Commit graph

729 commits

Author SHA1 Message Date
Gilles Peskine
309ca65846 calc_verify is only called in some configurations
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 20:32:20 +01:00
Gilles Peskine
aa162b5bea Remove negative check for a message that no longer exists
The message was removed in 6be9cf542f without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-03-14 19:49:18 +01:00
Gilles Peskine
588d7a7538 Add a missing requires_max_content_len
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:23:25 +01:00
Gilles Peskine
6e86e54abb Adapt tests for PSK in PSK-only builds
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
2fe796f1b7 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
3561526249 Only run "Default" tests if the expected ciphersuite is enabled
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
a165b5ced6 Automatically skip tests for some absent features: tickets, ALPN
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
82a4ab2486 ssl-opt: automatically skip DTLS tests in builds without DTLS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 21:06:21 +01:00
Gilles Peskine
860429f8af Add version number debug check to the GnuTLS interop test as well
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:02 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-21 15:14:01 +01:00
Jerry Yu
baa4934e7b Add check tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
ab08290c09 tls13_only: skip tls12 tests.
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
8a497205cc tls13_only: tls 1.3 suite pass
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735 tls13_only: simple test pass
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix
Fix test suite name reporting of opt-testcases/tls13-compat.sh
2022-02-15 13:53:10 +01:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:44 +01:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel
2cb59df939 ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
7bae3b616c Add more ciphersuites into test cases for hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
6db08dd2cb Change ssl-opt.sh to make hrr tests pass
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:51:13 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:32:29 +00:00
Xiaofei Bai
5d8598e090 update certificate request tests
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-26 09:31:54 +00:00
Gilles Peskine
05bf89da34 Clarify key types message from ssl_client2 and ssl_server2
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard
24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive
Add positive test case with self-signed certificates
2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:29:58 +01:00
Gilles Peskine
e1cc60eca9 Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 23:10:56 +01:00
Gilles Peskine
5eb2b02862 Report correct test suite names for opt-testcases/* in outcome file
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.

This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
2baaf60c5d Don't error out if no opt-testcases/*.sh is found
This can happen in an insufficiently populated out-of-tree build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 15:46:12 +01:00
Jerry Yu
136320ba0b fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 17:09:00 +08:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
Add list config function
2021-12-10 18:30:06 +00:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Jerry Yu
2e8b00172b Beauty source code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:29:02 +08:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Jerry Yu
d0fcf7f6a0 fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 18:45:51 +08:00
Ronald Cron
9eab5a6f11 tests: TLS 1.3: Remove unnecessary test requirement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:25 +01:00
Jerry Yu
d04fd35c06 Replace configs_enabled check with query_compile_time_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:31:04 +08:00
Jerry Yu
bc8b22ecc8 fix tls13 test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 15:54:38 +08:00
Jerry Yu
cdcc55f46f update test check strings
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:02 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00