Commit graph

19313 commits

Author SHA1 Message Date
Thomas Daubney
5e896d914a Adds test data for encrypt setup test case
This commit adds a positive test case for the
encrypt setup function test.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:18 +01:00
Thomas Daubney
d610191ad6 Adds driver dispatch test for M-AEAD encryption setup
This commit adds a test called aead_encrypt_setup()
which tests that the relevant drivers get called the correct
amount of times when running the multipart AEAD encrypt
setup API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-04-04 14:21:10 +01:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2
TLS 1.2/1.3 version negotiation - 2
2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard
33a9d61885
Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors
Accessors to own CID within mbedtls_ssl_context
2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard
6a25159c69
Merge pull request #5648 from gabor-mezei-arm/5403_hkdf_use_internal_psa_implementations
HKDF 2: use internal implementations in TLS 1.3
2022-04-01 11:15:29 +02:00
Dave Rodgman
d7bdedc9f6
Merge pull request #5681 from daverodgman/migration
Update references to old Github organisation
2022-04-01 09:51:29 +01:00
Manuel Pégourié-Gonnard
451114fe42
Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo
Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
2022-04-01 10:04:56 +02:00
Paul Elliott
02758a51df Add tls CID tests
Add tests to test tls coneection id functionality, including the new
'own cid' accessor.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Paul Elliott
0113cf1022 Add accessor for own cid to ssl context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-03-31 19:21:41 +01:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
11218dda96 ssl_client.c: Fix unused parameter
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:25:27 +02:00
Ronald Cron
bdb4f58cea Add and update documentation of some minor version fields
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 18:24:59 +02:00
Ronald Cron
82c785fac3 Make handshake::min_minor_ver client only
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Ronald Cron
6476726ce4 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
a980adf4ce
Merge pull request #5637 from ronald-cron-arm/version-negotiation-1
TLS 1.2/1.3 version negotiation - 1
2022-03-31 11:47:16 +02:00
Ronald Cron
ba120bb228 ssl_tls13_client.c: Fix ciphersuite final validation
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
8fdad9e534 ssl_tls12_client.c: Remove duplicate of ciphersuite validation
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
757a2abfe2 ssl_client.c: Extend and export ciphersuite validation function
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
f735cf1f0f ssl_tls.c: Fix ciphersuite selection regarding protocol version
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429 ssl_tls13_client.c: Add check in supported_versions parsing
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
1fa4f6863b ssl_tls.c: Return in error if default config fails
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
a77fc2756e ssl_tls13_client.c: versions ext writing : Fix available space check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
37bdaab64f tls: Simplify the logic of the config version check and test it
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
Ronald Cron
3cffc5ccb1 tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
Ronald Cron
150d579d7a ssl_client.c: Improve coding style
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
Neil Armstrong
e451295179 Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-30 16:41:12 +02:00
Ronald Cron
da41b38c42 Improve and fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Manuel Pégourié-Gonnard
3304f253d7
Merge pull request #5653 from paul-elliott-arm/handshake_over
Add mbedtls_ssl_is_handshake_over()
2022-03-30 12:16:40 +02:00
Gabor Mezei
e42d8bf83b
Add macro guard for header file
Some of the macros are used by the test data files and must be moved
before the macros guard.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-03-30 11:33:06 +02:00
Manuel Pégourié-Gonnard
abed05f335
Merge pull request #5652 from arturallmann/issue-commit
Fix comment typo in threading.c
2022-03-30 10:01:24 +02:00
Ronald Cron
8ecd9937a9 ssl_client.c: Fix state change for DTLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
3cec8e8864 tests: Init PSA crypto if TLS 1.3 is enabled
Initialize PSA crypto in tests if TLS 1.3 is
enabled as done when MBEDTLS_USE_PSA_CRYPTO
is enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde ssl-opt.sh: Force TLS 1.2 on server
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e71639d39b Simplify TLS major version default value setting
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
dbe87f08ec Propose TLS 1.3 and TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c Add logic to switch to TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
5f4e91253f ssl_client.c: Add DTLS ClientHello message sending specifics
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
11e1857f5e ssl_client.c: Fix key share code guards
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
df823bf39b ssl_client.c: Re-order partially extension writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:57:54 +02:00
Ronald Cron
42c1cbf1de ssl_client.c: Adapt compression methods comment to TLS 1.2 case
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:56:58 +02:00
Paul Elliott
571f1187b6
Merge pull request #5642 from mprse/ecp_export
Add ECP keypair export function
2022-03-29 17:19:04 +01:00