Commit graph

6710 commits

Author SHA1 Message Date
Ronald Cron
ba65fbbe30 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Ronald Cron
d28f5a98f1 ssl-opt.sh: Add certificate key usage tests for TLS 1.3
Those are adaptations of the already existing
TLS 1.2 tests. It is not really possible to just
remove the TLS 1.2 dependency of the existing tests
because of the following:
. in TLS 1.3 the ciphersuite selection on server
  side is not related to the server certificate
. for tests involving OpenSSL the OpenSSL command line
  as to be adapted to TLS 1.3
. server authentication is mandatory in TLS 1.3
. a key with KeyEncipherment and not DigitalSignature
  usage is never acceptable

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:46:27 +02:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Jerry Yu
b7c12a466f Refactor compat scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-12 20:53:02 +08:00
XiaokangQian
9b938b7c37 Share code with base class in generate_tls13_compat_tests.py
Change-Id: I4540bdff7072cdb9bcc9fdb0799c4165ca381b2a
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 07:06:32 +00:00
XiaokangQian
fb1a3fe7f3 Address comments about python syntax
CustomizedGitHooks: yes
Change-Id: I5c4d39789df802d0b839061ce8c59ad241917d0b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-10 02:27:52 +00:00
XiaokangQian
b1847a234e Re-structure to share more common code
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-09 02:53:23 +00:00
Paul Elliott
271c3052fb
Merge pull request #5892 from AndrzejKurek/ssl-opt-client-kill-fix
Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
2022-06-08 14:27:01 +01:00
Dave Rodgman
11930699f1
Merge pull request #5827 from wernerlewis/time_utc
Use ASN1 UTC tags for dates before 2000
2022-06-08 13:54:19 +01:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests
Pr/add-tls13-moving-state-tests
2022-06-08 13:39:52 +01:00
Ronald Cron
00e5eaad62 test: ssl: Remove more TLS 1.2 dependencies in handshake state tests
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb test: ssl: Enable client authentication in handshake state tests
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-07 11:13:49 +02:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor
Add accessor for x509 certificate extension types
2022-06-06 21:51:38 +01:00
Andrzej Kurek
140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:02:36 -04:00
Thomas Daubney
5c9c2ce86d Add correct test dependencies
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-06 15:42:32 +01:00
Jerry Yu
6994e3e0c2 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-06 11:50:49 +08:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d fix tls13_only test fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 18:05:18 +08:00
Thomas Daubney
3ff4fc6997 Add test data
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e Add test for accessor
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-06-01 10:23:50 +01:00
Jerry Yu
7bf3358a2d Remove duplicated tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3 fix test fail when WANT_READ/WRITE returned
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-01 15:53:31 +08:00
Jerry Yu
66537f40b6 fix certificate request fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:53:05 +08:00
Jerry Yu
1e7c438b67 remove tls1.3 dependancy
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 19:51:38 +08:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Jerry Yu
66adf3155c Update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0 Add handshake version test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
b3d86de3ea fix hanshake wrapup fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
df65b66003 Add handshake over test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
85e5c81c37 fix check test cases fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d9d049d180 revert dbg config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
d8c57feaf9 Add moving state test for TLS1.3
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
Jerry Yu
023ff7acb1 Move dependes_on of move handshakes state
Prepare share move_handshake_state function with
TLSv1.3

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-31 15:06:04 +08:00
XiaokangQian
d5d5b60c07 Add comprehensive test cases for TLS1.3 server side
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
XiaokangQian
9a4e1dd8a6 Add back openssl client auth test
Change-Id: Iea3b70381c3851102c542d1c55c0303bc3a14a92
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:58:11 +00:00
XiaokangQian
aca9048b5f Change base on review
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f Remove useless guards and refine checking
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07 Remove coordinate functions and change state machine in server side
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
Jerry Yu
5491f857d2 skip openssl client auth test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 22:36:16 +08:00
Jerry Yu
090378c685 change exit code of cli auth test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 21:03:52 +08:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Jerry Yu
7eaadae941 fix no x509 info fail.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-23 16:17:25 +08:00
Neil Armstrong
c661ff51c9 Fix pk_can_do_ext tests with non-opaque keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:49:04 +02:00
Neil Armstrong
5c5b116a49 Add pk_can_do_ext test for non-opaque keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 18:07:53 +02:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
Przemek Stekiel
476d9c45b8 Use MBEDTLS_TEST_DEPRECATED only in tests
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-19 14:11:06 +02:00
Manuel Pégourié-Gonnard
6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests
RSA decrypt 2: TLS 1.2 integration testing
2022-05-18 12:58:50 +02:00
Jerry Yu
36becb1b81 update hrr tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00