ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"

Signed-off-by: valerio <valerio.setti@nordicsemi.no>
This commit is contained in:
valerio 2023-03-09 16:19:35 +01:00
parent 1470ce3eba
commit f27472b128
2 changed files with 20 additions and 9 deletions

View file

@ -2328,7 +2328,8 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () {
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA"
make test
# ssl-opt.sh later when the accel component is ready
msg "test: ssl-opt.sh"
tests/ssl-opt.sh
}
component_test_psa_crypto_config_accel_rsa_signature () {

View file

@ -284,10 +284,16 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
# An optional parameter can be specified in order to limit key exchanges in
# TLS 1.2 (in TLS 1.3 it has no effect).
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() {
KEX_SUBSET=${1:-}
if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2
then
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
case $KEX_SUBSET in
ECDSA) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT ;;
*) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT ;;
esac
elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
then
SKIP_NEXT="YES"
@ -1965,6 +1971,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for client authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
@ -2244,6 +2251,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
requires_hash_alg SHA_256
run_test "Opaque key for server authentication: ECDHE-RSA" \
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
@ -2330,6 +2338,7 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque keys for server authentication: RSA keys with different algs" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none \
@ -2394,6 +2403,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
@ -5622,7 +5632,7 @@ MAX_IM_CA='8'
# are in place so that the semantics are consistent with the test description.
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA
run_test "Authentication: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@ -5632,7 +5642,7 @@ run_test "Authentication: server max_int chain, client default" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA
run_test "Authentication: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -5643,7 +5653,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
run_test "Authentication: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -5655,7 +5665,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
run_test "Authentication: server max_int+1 chain, client none" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -5929,7 +5939,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
run_test "Authentication, CA callback: server max_int chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
key_file=data_files/dir-maxpath/09.key" \
@ -5942,7 +5952,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \
@ -5955,7 +5965,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
requires_full_size_output_buffer
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
key_file=data_files/dir-maxpath/10.key" \