2aaf1c1d74
Re-work psk test cases against openssl and gnutls
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
8e76e1de21
Add m->m cases with client be set to psk_all or all mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
ca48dddf62
Add m->m with client be set to ephemeral or ephemeral_all mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
198cefd1fa
Add force_version tls13 to the psk test cases
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
f9b694ba8f
Add m->m cases with client be set to psk and psk_ephemeral mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
e0cc584f70
Change result strings based on actula psk test result
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
df6a3891e8
Add client psk test cases for all mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
a39d0d5e2b
Add client test cases for ephemeral_all mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
01173c21b1
Add client test cases for ephemeral mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
ff5705bdd7
Add client test cases for psk_ephemeral mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
73894232e8
Add client test cases for psk_all mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:33 +00:00
cf6442e2e4
Add client test cases for psk mode
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-09-23 01:49:30 +00:00
335cfaadf9
Finalize client side code for psk
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-09-23 01:48:26 +00:00
40b4a01388
Improve documents
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 23:48:38 +08:00
359e65f784
limit session ticket number when resumption
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 23:47:43 +08:00
f3bdf9dd51
fix various issues
...
- improve document about configuration item.
- format issue
- variable type issue.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 23:47:14 +08:00
87d9c6c4d8
Ensure client mbedtls_ssl_handshake_step() returns success for HELLO_REQUEST
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-22 09:27:56 +01:00
07ba2be20b
Merge pull request #6304 from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg
...
TLS 1.3: PSK: Exclude pre_shared_key for HRR
2022-09-22 10:21:06 +02:00
1475ac49a4
Merge pull request #6107 from Zaya-dyno/validation_remove_change_hash
...
Validation remove change hash
2022-09-22 09:24:44 +02:00
d5c82fb821
Merge pull request #6085 from Zaya-dyno/validation_remove_change_cipher
...
Validation remove and change in files related to cipher in library
2022-09-22 09:10:13 +02:00
b7e3fa7fbd
move count decrement after success sent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 13:21:29 +08:00
d0766eca58
fix various issues
...
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-22 13:21:29 +08:00
b3ea98c606
Replace the output file atomically
...
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-21 22:00:06 +02:00
9370612312
remove certificate setting from psk_ephemeral HRR test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-21 22:44:24 +08:00
2fdc7b3599
Return an error from mbedtls_ssl_handshake_step() if neither client nor server
...
This prevents an infinite loop in mbedtls_ssl_handshake(). Fixes #6305 .
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-21 12:33:17 +01:00
119eae2e51
Update names of test cases in generate_bignum_tests.py
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-21 12:19:18 +01:00
c573882674
Merge remote-tracking branch 'upstream/development' into issue-6015-montgomery-multiplication
2022-09-21 12:08:43 +01:00
e5833c182c
Merge pull request #6300 from davidhorstmann-arm/syntax-highlighting-function-files
...
Use GitHub C syntax highlighting on test files
2022-09-21 10:52:14 +02:00
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
...
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
2db49df44b
Add psk_ephemeral HRR tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-21 11:03:28 +08:00
36e1d9ef1d
Merge pull request #6203 from wernerlewis/ecp_group_test
...
Add test for ECP group metadata
2022-09-20 17:35:53 +01:00
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 15:57:57 +02:00
4782823ec3
Ensure we explicitly document the modulus for fixed-width arithmetic
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 13:51:50 +01:00
b0b77e1b13
Document and test aliasing of the bignums given to mbedtls_mpi_core_mla()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 13:33:40 +01:00
b5d884815c
Use GitHub C syntax highlighting on test files
...
Add a .gitattributes file that tells GitHub to highlight all .function
files as if they were .c files. This aids in reviewing changes to tests.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-09-20 13:31:23 +01:00
277cdcbcde
ssl-opt.sh: tls13 opaque key: Enable client authentication
...
Enable client authentication in TLS 1.3 opaque
key tests to use the opaque key on client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
e3196d270c
ssl-opt.sh: tls13 opaque key: Do not force version on client side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
6ec2123bf3
ssl-opt.sh: Align prefix of TLS 1.3 opaque key tests
...
Align prefix of TLS 1.3 opaque key tests
with the prefix of the othe TLS 1.3 tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
067a1e735e
tls13: Try reasonable sig alg for CertificateVerify signature
...
Instead of fully validating beforehand
signature algorithms with regards to the
private key, do minimum validation and then
just try to compute the signature. If it
fails try another reasonable algorithm if any.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:30:13 +02:00
38391bf9b6
tls13: Do not impose minimum hash size for RSA PSS signatures
...
When providing proof of possession of
an RSA private key, allow the usage for RSA
PSS signatures of a hash with a security
level lower that the security level of the
RSA private key.
We did not allow this in the first place to
align with the ECDSA case. But as it is not
mandated by the TLS 1.3 specification (in
contrary to ECDSA), let's allow it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:29:41 +02:00
67ea2543ed
tls13: server: Add sig alg checks when selecting best certificate
...
When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 14:26:32 +02:00
ea45c1d2d4
Document and test aliasing of output for mbedtls_mpi_core_montmul()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 13:17:51 +01:00
05feee1841
Restore vbuf value after modification
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com >
2022-09-20 12:05:58 +01:00
ccae25b4bf
Add explicit mbedtls_ecp_tls_read_group_id call
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com >
2022-09-20 10:00:07 +01:00
7403d93f8a
Add leading zeros to group metadata
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com >
2022-09-20 09:41:05 +01:00
57807308d5
Fix typo in MBEDTLS_ECP_DP_BP512R1
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com >
2022-09-20 09:16:11 +01:00
f2b3818a69
Test when all three inputs to mbedtls_mpi_core_sub() are aliased
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-09-20 09:08:31 +01:00
c155415f04
Merge branch 'Mbed-TLS:development' into codegen_1.1
2022-09-19 12:34:40 +02:00
b4e28aa2f7
Fix two typos
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-09-19 11:55:00 +02:00
1367f40d38
Fix memory corruption in an SSL test function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-09-19 11:00:23 +02:00
