Refactor compat scripts
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
parent
9b938b7c37
commit
b7c12a466f
3 changed files with 1144 additions and 1439 deletions
File diff suppressed because it is too large
Load diff
|
@ -24,7 +24,6 @@ Generate TLSv1.3 Compat test cases
|
||||||
|
|
||||||
import sys
|
import sys
|
||||||
import os
|
import os
|
||||||
import abc
|
|
||||||
import argparse
|
import argparse
|
||||||
import itertools
|
import itertools
|
||||||
from collections import namedtuple
|
from collections import namedtuple
|
||||||
|
@ -71,10 +70,11 @@ NAMED_GROUP_IANA_VALUE = {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
class TLSProgram(metaclass=abc.ABCMeta):
|
class TLSProgram:
|
||||||
"""
|
"""
|
||||||
Base class for generate server/client command.
|
Base class for generate server/client command.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
# pylint: disable=too-many-arguments
|
# pylint: disable=too-many-arguments
|
||||||
def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
|
def __init__(self, ciphersuite=None, signature_algorithm=None, named_group=None,
|
||||||
cert_sig_alg=None, compat_mode=True):
|
cert_sig_alg=None, compat_mode=True):
|
||||||
|
@ -112,24 +112,25 @@ class TLSProgram(metaclass=abc.ABCMeta):
|
||||||
self._cert_sig_algs.extend(
|
self._cert_sig_algs.extend(
|
||||||
[sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
|
[sig_alg for sig_alg in signature_algorithms if sig_alg not in self._cert_sig_algs])
|
||||||
|
|
||||||
@abc.abstractmethod
|
# pylint: disable=no-self-use
|
||||||
def pre_checks(self):
|
def pre_checks(self):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
@abc.abstractmethod
|
# pylint: disable=no-self-use
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
if not self._cert_sig_algs:
|
if not self._cert_sig_algs:
|
||||||
self._cert_sig_algs = list(CERTIFICATES.keys())
|
self._cert_sig_algs = list(CERTIFICATES.keys())
|
||||||
|
return self.pre_cmd()
|
||||||
|
|
||||||
@abc.abstractmethod
|
# pylint: disable=no-self-use
|
||||||
def post_checks(self):
|
def post_checks(self):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
@abc.abstractmethod
|
# pylint: disable=no-self-use
|
||||||
def pre_cmd(self):
|
def pre_cmd(self):
|
||||||
return []
|
return ['false']
|
||||||
|
|
||||||
@abc.abstractmethod
|
# pylint: disable=unused-argument,no-self-use
|
||||||
def hrr_post_checks(self, named_group):
|
def hrr_post_checks(self, named_group):
|
||||||
return []
|
return []
|
||||||
|
|
||||||
|
@ -148,10 +149,7 @@ class OpenSSLBase(TLSProgram):
|
||||||
}
|
}
|
||||||
|
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
super().cmd()
|
ret = super().cmd()
|
||||||
ret = []
|
|
||||||
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
|
||||||
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
|
|
||||||
|
|
||||||
if self._ciphers:
|
if self._ciphers:
|
||||||
ciphersuites = ':'.join(self._ciphers)
|
ciphersuites = ':'.join(self._ciphers)
|
||||||
|
@ -177,15 +175,6 @@ class OpenSSLBase(TLSProgram):
|
||||||
def pre_checks(self):
|
def pre_checks(self):
|
||||||
return ["requires_openssl_tls1_3"]
|
return ["requires_openssl_tls1_3"]
|
||||||
|
|
||||||
def post_checks(self):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def hrr_post_checks(self, named_group):
|
|
||||||
return []
|
|
||||||
|
|
||||||
|
|
||||||
class OpenSSLServ(OpenSSLBase):
|
class OpenSSLServ(OpenSSLBase):
|
||||||
"""
|
"""
|
||||||
|
@ -193,18 +182,28 @@ class OpenSSLServ(OpenSSLBase):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
ret = self.pre_cmd() + super().cmd()
|
ret = super().cmd()
|
||||||
ret += ['-accept $SRV_PORT']
|
|
||||||
|
|
||||||
ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
|
ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
|
||||||
|
return ret
|
||||||
return ' '.join(ret)
|
|
||||||
|
|
||||||
def post_checks(self):
|
def post_checks(self):
|
||||||
return ['-c "HTTP/1.0 200 ok"']
|
return ['-c "HTTP/1.0 200 ok"']
|
||||||
|
|
||||||
def pre_cmd(self):
|
def pre_cmd(self):
|
||||||
return ['$O_NEXT_SRV_NO_CERT']
|
ret = ['$O_NEXT_SRV_NO_CERT']
|
||||||
|
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
||||||
|
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
|
||||||
|
return ret
|
||||||
|
|
||||||
|
|
||||||
|
class OpenSSLCli(OpenSSLBase):
|
||||||
|
"""
|
||||||
|
Generate test commands for OpenSSL client.
