Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
...
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
Manuel Pégourié-Gonnard
f299efdb96
Improve a comment
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:04 +02:00
Valerio Setti
36344cecbd
ssl-opt: remove redundant requirement for RSA_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 09:37:14 +02:00
Valerio Setti
4f577f3e51
ssl-opt: add RSA_C requirement when RSA encryption is used in certificate
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-11 06:35:23 +02:00
Valerio Setti
726ffbf642
ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-03 09:15:34 +02:00
Gilles Peskine
b387fcf59b
Adapt names (curves -> groups) in a separately added test case
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-07-11 09:19:13 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
...
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
...
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
Ronald Cron
8a74f07c2a
tls13: server: Fix spurious HRR
...
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-07-07 15:53:12 +02:00
Przemek Stekiel
45255e4c71
Adapt names (curves -> groups)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Przemek Stekiel
3484db4ce7
Change ffdh testing strategy
...
- Full tests generated by script only for ffdhe2048 group
- Single G->m and m->G exchange test for each other group
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-28 13:31:38 +02:00
Przemek Stekiel
7dda271c1d
Fix description of functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-28 09:16:08 +02:00
Przemek Stekiel
c31a798f45
Replace MBEDTLS_ECDH_C dependency in ssl-opt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-27 10:58:50 +02:00
Przemek Stekiel
8bfe897ab0
Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-26 16:33:00 +02:00
Przemek Stekiel
1f5c2ba495
Add missing ECDH dependencies in ssl-opt tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 17:07:16 +02:00
Przemek Stekiel
a53dca125e
Limit number ffdh test cases (ffdhe2048, ffdhe8192)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 20:53:09 +02:00
Przemek Stekiel
422ab1f835
Add FFDH tests to ssl-opt
...
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-14 11:04:28 +02:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Przemek Stekiel
316c19ef93
Adapt guards, dependencies + optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
5e2f816c39
Fix test configs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
250b9fde75
ssl-opt.sh: Add FFDH tests
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Tom Cosgrove
ef468ea2ba
Merge pull request #6740 from xkqian/tls13_fix_unkown_pk_type
...
Remove useless debug log of pk type from test cases
2023-05-05 16:14:59 +01:00
Valerio Setti
a9aafd4807
test: revert undesired debug change in ssl-opt
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 12:30:45 +02:00
Valerio Setti
6c496a1553
solve disparities for ECP_LIGHT between ref/accel
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Ronald Cron
c564938180
Add downgrade protection mechanism
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:32:05 +02:00
Ronald Cron
1a353ea4b8
ssl-opt.sh: Improve description of server negotiation tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d120bd646c
ssl-opt.sh: Add version selection by the server tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
50ae84ed97
ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7
tls: srv: Set hybrid TLS 1.2/1.3 as default configuration
...
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
f95d169d60
ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests
...
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
fd4c6afcb4
ssl-opt.sh: Force TLS 1.2 version
...
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
92dca39196
ssl-opt.sh: Extend scope of some tests to TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
0aa1b8843f
ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep
...
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
65f9029741
ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Ronald Cron
c341ad717e
ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Paul Elliott
d01a3bca05
Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
...
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Paul Elliott
f1eb5e2a04
Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Valerio Setti
2f8eb62946
ssl-opt: remove leftover debug commands and fix comment
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Valerio Setti
6ba247c236
ssl-opt: solve errors in ECDH reference tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:00:51 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
...
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
646ee7ec2e
Fix CI build after repo merge conflict
...
After merging the driver only ECDSA work, a conflict arose between that and
the previous work re-ordering the ciphersuite preference list. We can remove
the breaking requirement on this test, as this requirement is now auto-detected
when the server5 crt is used in the server's command line.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-16 17:10:34 +00:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Jan Bruckner
151f64283f
Add parsing for Record Size Limit extension in TLS 1.3
...
Fixes #7007
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-03-14 08:41:25 +01:00
Paul Elliott
e4622a3436
Merge remote-tracking branch 'development/development' into development-restricted
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-13 17:49:32 +00:00
Valerio Setti
e7f896d73f
fix extra whitespaces
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 13:55:28 +01:00
Valerio Setti
80318d2775
ssl-opt: automatically detect requirements when using certs in dir-maxpath
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 12:26:42 +01:00
Valerio Setti
77588e9451
ssl-opt: uniformize requirements in tests
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-13 12:00:10 +01:00
Pengyu Lv
62ed1aa316
ssl-opt: Add test for cache entry removal
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-13 09:28:17 +08:00
valerio
f27472b128
ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
...
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
2023-03-09 16:20:38 +01:00
Valerio Setti
1470ce3eba
fix typos
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-08 16:50:12 +01:00