Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Ronald Cron
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Ronald Cron
277cdcbcde
ssl-opt.sh: tls13 opaque key: Enable client authentication
...
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c
ssl-opt.sh: tls13 opaque key: Do not force version on client side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3
ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
...
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
67ea2543ed
tls13: server: Add sig alg checks when selecting best certificate
...
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Jerry Yu
7a51305478
Add multi-session tickets test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
Przemek Stekiel
c454aba203
ssl-opt.sh: add tests for key_opaque_algs option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Jerry Yu
a02841bb8a
revert changes on PSK tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 11:07:27 +08:00
Andrzej Kurek
d681746a51
Split some ssl-opt.sh test cases into two
...
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f
Switch to the new version of hash algorithm checking in ssl-opt.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19
Add a posibility to check for the availability of hash algs to ssl-opt
...
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Jerry Yu
e976492a11
Add session ticket tests for client
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
6a9bebaefd
Add psk mode tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:42:19 +08:00
Zhangsen Wang
3f95d303d1
rebase with lastest development branch
2022-08-16 03:16:22 +00:00
Ronald Cron
295d93ebe8
Add psk handshake with gnutls
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled
...
Add ability to check if any/all configs are enabled/disabled for ssl-opt
2022-08-11 09:40:38 +01:00
Jerry Yu
27d80927d5
fix wrong typo
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-02 21:28:55 +08:00
Jerry Yu
2fcb056ea9
Add requires_{any,all}_configs_enabled functions
...
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Jerry Yu
d2d4110e8e
Remove Teminated
message from stdout
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Zhangsen Wang
d5e8a482f9
delete whitespace in comment
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 07:53:36 +00:00
Zhangsen Wang
baeffbbdd2
skip test with openssl client because it will timeout with certain seed due to an openssl bug
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 06:35:26 +00:00
Jerry Yu
eec4f03c60
fix typo and changelog entry issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
6455b687fe
add rsa_pss_rsae_* test for tls12 server
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
...
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123 . Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
...
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
24e385519e
Add reconnect test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:37 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
...
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
Ronald Cron
34e90fac27
TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server
...
Allow PSK exchange mode on GnuTLS server for
NewSessionTicket message test as otherwise
the GnuTLS server does not send tickets.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-21 15:31:14 +02:00
XiaokangQian
3ad67bf4e3
Rename functions and add test messages
...
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
088c92977e
Remove useless force cipher suite
...
Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440
Fix transcript issues and add cases against openssl
...
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af
Add psk code to tls13 client side
...
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Jerry Yu
96a2e368dc
TLS 1.3: Add pre-shared-key multiple psk parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 18:00:13 +08:00
Jerry Yu
4a2ea16aed
remove forcecipher for psk test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
36847820fa
add tests for offered psk parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
f7b5b59a92
Add tests for write new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:41:00 +08:00
Jerry Yu
a357cf4d4c
Rename new_session_ticket state
...
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
29ab32d0e5
Add client side tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
c52e3bd93b
Improve comment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e
fix various issue
...
- remove unused test case
- add alert message
- improve readabitlity
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Jerry Yu
fe52e55301
redirect stderr output in ubuntu22.04
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b
add tests for psk_key_exchange_mode
...
To confirm, psk_key_exchange_modes were received and
parsed.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:36 +00:00
Zhangsen Wang
91385121b9
delete openssl version requirement for openssl client, because the bug only occurs on openssl server
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-12 01:56:57 +00:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
...
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00