|
||||||
|
"""
|
||||||
|
|
||||||
|
def pre_cmd(self):
|
||||||
|
return ['$O_NEXT_CLI_NO_CERT',
|
||||||
|
'-CAfile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
||||||
|
|
||||||
|
|
||||||
class GnuTLSBase(TLSProgram):
|
class GnuTLSBase(TLSProgram):
|
||||||
|
@ -253,22 +252,8 @@ class GnuTLSBase(TLSProgram):
|
||||||
"requires_gnutls_next_no_ticket",
|
"requires_gnutls_next_no_ticket",
|
||||||
"requires_gnutls_next_disable_tls13_compat", ]
|
"requires_gnutls_next_disable_tls13_compat", ]
|
||||||
|
|
||||||
def post_checks(self):
|
|
||||||
return ['-c "HTTP/1.0 200 OK"']
|
|
||||||
|
|
||||||
def hrr_post_checks(self, named_group):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
super().cmd()
|
ret = super().cmd()
|
||||||
ret = []
|
|
||||||
|
|
||||||
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
|
||||||
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
|
|
||||||
cert=cert, key=key)]
|
|
||||||
|
|
||||||
priority_string_list = []
|
priority_string_list = []
|
||||||
|
|
||||||
|
@ -316,14 +301,26 @@ class GnuTLSServ(GnuTLSBase):
|
||||||
Generate test commands for GnuTLS server.
|
Generate test commands for GnuTLS server.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def cmd(self):
|
def pre_cmd(self):
|
||||||
ret = self.pre_cmd() + super().cmd()
|
ret = ['$G_NEXT_SRV_NO_CERT', '--http', '--disable-client-cert', '--debug=4']
|
||||||
|
|
||||||
ret = ' '.join(ret)
|
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
||||||
|
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
|
||||||
|
cert=cert, key=key)]
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
|
def post_checks(self):
|
||||||
|
return ['-c "HTTP/1.0 200 OK"']
|
||||||
|
|
||||||
|
|
||||||
|
class GnuTLSCli(GnuTLSBase):
|
||||||
|
"""
|
||||||
|
Generate test commands for GnuTLS client.
|
||||||
|
"""
|
||||||
|
|
||||||
def pre_cmd(self):
|
def pre_cmd(self):
|
||||||
return ['$G_NEXT_SRV_NO_CERT'] + ['--http', '--disable-client-cert', '--debug=4']
|
return ['$G_NEXT_CLI_NO_CERT', '--debug=4', '--single-key-share',
|
||||||
|
'--x509cafile {cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
||||||
|
|
||||||
|
|
||||||
class MbedTLSBase(TLSProgram):
|
class MbedTLSBase(TLSProgram):
|
||||||
|
@ -339,10 +336,9 @@ class MbedTLSBase(TLSProgram):
|
||||||
'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
|
'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
|
||||||
|
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
super().cmd()
|
ret = super().cmd()
|
||||||
ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT', 'debug_level=4']
|
ret += ['debug_level=4']
|
||||||
ret += ['ca_file={cafile}'.format(
|
|
||||||
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
|
||||||
|
|
||||||
if self._ciphers:
|
if self._ciphers:
|
||||||
ciphers = ','.join(
|
ciphers = ','.join(
|
||||||
|
@ -356,7 +352,7 @@ class MbedTLSBase(TLSProgram):
|
||||||
if self._named_groups:
|
if self._named_groups:
|
||||||
named_groups = ','.join(self._named_groups)
|
named_groups = ','.join(self._named_groups)
|
||||||
ret += ["curves={named_groups}".format(named_groups=named_groups)]
|
ret += ["curves={named_groups}".format(named_groups=named_groups)]
|
||||||
|
ret += ['force_version=tls13']
