Commit graph

21935 commits

Author SHA1 Message Date
Gilles Peskine
af8ea3f738
Merge pull request #6468 from gilles-peskine-arm/bignum-test-suite-names
Rename test_suite_bignum for consistency
2022-10-25 10:40:29 +02:00
Xiaokang Qian
d69d06fffa Improve format issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 06:51:25 +00:00
Xiaokang Qian
95a0730f17 Change prerequisites of MBEDTLS_SSL_EARLY_DATA and add related check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:48 +00:00
Xiaokang Qian
72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7 Remove useless early data related macros for the time being
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2 Add early data support preparatory work
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Andrzej Kurek
2c7993c456 depends.py: add a config option to unset MBEDTLS_USE_PSA
This lets us perform any test without MBEDTLS_USE_PSA
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
409248a73a mbedtls_ssl_get_handshake_transcript is unusable without hashes
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9 Fix tls_prf generic dependencies
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
2012361ae6
Merge pull request #6448 from ronald-cron-arm/tls13-kex-build-options
TLS 1.3 Introduce and use key exchange mode config options
2022-10-24 15:21:37 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1 Refactor macro-spanning if in ssl_client2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:11:38 +01:00
Manuel Pégourié-Gonnard
72ef7c0390
Merge pull request #6463 from AndrzejKurek/fix-crypo-typo
Fix a typo and dependencies in test_suite_cipher.[aes|gcm|ccm]
2022-10-24 11:06:22 +02:00
Manuel Pégourié-Gonnard
4c89542086
Merge pull request #6465 from mpg/pr-template-changelog
Make ChangeLog more visible in PR template
2022-10-24 10:46:31 +02:00
Ronald Cron
454eb9172d ssl-opt.sh: Fix list of TLS 1.2 key exchanges with cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
10bf956334 tls13: Fix documentation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
083da8eb53 tls13: client: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
70ed41754d ssl-opt.sh: Simplify TLS 1.3 dependencies
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
5de538c9dd ssl-opt.sh: Remove requires_key_exchange_with_cert_in_tls12_enabled
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e tls13: keys: Simplify code guard
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7 Fix kex config options documentation in tls13-support.md
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
c3f43b663e all.sh: Add components testing TLS 1.3 kex partial enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
8328113cad ssl-opt.sh: Fix some test checks for ephemeral only kex build
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f tls13: Add missing kex guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
59625848e6 ssl-opt.sh: TLS 1.3 kex: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*ENABLED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:41:57 +02:00
Andrzej Kurek
ba970be142 Fix test dependencies for cases that are PSA-based
These should be using PSA-type macros, not MBEDTLS_XXX_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 13:39:00 -04:00
Gilles Peskine
fc4f11b5d0 Improve test component name
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 19:34:54 +02:00
Gilles Peskine
a020d535ad Avoid having both test_suite_XXX.data and test_suite_XXX.*.data
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 19:00:38 +02:00
Gilles Peskine
42832bd406 Don't use test_suite_mpi as an example
It just got renamed, and it's also not the most canonical example since it's
a somewhat deprecated interface. Make a different module the example.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:56:47 +02:00
Gilles Peskine
ce22066211 Rename test_suite_bignum for consistency with bignum.{h,c}
Align the name of the bignum test suite with the source module (which was
renamed from mpi.c to bignum.c in the PolarSSL 1.x days). This also brings
it into line with the test suites for the low-level bignum interfaces.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:54:43 +02:00
Gilles Peskine
abc6fbb8d7 Fix brief description
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:36:31 +02:00
Andrzej Kurek
ed05279e4f Comment fix
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 10:28:55 -04:00
Andrzej Kurek
d066c79d7e Add missing ECB requirements for PSA cipher aes tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 10:28:55 -04:00
Andrzej Kurek
8f26c8a0cf Fix a typo in test_suite_cipher
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-21 10:28:55 -04:00
Ronald Cron
89ca977128 ssl-opt.sh: Improve dependencies of some TLS 1.3 test cases
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
bc5adf4ef8 ssl-opt.sh: Add dependencies on handshake with cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
2ea36af693 ssl-opt.sh: TLS 1.3 kex: Do not use sig_algs if no cert
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
81cd7ab492 tests: ssl: Add missing dependency on MBEDTLS_X509_CRT_PARSE_C
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
f64cc03b09 tests: ssl: Add missing dependencies on certificate based handshake
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:47:00 +02:00
Ronald Cron
457fb7a523 tests: ssl: Fix ciphersuite identifier
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:44:45 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00