ssl-opt: enable test and fix failures for reference ECDH + USE_PSA"
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
This commit is contained in:
parent
1470ce3eba
commit
f27472b128
2 changed files with 20 additions and 9 deletions
|
@ -2328,7 +2328,8 @@ component_test_psa_crypto_config_reference_ecdh_use_psa () {
|
|||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with reference ECDH + USE_PSA"
|
||||
make test
|
||||
|
||||
# ssl-opt.sh later when the accel component is ready
|
||||
msg "test: ssl-opt.sh"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_psa_crypto_config_accel_rsa_signature () {
|
||||
|
|
|
@ -284,10 +284,16 @@ TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \
|
|||
TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \
|
||||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED"
|
||||
|
||||
# An optional parameter can be specified in order to limit key exchanges in
|
||||
# TLS 1.2 (in TLS 1.3 it has no effect).
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() {
|
||||
KEX_SUBSET=${1:-}
|
||||
if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2
|
||||
then
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
case $KEX_SUBSET in
|
||||
ECDSA) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT ;;
|
||||
*) requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT ;;
|
||||
esac
|
||||
elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
|
||||
then
|
||||
SKIP_NEXT="YES"
|
||||
|
@ -1965,6 +1971,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client authentication: ECDHE-RSA" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
|
||||
|
@ -2244,6 +2251,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: ECDHE-RSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
|
@ -2330,6 +2338,7 @@ requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
|||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
run_test "Opaque keys for server authentication: RSA keys with different algs" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none \
|
||||
|
@ -2394,6 +2403,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
|
||||
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
|
@ -5622,7 +5632,7 @@ MAX_IM_CA='8'
|
|||
# are in place so that the semantics are consistent with the test description.
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA
|
||||
run_test "Authentication: server max_int chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||
key_file=data_files/dir-maxpath/09.key" \
|
||||
|
@ -5632,7 +5642,7 @@ run_test "Authentication: server max_int chain, client default" \
|
|||
|
||||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
|
||||
requires_key_exchange_with_cert_in_tls12_or_tls13_enabled ECDSA
|
||||
run_test "Authentication: server max_int+1 chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -5643,7 +5653,7 @@ run_test "Authentication: server max_int+1 chain, client default" \
|
|||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
run_test "Authentication: server max_int+1 chain, client optional" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -5655,7 +5665,7 @@ run_test "Authentication: server max_int+1 chain, client optional" \
|
|||
requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
||||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
run_test "Authentication: server max_int+1 chain, client none" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -5929,7 +5939,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
|||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
run_test "Authentication, CA callback: server max_int chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
|
||||
key_file=data_files/dir-maxpath/09.key" \
|
||||
|
@ -5942,7 +5952,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
|||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
run_test "Authentication, CA callback: server max_int+1 chain, client default" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
@ -5955,7 +5965,7 @@ requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
|
|||
requires_full_size_output_buffer
|
||||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
|
||||
requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
|
||||
run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
|
||||
"$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
|
||||
key_file=data_files/dir-maxpath/10.key" \
|
||||
|
|
Loading…
Reference in a new issue