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
def pre_checks(self):
|
def pre_checks(self):
|
||||||
|
@ -371,15 +367,6 @@ class MbedTLSBase(TLSProgram):
|
||||||
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
|
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
def post_checks(self):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
|
||||||
return []
|
|
||||||
|
|
||||||
def hrr_post_checks(self, named_group):
|
|
||||||
return []
|
|
||||||
|
|
||||||
|
|
||||||
class MbedTLSServ(MbedTLSBase):
|
class MbedTLSServ(MbedTLSBase):
|
||||||
"""
|
"""
|
||||||
|
@ -387,13 +374,8 @@ class MbedTLSServ(MbedTLSBase):
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def cmd(self):
|
def cmd(self):
|
||||||
ret = self.pre_cmd() + super().cmd()
|
ret = super().cmd()
|
||||||
ret += ['force_version=tls13']
|
|
||||||
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
|
||||||
ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
|
|
||||||
|
|
||||||
ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
|
ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
|
||||||
ret = ' '.join(ret)
|
|
||||||
return ret
|
return ret
|
||||||
|
|
||||||
def pre_checks(self):
|
def pre_checks(self):
|
||||||
|
@ -420,64 +402,23 @@ class MbedTLSServ(MbedTLSBase):
|
||||||
return ['-s "{}"'.format(i) for i in check_strings]
|
return ['-s "{}"'.format(i) for i in check_strings]
|
||||||
|
|
||||||
def pre_cmd(self):
|
def pre_cmd(self):
|
||||||
return ['$P_SRV_NO_CERT']
|
ret = ['$P_SRV']
|
||||||
|
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
|
||||||
|
ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
|
||||||
|
return ret
|
||||||
|
|
||||||
def hrr_post_checks(self, named_group):
|
def hrr_post_checks(self, named_group):
|
||||||
return ['-s "HRR selected_group: {:s}"'.format(named_group)]
|
return ['-s "HRR selected_group: {:s}"'.format(named_group)]
|
||||||
|
|
||||||
|
|
||||||
class OpenSSLCli(OpenSSLBase):
|
|
||||||
"""
|
|
||||||
Generate test commands for OpenSSL client.
|
|
||||||
"""
|
|
||||||
|
|
||||||
def cmd(self):
|
|
||||||
ret = self.pre_cmd() + super().cmd()
|
|
||||||
|
|
||||||
ret += ['-CAfile {cafile}'.format(
|
|
||||||
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
|
||||||
|
|
||||||
return ' '.join(ret)
|
|
||||||
|
|
||||||
def post_checks(self):
|
|
||||||
return ['-s "HTTP/1.0 200 OK"']
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
|
||||||
return ['$O_NEXT_CLI_NO_CERT']
|
|
||||||
|
|
||||||
|
|
||||||
class GnuTLSCli(GnuTLSBase):
|
|
||||||
"""
|
|
||||||
Generate test commands for GnuTLS client.
|
|
||||||
"""
|
|
||||||
|
|
||||||
def cmd(self):
|
|
||||||
ret = self.pre_cmd() + super().cmd()
|
|
||||||
ret += ['--x509cafile {cafile}'.format(
|
|
||||||
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
|
||||||
|
|
||||||
ret = ' '.join(ret)
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
|
||||||
ret = ['$G_NEXT_CLI_NO_CERT']
|
|
||||||
ret += ['--debug=4', 'localhost', '-p $SRV_PORT', '--single-key-share']
|
|
||||||
return ret
|
|
||||||
|
|
||||||
|
|
||||||
class MbedTLSCli(MbedTLSBase):
|
class MbedTLSCli(MbedTLSBase):
|
||||||
"""
|
"""
|
||||||
Generate test commands for mbedTLS client.
