MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is no longer required, except in test
cases that are specifically about it. This commit removes the requirement on
all test cases except those whose description contains "middlebox".
Exclude tls13-compat.sh which is automatically generated and will be handled
in a separate commit.
```
perl -0777 -i -pe '
# With -0777, we act on the whole file.
# s[REGEXP][EXPR]gm replaces every occurrence of REGEXP by EXPR.
# The regexp matches "requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE",
# followed by zero or more non-empty lines, followed by a line starting
# with "run_test" and not containing "middlebox".
# The replacement is everything matched except the first line.
s[^requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE\n((?:.+\n)*run_test (?!.*middlebox))]
[$1]gm' tests/ssl-opt.sh tests/opt-testcases/tls13-kex-modes.sh tests/opt-testcases/tls13-misc.sh
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Adapt the test cases for TLS 1.3 middlebox compatibility mode, now that we
always interoperate with peers that support it, regardless of whether
MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE is enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
For better searchability and readability, call requires_config_enabled or
requires_config_disabled for each option, instead of calling
requires_all_configs_enabled or requires_all_configs_disabled with a long
list of options.
```
perl -0777 -i -pe '
# With -0777, we act on the whole file.
# s[REGEXP][CODE]egm replaces every occurrence of REGEXP by the result
# of running CODE.
# The regexp matches "requires_all_configs_enabled" or
# "requires_all_configs_disabled" followed by a list of words ending
# with a line break. The words can be separated by a sequence of
# spaces and optionally a backslash-newline.
s[^requires_all_configs_(enabled|disabled) *((?:(?: \w+) *(?:\\\n)? *)+)\n][
$state = $1;
# Extract all the words from the list of words (/(\w+)/g). For each word,
# For each word, construct a line "requires_config_XXXabled WORD".
# The replacement text is the concatenation of these lines.
join("", map {"requires_config_$state $_\n"} $2 =~ /(\w+)/g)
]egm' tests/ssl-opt.sh tests/opt-testcases/*.sh
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.
Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Don't add a certificate requirement when PSK is enabled.
Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
When requiring a cryptographic mechanism for the sake of certificate
authentication, also require that certificate authentication is enabled.
Setting auth_mode explicitly means that we're testing something related to
how certificate-based authentication is handled, so require a key exchange
with certificate-based authentication.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
The tests above are required then optional then none. Follow the same
pattern here.
Just moving things around (see git's --color-moved option).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.
In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In terms of line coverage, this was covered, except we never checked the
behaviour was as intended.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
This is a duplicate from the previous test, except it forces TLS 1.2.
The previous test does not force a version, so it picks 1.3 in the
default/full config. However we have a build with 1.2 only in all.sh, in
which the previous test would pick 1.2. So, there was no test gap and
the behaviour was indeed tested with 1.2.
However when measuring code coverage with lcov, currently we can only
use a single build. So, I'm adding this variant of the test case as a
so that the 1.2 code looks covered in the report from
basic-build-test.sh. This is for my convenience while I make sure
everything is covered before refactoring.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Generally speaking, in this group of test we use O_SRV when testing our
client's behaviour, and O_CLI when testing our server's behaviour. I
don't think that's essential, but why not.
Well, for these two tests there's a reason why not: O_CLI often exits 0,
seemingly not minding that the server aborted the handshake with a fatal
alert, but sometimes it exits 1. (I've observed 0 on my machine, on two
runs of OpenCI and Internal CI, and 1 in some test in one run of
Internal CI.)
So, use our client instead, which exits non-zero consistently.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- cli-auth 1.2 was missing a test with an irrelevant bit set in addition
to the relevant bit (which was added for 1.3 previously)
- use consistent naming for fail (hard/soft)
Note: currently there are no "fail (soft)" cases for 1.3 authentication
of server by client, as server auth is mandatory in 1.3 (this will
change in 3.6.1).
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.
This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
- consistent naming with explicit version
- in each section, have a positive case with just the needed bit set,
and one with an irrelevant bit set in addition (cli 1.3 only had the
former, and cli-auth 1.3 only the later)
- when auth_mode optional is supported failing cases should come in
pairs: soft+hard, this wasn't the case for cli-auth 1.3. (Note: cli 1.3
currently does not support auth_mode optional.)
- failing cases should check that the correct flag is printed and the
expected alert is sent.
The last (two) points have uncovered a bug in 1.3 code:
- In fail (hard) cases the correct alert isn't send, but a more generic
one instead.
- In fail (soft) cases the issue with the certificate is not reported,
actually the certificate is reported as valid.
Both share the same root cause: the flags are not updated properly when
checking the keyUsage extension. This will be addressed in future
commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
In terms of line coverage, this was covered, except we never checked the
behaviour was as intended.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Alert if all tests are filtered out or skipped: that probably indicates a
test script that set up an unintended configuration or an overly strict
filter. You can pass `--min 0` to bypass this check. You can pass `--min`
with a larger value to require that many test cases to run.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
