Neil Armstrong
7999cb3896
Remove auth_mode=required and client crt_file/key_file when testing server authentication
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568
Use different certs for double opaque keys and check certificate issuer CN
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:48:09 +02:00
Neil Armstrong
1948a20796
Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 18:05:57 +02:00
Neil Armstrong
96eceb8022
Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 18:05:05 +02:00
Neil Armstrong
167d82c4df
Add dual keys Opaque ssl-opt tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:32:00 +02:00
Neil Armstrong
36b022334c
Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:16:53 +02:00
Neil Armstrong
b2c3b5be2d
Fix depends on handshake_ciphersuite_select tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 10:49:04 +02:00
Neil Armstrong
db13497490
Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 09:06:28 +02:00
Neil Armstrong
2407279fa4
Add tests with specific hash for handshake_ciphersuite_select positive tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
9f1176a793
Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
ed917bf548
Update description for negative key_opaque_algs tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
9f4606e6d2
Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
8c52ed8d1e
Add negative testing of ciphersuite selection using Opaque algs & usage
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
eb4390b27c
Add Cipersuite selection negative testing by using invalid algs for server-side opaque key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Neil Armstrong
0c9c10a401
Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Ronald Cron
e99ec7cb6a
Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc
...
TLS 1.3: Fixes and add documentation
Validated by the internal CI, no need to wait for the Open CI.
2022-06-28 12:16:17 +02:00
Manuel Pégourié-Gonnard
273453f126
Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next
...
Inline mbedtls_x509_dn_get_next() in x509.h
2022-06-28 10:13:58 +02:00
Ronald Cron
6b14c69277
Improve documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
11b5332ffc
tls13: Fix certificate extension size write
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
139d0aa9d3
Fix typo in documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
81a334fc02
tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext()
...
Some coding style alignement as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
585cd70d04
tests: ssl: Fix coverity deadcode issue
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
7b8404608a
tls13: Rename ssl_tls13_write_hello_retry_request_coordinate
...
Rename ssl_tls13_write_hello_retry_request_coordinate to
ssl_tls13_prepare_hello_retry_request as it is more
aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
fb508b8f21
tls13: Move state changes up to state main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
63dc463ed6
tls13: Simplify switch to the inbound handshake keys on server side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
5afb904022
tls13: Move out of place handshake field reset
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
828aff6ead
tls13: Rename server_hello_coordinate to preprocess_server_hello
...
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
db5dfa1f1c
tls13: Move ServerHello fetch to the ServerHello top handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
44b23b10e1
tls13: Document TLS 1.3 handshake implementation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
9d6a545714
tls13: Re-organize EncryptedExtensions message parsing code
...
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
154d1b68d6
tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c
tls13: Fix pointer calculation before space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199
tls13: Add missing buffer overread check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
...
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
Glenn Strauss
01d2f52a32
Inline mbedtls_x509_dn_get_next() in x509.h
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-27 14:20:07 -04:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
...
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Ronald Cron
a8d79b9eb6
ssl-opt.sh: Remove one pattern check
...
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn
...
Add ALPN extension to the server side
2022-06-27 08:33:03 +02:00
Ronald Cron
21a1b2d374
Enable "Sending app data" SSL unit tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a
ssl-opt.sh: Enable some authentication tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80
tls13: Align some debug messages with TLS 1.2 ones
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1
ssl-opt.sh: Add Small/Large packets TLS 1.3 tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b
ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3
...
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc
ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3
...
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a
Change some comments for alpn
...
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
...
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
fc425ee9a4
Merge pull request #5838 from mprse/HKDF_2
...
HKDF 2: Use HKDF-Expand/Extract from PSA in TLS 1.3
2022-06-24 09:28:17 +02:00
XiaokangQian
95d5f549f1
Fix coding styles
...
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Werner Lewis
3e5585b45d
Replace TEST_ASSERT macro uses
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395
Reduce buffer sizes to expected size
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00