ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
parent
14d11b0877
commit
b6a0503dda
1 changed files with 185 additions and 0 deletions
185
tests/ssl-opt.sh
185
tests/ssl-opt.sh
|
@ -6512,6 +6512,67 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS"
|
|||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
0 \
|
||||
-c "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
0 \
|
||||
-c "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
0 \
|
||||
-c "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 psk_opaque=1" \
|
||||
0 \
|
||||
-c "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
|
||||
|
@ -6636,6 +6697,68 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca
|
|||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
|
||||
|
@ -6760,6 +6883,68 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o
|
|||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-C "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-s "skip PMS generation for opaque ECDHE-PSK"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
|
||||
|
|
Loading…
Reference in a new issue