test: pake: allow opaque password only when USE_PSA is enabled

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
This commit is contained in:
Valerio Setti 2022-12-02 14:28:49 +01:00
parent e7518ba28e
commit d6feb20869
2 changed files with 26 additions and 4 deletions

View file

@ -319,12 +319,17 @@ int main( void )
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_ECJPAKE \ #define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw=%%s default: none (disabled)\n" \
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n" " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
#else #else /* MBEDTLS_USE_PSA_CRYPTO */
#define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define USAGE_ECJPAKE "" #define USAGE_ECJPAKE ""
#endif #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_ECP_RESTARTABLE) #if defined(MBEDTLS_ECP_RESTARTABLE)
#define USAGE_ECRESTART \ #define USAGE_ECRESTART \
@ -494,7 +499,9 @@ struct options
const char *psk; /* the pre-shared key */ const char *psk; /* the pre-shared key */
const char *psk_identity; /* the pre-shared key identity */ const char *psk_identity; /* the pre-shared key identity */
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
#endif
int ec_max_ops; /* EC consecutive operations limit */ int ec_max_ops; /* EC consecutive operations limit */
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@ -926,7 +933,9 @@ int main( int argc, char *argv[] )
#endif #endif
opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_identity = DFL_PSK_IDENTITY;
opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ecjpake_pw = DFL_ECJPAKE_PW;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
#endif
opt.ec_max_ops = DFL_EC_MAX_OPS; opt.ec_max_ops = DFL_EC_MAX_OPS;
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
@ -1102,8 +1111,10 @@ int main( int argc, char *argv[] )
opt.psk_identity = q; opt.psk_identity = q;
else if( strcmp( p, "ecjpake_pw" ) == 0 ) else if( strcmp( p, "ecjpake_pw" ) == 0 )
opt.ecjpake_pw = q; opt.ecjpake_pw = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if( strcmp( p, "ecjpake_pw_opaque" ) == 0 ) else if( strcmp( p, "ecjpake_pw_opaque" ) == 0 )
opt.ecjpake_pw_opaque = atoi( q ); opt.ecjpake_pw_opaque = atoi( q );
#endif
else if( strcmp( p, "ec_max_ops" ) == 0 ) else if( strcmp( p, "ec_max_ops" ) == 0 )
opt.ec_max_ops = atoi( q ); opt.ec_max_ops = atoi( q );
else if( strcmp( p, "force_ciphersuite" ) == 0 ) else if( strcmp( p, "force_ciphersuite" ) == 0 )

View file

@ -419,12 +419,17 @@ int main( void )
#endif #endif
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
#if defined(MBEDTLS_USE_PSA_CRYPTO)
#define USAGE_ECJPAKE \ #define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n" \ " ecjpake_pw=%%s default: none (disabled)\n" \
" ecjpake_pw_opaque=%%d default: 0 (disabled)\n" " ecjpake_pw_opaque=%%d default: 0 (disabled)\n"
#else #else /* MBEDTLS_USE_PSA_CRYPTO */
#define USAGE_ECJPAKE \
" ecjpake_pw=%%s default: none (disabled)\n"
#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#define USAGE_ECJPAKE "" #define USAGE_ECJPAKE ""
#endif #endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_ECP_C) #if defined(MBEDTLS_ECP_C)
#define USAGE_CURVES \ #define USAGE_CURVES \
@ -623,7 +628,9 @@ struct options
const char *psk_identity; /* the pre-shared key identity */ const char *psk_identity; /* the pre-shared key identity */
char *psk_list; /* list of PSK id/key pairs for callback */ char *psk_list; /* list of PSK id/key pairs for callback */
const char *ecjpake_pw; /* the EC J-PAKE password */ const char *ecjpake_pw; /* the EC J-PAKE password */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */ int ecjpake_pw_opaque; /* set to 1 to use the opaque method for setting the password */
#endif
int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */ int force_ciphersuite[2]; /* protocol/ciphersuite to use, or all */
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */ int tls13_kex_modes; /* supported TLS 1.3 key exchange modes */
@ -1668,7 +1675,9 @@ int main( int argc, char *argv[] )
opt.psk_identity = DFL_PSK_IDENTITY; opt.psk_identity = DFL_PSK_IDENTITY;
opt.psk_list = DFL_PSK_LIST; opt.psk_list = DFL_PSK_LIST;
opt.ecjpake_pw = DFL_ECJPAKE_PW; opt.ecjpake_pw = DFL_ECJPAKE_PW;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE; opt.ecjpake_pw_opaque = DFL_ECJPAKE_PW_OPAQUE;
#endif
opt.force_ciphersuite[0]= DFL_FORCE_CIPHER; opt.force_ciphersuite[0]= DFL_FORCE_CIPHER;
#if defined(MBEDTLS_SSL_PROTO_TLS1_3) #if defined(MBEDTLS_SSL_PROTO_TLS1_3)
opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES; opt.tls13_kex_modes = DFL_TLS1_3_KEX_MODES;
@ -1872,8 +1881,10 @@ int main( int argc, char *argv[] )
opt.psk_list = q; opt.psk_list = q;
else if( strcmp( p, "ecjpake_pw" ) == 0 ) else if( strcmp( p, "ecjpake_pw" ) == 0 )
opt.ecjpake_pw = q; opt.ecjpake_pw = q;
#if defined(MBEDTLS_USE_PSA_CRYPTO)
else if( strcmp( p, "ecjpake_pw_opaque" ) == 0 ) else if( strcmp( p, "ecjpake_pw_opaque" ) == 0 )
opt.ecjpake_pw_opaque = atoi( q ); opt.ecjpake_pw_opaque = atoi( q );
#endif
else if( strcmp( p, "force_ciphersuite" ) == 0 ) else if( strcmp( p, "force_ciphersuite" ) == 0 )
{ {
opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q ); opt.force_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id( q );