mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
XiaokangQian	3ed16231ab	Refine server side SNI test cases Change-Id: Icdc91ed382e81702e3b46645d3ce3534e62d4a13 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 08:24:04 +00:00
Jerry Yu	b7c12a466f	Refactor compat scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-12 20:53:02 +08:00
XiaokangQian	fb1a3fe7f3	Address comments about python syntax CustomizedGitHooks: yes Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-10 02:27:52 +00:00
XiaokangQian	b1847a234e	Re-structure to share more common code Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-09 02:53:23 +00:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Andrzej Kurek	140b589ec6	Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell When executing eval in the background, the next "$!" gives the eval PID, not the ssl-client2 pid. This causes problems when a client times out and the script tries to kill it. Instead, it kills the parent eval call. This caused problems with subsequent proxy tests receiving old packets from a client from a previous test. Moving the "&" to inside the eval call fixes the problem. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:02:36 -04:00
XiaokangQian	129aeb9b0e	Update test cases and support sni ca override Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-02 09:29:18 +00:00
XiaokangQian	f4f0f6961a	Enable requires_openssl_tls1_3 in sni test cases Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-01 00:42:27 +00:00
XiaokangQian	ac41edfc5e	Enable requires_gnutls_tls1_3 in sni test cases Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-31 13:22:13 +00:00
XiaokangQian	2ccd97b8ef	Change test case name to sni Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-31 08:30:17 +00:00
XiaokangQian	d5d5b60c07	Add comprehensive test cases for TLS1.3 server side Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-31 02:51:26 +00:00
XiaokangQian	f2a942073e	Fix SNI test failure Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	40a3523eb7	Add support of server name extension to server side Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	9a4e1dd8a6	Add back openssl client auth test Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:58:11 +00:00
XiaokangQian	aca9048b5f	Change base on review Fix comments Add test cases for client authentication with empty certificate Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	c3017f620f	Remove useless guards and refine checking Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:10 +00:00
XiaokangQian	189ded2b07	Remove coordinate functions and change state machine in server side Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:46:13 +00:00
Paul Elliott	8fba70f66c	Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup TLS 1.3: Add Finished Message and wrapup	2022-05-25 12:02:06 +01:00
Jerry Yu	5491f857d2	skip openssl client auth test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-23 22:36:16 +08:00
Jerry Yu	090378c685	change exit code of cli auth test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-23 21:03:52 +08:00
Jerry Yu	7eaadae941	fix no x509 info fail. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-23 16:17:25 +08:00
Manuel Pégourié-Gonnard	6ab65e28cf	Merge pull request #5842 from mprse/decrypt_tests RSA decrypt 2: TLS 1.2 integration testing	2022-05-18 12:58:50 +02:00
Jerry Yu	36becb1b81	update hrr tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	a7abc5eaa8	fix ci test fails Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	155493d4f5	fix openssl test fail. different version openssl client return different output. remove string check to workaround it Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	6622049bcc	test:add state check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Jerry Yu	4d8567fa9e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-18 09:58:48 +08:00
Paul Elliott	a478441517	Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify TLS1.3:Add Certificate and CertificateVerify message on Server Side	2022-05-17 15:47:36 +01:00
Przemek Stekiel	8da6da3da2	ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-16 14:37:50 +02:00
Jerry Yu	b89125b81a	Add test without server certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-13 15:50:04 +08:00
Jerry Yu	c450566b85	Update client auth tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Jerry Yu	c8bdbf72d3	test:add state check for certificate and verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-12 14:44:59 +08:00
Andrzej Kurek	5c65c5781f	Fix additional misspellings found by codespell Remaining hits seem to be hex data, certificates, and other miscellaneous exceptions. List generated by running codespell -w -L keypair,Keypair,KeyPair,keyPair,ciph,nd Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-05-11 21:25:54 +01:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Paul Elliott	d1a954d243	Merge pull request #5707 from yuhaoth/pr/add-tls13-write-hello-retry-request TLS1.3: Add HelloRetryRequest Write	2022-05-10 17:25:33 +01:00
Manuel Pégourié-Gonnard	9bbb7bacae	Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks Unify non-opaque and opaque PSKs	2022-05-09 10:15:16 +02:00
Jerry Yu	ede50ea891	move hrr tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-09 15:49:09 +08:00
