Commit Graph

84 Commits

Author SHA1 Message Date
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
Daniel Pouzzner 9a84dfc86a add wolfcrypt_test() to unit_test(); remove call to HashTest() and delete
tests/hash.c (entire file duplicates code in wolfcrypt/test/test.c, originally
  ctaocrypt/test/test.c).
2025-03-11 14:59:07 -05:00
Tobias Frauenschläger 89491c7e36 Improvements for PQC hybrid key exchange
Add support for X25519 and X448 based hybrid PQC + ECC key exchange
groups. Furthermore, two new combinations with SECP curves are added to
match OQS combinations.

This also incorporates the changed order of X25519 and X448 based
combinations to place the PQC material before the ECDH material. This is
motivated by the necessity to always have material of a FIPS approved
algorithm first.

Also, codepoints are updated to reflect the latest draft standards for
pure ML-KEM and some of the hybrids. With these changes and based on the
recent additions to both enable ML-KEM final and draft versions
simultaneously, a WolfSSL TLS server is now compatible with all recent
browsers that support either the draft version of ML-KEM (Chromium based
browsers and Firefox < version 132; only when the draft version is
enabled in the build) or the final version already (Firefox > version 132).

In the process of extending support, some code and logic cleanup
happened. Furthermore, some memory leaks within the hybrid code path have
been fixed.

Signed-off-by: Tobias Frauenschläger <tobias.frauenschlaeger@oth-regensburg.de>
2025-02-21 18:44:40 +01:00
Juliusz Sosinowicz e02da08192 Reorganize utility functions into tests/utils.c and testsuite/utils.c 2025-02-14 09:51:29 -06:00
Juliusz Sosinowicz bcde4bdebb ascon: move tests to api.c and introduce framework to split up api.c 2025-01-29 15:50:00 +01:00
Juliusz Sosinowicz 8bc79a0b43 Add dtls 1.3 PQC suites tests 2023-11-08 10:29:35 +01:00
Juliusz Sosinowicz b32ff0b0b8 Rename utils.c to utils.h
This better signals that this file is meant to be included directly in testing programs and also plays better with my IDE.
2023-08-18 15:05:23 +02:00
Juliusz Sosinowicz d2642e329d Properly enforce the pathLenConstraint of the BasicConstraints extension
- move the testsuite file helps into a new tests/utils.c file so that they can be used across all tests
- dump the raw TLS stream when WOLFSSL_DUMP_MEMIO_STREAM is defined so that it can be examined in Wireshark
2023-07-06 19:00:11 +02:00
Sean Parkinson e2424e6744 SM2/SM3/SM4: Chinese cipher support
Add support for:
 - SM2 elliptic curve and SM2 sign/verify
 - SM3 digest
 - SM4 cipher with modes ECB/CBC/CTR/GCM/CCM

Add APIs for SM3 and SM4.
Add SM2 sign and verify APIs.
Add support for SM3 in wc_Hash and wc_Hmac API.
Add support for SM3 and SM4 through EVP layer.
Add support for SM2-SM3 certificates. Support key ID and name hash being
with SHA-1/256 or SM3.
Add support for TLS 1.3 cipher suites: TLS-SM4-GCM-SM3, TLS-SM4-CCM-SM3
Add support for TLS 1.2 SM cipher suite: ECDHE-ECDSA-SM4-CBC-SM3
Add support for SM3 in wc_PRF_TLS.
Add SM2-SM3 certificates and keys. Generated with GmSSL-3.0.0 and
OpenSSL.
2023-07-04 13:36:28 +10:00
Chris Conlon 9a7ff8773b add --with-libsuffix support, append suffix to library artifact name 2022-12-21 13:31:07 -07:00
Anthony Hu c5ca20fe43 New files so add them to include.am 2022-12-14 13:28:20 -05:00
Marco Oliverio 6e4a3ecdbd tests: add negative version negotation tests 2022-09-28 18:42:38 +02:00
Anthony Hu 7f2659bb9b add test-tls13-pq-2.conf to include.am 2022-09-13 10:51:07 -04:00
Marco Oliverio f3262005e4 add basic ConnectionID DTLS tests 2022-08-23 16:58:24 +02:00
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
2022-08-11 09:43:01 +10:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
Marco Oliverio 683adb5917 tests: add dtls downgrade tests 2022-07-06 16:18:44 +02:00
Marco Oliverio 25cf98a417 test: add DTLSv1.3 test suites 2022-06-15 10:46:43 -07:00
Marco Oliverio 9d22e11776 misc.c: introduce w64wrapper to handle 64bit numbers
as word64 is not always available, introduce an abstract type and companion
operations. They use a word64 if available and fallback on word32[2] otherwise.
2022-06-15 10:46:42 -07:00
Marco Oliverio 86ba0ef643 tests: support test for SRTP
the test will check that the same Exported Keying Material is generated between
client and server
2022-01-19 13:35:29 +01:00
Anthony Hu 0e80923fb3 Unit tests for post-quantum groups.
Also, fixes for the things they caught such as:

