ab02cd5e7b
Revert "Delete test cases"
...
This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
cdd34742cf
Fix test case name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
973a712dd8
Migrate to a usable ciphersuite
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
ff9b2e742a
Delete test cases
...
Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA
alternative for AES-128-CCM so delete them.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
dd7c0f1e66
Fix ciphersuit
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
9d7fd3dfe1
Migrate the RSA key exchage tests
...
Migrate to ECDHE-ECDSA instead of PSK
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
00ab71035e
Delete SSL async decryption tests
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:46 +01:00
fc42c22c7b
Migrate RSA key exchange tests
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2025-03-05 12:18:30 +01:00
371a1aab87
psasim: update README file
...
The README file content dates back to the early stages of PSASIM
development. Since then a lot of things have changed, so the README
file required a complete rewrite.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 11:02:32 +01:00
461899e382
analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 10:11:22 +01:00
eb63eb2a6a
etests: remove MBEDTLS_DHM_C/DHM occurrencies
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 10:11:22 +01:00
e0bd20bd58
Generate handshake defragmentation test cases: update analyze_outcomes
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-04 18:24:52 +01:00
f89bc27603
Switch to generated handshake tests
...
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
5071a25320
Normalize requirements in defragmentation test cases
...
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
46cb8a2aa9
Normalize messages in defragmentation test cases
...
Make some test case descriptions and log patterns follow more systematic
patterns.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
aaab090ad8
Normalize whitespace in defragmentation test cases
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
b40d33b7c8
Move most TLS handshake defragmentation tests to a separate file
...
Prepare for those test cases to be automatically generated by a script.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
4773333dc6
New generated file: tests/opt-testcases/handshake-generated.sh
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-03-03 16:13:19 +01:00
1027c4cc3c
psasim: add support for psa_can_do_hash()
...
This commit also includes regenerated C and H files.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-03 15:36:14 +01:00
886fa8d71a
psasim: add support for psa_export_public_key_iop
...
This commit also includes regenerated C and H files.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-03 15:35:47 +01:00
5df993dcc9
Merge remote-tracking branch 'development' into tls-defragmentation-merge-development-20250303
2025-03-02 21:15:58 +01:00
4354dc646f
ssl-opt: Re-introduce certificate dependency for HS negative tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 22:40:37 +00:00
0dd57a9913
ssl-opt: Removed dependencies for HS defrag negative tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 18:05:48 +00:00
d01ac30cfa
ssl-opt: Adjusted reference hs defragmentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 15:11:21 +00:00
76957cceab
ssl-opt: Minor typos and documentation fixes.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 15:11:21 +00:00
19dbbe0958
analyze_outcomes: Temporary disabled 3 HS Degragmentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 11:46:36 +00:00
17170a5ed2
ssl-opt: Updated documentation of HS-Defrag tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-27 11:40:33 +00:00
c8709c6a85
ssl-opt: Removed redundant dependencies: requires_openssl_3_x
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-26 17:12:01 +00:00
640512eb90
mbedtls_ssl_set_hostname tests: add tests with CA callback
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
856a370628
Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
488b91929d
Require calling mbedtls_ssl_set_hostname() for security
...
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.
Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.
But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:48:49 +01:00
434016e2eb
Keep track of whether mbedtls_ssl_set_hostname() has been called
...
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:47:44 +01:00
cd6a24b288
ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:27:09 +00:00
99ca6680f2
ssl-opt: Replaced max_send_frag with split_send_frag
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
a5a8c9f5c9
ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
d708a63857
ssl-opt: Updated documentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
36c81f5f05
ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
74ce7498d7
ssl-opt: Added negative tests for handshake fragmentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
1c106afd22
ssl-opt: Added handshake fragmentation tests for 4 byte fragments.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
41782a9cd0
ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled)
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
85fe73d55d
ssl-opt: Added tls 1.2 tests for HS defragmentation.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
a4dde77cbe
ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
a8a298c9d6
ssl-opt: Adjusted the wording on handshake fragmentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
a1b9117f17
ssl-opt: Added requires_openssl_3_x to defragmentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
270dd7462e
ssl-opt: Updated the keywords to look up during handshake fragmentation tests.
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-02-24 09:16:06 +00:00
4028cfd9ca
Add missing client certificate check in handshake defragmentation tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-02-24 09:16:06 +00:00
5f21537c2a
Test Handshake defragmentation only for TLS 1.3 only for small values
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-02-24 09:16:06 +00:00
a75c7e09c8
Add guard to handshake defragmentation tests for client certificate
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-02-24 09:16:06 +00:00
f162249e87
Add a comment to elaborate using split_send_frag in handshake defragmentation tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-02-24 09:16:06 +00:00
61b8e2d225
Enforce client authentication in handshake fragmentation tests
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2025-02-24 09:16:06 +00:00