Commit graph

10405 commits

Author SHA1 Message Date
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:50:25 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components
Set OpenSSL/GnuTLS variables when running release components
2024-01-11 15:38:35 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
2024-01-11 13:34:09 +00:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 23:39:54 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development
Fix bug in mbedtls_x509_set_extension
2024-01-10 16:57:16 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b Revert "Make sure record size limit is not configured without TLS 1.3"
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
7ae74b74cc Make sure record size limit is not configured without TLS 1.3
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e840263f76 Move record size limit testing to tls13 component
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd Add tests for client complying with record size limit
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd update record size limit tests to be more consistent
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496 Improve record size limit tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Waleed Elmelegy
598ea09dd5 TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943 tls13: server: write Record Size Limit ext in EncryptedExtensions
- add the support in library
- update corresponding test cases.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
Manuel Pégourié-Gonnard
3eb9025275
Merge pull request #8680 from mpg/ciphers-wrapup
Driver-only ciphers wrapup
2024-01-10 12:04:50 +00:00
Jonathan Winzig
315c3ca9e5
Add required dependency to the testcase
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 18:31:11 +01:00
Jonathan Winzig
6c9779fabb Remove unneeded testcase
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 17:47:10 +01:00
Jonathan Winzig
a72454bc16
Update test-data to use SIZE_MAX
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 17:39:42 +01:00
Jonathan Winzig
c5e77bf4e4
Add missing newline at the end of test_suite_x509write.data
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 16:47:12 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Jonathan Winzig
2bd2b788cf Add tests for Issue #8687
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
2024-01-09 15:19:42 +01:00
Manuel Pégourié-Gonnard
88bae8bc52 Rename tests components for clarity
All no_cipher components have crypto (as in libmbedcrypto.a), but the
difference is one doesn't have PSA crypto while the other two do.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard
7f48d5e203 Rename test components to better reflect content
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-01-08 11:35:01 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598
[G5] Make block_cipher work with PSA
2024-01-08 08:07:53 +00:00
Waleed Elmelegy
60f0f727c3 Add config dependencies to record size tests
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-04 14:57:31 +00:00
Dave Rodgman
a021d63bf7
Merge pull request #8642 from daverodgman/default-compiler-all
CI perf: Use clang by default in all.sh
2024-01-04 12:58:54 +00:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358
G3-G4 wrap-up
2024-01-04 10:48:00 +00:00
Manuel Pégourié-Gonnard
66b1ded73a
Merge pull request #8623 from daverodgman/verbatim-tfm
Use TF-M config verbatim
2024-01-04 08:08:06 +00:00
Dave Rodgman
1c91057fab Update check_files.py to accomodate non-standard license headers in TF-M config files
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-03 11:10:18 +00:00
Gilles Peskine
0ae58dd985 Unify MBEDTLS_TEST_OBJS
`$(MBEDTLS_TEST_OBJS)` included TLS-specific test support modules in
`tests/Makefile` but not in `programs/Makefile`. This difference is not
actually necessary. What is necessary is that all programs that use
functions from TLS-specific test support modules are linked with those
modules in addition to `-lmbedtls`, and programs that are not linked with
`-lmbedtls` are not linked with TLS-specific test support modules. Since we
always pass `-lmbedtls` when linking programs in `programs/Makefile`, we can
link with the TLS-specific test support modules as well. This keeps things
simpler.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 23:11:24 +01:00
Gilles Peskine
570e54822c Finish unifying LOCAL_CFLAGS
fixup "Create common.make with LOCAL_CFLAGS and friends"

The code wasn't what I had intended, although it was functionally
equivalent. Make it more readable and more robust.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-01-02 18:11:10 +01:00
Dave Rodgman
84125a167e Merge remote-tracking branch 'origin/development' into default-compiler-all
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-02 11:42:38 +00:00
Valerio Setti
8c8b4da3a3 all.sh: keep PSA_WANT_ALG_[CCM/GCM] enabled in common_block_cipher_dispatch()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 11:44:30 +01:00
Gilles Peskine
ea982e39a1
Merge pull request #8637 from bensze01/fix_supported_components
all.sh: Parse arguments before checking if a test is supported
2024-01-02 09:41:02 +00:00
Waleed Elmelegy
3d46b7f81a Fix Max fragmen length test to use TLS 1.2 maximum output size
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-01 20:50:53 +00:00
Waleed Elmelegy
bae705c12b Fix TLS 1.2 test to use TLS 1.2 maximum output size
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-01 14:21:21 +00:00
Valerio Setti
84d19e0836 all.sh: keep DES_C and CTR_DRBG_C enabled in test_full_no_cipher_with_crypto()
These were probably leftovers from the development phase of the
associated PR that were not removed in the end.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:42:21 +01:00
Waleed Elmelegy
ea03183bd7 Adjust TLS 1.3 tests to new maximum output changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-29 15:36:51 +00:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:35:58 +01:00
Valerio Setti
562dfe1067 all.sh: keep PKCS[5/12] enabled in full_no_cipher test components
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 16:34:19 +01:00
Valerio Setti
a0c9c6684d analyze_outcomes: ignore only test concerning AES/ARIA/Camellia in CMAC
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 14:14:11 +01:00
Valerio Setti
160b2bde09 test_suite_cmac: add used key type to all test cases
This is useful for grepping and skipping disparities in
analyze_outcomes.py.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-29 14:07:11 +01:00
Waleed Elmelegy
87a373eea6 Improve Record size limit testing
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:49:36 +00:00
Valerio Setti
0635cca7d1 analyze_outcomes: update skipped tests following latest changes to all.sh
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Valerio Setti
cd21d4eb8f all.sh: keep legacy cipher modes enabled in test_full_block_cipher_legacy_dispatch()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Valerio Setti
9a4cc122a7 test_suite_block_cipher.psa: remove misleading initial comment
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 18:33:17 +01:00
Valerio Setti
ab0494f193 analyze_outcomes: update comments of skipped tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-28 13:56:52 +01:00