- ssl->arrays->preMasterSecret is pre-allocated so copy into it instead of
  moving ownership of buffer.
- server does not need to save the public key.
- in TLSX_KeyShare_Parse() don't call TLSX_KeyShare_Use() because its done in
  TLSX_PopulateExtensions().
- in TLSX_KeyShare_Use(), the server generates the ciphertext while the client
  generates the public key.
- in TLSX_PopulateExtensions(), prevent client from calling TLSX_KeyShare_Use()
  because its already been done.
- Support longer curve/group names.
2021-09-28 17:16:44 -04:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
toddouska 014bd21df0 Merge pull request #3983 from tmael/tls_down
TLS minimum downgrade option
2021-05-05 15:38:45 -07:00
Tesfa Mael f8e9f32eb8 Add a new file 2021-04-23 15:56:09 -07:00
Daniel Pouzzner 1cbe696716 checkpoint: fully functioning demo via examples/server/ and unit.test (which produces a "filtered" error on a subtest when built --enable-wolfsentry). 2021-04-20 23:59:57 -05:00
Juliusz Sosinowicz 70a3857ae8 Fragmentation for ServerKeyExchange and CeriticateVerify
- The `ssl->dtlsMtuSz` value is the maximum possible size of the DTLS record layer. We read `ssl->dtlsMtuSz + 100` in case peer has slightly different MTU set.
- The `-u` option in the examples takes the value of the MTU size.
- MTU tests are added in `tests/test-dtls-mtu.conf`
2021-04-16 17:30:51 +02:00
Juliusz Sosinowicz d4302cc71b Correctly reset the Tx sequence number
All DTLS records after the ClientHello should try to start from the sequence number of the ClientHello if it is available.
2021-03-09 18:30:10 +01:00
Juliusz Sosinowicz 77c730361e Jenkins fixes 2020-12-17 14:27:46 +01:00
David Garske 6ac1fc5cff Fix include.am typo. 2020-11-10 09:47:36 -08:00
David Garske 10f459f891 Added TLS v1.2 and v1.3 test cases for ECC Koblitz and Brainpool curves (both server auth and mutual auth). Cipher suites: ECDHE-ECDSA-AES128-GCM-SHA256, ECDH-ECDSA-AES128-GCM-SHA256 and TLS13-AES128-GCM-SHA256. 2020-11-10 09:47:36 -08:00
toddouska 0f6d391ea1 Merge pull request #3295 from SparkiDev/tls13_p521
TLS 1.3: Fix P-521 algorithm matching
2020-09-21 13:36:48 -07:00
Sean Parkinson d63ff07edc TLS 1.3: Fix P-521 algorithm matching
Digest size compared to key size - P521 has large key size.
Fixed to round down.
Added P-521 keys and certificates.
Added testing of P-521 keys and certificcates to unittest.
2020-09-18 10:51:55 +10:00
Daniel Pouzzner 9df9fb7936 unit.test: add bwrap wrapper script at scripts/unit.test. 2020-09-17 12:03:44 -05:00
John Safranek 98ae3a2352 Added a suite test use case to cover the new error check. Also fixed and issue with passing a couple flags to the test case runner, and some other changes to support the new test. 2020-07-22 13:20:23 -07:00
Juliusz Sosinowicz 03c5359fcd Add session resumption testing for DTLS 2020-06-18 14:18:02 +02:00
Juliusz Sosinowicz 73105305cf WIP 2020-06-12 11:36:43 +02:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
Sean Parkinson a975ba9e97 Disallow SHA-2 ciphersuites from TLS 1.0 and 1.1 handshakes 2019-09-06 09:31:14 +10:00
