Merge pull request #6256 from AndrzejKurek/tls-tests-no-md-ssl-opt
ssl-opt.sh with PSA-based hashing
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
f498910383
5 changed files with 186 additions and 48 deletions
|
|
@ -1426,11 +1426,11 @@ int main( int argc, char *argv[] )
|
|||
if( opt.psk_opaque != 0 )
|
||||
{
|
||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
|
||||
else
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
|
|
|||
|
|
@ -2261,11 +2261,11 @@ int main( int argc, char *argv[] )
|
|||
if( opt.psk_opaque != 0 || opt.psk_list_opaque != 0 )
|
||||
{
|
||||
/* Determine KDF algorithm the opaque PSK will be used in. */
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
if( ciphersuite_info->mac == MBEDTLS_MD_SHA384 )
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_384);
|
||||
else
|
||||
#endif /* MBEDTLS_SHA384_C */
|
||||
#endif /* HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA */
|
||||
alg = PSA_ALG_TLS12_PSK_TO_MS(PSA_ALG_SHA_256);
|
||||
}
|
||||
#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
|
||||
|
|
|
|||
|
|
@ -296,23 +296,50 @@ int send_cb( void *ctx, unsigned char const *buf, size_t len )
|
|||
#else
|
||||
#define MBEDTLS_SSL_SIG_ALG( hash )
|
||||
#endif
|
||||
|
||||
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA1_C) ) || \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_1) )
|
||||
#define HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
#endif
|
||||
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA224_C) ) || \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_224) )
|
||||
#define HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
#endif
|
||||
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA256_C) ) || \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_256) )
|
||||
#define HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
#endif
|
||||
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA384_C) ) || \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_384) )
|
||||
#define HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
#endif
|
||||
#if ( !defined(MBEDTLS_USE_PSA_CRYPTO) && \
|
||||
defined(MBEDTLS_MD_C) && defined(MBEDTLS_SHA512_C) ) || \
|
||||
( defined(MBEDTLS_USE_PSA_CRYPTO) && defined(PSA_WANT_ALG_SHA_512) )
|
||||
#define HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
#endif
|
||||
|
||||
uint16_t ssl_sig_algs_for_test[] = {
|
||||
#if defined(MBEDTLS_SHA512_C)
|
||||
#if defined(HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA512 )
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA384_C)
|
||||
#if defined(HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA384 )
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#if defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA256 )
|
||||
#endif
|
||||
#if defined(MBEDTLS_SHA224_C)
|
||||
#if defined(HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA224 )
|
||||
#endif
|
||||
#if defined(MBEDTLS_RSA_C) && defined(MBEDTLS_SHA256_C)
|
||||
#if defined(MBEDTLS_RSA_C) && defined(HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
MBEDTLS_TLS1_3_SIG_RSA_PSS_RSAE_SHA256,
|
||||
#endif /* MBEDTLS_RSA_C && MBEDTLS_SHA256_C */
|
||||
#if defined(MBEDTLS_SHA1_C)
|
||||
#if defined(HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA)
|
||||
/* Allow SHA-1 as we use it extensively in tests. */
|
||||
MBEDTLS_SSL_SIG_ALG( MBEDTLS_SSL_HASH_SHA1 )
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -1887,6 +1887,11 @@ component_test_psa_crypto_config_accel_hash_use_psa () {
|
|||
|
||||
msg "test: MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
tests/ssl-opt.sh
|
||||
|
||||
msg "test: compat.sh, MBEDTLS_PSA_CRYPTO_CONFIG with accelerated hash and USE_PSA"
|
||||
tests/compat.sh
|
||||
}
|
||||
|
||||
|
|
|
|||
182
tests/ssl-opt.sh
182
tests/ssl-opt.sh
|
|
@ -419,6 +419,73 @@ case " $CONFIGS_ENABLED " in
|
|||
*) PSK_ONLY="NO";;
|
||||
esac
|
||||
|
||||
HAS_ALG_SHA_1="NO"
|
||||
HAS_ALG_SHA_224="NO"
|
||||
HAS_ALG_SHA_256="NO"
|
||||
HAS_ALG_SHA_384="NO"
|
||||
HAS_ALG_SHA_512="NO"
|
||||
|
||||
check_for_hash_alg()
|
||||
{
|
||||
CURR_ALG="INVALID";
|
||||
USE_PSA="NO"
|
||||
case $CONFIGS_ENABLED in
|
||||
*" MBEDTLS_USE_PSA_CRYPTO"[\ =]*)
|
||||
USE_PSA="YES";
|
||||
;;
|
||||
*) :;;
|
||||
esac
|
||||
if [ $USE_PSA = "YES" ]; then
|
||||
CURR_ALG=PSA_WANT_ALG_${1}
|
||||
else
|
||||
CURR_ALG=MBEDTLS_${1}_C
|
||||
# Remove the second underscore to match MBEDTLS_* naming convention
|
||||
CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2')
|
||||
fi
|
||||
|
||||
case $CONFIGS_ENABLED in
|
||||
*" $CURR_ALG"[\ =]*)
|
||||
return 0
|
||||
;;
|
||||
*) :;;
|
||||
esac
|
||||
return 1
|
||||
}
|
||||
|
||||
populate_enabled_hash_algs()
|
||||
{
|
||||
for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512; do
|
||||
if check_for_hash_alg "$hash_alg"; then
|
||||
hash_alg_variable=HAS_ALG_${hash_alg}
|
||||
eval ${hash_alg_variable}=YES
|
||||
fi
|
||||
done
|
||||
}
|
||||
|
||||
# skip next test if the given hash alg is not supported
|
||||
requires_hash_alg() {
|
||||
HASH_DEFINE="Invalid"
|
||||
HAS_HASH_ALG="NO"
|
||||
case $1 in
|
||||
SHA_1):;;
|
||||
SHA_224):;;
|
||||
SHA_256):;;
|
||||
SHA_384):;;
|
||||
SHA_512):;;
|
||||
*)
|
||||
echo "Unsupported hash alg - $1"
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
HASH_DEFINE=HAS_ALG_${1}
|
||||
eval "HAS_HASH_ALG=\${${HASH_DEFINE}}"
|
||||
if [ "$HAS_HASH_ALG" = "NO" ]
|
||||
then
|
||||
SKIP_NEXT="YES"
|
||||
fi
|
||||
}
|
||||
|
||||
# skip next test if OpenSSL doesn't support FALLBACK_SCSV
|
||||
requires_openssl_with_fallback_scsv() {
|
||||
if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
|
||||
|
|
@ -1478,6 +1545,8 @@ cleanup() {
|
|||
|
||||
get_options "$@"
|
||||
