Commit graph

659 commits

Author SHA1 Message Date
XiaokangQian
a27b3526bf Disable PSA_CRYPTO in tls1.3 tests
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 02:27:07 +00:00
XiaokangQian
bdf26de384 Fix test failure and remove useless code
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
3887ab5bcc Use O_NEXT_SRV to support ciphersuite option
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 07:14:39 +00:00
XiaokangQian
22dd68c2b5 Rebase code and run through the whole test flow
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:54:50 +00:00
XiaokangQian
d15018972c Change script to solve G_NEXT_SRV_RSA not set issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:13 +00:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
XiaokangQian
d940e641ed Add test script for RSA signature
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Jerry Yu
6d38c19582 Add http connection pass check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
Jerry Yu
e1b1e2de65 Add minimal feature sets test
Replace original negative test with work test.
Now, we can work with the simple test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-17 16:03:06 +08:00
XiaokangQian
3306284776 Change code base on comments
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-11 03:37:45 +00:00
XiaokangQian
d0aa3e9307 Inprove code base on review comments
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-10 06:17:40 +00:00
Jerry Yu
5398c10b89 Add return value check for cerificate verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-05 13:32:38 +08:00
Jerry Yu
834886d211 Add certificate verify check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-30 13:26:15 +08:00
Jerry Yu
daac359331 Change check condition order
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 20:01:42 +08:00
Jerry Yu
1df3db0467 Add certificate success check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 10:18:50 +08:00
Jerry Yu
937ac673fa Disable client cert for gnutls tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 21:28:46 +08:00
XiaokangQian
ab7f50d638 Change macro names and add test script for extensions
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-10-28 01:54:39 +00:00
Ronald Cron
5893246066
Merge pull request #4919 from yuhaoth/pr/add-tls13-server-hello-parser
TLS1.3:ServerHello:Add parse server hello function
2021-10-27 18:27:27 +02:00
paul-elliott-arm
cbe4a056bd
Merge pull request #5090 from gilles-peskine-arm/ssl-opt-resend-retry-3.0
Retry a test case if it fails due to an unexpected resend
2021-10-27 16:24:54 +01:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel
bb5d483073 ssl-opt.sh: adapt paramteters of key opaque cases
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:55:34 +02:00
Jerry Yu
745bb616a4 Fix format issue and enhance test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:29 +08:00
Jerry Yu
42920ec5a5 tls1_3:skip handshake msg test with PSA_CRYPTO
tls1_3 hasn't implemented PSA version get transcript

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Jerry Yu
4ae2d62cce Improve tls13 handshake test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-25 10:41:28 +08:00
Paul Elliott
e05e126933 Remove bash specific code
Use case pattern matching instead of multiline split, given there is
only the well formatted PIDs to match on this should be safe.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-21 17:25:46 +01:00
Przemyslaw Stekiel
8132c2ff46 Address review comments
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-21 12:26:58 +02:00
Gilles Peskine
788ad339b8 Move is-it-resend logic into a function
Improve the code structure in case we want to add other similar conditions
later. Document better what we're doing, and document why we're doing it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-20 16:07:07 +02:00
Paul Elliott
58ed8a7594 Remove use of -p with lsof
On machines with more modern kernels (>5.4 from testing so far) the
useage of -b seems to conflict with the usage of -p. Whilst the usage of
-b seems like a good idea to avoid blocks as we are tight looping on it,
the usage of -p seems to require the usage of stat() (specifically in
/proc) which -b forbids. All you get is a load of warnings
(suppressable by -w) but never a positive result, which means that all
servers are reported as "Failed to start". We are not keen on losing
-b, so instead parse the output of lsof (using -F to format it) to
check the if PIDs that it outputs match that we are looking for.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-19 18:23:47 +01:00
Gilles Peskine
f11d30ecda Retry if a test case fails because of an unexpected resend
Palliative for https://github.com/ARMmbed/mbedtls/issues/3377. If a test
case fails due to an unexpected resend, allow retrying, like in the case of
a client timeout.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 18:00:10 +02:00
Gilles Peskine
0e3534c67b Move retry logic into check_test_failure
This will allow having other retry conditions, in particular based on
run_test options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 17:23:25 +02:00
Gilles Peskine
196d73bc1b Move the core loop of run_test into an auxiliary function
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gilles Peskine
236bf98cfd Move some code of run_test into auxiliary functions
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-10-19 16:45:29 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Paul Elliott
0421715ade Use 127.0.0.1 rather than localhost
This was causing some tests using the openssl s_client to not connect -
I suspect this was due to localhost (at least on my machine) resolving
to ::1 rather than 127.0.0.1. Note that the error seen would have been
that the session file specified with -sess_out did not get created.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:47 +01:00
Paul Elliott
1428f252ad Fix incorrect check for DTLS
Missing wildcards meant that some servers were not identified as DTLS,
which lead to port checking on TCP rather than UDP, and thus mistakenly
cancelling tests as the server had not come up.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:14:40 +01:00
Paul Elliott
09cfa18976 Spelling fix
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-10-13 16:13:44 +01:00
Manuel Pégourié-Gonnard
d60950c2d0 Use newer OpenSSL for tests failing with the old
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-13 13:12:47 +02:00
Przemyslaw Stekiel
575f23c3d5 add client/server opaque test
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-06 14:36:41 +02:00
Przemyslaw Stekiel
0483e3d652 Add key_opaque option to ssl_server2.c + test
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-04 11:28:22 +02:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Jerry Yu
6e81b27003 Add client state number check
It is temporary check. If any change on `mbedtls_ssl_states`, please
double check those tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
3523a3bee7 Improve dispatch tests
Test base on return value is not good enough.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-27 16:25:05 +08:00
Jerry Yu
76e31ec169 Add gnutls version test for client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-22 21:16:27 +08:00
Jerry Yu
ed2ef2d9e0 add client hello msg test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-08 10:37:20 +08:00
Jerry Yu
75261df2e3 fix comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:56:20 +08:00
Jerry Yu
b12d81d1a3 Add feature tests for gnutls-next
Test NO_TICKETS and DISABLE_TLS13_COMPAT_MODE

Change-Id: Idf21b36bd64c7eefe4e0e6fb875b2e06ebb0aa07
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-09-02 17:31:10 +08:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
31c01d303e Rename available values for tls13_kex_modes
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Hanno Becker
932064d660 Add ssl-opt.sh tests for ssl_client/server TLS 1.3 kex parameters
Those tests are so far only checking that ssl_client2/ssl_server2
recognize the arguments, nothing more.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Jerry Yu
0402979ed3 Add openssl/gnutls tls1.3 feature tests.
Add functions and test cases to make sure
tls1.3 is available in openssl/gnutls

Change-Id: I797d15117a8de96614f392e6bb2ed16b6d71ba69
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-11 18:09:49 +08:00