David Garske cc8c6078b6 Fix to adjust WC_ASYNC_DEV_SIZE. Fix for tests/test-trustpeer.conf typo in include.am. 2018-12-27 11:08:49 -08:00
David Garske 59a3b4a110 New tests for cert chains, alternate cert chains, trusted peer certs and DH prime cleanup:
* Added ECC and RSA intermediate CA's and server/client chain certificates for testing.
* Enhanced suites test to support expected fail arg `-H exitWithRet` in any test .conf file.
* Added new `test-altchains.conf` for testing with `WOLFSSL_ALT_CERT_CHAINS` defined.
* Added new `test-chains` for testing chains.
* Added new `test-dhprime.conf` for DH prime check tests.
* Added new `test-trustedpeer.conf` for testing `WOLFSSL_TRUST_PEER_CERT`.
* Refactor to add `-2` to disable DH prime check by default (except for new test-dhprime.conf).
* Added ability to run a specific test.conf file using syntax like `./tests/unit.test tests/test-altchains.conf`.
2018-12-21 09:54:55 -08:00
David Garske d7d102d90a Added cipher suite unit tests for max fragment options 1-6 for TLS v1.2 and DTLS v1.2. Fix for client usage comment for max fragment. 2018-10-16 16:47:24 -07:00
Sean Parkinson ba8e441e53 Allow TLS 1.2 to be compiled out. 2018-05-25 11:00:00 +10:00
David Garske 89a4c98670 * Added support for expected fail test cases with example client/server and suites unit test.
* Added test for certificate with bad alt name containing a null character mid byte stream.
* Fix for issue with suites unit test where last arg in file doesn't conain data for a param, causing it to skip test.
* Fix for last test in tests/test.conf not being run for `TLSv1.2 RSA 3072-bit DH 3072-bit`.
* Moved the `tls-cert-fail.test` tests into the new expected failure suite test (`./tests/test-fails.conf`). Now it explicilty checks RSA and ECC for the no signer and no sig tests.
2018-05-03 09:40:51 -07:00
David Garske 5a46bdf6f6 Added unit test for using encrypted keys with TLS. Only works with --enable-des3, since the keys are all encrypted with DES3 (also requires either --enable-opensslextra or --enable-enckeys). 2018-04-09 13:28:15 -07:00
Sean Parkinson 323db1a95d Fix no ECC builds with TLS13 code.
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
2017-10-24 09:11:24 -07:00
Jacob Barthelmeh b0f87fdcf7 update .am files for make dist 2017-06-22 14:14:45 -06:00
Sean Parkinson 2b1e9973ec Add TLS v1.3 as an option 2017-05-04 14:51:30 -07:00
John Safranek 40800d8065 DTLS-SCTP fix
1. Add the SCTP suite test file to the include.am.
2. Skip the sequence number increment for client_hello messages in
   DTLS, but do the increment for SCTP.
2016-12-21 14:24:20 -08:00
David Garske 0ed26ad262 Updated build for "leantls" to support building only the client, by splitting BUILD_EXAMPLES into 3 parts (BUILD_EXAPLE_SERVERS, BUILD_EXAMPLE_CLIENTS and BUILD_TESTS). This allows the make check to perform the external tests to validate the client only "leantls" configuration option. 2016-03-08 08:35:28 -08:00
Jacob Barthelmeh 3e860107f3 remove extra cert and key, plus add new test 2016-02-11 13:49:07 -07:00