XiaokangQian	a987e1d2f8	Change state machine after encrypted extension and update cases Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	45c22201b3	Update test cases and encrypted extension state set Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
XiaokangQian	2f150e184f	Update status and add test cases for client certificate request Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-07 01:37:04 +00:00
Ronald Cron	25b1f5d2b7	Merge pull request #5545 from xffbai/tls13-write-enc-ext TLS1.3: add writing encrypted extensions on server side.	2022-05-06 13:54:45 +02:00
Neil Armstrong	cd05f0b9e5	Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00
Jerry Yu	7c0da07445	Update state check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-03 15:08:54 +08:00
Manuel Pégourié-Gonnard	67397fa4fd	Merge pull request #5704 from mprse/mixed_psk_2cx Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK	2022-04-29 10:47:16 +02:00
Gilles Peskine	4098083ed4	Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls RSA-PSS sign 2: TLS 1.3 integration testing	2022-04-28 18:16:44 +02:00
Manuel Pégourié-Gonnard	ad47487e25	Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa Fixup or re-enable tests with Use PSA	2022-04-28 09:57:13 +02:00
Jerry Yu	cef55dbd6a	ssl-opt: add state check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-25 19:41:47 +08:00
Jerry Yu	955ddd75a3	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 22:27:33 +08:00
Przemek Stekiel	85d46fe6cf	ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	b6a0503dda	ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:53:55 +02:00
Przemek Stekiel	b270b56372	ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	8e0495e0f4	ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Jerry Yu	8b9fd374b8	Add P_CLI test to easy debug Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Jerry Yu	abf20c7564	add state check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-04-22 16:45:01 +08:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server Add client hello into server side	2022-04-22 10:26:00 +02:00
Neil Armstrong	7f6f672d7e	Add Opaque PK test case for TLS 1.3 Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard	21f82c7510	Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 RSA sign 3b: TLS 1.2 integration testing	2022-04-22 10:05:43 +02:00
XiaokangQian	e8ff350698	Update code to align with tls13 coding standard Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-22 02:34:40 +00:00
Gilles Peskine	afbfed9397	Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk Run ssl-opt.sh in more reduced configurations	2022-04-21 12:03:53 +02:00
XiaokangQian	318dc763a6	Fix test failure issue and update code styles Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
XiaokangQian	3f84d5d0cd	Update test cases and fix the test failure Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	cfd925f3e8	Fix comments and remove hrr related code Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:45:50 +00:00
XiaokangQian	ed582dd023	Update based on comments Remove cookie support from server side Change code to align with coding styles Re-order functions of client_hello Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	c4b8c99a38	Rebase and solve conflicts and issues Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
XiaokangQian	5e4528cd12	Add test cases for server side parse client hello Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 07:43:48 +00:00
Ronald Cron	df5f8681cc	ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-04-19 18:31:24 +02:00
Gilles Peskine	5bd0b51048	Use terse output from lsof This both simplifies parsing a little, and suppresses warnings. Suppressing warnings is both good and bad: on the one hand it resolves problems such as https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may hide clues as to why lsof wouldn't be working as expected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-16 11:34:23 +02:00
Neil Armstrong	eed1c6255d	Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled Those were disabled in original submission, but it works fine with PSA crypto enabled. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-15 09:30:31 +02:00
Gilles Peskine	2ecf4ff349	Restore explicit version requirement on 1.3 HelloRetryRequest tests A concurrent branch changes the way the test cases run to no longer use force_version=tls13, so the automatic version requirement detection will no longer work after that branch is merged. Therefore, keep the manual requirement (at least until automatic detection gets smarter). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-13 19:08:38 +02:00
Gilles Peskine	c912673f8d	Automatically detect protocol version requirement from force_version When the client or server uses a specific protocol version, automatically require that version to be enabled at compile time. An explicit call is still needed in test cases that require a specific protocol version (due to analyzing version-specific behavior, or checking the version in logs), but do not force that specific protocol version, or that force a specific version only on the openssl/gnutls side. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-13 16:14:01 +02:00
Gilles Peskine	740b734f25	Move ticket, alpn detection into maybe_requires_ciphersuite_enabled No intended behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-13 11:32:46 +02:00
