Commit graph

1086 commits

Author SHA1 Message Date
Tomás González
37a8739e4d ssl-opt.sh: Don't affect the order at which functions are printed
When adding the LIST_TESTS option, print_name can be called
before checking if the test case should be excluded or not.
Change this back to its previous state while still taking into
account the LIST_TESTS option.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:43:15 +01:00
Tomás González
be2c66e548 ssl-opt.sh: Simplify the implementation of the -l option
Instead of verifying if the LIST_TESTS variable has been set in
every function to avoid using the P_QUERY variable and avoid
calling a program that has not necessarily been compiled yet:

 * Define P_QUERY=":" when LIST_TESTS has been set.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:43:15 +01:00
Tomás González
06956a12aa Skip unnecessary logic when -l option is used
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:43:14 +01:00
Tomás González
f162b4f497 Only use CONFIGS_ENABLED when not listing tests
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:29:28 +01:00
Tomás González
0e8a08a1f7 Get options at beginning of program
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:29:28 +01:00
Tomás González
787428a08c Avoid skipping test when printing
Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:29:28 +01:00
Tomás González
24552ff84e ssl-opt/run_test: Introduce -l option to list test case names
* Add an option in ssl-opt test case to list all the run_test calls
   and their names. This allows to show the parameters used and can
   make us avoid having to parse ssl-opt to look for extra
   parameters in the future.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
2023-10-27 11:29:28 +01:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello
TLS 1.3: EarlyData SRV: Add early data extension parser.
2023-10-26 08:31:53 +00:00
Jerry Yu
53a332d970 fix various issues
- rename file name from `early_data.txt` to `tls13_early_data.txt`
- fix typo issue
- remove redundant parameter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-23 13:52:56 +08:00
Manuel Pégourié-Gonnard
22334a202a Fix some dependencies in ssl-opt.sh
These are explicitly PSA tests, so use PSA_WANT.

Was missed by analyze_outcomes.py because those test cases were not
listed properly, which will be fixed by #8088.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-10-19 11:27:33 +02:00
Manuel Pégourié-Gonnard
2e37d7b238
Merge pull request #8121 from gilles-peskine-arm/ssl-test-no-legacy
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
2023-10-18 07:13:12 +00:00
Jerry Yu
e649cecb43 Add data file for early data input
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:02:01 +08:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
482a0b957f test: fix remaining disparities and remove debug leftovers
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
Manuel Pégourié-Gonnard
f299efdb96 Improve a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:04 +02:00
Gilles Peskine
2c40b90598 ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-30 16:38:56 +02:00
Gilles Peskine
5cb8605d79 ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-27 21:40:56 +02:00
Valerio Setti
36344cecbd ssl-opt: remove redundant requirement for RSA_C
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 09:37:14 +02:00
Valerio Setti
4f577f3e51 ssl-opt: add RSA_C requirement when RSA encryption is used in certificate
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
726ffbf642 ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-03 09:15:34 +02:00
Gilles Peskine
b387fcf59b Adapt names (curves -> groups) in a separately added test case
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-11 09:19:13 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Przemek Stekiel
45255e4c71 Adapt names (curves -> groups)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
3484db4ce7 Change ffdh testing strategy
- Full tests generated by script only for ffdhe2048 group
- Single G->m and m->G exchange test for each other group

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-28 13:31:38 +02:00
Przemek Stekiel
7dda271c1d Fix description of functions
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-28 09:16:08 +02:00
Przemek Stekiel
c31a798f45 Replace MBEDTLS_ECDH_C dependency in ssl-opt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-27 10:58:50 +02:00
Przemek Stekiel
8bfe897ab0 Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-26 16:33:00 +02:00
Przemek Stekiel
1f5c2ba495 Add missing ECDH dependencies in ssl-opt tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:16 +02:00
Przemek Stekiel
a53dca125e Limit number ffdh test cases (ffdhe2048, ffdhe8192)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 20:53:09 +02:00
Przemek Stekiel
422ab1f835 Add FFDH tests to ssl-opt
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 11:04:28 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
5e2f816c39 Fix test configs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
250b9fde75 ssl-opt.sh: Add FFDH tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Tom Cosgrove
ef468ea2ba
Merge pull request #6740 from xkqian/tls13_fix_unkown_pk_type
Remove useless debug log of pk type from test cases
2023-05-05 16:14:59 +01:00
Valerio Setti
a9aafd4807 test: revert undesired debug change in ssl-opt
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 12:30:45 +02:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d120bd646c ssl-opt.sh: Add version selection by the server tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00