mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-06 10:13:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,779 Commits 172 Branches 263 Tags
Commit Graph

11747 Commits

Author SHA1 Message Date
Gilles Peskine
9d54be57b0 Generate handshake defragmentation test cases: update analyze_outcomes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 10:08:21 +01:00
Gilles Peskine
2e7f2a2e48 Switch to generated handshake tests 
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments, and for some extra dependencies on
`MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED` which are needed in `development,
but not in `mbedtls-3.6. Those dependencies don't hurt the useful coverage
of the tests, so we'll live with them.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:03:22 +01:00
Gilles Peskine
6183a645fc Normalize requirements in defragmentation test cases 
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
49e1ed277e Normalize messages in defragmentation test cases 
Make some test case descriptions and log patterns follow more systematic
patterns.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
8321ab574c Normalize whitespace in defragmentation test cases 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:50 +01:00
Gilles Peskine
8ef2e74704 Move most TLS handshake defragmentation tests to a separate file 
Prepare for those test cases to be automatically generated by a script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 21:00:48 +01:00
Gilles Peskine
28f953c5ec New generated file: tests/opt-testcases/handshake-generated.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 20:58:32 +01:00
Gilles Peskine
e0f1240cd5 Merge remote-tracking branch 'mbedtls-3.6' into tls-defragmentation-merge-3.6-20250303 2025-03-02 21:16:08 +01:00
Minos Galanakis
5764816335 ssl-opt: Re-introduce certificate dependency for HS negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 22:39:56 +00:00
Minos Galanakis
97a24ebdb1 ssl-opt: Removed dependencies for HS defrag negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 18:11:20 +00:00
Minos Galanakis
48348261d4 ssl-opt: Adjusted reference hs defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:25 +00:00
Minos Galanakis
19d857d74c ssl-opt: Minor typos and documentation fixes. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:26:24 +00:00
Minos Galanakis
21e4f21df9 analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
618ad79395 ssl-opt: Updated documentation of HS-Defrag tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:50 +00:00
Minos Galanakis
bb1bd8bf9e ssl-opt: Removed redundant dependencies: requires_openssl_3_x 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:25:49 +00:00
Minos Galanakis
065b89c7ad ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
4335125664 ssl-opt: Replaced max_send_frag with split_send_frag 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:37 +00:00
Minos Galanakis
ee8e7c3fb3 ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:24:35 +00:00
Minos Galanakis
e6dbf495b1 ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:23:38 +00:00
Minos Galanakis
79693bf48a ssl-opt: Added negative tests for handshake fragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
03ae352340 ssl-opt: Added handshake fragmentation tests for 4 byte fragments. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
871469a106 ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:41 +00:00
Minos Galanakis
48aa2deb0b ssl-opt: Added tls 1.2 tests for HS defragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
1d47cebde1 ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
502da02817 ssl-opt: Adjusted the wording on handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
9886fd17db ssl-opt: Added requires_openssl_3_x to defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Minos Galanakis
afb428e584 ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
c5f1ba3d50 Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:40 +00:00
Waleed Elmelegy
5fc8d3f035 Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
be59ab5671 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
99f4691bd6 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
57f61f82fd Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
826fc5c383 Remove unneeded mtu option from handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:39 +00:00
Waleed Elmelegy
e9b08846da Add client authentication to handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
1b2590b125 Require openssl to support TLS 1.3 in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
5b7c8bb064 Remove unnecessary string check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
8870b99da4 Fix typo in TLS Handshake defrafmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
e11d8c9333 Improve TLS handshake defragmentation tests 
* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:38 +00:00
Waleed Elmelegy
29581ce229 Add TLS Hanshake defragmentation tests 
Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-27 15:20:37 +00:00
Harry Ramsey
4c1383a9f1 Update documentation regarding metatest 
This commit updates the paths in the documentation for metatest.c as it
has been moved to MbedTLS Framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-20 14:51:26 +00:00
Harry Ramsey
d621d344c3 Update path for moved test_zeroize.gdb script 
This commit updates the path for the moved test_zeroize.gdb script which
has been moved to MbedTLS-Framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-20 14:51:26 +00:00
Harry Ramsey
151e0892a1 Update paths for moved dlopen_demo.sh 
This commit updates the paths for dlopen_demo.sh in
components-build-system.sh as the file has been moved to the framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-20 14:51:26 +00:00
Harry Ramsey
0c6eb5d6e9 Move programs out of Mbed TLS 
This commit moves demo_common.sh, dlopen_demo.sh, metatest.c
query_compile_time_config.c, query_config.h, query_included_headers.c,
zeroize.c and test_zeroize.gdb from MbedTLS into the MbedTLS framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-17 11:43:55 +00:00
Valerio Setti
aa7bd59dbe components-compliance.sh: update references to test_psa_compliance.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Valerio Setti
d673acf89e components-configuration.sh: update references to test_psa_constant_names.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Valerio Setti
7297e8d440 Move files out of Mbed TLS 
The following files are moved to the framework repo (deleted here):

tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:07:25 +01:00
Ronald Cron
204588678e
Merge pull request #9937 from valeriosetti/issue9688-backport 
[Backport 3.6] Migrate DHE test cases to ECDHE
 2025-01-29 09:59:11 +00:00
Valerio Setti
1a0ee063e2 test_suite_ssl: update description for conf_curve and conf_gruop tests 
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-28 11:42:15 +01:00
Valerio Setti
e94ab3cbdf test_suite_ssl: add ECDHE-RSA case for handshake_fragmentation() 
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-28 11:42:14 +01:00
Valerio Setti
4f2a74d275 test_suite_ssl: add new ECDHE-RSA tests 
PR #9916 adapt some DHE-RSA tests to use ECDHE-RSA instead. However,
since DHE-RSA is not deprecated in mbedtls-3.6 branch, this commit adds
these new tests alongside DHE-RSA ones intead of replacing them in order
to increase test coverage.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 17:40:15 +01:00