Gilles Peskine	b898b3df90	Prepare to generalize maybe_requires_ciphersuite_enabled Rename maybe_requires_ciphersuite_enabled() to detect_required_features() and refactor its code a little. No intended behavior change. In subsequent commits, this function will detect other requirements in a similar way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-13 11:32:46 +02:00
Neil Armstrong	a4dbfddba2	Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 10:49:25 +02:00
Neil Armstrong	3e9a142017	Add RSA Opaque PK key tests variants in ssl-opt.sh Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 10:49:25 +02:00
Gilles Peskine	8e5e8d73db	Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt Fix an off-by-one error in ssl-opt.sh	2022-04-07 16:20:55 +02:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Gilles Peskine	d2d90af7d9	Make mbedtls_ssl_get_bytes_avail tests more independent Don't depend on the default sizes in the test programs: pass explicit request and buffer sizes. Don't depend on MAX_CONTENT_LEN (other than it not being extremely small: this commit assumes that it will never be less than 101). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:39:06 +02:00
Gilles Peskine	c8d242f625	set_maybe_calc_verify: $1 is intended to be auth_mode Document that this is what it is. Don't allow made-up numerical values. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 22:23:45 +02:00
Gilles Peskine	1438e1620a	Add requirements of "Default" The log checks require a specific hash and a specific curve. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 22:00:32 +02:00
Gilles Peskine	59601d76ad	Documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-05 22:00:17 +02:00
Andrzej Kurek	8db7c0e9ac	Fix an off-by-one error in ssl-opt.sh Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-04-01 08:55:40 -04:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Ronald Cron	cbd7bfd30e	ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests Force TLS 1.2 on OpenSSL/GnuTLS server for TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Ronald Cron	634d865d80	ssl-opt.sh: Fix "no TLS 1.3 server support" test check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 18:25:27 +02:00
Dave Rodgman	017a19997a	Update references to old Github organisation Replace references to ARMmbed organisation with the new org, Mbed-TLS, following project migration. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-03-31 14:43:16 +01:00
Neil Armstrong	b7b549aa71	Force server-side TLS1.2 for ECDH- Opaque PK key test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:18 +02:00
Neil Armstrong	023bf8d7c2	Add ECDH- Opaque PK key test Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Ronald Cron	a1b8f6e914	ssl-opt.sh: Do not force TLS 1.3 on client For TLS 1.3 tests, do not force TLS 1.3 version on client to play the negotiation game whenever possible. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	f3b425bbde	ssl-opt.sh: Force TLS 1.2 on server To maximize the number of tests where MbedTLS client proposes both TLS 1.2 and TLS 1.3 to the server, force the TLS 1.2 version on the server side rather than on the client side in TLS 1.2 specific tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	919130c035	Add rsa_pss_rsae_sha256 support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:33 +08:00
Manuel Pégourié-Gonnard	7c92fe966a	Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection TLS Cipher 2a: tickets: use PSA for protection	2022-03-17 09:50:09 +01:00
Gilles Peskine	6f160cab59	Skip some DTLS reordering tests in PSK-only builds Some DTLS reordering tests rely on certificate authentication messages. It is probably possible to adapt them to rely on different messages, but for now, skip them in PSK-only builds. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 20:32:20 +01:00
Gilles Peskine	309ca65846	calc_verify is only called in some configurations If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled at runtime, and if client authentication is not used, then calc_verify is not called, so don't require the corresponding debug trace. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 20:32:20 +01:00
Gilles Peskine	aa162b5bea	Remove negative check for a message that no longer exists The message was removed in `6be9cf542f` without a replacement. A failure would cause the test case to fail anyway, so this negative check is not really useful. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-14 19:49:18 +01:00
Gabor Mezei	49c8eb3a5a	Enable chachcapoly cipher for SSL tickets Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Gabor Mezei	2fa1c311cd	Remove test dependency The SSL ticket rotation test case is enabled when PSA is used. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Gilles Peskine	588d7a7538	Add a missing requires_max_content_len Slightly reduce the amount of data so that the test passes with 512. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:23:25 +01:00
