ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-04 05:34:37 +08:00
Code Issues Releases Wiki Activity
32,776 Commits 172 Branches 268 Tags
Commit Graph

12162 Commits

Author SHA1 Message Date
Minos Galanakis
d708a63857 ssl-opt: Updated documentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
36c81f5f05 ssl-opt: Added DSA-RSA dependency on TLS1.2 defragmentation testing. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
74ce7498d7 ssl-opt: Added negative tests for handshake fragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
1c106afd22 ssl-opt: Added handshake fragmentation tests for 4 byte fragments. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
41782a9cd0 ssl-opt: Added negative-assertion testing, (HS Fragmentation disabled) 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
85fe73d55d ssl-opt: Added tls 1.2 tests for HS defragmentation. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a4dde77cbe ssl-opt: Dependency resolving set to use to requires_protocol_version HS deframentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a8a298c9d6 ssl-opt: Adjusted the wording on handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
a1b9117f17 ssl-opt: Added requires_openssl_3_x to defragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Minos Galanakis
270dd7462e ssl-opt: Updated the keywords to look up during handshake fragmentation tests. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
4028cfd9ca Add missing client certificate check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
5f21537c2a Test Handshake defragmentation only for TLS 1.3 only for small values 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
a75c7e09c8 Add guard to handshake defragmentation tests for client certificate 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
f162249e87 Add a comment to elaborate using split_send_frag in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
61b8e2d225 Enforce client authentication in handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
39d83dd38d Remove unneeded mtu option from handshake fragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
48874b3aba Add client authentication to handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
f9120311e3 Require openssl to support TLS 1.3 in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
fccd014c2d Remove unnecessary string check in handshake defragmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
c0118d87b9 Fix typo in TLS Handshake defrafmentation tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
0e0d5d4dc8 Improve TLS handshake defragmentation tests 
* Add tests for the server side.
* Remove restriction for TLS 1.2 so that we can test TLS 1.2 & 1.3.
* Use latest version of openSSL to make sure -max_send_frag &
  -split_send_frag flags are supported.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Waleed Elmelegy
79a8ded315 Add TLS Hanshake defragmentation tests 
Tests uses openssl s_server with a mix of max_send_frag
and split_send_frag options.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2025-02-24 09:16:06 +00:00
Valerio Setti
1494a09ff7 test_suite_ssl: require GCM or ChaChaPoly in handshake_serialization() 
Hanshake serialization requires that the selected ciphersuite uses
an AEAD algorithm. However, following the DHE-RSA removal, trying to
still use RSA signature might select a ciphersuite which is not using
AEAD, but CBC instead (see preference order in "ssl_ciphersuite.c").

This is especially problematic in tests scenarios where both GCM and
ChaChaPoly are disabled, so that CCM remains as the only AEAD algorithm.
Ciphersuites using RSA signature and CCM are very low on the preference
list, so very unlikely to be picked in tests. This cause a CBC one to
be selected in this case and the handshake_serialization() function
to fail.

In order to prevent failures from happening, in this commit we require
that either GCM or ChaChaPoly are enabled, so that ciphersuites using one
of these are likely to be picked.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:12:02 +01:00
Valerio Setti
8438c637ee tests: remove references to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
98f348a2c5 ssl-opt.sh|compat.sh: remove references to DHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-06 10:05:58 +01:00
Valerio Setti
da1673c013 components-compliance.sh: update references to test_psa_compliance.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:04:36 +01:00
Valerio Setti
2ef55352e8 components-configuration.sh: update references to test_psa_constant_names.py 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:04:36 +01:00
Valerio Setti
40e14a7559 Move files out of Mbed TLS 
The following files are moved to the framework repo (deleted here):

tests/scripts/test_psa_compliance.py
tests/scripts/test_psa_constant_names.py

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-02-05 12:04:36 +01:00
Harry Ramsey
94c386a8ea Update config paths in scripts 
This commit updates the moved config paths in multiple script files.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-04 12:54:15 +00:00
Ronald Cron
ed445089c2
Merge pull request #9916 from valeriosetti/issue9688 
Migrate DHE test cases to ECDHE
 2025-01-29 09:59:22 +00:00
Gabor Mezei
7554eeaf4c
Disable 224K1 while testing the other curves 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
fe14d85b7c
Remove unused symbol 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
069e3e6fe7
Remove reference for PSA_WANT_ALG_SECP_K1_224 
The `PSA_WANT_ALG_SECP_K1_224` symbol has been removed.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:14 +01:00
Gabor Mezei
0a2f257492
Use symbol matching for the curves domain 
Instead of using the `crypto_knowledge.py`, use basic symbol matching for the
`PSA_WANT_ECC_*` macros to search for in the `curves` domain of `depend.py`.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:13 +01:00
Gabor Mezei
1c49cff468
Use PSA macros for the curves domain 
Exclude the SECP224K1 curve due it is unstable via the PSA API.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-01-27 15:03:13 +01:00
Valerio Setti
0ebd6de77b ssl-opt.sh: remove tests forcing DHE-RSA for which have alternatives 
Remove tests which are forcing DHE-RSA, but for which an ECDHE-RSA
alternative already exists.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
3b412e283f ssl-opt.sh: remove tests which are specific for DHE-RSA 
For these ones there is no ECDHE alternative as they are testing
specific features of DHE.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
309a7ec70e ssl-opt.sh: adapt tests from DHE-RSA to ECDHE-RSA 
Adapted tests do not already have an ECDHE-RSA test available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:26 +01:00
Valerio Setti
592f6826dd test_suite_ssl: update description for conf_curve and conf_gruop tests 
These tests are about EC curves/groups, not DH ones, so the description
should be updated accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:46:25 +01:00
Valerio Setti
8638603ba7 test_suite_ssl: remove tests specific for DHE-RSA 
These tests were specific for DHE-RSA (which is being removed on
development branch) and also for each of them there was already the
ECDHE-RSA counterpart available.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Valerio Setti
b8ef2a4455 test_suite_ssl: adapt handshake_fragmentation() to use ECDHE-RSA 
Use ECDHE-RSA instead of DHE-RSA.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Valerio Setti
5b7bfd8d5a test_suite_ssl: adapt DHE-RSA tests to ECDHE-RSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-27 12:38:39 +01:00
Ronald Cron
189dcf630f
Merge pull request #9910 from valeriosetti/issue9684 
Remove DHE-PSK key exchange
 2025-01-27 11:15:10 +00:00
Manuel Pégourié-Gonnard
7e1154c959
Merge pull request #9906 from mpg/rm-conf-curves 
[dev] Remove deprecated function mbedtls_ssl_conf_curves()
 2025-01-27 08:21:27 +00:00
Valerio Setti
6e892cb630 components-configuration-crypto.sh: remove references to DHE_PSK kex 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
70cc4e6bd1 analyze_outcomes.py: remove exceptions related to DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
64d264d2e6 compat.sh: remove usage of DHE-PSK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
9a9c9a53c1 compat.sh: do not use DHE-PSK key exchange in gnutls tests 
DHE-PSK is being removed from Mbed TLS so we cannot use this key
exchange with gnutls testing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Valerio Setti
5c730c1d54 ssl-opt.sh: remove DHE-PSK only test cases 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-01-24 11:49:59 +01:00
Manuel Pégourié-Gonnard
c4e768a8a6 Fix incorrect test function 
We should not manually set the TLS version, the tests are supposed to
pass in 1.3-only builds as well. Instead do the normal thing of setting
defaults. This doesn't interfere with the rest of the testing, so I'm
not sure why we were not doing it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-22 10:04:43 +01:00