ssl-opt.sh: Fix some symmetric crypto dependencies
Fix some dependencies on symmetric crypto that were not correct in case of driver but not builtin support. Revealed by "Analyze driver test_psa_crypto_config_accel_cipher_aead vs reference test_psa_crypto_config_reference_cipher_aead" in analyze_outcomes.py. Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This commit is contained in:
parent
5b73de8ddb
commit
41bc42ac1b
1 changed files with 20 additions and 36 deletions
|
@ -2341,7 +2341,7 @@ run_test "Opaque key for server authentication: invalid alg: ecdh with RSA ke
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_CCM
|
||||
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key key_opaque_algs=ecdh,none \
|
||||
|
@ -2395,7 +2395,7 @@ run_test "Opaque keys for server authentication: EC keys with different algs,
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_hash_alg SHA_384
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_CCM
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
|
@ -2575,7 +2575,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_384
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
|
||||
|
@ -9124,8 +9124,7 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \
|
|||
|
||||
# Tests for ECC extensions (rfc 4492)
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
run_test "Force a non ECC ciphersuite in the client side" \
|
||||
|
@ -9137,8 +9136,7 @@ run_test "Force a non ECC ciphersuite in the client side" \
|
|||
-S "found supported elliptic curves extension" \
|
||||
-S "found supported point formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
run_test "Force a non ECC ciphersuite in the server side" \
|
||||
|
@ -9148,8 +9146,7 @@ run_test "Force a non ECC ciphersuite in the server side" \
|
|||
-C "found supported_point_formats extension" \
|
||||
-S "server hello, supported_point_formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Force an ECC ciphersuite in the client side" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
@ -9160,8 +9157,7 @@ run_test "Force an ECC ciphersuite in the client side" \
|
|||
-s "found supported elliptic curves extension" \
|
||||
-s "found supported point formats extension"
|
||||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Force an ECC ciphersuite in the server side" \
|
||||
"$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
||||
|
@ -9686,8 +9682,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: both (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
|
@ -9716,8 +9711,7 @@ run_test "DTLS fragmenting: both (MTU=512)" \
|
|||
not_with_valgrind
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
|
||||
-p "$P_PXY mtu=508" \
|
||||
|
@ -9739,8 +9733,7 @@ run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
|
|||
only_with_valgrind
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
|
||||
-p "$P_PXY mtu=508" \
|
||||
|
@ -9791,8 +9784,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
|
|||
not_with_valgrind # spurious autoreduction due to timeout
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
|
@ -9840,8 +9832,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
|
|||
not_with_valgrind # spurious autoreduction due to timeout
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
|
@ -9875,8 +9866,7 @@ run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
|
|||
not_with_valgrind # spurious autoreduction due to timeout
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
|
||||
-p "$P_PXY mtu=1450" \
|
||||
|
@ -9904,7 +9894,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||
requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
|
@ -9934,8 +9924,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
|
||||
-p "$P_PXY mtu=512" \
|
||||
|
@ -9965,8 +9954,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_CCM
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
|
@ -9996,8 +9984,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
|
||||
|
@ -10028,8 +10015,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled PSA_WANT_ALG_CBC_NO_PADDING
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
||||
-p "$P_PXY mtu=1024" \
|
||||
|
@ -10055,8 +10041,7 @@ run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
|
|||
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
client_needs_more_time 2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU + 3d" \
|
||||
|
@ -10078,8 +10063,7 @@ run_test "DTLS fragmenting: proxy MTU + 3d" \
|
|||
# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_enabled PSA_WANT_ALG_GCM
|
||||
client_needs_more_time 2
|
||||
requires_max_content_len 2048
|
||||
run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
|
||||
|
|
Loading…
Reference in a new issue