lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-10 10:40:59 +03:00
Code Activity
33,438 Commits 173 Branches 272 Tags
development
Commit Graph

12456 Commits

Author SHA1 Message Date
Gabor Mezei
ab02cd5e7b Revert "Delete test cases" 
This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
cdd34742cf Fix test case name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
973a712dd8 Migrate to a usable ciphersuite 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
ff9b2e742a Delete test cases 
Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA
alternative for AES-128-CCM so delete them.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
dd7c0f1e66 Fix ciphersuit 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
9d7fd3dfe1 Migrate the RSA key exchage tests 
Migrate to ECDHE-ECDSA instead of PSK

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
00ab71035e Delete SSL async decryption tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
fc42c22c7b Migrate RSA key exchange tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:30 +01:00
Valerio Setti
371a1aab87 psasim: update README file 
The README file content dates back to the early stages of PSASIM
development. Since then a lot of things have changed, so the README
file required a complete rewrite.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 11:02:32 +01:00
Valerio Setti
461899e382 analyze_outcomes.py: remove exceptions for MBEDTLS_DHM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Valerio Setti
eb63eb2a6a etests: remove MBEDTLS_DHM_C/DHM occurrencies 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Gilles Peskine
e0bd20bd58 Generate handshake defragmentation test cases: update analyze_outcomes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-04 18:24:52 +01:00
Gilles Peskine
f89bc27603 Switch to generated handshake tests 
Replace `tests/opt-testcases/handshake-manual.sh` by
`tests/opt-testcases/handshake-generated.sh`. They are identical except for
comments.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
5071a25320 Normalize requirements in defragmentation test cases 
Be more uniform in where certificate authentication and ECDSA are explicitly
required. A few test cases now run in PSK-only configurations where they
always could. Add a missing requirement on ECDSA to test cases that are
currently skipped.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
46cb8a2aa9 Normalize messages in defragmentation test cases 
Make some test case descriptions and log patterns follow more systematic
patterns.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
aaab090ad8 Normalize whitespace in defragmentation test cases 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
b40d33b7c8 Move most TLS handshake defragmentation tests to a separate file 
Prepare for those test cases to be automatically generated by a script.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Gilles Peskine
4773333dc6 New generated file: tests/opt-testcases/handshake-generated.sh 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-03 16:13:19 +01:00
Valerio Setti
1027c4cc3c psasim: add support for psa_can_do_hash() 
This commit also includes regenerated C and H files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-03 15:36:14 +01:00
Valerio Setti
886fa8d71a psasim: add support for psa_export_public_key_iop 
This commit also includes regenerated C and H files.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-03 15:35:47 +01:00
Gilles Peskine
5df993dcc9 Merge remote-tracking branch 'development' into tls-defragmentation-merge-development-20250303 2025-03-02 21:15:58 +01:00
Minos Galanakis
4354dc646f ssl-opt: Re-introduce certificate dependency for HS negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 22:40:37 +00:00
Minos Galanakis
0dd57a9913 ssl-opt: Removed dependencies for HS defrag negative tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 18:05:48 +00:00
Minos Galanakis
d01ac30cfa ssl-opt: Adjusted reference hs defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:11:21 +00:00
Minos Galanakis
76957cceab ssl-opt: Minor typos and documentation fixes. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 15:11:21 +00:00
Minos Galanakis
19dbbe0958 analyze_outcomes: Temporary disabled 3 HS Degragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 11:46:36 +00:00
Minos Galanakis
17170a5ed2 ssl-opt: Updated documentation of HS-Defrag tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-27 11:40:33 +00:00
Minos Galanakis
c8709c6a85 ssl-opt: Removed redundant dependencies: requires_openssl_3_x 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-26 17:12:01 +00:00
Gilles Peskine
640512eb90 mbedtls_ssl_set_hostname tests: add tests with CA callback 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:48:49 +01:00
Gilles Peskine
856a370628 Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:48:49 +01:00
Gilles Peskine
488b91929d Require calling mbedtls_ssl_set_hostname() for security 
In a TLS client, when using certificate authentication, the client should
check that the certificate is valid for the server name that the client
expects. Otherwise, in most scenarios, a malicious server can impersonate
another server.

Normally, the application code should call mbedtls_ssl_set_hostname().
However, it's easy to forget. So raise an error if mandatory certificate
authentication is in effect and mbedtls_ssl_set_hostname() has not been
called. Raise the new error code
MBEDTLS_ERR_SSL_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME, for easy
identification.

But don't raise the error if the backward compatibility option
MBEDTLS_SSL_CLI_ALLOW_WEAK_CERTIFICATE_VERIFICATION_WITHOUT_HOSTNAME is
enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:48:49 +01:00
Gilles Peskine
434016e2eb Keep track of whether mbedtls_ssl_set_hostname() has been called 
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:47:44 +01:00
Minos Galanakis
cd6a24b288 ssl-opt.sh: Disabled HS Defrag Tests for TLS1.2 where len < 16 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:27:09 +00:00
Minos Galanakis
99ca6680f2 ssl-opt: Replaced max_send_frag with split_send_frag 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a5a8c9f5c9 ssl-opt: Added coverage for hs defragmentation TLS 1.2 tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
d708a63857 ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
36c81f5f05 ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
74ce7498d7 ssl-opt: Added negative tests for handshake fragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
1c106afd22 ssl-opt: Added handshake fragmentation tests for 4 byte fragments. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
41782a9cd0 ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
85fe73d55d ssl-opt: Added tls 1.2 tests for HS defragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a4dde77cbe ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a8a298c9d6 ssl-opt: Adjusted the wording on handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a1b9117f17 ssl-opt: Added requires_openssl_3_x to defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
270dd7462e ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
4028cfd9ca Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
5f21537c2a Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
a75c7e09c8 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
f162249e87 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
61b8e2d225 Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00