Commit graph

942 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Ronald Cron
277cdcbcde ssl-opt.sh: tls13 opaque key: Enable client authentication
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
e3196d270c ssl-opt.sh: tls13 opaque key: Do not force version on client side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
6ec2123bf3 ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
067a1e735e tls13: Try reasonable sig alg for CertificateVerify signature
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:30:13 +02:00
Ronald Cron
67ea2543ed tls13: server: Add sig alg checks when selecting best certificate
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.

That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 14:26:32 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Przemek Stekiel
c454aba203 ssl-opt.sh: add tests for key_opaque_algs option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:22:29 +02:00
Jerry Yu
a02841bb8a revert changes on PSK tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 11:07:27 +08:00
Andrzej Kurek
d681746a51 Split some ssl-opt.sh test cases into two
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:34:23 -04:00
Jerry Yu
e976492a11 Add session ticket tests for client
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
6a9bebaefd Add psk mode tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:42:19 +08:00
Zhangsen Wang
3f95d303d1 rebase with lastest development branch 2022-08-16 03:16:22 +00:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled
Add ability to check if any/all configs are enabled/disabled for ssl-opt
2022-08-11 09:40:38 +01:00
Jerry Yu
27d80927d5 fix wrong typo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-02 21:28:55 +08:00
Jerry Yu
2fcb056ea9 Add requires_{any,all}_configs_enabled functions
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Jerry Yu
d2d4110e8e Remove Teminated message from stdout
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Zhangsen Wang
d5e8a482f9 delete whitespace in comment
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 07:53:36 +00:00
Zhangsen Wang
baeffbbdd2 skip test with openssl client because it will timeout with certain seed due to an openssl bug
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-29 06:35:26 +00:00
Jerry Yu
eec4f03c60 fix typo and changelog entry issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
6455b687fe add rsa_pss_rsae_* test for tls12 server
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
24e385519e Add reconnect test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:37 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
Ronald Cron
34e90fac27 TLS 1.3: tests: Allow PSK exchange mode on GnuTLS server
Allow PSK exchange mode on GnuTLS server for
NewSessionTicket message test as otherwise
the GnuTLS server does not send tickets.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-21 15:31:14 +02:00
XiaokangQian
3ad67bf4e3 Rename functions and add test messages
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
088c92977e Remove useless force cipher suite
Change-Id: Ib217806b4d44dea11515dd3ee1463d29431d70bb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440 Fix transcript issues and add cases against openssl
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af Add psk code to tls13 client side
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Jerry Yu
96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 18:00:13 +08:00
Jerry Yu
4a2ea16aed remove forcecipher for psk test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
36847820fa add tests for offered psk parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
f7b5b59a92 Add tests for write new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:41:00 +08:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
29ab32d0e5 Add client side tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
c52e3bd93b Improve comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e fix various issue
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Jerry Yu
fe52e55301 redirect stderr output in ubuntu22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b add tests for psk_key_exchange_mode
To confirm, psk_key_exchange_modes were received and
parsed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:36 +00:00
Zhangsen Wang
91385121b9 delete openssl version requirement for openssl client, because the bug only occurs on openssl server
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
2022-07-12 01:56:57 +00:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00