From b6a0503dda9ae78643808481f99499f08fd635e3 Mon Sep 17 00:00:00 2001 From: Przemek Stekiel Date: Thu, 14 Apr 2022 10:22:18 +0200 Subject: [PATCH] ssl-opt.sh: add tests for clent/server psa opaque ecdhe-psk key exchange Signed-off-by: Przemek Stekiel --- tests/ssl-opt.sh | 185 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 185 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index db5ab7365..15a19d53c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -6512,6 +6512,67 @@ run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ + "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ + "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 psk_opaque=1" \ + 0 \ + -c "skip PMS generation for opaque ECDHE-PSK"\ + -S "skip PMS generation for opaque ECDHE-PSK"\ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ @@ -6636,6 +6697,68 @@ run_test "PSK callback: raw rsa-psk on client, static opaque on server, no ca -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ + "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=foo psk=abc123 extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ @@ -6760,6 +6883,68 @@ run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, o -S "SSL - Unknown identity received" \ -S "SSL - Verification of the message MAC failed" +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ + "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ + "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=def psk=beef" \ + 0 \ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -C "session hash for extended master secret"\ + -S "session hash for extended master secret"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ + "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ + force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ + "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ + psk_identity=abc psk=dead extended_ms=1" \ + 0 \ + -c "session hash for extended master secret"\ + -s "session hash for extended master secret"\ + -C "skip PMS generation for opaque ECDHE-PSK"\ + -s "skip PMS generation for opaque ECDHE-PSK"\ + -S "SSL - The handshake negotiation failed" \ + -S "SSL - Unknown identity received" \ + -S "SSL - Verification of the message MAC failed" + requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \