yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20511 commits 1 branch 0 tags 94 MiB
Commit graph

893 commits

Author SHA1 Message Date
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
XiaokangQian
3f84d5d0cd Update test cases and fix the test failure 
Change-Id: If93506fc3764d49836b229d51e4ad5b008cc3343
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
cfd925f3e8 Fix comments and remove hrr related code 
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:45:50 +00:00
XiaokangQian
ed582dd023 Update based on comments 
Remove cookie support from server side
Change code to align with coding styles
Re-order functions of client_hello

Change-Id: If31509ece402f8276e6cac37f261e0b166d05e18
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
c4b8c99a38 Rebase and solve conflicts and issues 
Change-Id: I17246c5b2f8a8ec4989c8b0b83b55cad0491b78a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
XiaokangQian
5e4528cd12 Add test cases for server side parse client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 07:43:48 +00:00
Ronald Cron
df5f8681cc ssl-opt.sh: Fix/Unify TLS 1.3 test descriptions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-04-19 18:31:24 +02:00
Gilles Peskine
5bd0b51048 Use terse output from lsof 
This both simplifies parsing a little, and suppresses warnings. Suppressing
warnings is both good and bad: on the one hand it resolves problems such as
https://github.com/Mbed-TLS/mbedtls/issues/5731, on the other hand it may
hide clues as to why lsof wouldn't be working as expected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-16 11:34:23 +02:00
Neil Armstrong
eed1c6255d Enable TLS 1.3 ALPN tests when MBEDTLS_USE_PSA_CRYPTO is enabled 
Those were disabled in original submission, but it works fine
with PSA crypto enabled.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-15 09:30:31 +02:00
Gilles Peskine
2ecf4ff349 Restore explicit version requirement on 1.3 HelloRetryRequest tests 
A concurrent branch changes the way the test cases run to no longer use
force_version=tls13, so the automatic version requirement detection will no
longer work after that branch is merged. Therefore, keep the manual
requirement (at least until automatic detection gets smarter).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 19:08:38 +02:00
Gilles Peskine
c912673f8d Automatically detect protocol version requirement from force_version 
When the client or server uses a specific protocol version, automatically
require that version to be enabled at compile time.

An explicit call is still needed in test cases that require a specific
protocol version (due to analyzing version-specific behavior, or checking
the version in logs), but do not force that specific protocol version, or that
force a specific version only on the openssl/gnutls side.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 16:14:01 +02:00
Gilles Peskine
740b734f25 Move ticket, alpn detection into maybe_requires_ciphersuite_enabled 
No intended behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:32:46 +02:00
Gilles Peskine
b898b3df90 Prepare to generalize maybe_requires_ciphersuite_enabled 
Rename maybe_requires_ciphersuite_enabled() to detect_required_features()
and refactor its code a little. No intended behavior change. In subsequent
commits, this function will detect other requirements in a similar way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:32:46 +02:00
Neil Armstrong
a4dbfddba2 Add DHE-RSA Opaque PK key tests variants in ssl-opt.sh 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Neil Armstrong
3e9a142017 Add RSA Opaque PK key tests variants in ssl-opt.sh 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Gilles Peskine
8e5e8d73db
Merge pull request #5686 from AndrzejKurek/off-by-one-ssl-opt 
Fix an off-by-one error in ssl-opt.sh
 2022-04-07 16:20:55 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh 
TLS ECDH 3b: server-side static ECDH (1.2)
 2022-04-07 11:46:25 +02:00
Gilles Peskine
d2d90af7d9 Make mbedtls_ssl_get_bytes_avail tests more independent 
Don't depend on the default sizes in the test programs: pass explicit
request and buffer sizes.

Don't depend on MAX_CONTENT_LEN (other than it not being extremely small:
this commit assumes that it will never be less than 101).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:39:06 +02:00
Gilles Peskine
c8d242f625 set_maybe_calc_verify: $1 is intended to be auth_mode 
Document that this is what it is. Don't allow made-up numerical values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 22:23:45 +02:00
Gilles Peskine
1438e1620a Add requirements of "Default" 
The log checks require a specific hash and a specific curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 22:00:32 +02:00
Gilles Peskine
59601d76ad Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-05 22:00:17 +02:00
Andrzej Kurek
8db7c0e9ac Fix an off-by-one error in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-01 08:55:40 -04:00
Ronald Cron
0e980e8e84
Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 
TLS 1.2/1.3 version negotiation - 2
 2022-04-01 12:29:06 +02:00
Ronald Cron
cbd7bfd30e ssl-opt.sh: Force TLS 1.2 on server for TLS 1.2 specific tests 
Force TLS 1.2 on OpenSSL/GnuTLS server
for TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Ronald Cron
634d865d80 ssl-opt.sh: Fix "no TLS 1.3 server support" test check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 18:25:27 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Neil Armstrong
b7b549aa71 Force server-side TLS1.2 for ECDH- Opaque PK key test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:18 +02:00
Neil Armstrong
023bf8d7c2 Add ECDH- Opaque PK key test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-31 15:24:17 +02:00
Ronald Cron
a1b8f6e914 ssl-opt.sh: Do not force TLS 1.3 on client 
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
f3b425bbde ssl-opt.sh: Force TLS 1.2 on server 
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
e1d3f06399 Allow hybrid TLS 1.3 + TLS 1.2 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
7320e6436b ssl_tls12_client.c: Switch to generic Client Hello state handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron
086ee0be0e ssl_tls.c: Reject TLS 1.3 version configuration for server 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
919130c035 Add rsa_pss_rsae_sha256 support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Gilles Peskine
6f160cab59 Skip some DTLS reordering tests in PSK-only builds 
Some DTLS reordering tests rely on certificate authentication messages. It
is probably possible to adapt them to rely on different messages, but for
now, skip them in PSK-only builds.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 20:32:20 +01:00
Gilles Peskine
309ca65846 calc_verify is only called in some configurations 
If MBEDTLS_SSL_EXTENDED_MASTER_SECRET is disabled or the feature is disabled
at runtime, and if client authentication is not used, then calc_verify is not
called, so don't require the corresponding debug trace.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 20:32:20 +01:00
Gilles Peskine
aa162b5bea Remove negative check for a message that no longer exists 
The message was removed in 6be9cf542f without
a replacement. A failure would cause the test case to fail anyway, so this
negative check is not really useful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-14 19:49:18 +01:00
Gabor Mezei
49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei
2fa1c311cd
Remove test dependency 
The SSL ticket rotation test case is enabled when PSA is used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Gilles Peskine
588d7a7538 Add a missing requires_max_content_len 
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:23:25 +01:00
Gilles Peskine
6e86e54abb Adapt tests for PSK in PSK-only builds 
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
2fe796f1b7 Add some missing dependencies: EXTENDED_MASTER_SECRET, CACHE 
This commit is not necessarily complete, but it's a step forward.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
3561526249 Only run "Default" tests if the expected ciphersuite is enabled 
These tests ensure that a certain cipher suite is in use, so they fail in
builds that lack one of the corresponding algorithms.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
a165b5ced6 Automatically skip tests for some absent features: tickets, ALPN 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Gilles Peskine
82a4ab2486 ssl-opt: automatically skip DTLS tests in builds without DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00
Jerry Yu
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support. 
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-23 10:38:25 +08:00
Jerry Yu
ccb005e35f fix missing feedback address 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 17:38:34 +08:00
Jerry Yu
819f29730a fix various issues in ssl-opt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
2124d05e06 Add sha384 and sha512 case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
d66409ae92 Add non support sig alg check and test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
562a0fddf0 Add client version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
6c3d821ff1 update ssl-opt test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
46b53b9920 remove duplicate test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
4bfa22aeb3 remove useless config option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
42ea733fdc remove RSA not found test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
7db5b8f68c add rsa_pss_rsae_sha256 write support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
37987ddd0f Add test cases 
Add test cases for different sig algs.
Known issue is rsa_pss_rsae_sha256 fail

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
ca133a34c5 Change state machine 
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
22abd06cd0 Add rsa key check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
aa6214a571 add empty client certificate tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
c19884f487 change expect exit value 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
25e0ddcf47 Add client certificate file 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
200b47b8f5 Add more tests for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu
960bc28bcc Add tests for no middlebox mode 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:57 +08:00
Gilles Peskine
860429f8af Add version number debug check to the GnuTLS interop test as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
c63a1e0e15 Fix mbedtls_ssl_get_version() for TLSv1.3 
Test it in ssl-opt.sh.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Jerry Yu
baa4934e7b Add check tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
ab08290c09 tls13_only: skip tls12 tests. 
TLS1.2 test depends on MBEDTLS_SSL_PROTO_TLS1_2. Skip
them if it is not set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
8a497205cc tls13_only: tls 1.3 suite pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735 tls13_only: simple test pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Ronald Cron
a7a1deabf8
Merge pull request #5393 from gilles-peskine-arm/opt-testcases-outcomes-fix 
Fix test suite name reporting of opt-testcases/tls13-compat.sh
 2022-02-15 13:53:10 +01:00
lhuang04
86cacac91a Port ALPN support for tls13 client from tls13-prototype 
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-02-14 08:03:32 -08:00
Ronald Cron
135427cb35 Run TLS 1.3 tests when MBEDTLS_USE_PSA_CRYPTO is enabled 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:44 +01:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Przemyslaw Stekiel
2cb59df939 ssl-opt.sh: remove cipher context assertions (redundant when psa crypto is enabled) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian
7bae3b616c Add more ciphersuites into test cases for hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
6db08dd2cb Change ssl-opt.sh to make hrr tests pass 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
XiaokangQian
0b56a8f85c Replace curve_list with group_list and add update test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00
Xiaofei Bai
69fcd39774 Update CertificateRequest tests and the parsing function 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:32:29 +00:00
Xiaofei Bai
5d8598e090 update certificate request tests 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-26 09:31:54 +00:00
Gilles Peskine
05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Manuel Pégourié-Gonnard
24479b3185
Merge pull request #5395 from gilles-peskine-arm/ssl-opt-self-signed-positive 
Add positive test case with self-signed certificates
 2022-01-25 12:53:56 +01:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets 
TLS Cipher 1a: extend testing of tickets
 2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:29:58 +01:00
Gilles Peskine
e1cc60eca9 Add positive test case with self-signed certificates 
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 23:10:56 +01:00
Gilles Peskine
5eb2b02862 Report correct test suite names for opt-testcases/* in outcome file 
In the outcome file, report each test case in the file it's in, rather than
reporting them all from ssl-opt. This is more informative and matches what
check_test_cases.py does.

