947 commits

Author	SHA1	Message	Date
Ronald Cron	77c691f099	Merge pull request #6194 from xkqian/tls13_add_psk_client_cases ... TLS 1.3: Add PSK client cases	2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 ... Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Xiaokang Qian	e12d30d751	Move psk related cases into tls13-kex-modes.sh ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-27 11:34:14 +00:00
Xiaokang Qian	cffb18cee7	Fix various issues ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
Xiaokang Qian	edc35e7ffd	Refine the psk test cases for m->G ... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-09-23 01:49:33 +00:00
XiaokangQian	335cfaadf9	Finalize client side code for psk ... Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-09-23 01:48:26 +00:00
Ronald Cron	50969e3af5	ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 15:57:57 +02:00
Ronald Cron	277cdcbcde	ssl-opt.sh: tls13 opaque key: Enable client authentication ... Enable client authentication in TLS 1.3 opaque key tests to use the opaque key on client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	e3196d270c	ssl-opt.sh: tls13 opaque key: Do not force version on client side ... Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	6ec2123bf3	ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests ... Align prefix of TLS 1.3 opaque key tests with the prefix of the othe TLS 1.3 tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	067a1e735e	tls13: Try reasonable sig alg for CertificateVerify signature ... Instead of fully validating beforehand signature algorithms with regards to the private key, do minimum validation and then just try to compute the signature. If it fails try another reasonable algorithm if any. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:30:13 +02:00
Ronald Cron	67ea2543ed	tls13: server: Add sig alg checks when selecting best certificate ... When selecting the server certificate based on the signature algorithms supported by the client, check the signature algorithms as close as possible to the way they are checked to compute the signature for the server to prove it possesses the private key associated to the certificate. That way we minimize the odds of selecting a certificate for which the server will not be able to compute the signature to prove it possesses the private key associated to the certificate. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 14:26:32 +02:00
Jerry Yu	7a51305478	Add multi-session tickets test ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:26:07 +08:00
Ronald Cron	be0224aef3	Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets	2022-09-18 21:18:13 +02:00
Przemek Stekiel	c454aba203	ssl-opt.sh: add tests for key_opaque_algs option ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-15 14:22:29 +02:00
Jerry Yu	a02841bb8a	revert changes on PSK tests ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-13 11:07:27 +08:00
Andrzej Kurek	d681746a51	Split some ssl-opt.sh test cases into two ... There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE that has to be handled. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:37:46 -04:00
Andrzej Kurek	934e9cd47f	Switch to the new version of hash algorithm checking in ssl-opt.sh ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:34:23 -04:00
Andrzej Kurek	9c061a2d19	Add a posibility to check for the availability of hash algs to ssl-opt ... The new function now dispatches a check for either an MBEDTLS or PSA define to check for SHA_XXX. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:34:23 -04:00
Jerry Yu	e976492a11	Add session ticket tests for client ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation ... TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Jerry Yu	6a9bebaefd	Add psk mode tests ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:42:19 +08:00
Zhangsen Wang	3f95d303d1	rebase with lastest development branch	2022-08-16 03:16:22 +00:00
Ronald Cron	295d93ebe8	Add psk handshake with gnutls ... Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Dave Rodgman	322a7a19e7	Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled ... Add ability to check if any/all configs are enabled/disabled for ssl-opt	2022-08-11 09:40:38 +01:00
Jerry Yu	27d80927d5	fix wrong typo ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-02 21:28:55 +08:00
Jerry Yu	2fcb056ea9	Add requires_{any,all}_configs_enabled functions ... - requires_any_configs_enabled - requires_all_configs_enabled - requires_any_configs_disabled - requires_all_configs_disabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-31 12:23:39 +08:00
Jerry Yu	d2d4110e8e	Remove Teminated message from stdout ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-31 12:23:39 +08:00
Zhangsen Wang	d5e8a482f9	delete whitespace in comment ... Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-07-29 07:53:36 +00:00
Zhangsen Wang	baeffbbdd2	skip test with openssl client because it will timeout with certain seed due to an openssl bug ... Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>	2022-07-29 06:35:26 +00:00
Jerry Yu	eec4f03c60	fix typo and changelog entry issues ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	6455b687fe	add rsa_pss_rsae_* test for tls12 server ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load ... TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks ... TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	24e385519e	Add reconnect test ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:09:37 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk ... Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
Ronald Cron	34e90fac27	TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server ... Allow PSK exchange mode on GnuTLS server for NewSessionTicket message test as otherwise the GnuTLS server does not send tickets. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-21 15:31:14 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages ... Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	088c92977e	Remove useless force cipher suite ... Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl ... Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side ... Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Jerry Yu	96a2e368dc	TLS 1.3: Add pre-shared-key multiple psk parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 18:00:13 +08:00
Jerry Yu	4a2ea16aed	remove forcecipher for psk test ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	36847820fa	add tests for offered psk parser ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	f7b5b59a92	Add tests for write new session ticket ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state ... Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	29ab32d0e5	Add client side tests ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c52e3bd93b	Improve comment ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-14 10:49:47 +08:00
Jerry Yu	299e31f10e	fix various issue ... - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-13 23:06:36 +08:00
Jerry Yu	fe52e55301	redirect stderr output in ubuntu22.04 ... Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:37 +00:00