Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
...
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Jerry Yu
7c0da07445
Update state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-03 15:08:54 +08:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
4098083ed4
Merge pull request #5745 from superna9999/5712-pk-opaque-rsa-pss-sign-tls
...
RSA-PSS sign 2: TLS 1.3 integration testing
2022-04-28 18:16:44 +02:00
Manuel Pégourié-Gonnard
ad47487e25
Merge pull request #5742 from superna9999/5669-review-test-incompatible-psa
...
Fixup or re-enable tests with Use PSA
2022-04-28 09:57:13 +02:00
Jerry Yu
cef55dbd6a
ssl-opt: add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-25 19:41:47 +08:00
Jerry Yu
955ddd75a3
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 22:27:33 +08:00
Przemek Stekiel
85d46fe6cf
ssl-opt.sh: add tests for clent/server psa opaque dhe-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b6a0503dda
ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
b270b56372
ssl-opt.sh: add tests for server psa opaque rsa-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
8e0495e0f4
ssl-opt.sh: add tests for client psa opaque rsa-psk key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Jerry Yu
8b9fd374b8
Add P_CLI test to easy debug
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Jerry Yu
abf20c7564
add state check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Neil Armstrong
7f6f672d7e
Add Opaque PK test case for TLS 1.3
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 10:23:10 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
...
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
XiaokangQian
e8ff350698
Update code to align with tls13 coding standard
...
Change-Id: I3c98b7d0db63aecc712a67f4e8da2cb9945c8f17
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-22 02:34:40 +00:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6
Fix test failure issue and update code styles
...
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
XiaokangQian
3f84d5d0cd
Update test cases and fix the test failure
...
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8
Fix comments and remove hrr related code
...
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023
Update based on comments
...
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello
Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38
Rebase and solve conflicts and issues
...
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12
Add test cases for server side parse client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
df5f8681cc
ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Gilles Peskine
5bd0b51048
Use terse output from lsof
...
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731 , on the other hand it may
hide clues as to why lsof wouldn't be working as expected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-16 11:34:23 +02:00
Neil Armstrong
eed1c6255d
Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled
...
Those were disabled in original submission, but it works fine
with PSA crypto enabled.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-15 09:30:31 +02:00
Gilles Peskine
2ecf4ff349
Restore explicit version requirement on 1.3 HelloRetryRequest tests
...
A concurrent branch changes the way the test cases run to no longer use
force_version=tls13, so the automatic version requirement detection will no
longer work after that branch is merged. Therefore, keep the manual
requirement (at least until automatic detection gets smarter).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 19:08:38 +02:00
Gilles Peskine
c912673f8d
Automatically detect protocol version requirement from force_version
...
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.
An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 16:14:01 +02:00
Gilles Peskine
740b734f25
Move ticket, alpn detection into maybe_requires_ciphersuite_enabled
...
No intended behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Gilles Peskine
b898b3df90
Prepare to generalize maybe_requires_ciphersuite_enabled
...
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-13 11:32:46 +02:00
Neil Armstrong
a4dbfddba2
Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Neil Armstrong
3e9a142017
Add RSA Opaque PK key tests variants in ssl-opt.sh
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt
...
Fix an off-by-one error in ssl-opt.sh
2022-04-07 16:20:55 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9
Make mbedtls_ssl_get_bytes_avail tests more independent
...
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.
Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:39:06 +02:00
Gilles Peskine
c8d242f625
set_maybe_calc_verify: $1 is intended to be auth_mode
...
Document that this is what it is. Don't allow made-up numerical values.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 22:23:45 +02:00
Gilles Peskine
1438e1620a
Add requirements of "Default"
...
The log checks require a specific hash and a specific curve.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:32 +02:00
Gilles Peskine
59601d76ad
Documentation improvements
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-05 22:00:17 +02:00
Andrzej Kurek
8db7c0e9ac
Fix an off-by-one error in ssl-opt.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-01 08:55:40 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
...
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Ronald Cron
cbd7bfd30e
ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
...
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80
ssl-opt.sh: Fix "no TLS 1.3 server support" test check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Dave Rodgman
017a19997a
Update references to old Github organisation
...
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Neil Armstrong
b7b549aa71
Force server-side TLS1.2 for ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Neil Armstrong
023bf8d7c2
Add ECDH- Opaque PK key test
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:17 +02:00
Ronald Cron
a1b8f6e914
ssl-opt.sh: Do not force TLS 1.3 on client
...
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde
ssl-opt.sh: Force TLS 1.2 on server
...
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399
Allow hybrid TLS 1.3 + TLS 1.2 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b
ssl_tls12_client.c: Switch to generic Client Hello state handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00