Gilles Peskine	6e86e54abb	Adapt tests for PSK in PSK-only builds In a PSK-only build: * Skip tests that rely on a specific non-PSK cipher suite. * Skip tests that exercise a certificate authentication feature. * Pass a pre-shared key in tests that don't mind the key exchange type. This commit only considers PSK-only builds vs builds with certificates. It does not aim to do something useful for builds with an asymmetric key exchange and a pre-shared key for authentication. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	2fe796f1b7	Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE This commit is not necessarily complete, but it's a step forward. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	3561526249	Only run "Default" tests if the expected ciphersuite is enabled These tests ensure that a certain cipher suite is in use, so they fail in builds that lack one of the corresponding algorithms. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	a165b5ced6	Automatically skip tests for some absent features: tickets, ALPN Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Gilles Peskine	82a4ab2486	ssl-opt: automatically skip DTLS tests in builds without DTLS Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-25 21:06:21 +01:00
Jerry Yu	2ff6ba1df0	Remove rsa_pss_rsae_sha256 support. Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 10:38:25 +08:00
Jerry Yu	ccb005e35f	fix missing feedback address Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 17:38:34 +08:00
Jerry Yu	819f29730a	fix various issues in ssl-opt Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	2124d05e06	Add sha384 and sha512 case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	562a0fddf0	Add client version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	6c3d821ff1	update ssl-opt test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	46b53b9920	remove duplicate test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	4bfa22aeb3	remove useless config option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	42ea733fdc	remove RSA not found test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	37987ddd0f	Add test cases Add test cases for different sig algs. Known issue is rsa_pss_rsae_sha256 fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	22abd06cd0	Add rsa key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	aa6214a571	add empty client certificate tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c19884f487	change expect exit value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	25e0ddcf47	Add client certificate file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	200b47b8f5	Add more tests for CertificateRequest Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	960bc28bcc	Add tests for no middlebox mode Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:57 +08:00
Gilles Peskine	860429f8af	Add version number debug check to the GnuTLS interop test as well Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:02 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Jerry Yu	baa4934e7b	Add check tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	ab08290c09	tls13_only: skip tls12 tests. TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip them if it is not set Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	8a497205cc	tls13_only: tls 1.3 suite pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Jerry Yu	c10f6b4735	tls13_only: simple test pass Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard	3d1f8b9c00	Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO	2022-02-16 17:33:47 +01:00
Ronald Cron	a7a1deabf8	Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix Fix test suite name reporting of opt-testcases/tls13-compat.sh	2022-02-15 13:53:10 +01:00
lhuang04	86cacac91a	Port ALPN support for tls13 client from tls13-prototype Summary: Port ALPN implementation of tls13 client from [tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124). Test Plan: Reviewers: Subscribers: Tasks: Tags: Signed-off-by: lhuang04 <lhuang04@fb.com>	2022-02-14 08:03:32 -08:00
Ronald Cron	135427cb35	Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-02-11 16:10:44 +01:00
Glenn Strauss	e328245618	Add test case use of mbedtls_ssl_ticket_rotate Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:16 -05:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard	45c5768a74	Merge pull request #5434 from mprse/tls_use_psa TLS Cipher: use PSA crypto	2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard	6f20595b6e	Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity Clarify key types message from ssl_client2 and ssl_server2	2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel	2cb59df939	ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
XiaokangQian	a909061c2a	Refine HRR parse successfully message in test cases Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 03:48:27 +00:00
XiaokangQian	7bae3b616c	Add more ciphersuites into test cases for hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	6db08dd2cb	Change ssl-opt.sh to make hrr tests pass Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	5d8598e090	update certificate request tests Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Gilles Peskine	05bf89da34	Clarify key types message from ssl_client2 and ssl_server2 If no key is loaded in a slot, say "none", not "invalid PK". When listing two key types, use punctuation that's visibly a sequence separator (","). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard	24479b3185	Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive Add positive test case with self-signed certificates	2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard	ff743a7f38	Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets TLS Cipher 1a: extend testing of tickets	2022-01-24 10:25:29 +01:00
Glenn Strauss	6eef56392a	Add tests for accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-23 08:37:02 -05:00