This fixes a bug whereby test cases from opt-testcases/* were not detected
as having run on the CI, because analyze_outcomes.py (which uses
check_test_cases.py) expects them in the containing file whereas they were
reported in ssl-opt.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 18:34:12 +01:00
Gilles Peskine
2baaf60c5d Don't error out if no opt-testcases/*.sh is found 
This can happen in an insufficiently populated out-of-tree build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-07 15:46:12 +01:00
Jerry Yu
136320ba0b fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 17:09:00 +08:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function 
Add list config function
 2021-12-10 18:30:06 +00:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu
2e8b00172b Beauty source code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:29:02 +08:00
Dave Rodgman
76a2b306ac
Merge pull request #4981 from yuhaoth/pr/add-debug-helpers-generated 
Add debug helpers generated
 2021-12-10 11:56:55 +00:00
Jerry Yu
d0fcf7f6a0 fix ci fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 18:45:51 +08:00
Ronald Cron
9eab5a6f11 tests: TLS 1.3: Remove unnecessary test requirement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 10:27:25 +01:00
Jerry Yu
d04fd35c06 Replace configs_enabled check with query_compile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:31:04 +08:00
Jerry Yu
bc8b22ecc8 fix tls13 test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 15:54:38 +08:00
Jerry Yu
cdcc55f46f update test check strings 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:47:02 +08:00
Jerry Yu
e3b3412bc4 Add tests for enum helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 12:45:52 +08:00
Ronald Cron
a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled 
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:42:47 +08:00
Jerry Yu
c502dff71c fix TLS1.3 name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81 Add tls13 compat tests with bash scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a Remove rsa_pss_rsae_sha256 test from ssl-opt.sh 
It has been covered by tls13 compat tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
305bfc3dfd Add tls13 compat tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8c5559d700 Add HelloRetryRequst tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
936dffd77e Add certificate request check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:30 +08:00
Jerry Yu
8f9d7dbfd0 Add unsupported version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:16:29 +08:00
Xiaofei Bai
8b5c3824ee Fix (d)tls1_2 into (d)tls12 in version options 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 13:22:18 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian
30f556059a Reverse the cert file 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-24 01:54:50 +00:00
XiaokangQian
f9fca8a791 Add back cipher suite information in ssh-opt.sh 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 23:21:27 +00:00
XiaokangQian
25476a48b9 Change code based on review 
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 14:01:21 +00:00
XiaokangQian
07c554748a Change cert file to server2-sha256.crt 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 08:30:14 +00:00
XiaokangQian
a27b3526bf Disable PSA_CRYPTO in tls1.3 tests 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 02:27:07 +00:00
XiaokangQian
bdf26de384 Fix test failure and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 09:52:56 +00:00
XiaokangQian
3887ab5bcc Use O_NEXT_SRV to support ciphersuite option 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 07:14:39 +00:00
XiaokangQian
22dd68c2b5 Rebase code and run through the whole test flow 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:54:50 +00:00
XiaokangQian
d15018972c Change script to solve G_NEXT_SRV_RSA not set issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:13 +00:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
XiaokangQian
d940e641ed Add test script for RSA signature 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
Jerry Yu
6d38c19582 Add http connection pass check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
e1b1e2de65 Add minimal feature sets test 
Replace original negative test with work test.
Now, we can work with the simple test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
XiaokangQian
3306284776 Change code base on comments 
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 03:37:45 +00:00
XiaokangQian
d0aa3e9307 Inprove code base on review comments 
Change debug messag for server finished.
Change name of generate_application_keys.
Remove the client vertificate tests from ssl-opt.sh.
Add test strings for server finished in ssl-opt.sh.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-10 06:17:40 +00:00
Jerry Yu
5398c10b89 Add return value check for cerificate verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-05 13:32:38 +08:00
Jerry Yu
834886d211 Add certificate verify check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-30 13:26:15 +08:00
Jerry Yu
daac359331 Change check condition order 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-29 20:01:42 +08:00
Jerry Yu
1df3db0467 Add certificate success check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-29 10:18:50 +08:00
Jerry Yu
937ac673fa Disable client cert for gnutls tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-28 21:28:46 +08:00