From eb4390b27c83593de4248be1a5af91131f52f983 Mon Sep 17 00:00:00 2001 From: Neil Armstrong Date: Fri, 27 May 2022 10:26:02 +0200 Subject: [PATCH] Add Cipersuite selection negative testing by using invalid algs for server-side opaque key Signed-off-by: Neil Armstrong --- tests/ssl-opt.sh | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 0b6711cdd..29f330a1a 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1735,6 +1735,23 @@ run_test "TLS-ECDHE-RSA Opaque key for client authentication" \ -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS-ECDHE-ECDSA Opaque key for server authentication, invalid algs" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ + key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \ + debug_level=1" \ + "$P_CLI crt_file=data_files/server5.crt \ + key_file=data_files/server5.key" \ + 1 \ + -s "key types: Opaque, none" \ + -s "got ciphersuites in common, but none of them usable" \ + -s "error" \ + -c "error" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C @@ -1802,6 +1819,24 @@ run_test "TLS-ECDHE-ECDSA Opaque key for server authentication" \ -S "error" \ -C "error" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO +requires_config_enabled MBEDTLS_X509_CRT_PARSE_C +requires_config_enabled MBEDTLS_ECDSA_C +requires_config_enabled MBEDTLS_RSA_C +requires_config_enabled MBEDTLS_SHA256_C +run_test "TLS-ECDHE-RSA Opaque key for server authentication, invalid algs" \ + "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key key_opaque_algs=ecdh,none \ + debug_level=1" \ + "$P_CLI crt_file=data_files/server2-sha256.crt \ + key_file=data_files/server2.key" \ + 1 \ + -s "key types: Opaque, none" \ + -s "got ciphersuites in common, but none of them usable" \ + -s "error" \ + -c "error" + requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_X509_CRT_PARSE_C