Commit graph

6169 commits

Author SHA1 Message Date
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Gilles Peskine
6d6d93ea4a
Merge pull request #5350 from AndrzejKurek/psa-aead-invalid-tag-lengths-setup
Detect invalid tag lengths in psa_aead_setup
2022-01-21 21:46:37 +01:00
Gilles Peskine
c191addc8b
Merge pull request #5267 from mprse/mac_multipart
Extend driver dispatch tests for MAC multipart
2022-01-21 21:46:25 +01:00
Gilles Peskine
fe271b9c92
Merge pull request #5253 from AndrzejKurek/chacha-iv-len-16-fixes
Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
2022-01-21 21:46:08 +01:00
Przemyslaw Stekiel
daaf38b178 Remove multipart part from mac_verify test case
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
6ec59f817f Add mac_verify_multipart test case + test data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
1af1983352 Remove multipart part from mac_sign test case
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Przemyslaw Stekiel
f47b8d39a4 Add mac_sign_multipart test case + test data
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-21 09:37:49 +01:00
Andrzej Kurek
f881601c91 Detect invalid tag lengths in psa_aead_setup
Read tag lengths from the driver and validate against preset values.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-20 07:40:12 -05:00
Andrzej Kurek
031df4a93a Clarify test descriptions
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:44:49 -05:00
Andrzej Kurek
e5f94fb556 PSA AEAD: test long plaintext lengths for psa_set_lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
1e8e1745a8 PSA AEAD: test more combinations of set_nonce and set_lengths
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
a2ce72e5bf Test calling psa_aead_set_lengths and set_nonce in various order
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:36:50 -05:00
Andrzej Kurek
01005b90b5 Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:41 -05:00
Andrzej Kurek
77b8e098f9 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:23 -05:00
Andrzej Kurek
ad2b8b5c3c Fix a dependence in chacha cipher test suite
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:35:27 -05:00
Andrzej Kurek
ee8b57ffa6 Add missing dependency on MBEDTLS_GCM_C in cipher tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:08:27 -05:00
Andrzej Kurek
57d2f13ebc Mark unused variable in tests for cases with reduced configs
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 07:08:27 -05:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations
PSA AEAD: test more combinations of generate_nonce and set_lengths
2022-01-17 13:12:04 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
Remove duplicate function for writing supported_groups extension
2022-01-17 09:13:14 +01:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524 Add a missing test case to ChaCha20 tests - decrypt empty buffer
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-14 16:31:54 +01:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:29:58 +01:00
Gilles Peskine
e1cc60eca9 Add positive test case with self-signed certificates
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 23:10:56 +01:00
Bence Szépkúti
08f34656cb Return the same error in multipart and single shot AEAD
psa_aead_encrypt_setup() and psa_aead_decrypt_setup() were returning
PSA_ERROR_INVALID_ARGUMENT, while the same failed checks were producing
PSA_ERROR_NOT_SUPPORTED if they happened in psa_aead_encrypt() or
psa_aead_decrypt().

The PSA Crypto API 1.1 spec will specify PSA_ERROR_INVALID_ARGUMENT
in the case that the supplied algorithm is not an AEAD one.

Also move these shared checks to a helper function, to reduce code
duplication and ensure that the functions remain in sync.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-07 19:36:07 +01:00
Gilles Peskine
7e09105192 New option to list all test cases
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
686c292e8a Move collect_available_test_cases to check_test_cases.py
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
5eb2b02862 Report correct test suite names for opt-testcases/* in outcome file
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.

This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 18:34:12 +01:00
Gilles Peskine
2baaf60c5d Don't error out if no opt-testcases/*.sh is found
This can happen in an insufficiently populated out-of-tree build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-07 15:46:12 +01:00
Bence Szépkúti
bac671cd23 Fix the multipart AEAD compliance tests
Update the fork of the compliance test suite, and remove the multipart
AEAD tests from the expected failures list.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2022-01-06 15:46:17 +01:00
Andrzej Kurek
dc137252a1 Add tests for an opaque import in the driver wrappers
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 14:26:50 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Jerry Yu
136320ba0b fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 17:09:00 +08:00
Archana
947cf611f2
Jinja2 prerequisite set up on the docker
Jinja2 rev 2.10.1 is required for the driver wrappers code gen.
The same is set up in the bionic docker file.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:29:10 +05:30
Archana
6f21e45b78
Fix Pylint errors and improve Python script
Pylint errors are fixed.
The Python script is improved to take default arguments when not
passed (eg invoked from root of the tree)

check-generated-files.sh and CMakeLists.sh updated.