Gabor Mezei	6e5aae63f8	Add tests for ticket_aead option Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-01-12 16:29:58 +01:00
Gilles Peskine	e1cc60eca9	Add positive test case with self-signed certificates Add a positive test case where both the client and the server require authentication and both use a non-CA self-signed certificate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 23:10:56 +01:00
Gilles Peskine	5eb2b02862	Report correct test suite names for opt-testcases/* in outcome file In the outcome file, report each test case in the file it's in, rather than reporting them all from ssl-opt. This is more informative and matches what check_test_cases.py does. This fixes a bug whereby test cases from opt-testcases/* were not detected as having run on the CI, because analyze_outcomes.py (which uses check_test_cases.py) expects them in the containing file whereas they were reported in ssl-opt. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 18:34:12 +01:00
Gilles Peskine	2baaf60c5d	Don't error out if no opt-testcases/*.sh is found This can happen in an insufficiently populated out-of-tree build. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-07 15:46:12 +01:00
Jerry Yu	136320ba0b	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 17:09:00 +08:00
paul-elliott-arm	f434994d83	Merge pull request #5303 from yuhaoth/pr/add_list_config_function Add list config function	2021-12-10 18:30:06 +00:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Jerry Yu	2e8b00172b	Beauty source code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 20:29:02 +08:00
Dave Rodgman	76a2b306ac	Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated Add debug helpers generated	2021-12-10 11:56:55 +00:00
Jerry Yu	d0fcf7f6a0	fix ci fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 18:45:51 +08:00
Ronald Cron	9eab5a6f11	tests: TLS 1.3: Remove unnecessary test requirement Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 10:27:25 +01:00
Jerry Yu	d04fd35c06	Replace configs_enabled check with query_compile_time_config Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 16:31:04 +08:00
Jerry Yu	bc8b22ecc8	fix tls13 test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 15:54:38 +08:00
Jerry Yu	cdcc55f46f	update test check strings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:47:02 +08:00
Jerry Yu	e3b3412bc4	Add tests for enum helper Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 12:45:52 +08:00
Ronald Cron	a55c5a1152	ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	7c0185fa5f	ssl-opt.sh: TLS 1.3: Add some missing test dependencies Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	fdb0e3f381	ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled Run tests with middlebox compatibility enabled but tests dedicated to middlebox compatibility disabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Jerry Yu	52a6e7ea00	Replace tls1_3 with tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:42:47 +08:00
Jerry Yu	c502dff71c	fix TLS1.3 name issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:22:51 +08:00
Jerry Yu	cdcb683568	Update generate scripts and tls13 test cases Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	31018adb81	Add tls13 compat tests with bash scripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	c4aa1520a2	tls13_compat_tests:Add generate all option Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	26fa7dcc4a	Remove rsa_pss_rsae_sha256 test from ssl-opt.sh It has been covered by tls13 compat tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:20:43 +08:00
Jerry Yu	305bfc3dfd	Add tls13 compat tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	8c5559d700	Add HelloRetryRequst tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	936dffd77e	Add certificate request check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:30 +08:00
Jerry Yu	8f9d7dbfd0	Add unsupported version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-06 18:16:29 +08:00
Xiaofei Bai	8b5c3824ee	Fix (d)tls1_2 into (d)tls12 in version options Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 13:22:18 +00:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
XiaokangQian	30f556059a	Reverse the cert file Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-24 01:54:50 +00:00
XiaokangQian	f9fca8a791	Add back cipher suite information in ssh-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 23:21:27 +00:00
XiaokangQian	25476a48b9	Change code based on review Remove useless component in all.sh Remove use server logs in ssh-opt.sh Remove useless guards in ssl_client2.c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 14:01:21 +00:00
XiaokangQian	07c554748a	Change cert file to server2-sha256.crt Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 08:30:14 +00:00
XiaokangQian	a27b3526bf	Disable PSA_CRYPTO in tls1.3 tests Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 02:27:07 +00:00
XiaokangQian	bdf26de384	Fix test failure and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 09:52:56 +00:00
XiaokangQian	3887ab5bcc	Use O_NEXT_SRV to support ciphersuite option Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 07:14:39 +00:00
XiaokangQian	22dd68c2b5	Rebase code and run through the whole test flow Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:54:50 +00:00
XiaokangQian	d15018972c	Change script to solve G_NEXT_SRV_RSA not set issue Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:13 +00:00

... 2 3 4 5 6 ...

1004 commits