|
Generate test commands for mbedTLS client.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
def cmd(self):
|
|
||||||
ret = self.pre_cmd() + super().cmd()
|
|
||||||
|
|
||||||
ret = ' '.join(ret)
|
|
||||||
return ret
|
|
||||||
|
|
||||||
def pre_cmd(self):
|
def pre_cmd(self):
|
||||||
return ['$P_CLI']
|
return ['$P_CLI',
|
||||||
|
'ca_file={cafile}'.format(cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
|
||||||
|
|
||||||
def pre_checks(self):
|
def pre_checks(self):
|
||||||
return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks()
|
return ['requires_config_enabled MBEDTLS_SSL_CLI_C'] + super().pre_checks()
|
||||||
|
@ -528,8 +469,10 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None
|
||||||
signature_algorithm=sig_alg,
|
signature_algorithm=sig_alg,
|
||||||
cert_sig_alg=sig_alg)
|
cert_sig_alg=sig_alg)
|
||||||
|
|
||||||
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
|
cmd = ['run_test "{}"'.format(name),
|
||||||
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
|
'"{}"'.format(' '.join(server_object.cmd())),
|
||||||
|
'"{}"'.format(' '.join(client_object.cmd())),
|
||||||
|
'0']
|
||||||
cmd += server_object.post_checks()
|
cmd += server_object.post_checks()
|
||||||
cmd += client_object.post_checks()
|
cmd += client_object.post_checks()
|
||||||
cmd += ['-C "received HelloRetryRequest message"']
|
cmd += ['-C "received HelloRetryRequest message"']
|
||||||
|
@ -554,8 +497,10 @@ def generate_hrr_compat_test(client=None, server=None,
|
||||||
cert_sig_alg=cert_sig_alg)
|
cert_sig_alg=cert_sig_alg)
|
||||||
client_object.add_named_groups(server_named_group)
|
client_object.add_named_groups(server_named_group)
|
||||||
|
|
||||||
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
|
cmd = ['run_test "{}"'.format(name),
|
||||||
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
|
'"{}"'.format(' '.join(server_object.cmd())),
|
||||||
|
'"{}"'.format(' '.join(client_object.cmd())),
|
||||||
|
'0']
|
||||||
cmd += server_object.post_checks()
|
cmd += server_object.post_checks()
|
||||||
cmd += client_object.post_checks()
|
cmd += client_object.post_checks()
|
||||||
cmd += server_object.hrr_post_checks(server_named_group)
|
cmd += server_object.hrr_post_checks(server_named_group)
|
||||||
|
@ -660,6 +605,7 @@ def main():
|
||||||
SERVER_CLASSES.keys(),
|
SERVER_CLASSES.keys(),
|
||||||
NAMED_GROUP_IANA_VALUE.keys(),
|
NAMED_GROUP_IANA_VALUE.keys(),
|
||||||
NAMED_GROUP_IANA_VALUE.keys()):
|
NAMED_GROUP_IANA_VALUE.keys()):
|
||||||
|
|
||||||
if (client == 'mbedTLS' or server == 'mbedTLS') and \
|
if (client == 'mbedTLS' or server == 'mbedTLS') and \
|
||||||
client_named_group != server_named_group:
|
client_named_group != server_named_group:
|
||||||
yield generate_hrr_compat_test(client=client, server=server,
|
yield generate_hrr_compat_test(client=client, server=server,
|
||||||
|
|
|
@ -1542,7 +1542,6 @@ SRV_DELAY_SECONDS=0
|
||||||
# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
|
# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
|
||||||
# machines that will resolve to ::1, and we don't want ipv6 here.
|
# machines that will resolve to ::1, and we don't want ipv6 here.
|
||||||
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
||||||
P_SRV_NO_CERT="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
|
|
||||||
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
|
P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
|
||||||
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
|
P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
|
||||||
O_SRV="$O_SRV -accept $SRV_PORT"
|
O_SRV="$O_SRV -accept $SRV_PORT"
|
||||||
|
@ -1569,7 +1568,7 @@ fi
|
||||||
|
|
||||||
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
|
if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
|
||||||
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
|
G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
|
||||||
G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT"
|
G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Allow SHA-1, because many of our test certificates use it
|
# Allow SHA-1, because many of our test certificates use it
|
||||||
|
|
Loading…
Reference in a new issue