Xiaokang Qian
ed0620cb13
Refine code base on comments
...
Move code to proper macro guards protection
Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
Xiaokang Qian
2f9efd3038
Address comments base on review
...
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
Xiaokang Qian
adf84a4a8c
Remove public api mbedtls_ssl_reset_hostname()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
281fd1bdd8
Add server name check when proposeing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Jerry Yu
25ab654781
Add dummy ticket support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Ronald Cron
77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases
...
TLS 1.3: Add PSK client cases
2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Xiaokang Qian
e12d30d751
Move psk related cases into tls13-kex-modes.sh
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-27 11:34:14 +00:00
Xiaokang Qian
cffb18cee7
Fix various issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
Xiaokang Qian
edc35e7ffd
Refine the psk test cases for m->G
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-09-23 01:49:33 +00:00
XiaokangQian
335cfaadf9
Finalize client side code for psk
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-09-23 01:48:26 +00:00
Ronald Cron
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Ronald Cron
277cdcbcde
ssl-opt.sh: tls13 opaque key: Enable client authentication
...
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c
ssl-opt.sh: tls13 opaque key: Do not force version on client side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3
ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
...
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
67ea2543ed
tls13: server: Add sig alg checks when selecting best certificate
...
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Jerry Yu
7a51305478
Add multi-session tickets test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
Przemek Stekiel
c454aba203
ssl-opt.sh: add tests for key_opaque_algs option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Jerry Yu
a02841bb8a
revert changes on PSK tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 11:07:27 +08:00
Andrzej Kurek
d681746a51
Split some ssl-opt.sh test cases into two
...
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f
Switch to the new version of hash algorithm checking in ssl-opt.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19
Add a posibility to check for the availability of hash algs to ssl-opt
...
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Hannes Tschofenig
fd6cca4448
CID update to RFC 9146
...
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2022-09-07 17:15:05 +02:00
Jerry Yu
e976492a11
Add session ticket tests for client
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
6a9bebaefd
Add psk mode tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:42:19 +08:00
Zhangsen Wang
3f95d303d1
rebase with lastest development branch
2022-08-16 03:16:22 +00:00
Ronald Cron
295d93ebe8
Add psk handshake with gnutls
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled
...
Add ability to check if any/all configs are enabled/disabled for ssl-opt
2022-08-11 09:40:38 +01:00
Jerry Yu
27d80927d5
fix wrong typo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-02 21:28:55 +08:00
Jerry Yu
2fcb056ea9
Add requires_{any,all}_configs_enabled functions
...
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Jerry Yu
d2d4110e8e
Remove Teminated
message from stdout
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Zhangsen Wang
d5e8a482f9
delete whitespace in comment
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 07:53:36 +00:00
Zhangsen Wang
baeffbbdd2
skip test with openssl client because it will timeout with certain seed due to an openssl bug
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 06:35:26 +00:00
Jerry Yu
eec4f03c60
fix typo and changelog entry issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
6455b687fe
add rsa_pss_rsae_* test for tls12 server
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
...
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123 . Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
...
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
24e385519e
Add reconnect test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:37 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
...
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
Ronald Cron
34e90fac27
TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server
...
Allow PSK exchange mode on GnuTLS server for
NewSessionTicket message test as otherwise
the GnuTLS server does not send tickets.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-21 15:31:14 +02:00
XiaokangQian
3ad67bf4e3
Rename functions and add test messages
...
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
088c92977e
Remove useless force cipher suite
...
Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440
Fix transcript issues and add cases against openssl
...
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af
Add psk code to tls13 client side
...
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Jerry Yu
96a2e368dc
TLS 1.3: Add pre-shared-key multiple psk parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 18:00:13 +08:00
Jerry Yu
4a2ea16aed
remove forcecipher for psk test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
36847820fa
add tests for offered psk parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
f7b5b59a92
Add tests for write new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:41:00 +08:00
Jerry Yu
a357cf4d4c
Rename new_session_ticket state
...
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
29ab32d0e5
Add client side tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
c52e3bd93b
Improve comment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e
fix various issue
...
- remove unused test case
- add alert message
- improve readabitlity
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Jerry Yu
fe52e55301
redirect stderr output in ubuntu22.04
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b
add tests for psk_key_exchange_mode
...
To confirm, psk_key_exchange_modes were received and
parsed.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:36 +00:00
Zhangsen Wang
91385121b9
delete openssl version requirement for openssl client, because the bug only occurs on openssl server
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-12 01:56:57 +00:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
...
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
...
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Neil Armstrong
c67e6e96f8
Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 15:48:10 +02:00
Jerry Yu
7ac0d498de
remove force_version for client
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-01 19:29:30 +08:00
Jerry Yu
52b7d923fe
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-01 18:12:44 +08:00
Neil Armstrong
7999cb3896
Remove auth_mode=required and client crt_file/key_file when testing server authentication
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568
Use different certs for double opaque keys and check certificate issuer CN
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 09:48:09 +02:00
Neil Armstrong
1948a20796
Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 18:05:57 +02:00
Neil Armstrong
167d82c4df
Add dual keys Opaque ssl-opt tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:32:00 +02:00
Neil Armstrong
36b022334c
Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 11:16:53 +02:00
Zhangsen Wang
9b64546eb2
Update tests/ssl-opt.sh, delete 1 blank line.
...
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-06-30 02:35:18 +00:00
Jerry Yu
aae28f178b
add tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:21:32 +08:00
Jerry Yu
f55886a217
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:46 +08:00
Jerry Yu
a6076aa8b8
Revert temp test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:45 +08:00
Jerry Yu
7ab7f2b184
Remove pkcs1 from certificate_verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:44 +08:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
...
TLS 1.3 server: Send dummy change_cipher_spec records
The internal CI PR-merge job ran successfully thus good to go.
2022-06-29 09:47:49 +02:00
Glenn Strauss
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Zhangsen Wang
87a9c86d87
Re-enable five tests disabled because of an old OpenSSL bug
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-06-29 02:23:22 +00:00
Neil Armstrong
ed917bf548
Update description for negative key_opaque_algs tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
eb4390b27c
Add Cipersuite selection negative testing by using invalid algs for server-side opaque key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Gabor Mezei
9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:22:14 +02:00
Gabor Mezei
f7044eaec8
Fix name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:01:49 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
...
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
Ronald Cron
a8d79b9eb6
ssl-opt.sh: Remove one pattern check
...
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:05:35 +02:00
Ronald Cron
c78511b59a
ssl-opt.sh: Enable some authentication tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80
tls13: Align some debug messages with TLS 1.2 ones
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1
ssl-opt.sh: Add Small/Large packets TLS 1.3 tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b
ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3
...
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc
ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3
...
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
XiaokangQian
95d5f549f1
Fix coding styles
...
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
XiaokangQian
c740345c5b
Adress review comments
...
Change Code styles
Add test cases
Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Ronald Cron
f9c13fe69f
ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:21 +02:00
Ronald Cron
ba65fbbe30
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Gabor Mezei
7e2dbafe2d
Add test for dummy CCS records
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251
Add ALPN extension to the server side
...
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Ronald Cron
d28f5a98f1
ssl-opt.sh: Add certificate key usage tests for TLS 1.3
...
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
usage is never acceptable
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:46:27 +02:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
...
Tls13 add server name
2022-06-16 08:30:09 +02:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
...
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Andrzej Kurek
7cf872557a
Rearrange the session resumption code
...
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-14 08:26:19 -04:00