mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,264 Commits 170 Branches 263 Tags
Commit Graph

241 Commits

Author SHA1 Message Date
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Minos Galanakis
f9a6893b55 Changelog: Added entry for ssl_session accessors. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-11 10:09:44 +00:00
Ronald Cron
61fd13c6a5 Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size 2024-03-10 18:09:47 +01:00
Minos Galanakis
411cb6c30f test_suite_ssl: Added ssl_session_id_accessors_check. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-06 13:52:03 +00:00
Ronald Cron
aad8523764 tests: ssl: Test enforcement of maximum early data size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 15:10:22 +01:00
Ronald Cron
25ad10a920 tests: ssl: Improve tls13_srv_max_early_data_size() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
dc81b7343f tests: srv max early data size: Add reach_max test arg 
Add the reach_max flag argument for the
test13_srv_max_early_data_size test
function. Non zero value only valid in case
of TEST_EARLY_DATA_ACCEPTED scenario.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
01d273d31f Enforce maximum size of early data in case of HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
919e596c05 Enforce maximum size of early data when rejected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
2160bfe4e2 tests: ssl: Test enforcement of maximum early data size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
110303fbe5 tests: read early data: Add no early data indication sent scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 11:46:02 +01:00
Ronald Cron
86d288c0d4 tests: ssl: Rename tls13_early_data to tls13_read_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 11:28:29 +01:00
Ronald Cron
b3d42fddae tests: write early data: Add HRR scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
05600e26f4 tests: write early data: Add "server rejects" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
8fe2b01b52 tests: write early data: Add "not sent" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2fbbba9c51 tests: ssl: Add write early data unit test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2261ab298f tests: early data status: Add HRR scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
d6dba675b8 tests: early data status: Add "server rejects" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
265273e8b3 tests: early data status: Add "not sent" scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
5c208d7daf tests: ssl: Add scenario param to early data status testing function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
a7f94e49a8 tests: ssl: Add early data status unit test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
33327dab85 tests: early data: Switch to mnemonics for test scenarios 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-05 18:27:04 +01:00
Jerry Yu
f57d14bed4 Ignore early data app msg before 2nd client hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3 tls13: srv: Deprotect and discard early data records 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
a8dd81b4de tests: tls13: Add early data unit test 
This aims to provide a basis for negative
testing around TLS 1.3 early data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Ronald Cron
d903a86e52 tests: tls13: Add session resume with ticket unit test 
This aims to provide a basis for negative testing
around TLS 1.3 ticket, replacing eventually the
negative tests done in ssl-opt.sh using the
dummy_ticket option.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-22 09:37:45 +01:00
Pengyu Lv
2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros 
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:21:19 +08:00
Pengyu Lv
ba6825e37b ssl: use MBEDTLS_SSL_HAVE_* in tests 
Done by commands:

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" tests/{suites,include,src}/**/*ssl*
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:09:16 +08:00
Valerio Setti
74d5f23c3f test_suite_ssl: use new internal symbols in tests using CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-10-03 21:57:51 +01:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f3356293e90c58d11f6567def641e08 in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Gilles Peskine
a3237efefb Move testing of mbedtls_ssl_decrypt_buf to a new test suite 
test_suite_ssl is huge and needs splitting.

Create a new test suite focused on mbedtls_ssl_decrypt_buf(), which is a
complicated function that needs more thorough testing with malformed inputs.
At this point, we are only doing negative testing with CBC-non-ETM test
suites. This needs to grow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:23:13 +02:00
Gilles Peskine
9d5952dba8 Fix some dependencies on symmetric crypto in some TLS 1.3 tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-21 17:50:49 +02:00
Valerio Setti
6f0441d11e tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-10 09:13:57 +02:00
Yanray Wang
a9808ce4b4 Add AES 128-bit key dependency in test_suite_ssl.data 
Since handshake_fragmentation uses cipher
"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" by default.
The corresponding test should be skipped when
MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH is enabled.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:31 +08:00
Yanray Wang
ecb6a02fa9 Add AES 128-bit key dependency for tests data 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-05 11:21:30 +08:00
Valerio Setti
9cea093700 test: resolve remaining disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 16:19:11 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
43263c045a tests: ssl: Extend move to handshake state tests 
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
ea8a1ea17a tests: ssl: Add some missing dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Valerio Setti
13ce40323f test_suite_ssl: remove redundant dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:40:05 +01:00
Valerio Setti
7a2f39692a ecdhe: solve disparities in accelerated ECDHE vs reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:37:45 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Valerio Setti
fdea36d137 test_suite_ssl: remove redundant ECDH dependencies when the key exchange is specified 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00