Signed-off-by: Archana <archana.madhavan@silabs.com>
2021-12-18 13:28:59 +05:30
Dave Rodgman
77d778eee2
Merge branch 'development' into mbedtls-3.1.0_merge_into_release 2021-12-17 10:01:53 +00:00
Dave Rodgman
b8c3301b80 Revert "Add generated files"
This reverts commit 4e62cbc322.
2021-12-17 09:44:04 +00:00
Andrzej Kurek
ad83752811 PSA AEAD: test more combinations of generate_nonce and set_lengths
Extend PSA AEAD testing by adding CCM and ChaChaPoly.
Add more combinations of functions to test the API.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-12-15 15:30:29 +01:00
Gilles Peskine
ccbc318fc5 Remove generation of ssl_debug_helpers_generated.h
It's now under version control and meant to be updated manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-15 12:55:37 +01:00
Ronald Cron
4e62cbc322 Add generated files
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
17b1e2f6c3 Bump version to 3.1.0
Executed ./scripts/bump_version.sh --version 3.1.0 --so-crypto 11 --so-tls 17
+ fix of build_info.h

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 09:02:53 +01:00
Ronald Cron
8188d19b0e Merge branch 'development-restricted' into mbedtls-3.1.0rc-pr 2021-12-14 10:58:18 +01:00
Gilles Peskine
12e27d4c5b List ssl_debug_helpers_generated.h in generated files
Running `generate_ssl_debug_helpers.py` generates both
`ssl_debug_helpers_generated.c` and `ssl_debug_helpers_generated.h`.

List the `.h` file as well as the `.c` file in `check-generated-files.sh` so
that `check-generated-files.sh -u` will complain if it isn't up to date.

List it in `Makefile` and `CMakeLists.txt` so that parallel builds know when
to wait until the `.h` file is present. In `Makefile`, declare the `.c` file
as depending on the `.h` file for order. This way, a dependency for either
will wait until the `.h` file is present, and since the `.h` file is
generated after the `.c` file, this guarantees that the `.c` file is
present.

This fixes random failures of `make -j` from a fresh checkout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-14 00:19:47 +01:00
Gilles Peskine
a5c18512b9
Merge pull request #5155 from paul-elliott-arm/pcks12_fix
Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:36 +01:00
Paul Elliott
6e7deb1d55 Add expected output for tests
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-10 20:53:59 +00:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function
Add list config function
2021-12-10 18:30:06 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc
Miscellaneous final changes for TLS 1.3 MVP release
2021-12-10 17:46:47 +01:00
Ronald Cron
64bff9f261 tests: data_files: Avoid symbolic links
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 15:09:57 +01:00
Gilles Peskine
dc8ecda46f Don't fail until everything is initialized
Can't call mbedtls_cipher_free(&invalid_ctx) in cleanup if
mbedtls_cipher_init(&invalid_ctx) hasn't been called.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-10 14:28:31 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Jerry Yu
2e8b00172b Beauty source code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 20:29:02 +08:00
Ronald Cron
0abf07ca2c Make PSA crypto mandatory for TLS 1.3
As we want to move to PSA for cryptographic operations
let's mandate PSA crypto from the start.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:22:21 +01:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated
Add debug helpers generated
2021-12-10 11:56:55 +00:00
Ronald Cron
6b07916e40
Merge pull request #5230 from ronald-cron-arm/tls13_ccs_client
Add initial support for "Middlebox Compatibility Mode"
2021-12-10 11:58:05 +01:00
Jerry Yu
d0fcf7f6a0 fix ci fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 18:45:51 +08:00
Gilles Peskine
fe051f6aab
Merge pull request #5297 from paul-elliott-arm/test_suite_cipher_returns
Add checked return to cipher setup in Cipher tests
2021-12-10 10:39:57 +01:00
Ronald Cron
9eab5a6f11 tests: TLS 1.3: Remove unnecessary test requirement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:25 +01:00
Ronald Cron
ae93725ae8 tests: Make compat mode optional in script generating tests
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 10:27:07 +01:00
Jerry Yu
d04fd35c06 Replace configs_enabled check with query_compile_time_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 16:31:04 +08:00
Jerry Yu
bc8b22ecc8 fix tls13 test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 15:54:38 +08:00
Jerry Yu
cdcc55f46f update test check strings
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:47:02 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:45:52 +08:00
Jerry Yu
e78ee99624 add enum value to string helpers
Only add helpers for enum in `ssl.h`.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-10 12:43:30 +08:00
Paul Elliott
0cf7e38606 Add checked return to cipher setup
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:27:01 +00:00
Paul Elliott
46a6c20d0c Add checked returns to tests without them.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 18:16:13 +00:00
Gilles Peskine
d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm
PSA Multipart AEAD CCM Internal implementation and tests.
2021-12-09 14:49:42 +01:00
Ronald Cron
a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0
Reorder structure fields to maximize usage of immediate offset access
2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions
Move base64 constant-time functions to the new module
2021-12-09 12:40:18 +01:00
Paul Elliott
37ec16b579 Add explanation for workaround in test code
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 09:44:11 +00:00
Paul Elliott
3938fef25c Indicate set nonce negative test failure reasons
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-08 20:09:09 +00:00
Ronald Cron
1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
2021-12-08 14:56:39 +01:00
Manuel Pégourié-Gonnard
39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv
Avoid using encryption output buffer to pass generated IV to PSA driver
2021-12-08 13:30:06 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-07 09:54:36 +01:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:22:51 +08:00
Jerry Yu
c502dff71c fix TLS1.3 name issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp*
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
55ee769b51 Fix out-of-source build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81 Add tls13 compat tests with bash scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a Remove rsa_pss_rsae_sha256 test from ssl-opt.sh
It has been covered by tls13 compat tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:20:43 +08:00
Jerry Yu
29deed4ddb Add rsa_pss_rsae_sha256 into tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
0f99af8c19 Add keys for tls13 compat tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
8c5559d700 Add HelloRetryRequst tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00
Jerry Yu
936dffd77e Add certificate request check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-06 18:16:30 +08:00