssl-opt.sh: Add Small/Large packets TLS 1.3 tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	ba80d4d60b	ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3 The other "Event-driven I/O" tests are not relevant to TLS 1.3 yet: no ticket and session resumption support. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
Ronald Cron	2cffd284bc	ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3 The other "Non-blocking I/O" tests are not relevant to TLS 1.3 yet: no ticket and session resumption support. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	95d5f549f1	Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Ronald Cron	f9c13fe69f	ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-22 17:36:21 +02:00
Ronald Cron	ba65fbbe30	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-22 17:36:12 +02:00
Gabor Mezei	7e2dbafe2d	Add test for dummy CCS records Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Ronald Cron	d28f5a98f1	ssl-opt.sh: Add certificate key usage tests for TLS 1.3 Those are adaptations of the already existing TLS 1.2 tests. It is not really possible to just remove the TLS 1.2 dependency of the existing tests because of the following: . in TLS 1.3 the ciphersuite selection on server side is not related to the server certificate . for tests involving OpenSSL the OpenSSL command line as to be adapted to TLS 1.3 . server authentication is mandatory in TLS 1.3 . a key with KeyEncipherment and not DigitalSignature usage is never acceptable Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:46:27 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Ronald Cron	4ccd226cbf	Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases Tls13 add comprehensive cases	2022-06-15 09:18:11 +02:00

1 2 3 4 5 ...

1004 commits