lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00
Code Activity
33,322 Commits 174 Branches 272 Tags
mbedtls-release-sync
Commit Graph

298 Commits

Author SHA1 Message Date
Max Fillinger
29f8f9a49d Fix dependencies for TLS-Exporter tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9f843332e8 Exporter: Add min. and max. label tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
9c5bae5026 Fix max. label length in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
d6e0095478 Exporter tests: Don't use unavailbable constant 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
8e0b8c9d9f Exporter tests: Add missing depends-ons 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:10 +01:00
Max Fillinger
c6fd1a24d2 Use one maximum key_len for all exported keys 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
a9a9e99a6b Exporter tests: Reduce key size in long key tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
3e1291866d Fix output size check for key material exporter 
HKDF-Expand can produce at most 255 * hash_size bytes of key material,
so this limit applies to the TLS 1.3 key material exporter.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
28916ac8fe Increase allowed output size of HKDF-Expand-Label 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:48 +01:00
Max Fillinger
cf007ca8bb Add more tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:06:47 +01:00
Max Fillinger
c7986427d4 Add test for TLS-Exporter in TLS 1.3 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:57 +01:00
Gabor Mezei
ea4df49272 Update test dependencies 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
8adcfc8240 Add ECDSA ciphersuite support for resize_buffer tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:47 +01:00
Gabor Mezei
ab02cd5e7b Revert "Delete test cases" 
This reverts commit ecc5d31139dc6877f135e8090e805c250e32a31d.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
cdd34742cf Fix test case name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
973a712dd8 Migrate to a usable ciphersuite 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
ff9b2e742a Delete test cases 
Only RSA cipgersuits are accepted for these tests and there is no ECDHE-RSA
alternative for AES-128-CCM so delete them.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
9d7fd3dfe1 Migrate the RSA key exchage tests 
Migrate to ECDHE-ECDSA instead of PSK

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:46 +01:00
Gabor Mezei
fc42c22c7b Migrate RSA key exchange tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-05 12:18:30 +01:00
Valerio Setti
1494a09ff7 test_suite_ssl: require GCM or ChaChaPoly in handshake_serialization() 
Hanshake serialization requires that the selected ciphersuite uses
an AEAD algorithm. However, following the DHE-RSA removal, trying to
still use RSA signature might select a ciphersuite which is not using
AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c").

This is especially problematic in tests scenarios where both GCM and
ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm.
Ciphersuites using RSA signature and CCM are very low on the preference
list, so very unlikely to be picked in tests. This cause a CBC one to
be selected in this case and the handshake_serialization() function
to fail.

In order to prevent failures from happening, in this commit we require
that either GCM or ChaChaPoly are enabled, so that ciphersuites using one
of these are likely to be picked.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:12:02 +01:00
Valerio Setti
592f6826dd test_suite_ssl: update description for conf_curve and conf_gruop tests 
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:25 +01:00
Valerio Setti
8638603ba7 test_suite_ssl: remove tests specific for DHE-RSA 
These tests were specific for DHE-RSA (which is being removed on
development branch) and also for each of them there was already the
ECDHE-RSA counterpart available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Valerio Setti
5b7bfd8d5a test_suite_ssl: adapt DHE-RSA tests to ECDHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Manuel Pégourié-Gonnard
93d4591255 Remove deprecated function mbedtls_ssl_conf_curves() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:06:31 +01:00
Gilles Peskine
7dfe7c9e4a Remove RSA-PSK test cases 
The test cases removed by this commit are specific to RSA-PSK, not
incidentally using RSA-PSK when testing other features, so there is no loss
of test coverage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-11-05 15:48:11 +01:00
Gilles Peskine
e3c64c3f26 Fix typo in dependency 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-10 17:26:11 +02:00
Elena Uziunaite
b430eeea85 Bring back some dependencies 
To make CI happier

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Elena Uziunaite
96867b6bf4 Address review comments: remove dependencies 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Elena Uziunaite
bed21b55a6 Replace MBEDTLS_PK_CAN_ECDSA_VERIFY with PSA_HAVE_ALG_ECDSA_VERIFY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Elena Uziunaite
39c7d5dc4b Replace MBEDTLS_PK_CAN_ECDSA_SIGN with PSA_HAVE_ALG_ECDSA_SIGN 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:08 +01:00
Elena Uziunaite
a6950b8ce7 Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:17:36 +01:00
Elena Uziunaite
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-04 18:12:59 +01:00
Elena Uziunaite
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-13 09:58:00 +01:00
Elena Uziunaite
6b4cd48d24 Replace MBEDTLS_ECP_HAVE_SECP384R1 with PSA_WANT_ECC_SECP_R1_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-09 09:49:03 +01:00
Gilles Peskine
e1171bd26f Merge pull request #9361 from eleuzi01/replace-key-aria 
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
 2024-08-08 15:41:01 +00:00
Gilles Peskine
9e54a4f5ba Merge pull request #9369 from eleuzi01/replace-ecc-keys 
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
 2024-08-08 12:10:43 +00:00
Elena Uziunaite
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-07 11:33:14 +01:00
Elena Uziunaite
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:41:58 +01:00
Elena Uziunaite
c256172b30 Replace MBEDTLS_SSL_HAVE_CCM with PSA_WANT_ALG_CCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:40:00 +01:00
Gilles Peskine
be6a47140b Merge pull request #9365 from eleuzi01/replace-gcm 
Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM
 2024-08-05 09:43:23 +00:00
Gilles Peskine
9c9a3df3bf Merge pull request #9366 from eleuzi01/replace-chachapoly 
Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305
 2024-08-02 14:26:27 +00:00
Elena Uziunaite
83a0d9deec Replace MBEDTLS_SSL_HAVE_GCM with PSA_WANT_ALG_GCM 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-02 09:52:20 +01:00
Elena Uziunaite
5c70c30655 Replace MBEDTLS_SSL_HAVE_CHACHAPOLY with PSA_WANT_ALG_CHACHA20_POLY1305 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:31:00 +01:00
Elena Uziunaite
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:19:15 +01:00
Elena Uziunaite
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-30 18:42:19 +01:00
Elena Uziunaite
417d05f7c5 Replace MBEDTLS_ECP_HAVE_SECP256R1 with PSA_WANT_ECC_SECP_R1_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-29 11:31:20 +01:00
Bence Szépkúti
e7fdfdb913 Merge pull request #9123 from eleuzi01/replace-mbedtls-md-can-md5 
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
 2024-07-18 16:17:25 +00:00
Paul Elliott
df772da34e Merge pull request #9358 from eleuzi01/replace-curve 
Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts
 2024-07-18 13:54:26 +00:00
Elena Uziunaite
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-18 14:31:59 +03:00
Elena Uziunaite
0b5d48ebbf Replace MBEDTLS_ECP_HAVE_CURVE* with PSA_WANT counterparts 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 13:20:35 +03:00