|
||||
populate_enabled_hash_algs
|
||||
|
||||
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
|
||||
# patterns rather than regular expressions, use a case statement instead
|
||||
# of calling grep. To keep the optimizer simple, it is incomplete and only
|
||||
|
|
@ -1628,7 +1697,7 @@ trap cleanup INT TERM HUP
|
|||
# - the expected parameters are selected
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
|
||||
requires_config_enabled MBEDTLS_SHA512_C # "signature_algorithm ext: 6"
|
||||
requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
|
||||
requires_config_enabled MBEDTLS_ECP_DP_CURVE25519_ENABLED
|
||||
run_test "Default" \
|
||||
"$P_SRV debug_level=3" \
|
||||
|
|
@ -1676,7 +1745,7 @@ run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "TLS: password protected client key" \
|
||||
"$P_SRV auth_mode=required" \
|
||||
"$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
|
||||
|
|
@ -1685,7 +1754,7 @@ run_test "TLS: password protected client key" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "TLS: password protected server key" \
|
||||
"$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \
|
||||
"$P_CLI" \
|
||||
|
|
@ -1695,7 +1764,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "TLS: password protected server key, two certificates" \
|
||||
"$P_SRV \
|
||||
key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \
|
||||
|
|
@ -1717,7 +1786,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "CA callback on server" \
|
||||
"$P_SRV auth_mode=required" \
|
||||
"$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
|
||||
|
|
@ -1733,7 +1802,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client authentication: ECDHE-ECDSA" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
|
|
@ -1753,7 +1822,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client authentication: ECDHE-RSA" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
|
|
@ -1771,7 +1840,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client authentication: DHE-RSA" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
|
|
@ -1791,7 +1860,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: ECDHE-ECDSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
|
||||
|
|
@ -1808,7 +1877,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: ECDH-" \
|
||||
"$P_SRV force_version=tls12 auth_mode=required key_opaque=1\
|
||||
crt_file=data_files/server5.ku-ka.crt\
|
||||
|
|
@ -1826,8 +1895,44 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key" \
|
||||
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
|
||||
debug_level=1" \
|
||||
"$P_CLI" \
|
||||
1 \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "error" \
|
||||
-c "error" \
|
||||
-c "Public key type mismatch"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=ecdh,none \
|
||||
debug_level=1" \
|
||||
"$P_CLI" \
|
||||
1 \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "error" \
|
||||
-c "error" \
|
||||
-c "Public key type mismatch"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \
|
||||
debug_level=1" \
|
||||
|
|
@ -1843,8 +1948,9 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key" \
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=ecdh,none \
|
||||
debug_level=1" \
|
||||
|
|
@ -1859,7 +1965,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server5.crt \
|
||||
|
|
@ -1876,7 +1982,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
|
||||
|
|
@ -1897,7 +2003,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA384_C
|
||||
requires_hash_alg SHA_384
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server7.crt \
|
||||
|
|
@ -1918,7 +2024,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA384_C
|
||||
requires_hash_alg SHA_384
|
||||
requires_config_enabled MBEDTLS_CCM_C
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
|
||||
|
|
@ -1942,7 +2048,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: ECDHE-RSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
|
|
@ -1960,7 +2066,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: DHE-RSA" \
|
||||
"$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
|
|
@ -1977,7 +2083,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: RSA-PSK" \
|
||||
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
|
||||
psk=abc123 psk_identity=foo" \
|
||||
|
|
@ -1995,7 +2101,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: RSA-" \
|
||||
"$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \
|
||||
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \
|
||||
|
|
@ -2012,7 +2118,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
|
||||
|
|
@ -2029,7 +2135,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: RSA keys with different algs" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
|
|
@ -2051,7 +2157,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA384_C
|
||||
requires_hash_alg SHA_384
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
requires_config_disabled MBEDTLS_X509_REMOVE_INFO
|
||||
run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \
|
||||
|
|
@ -2074,7 +2180,7 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
|||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \
|
||||
|
|
@ -2096,7 +2202,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client/server authentication: ECDHE-RSA" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
|
|
@ -2117,7 +2223,7 @@ requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
|||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for client/server authentication: DHE-RSA" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
|
||||
|
|
@ -8562,7 +8668,7 @@ run_test "SSL async private: renegotiation: server-initiated, decrypt" \
|
|||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Force a non ECC ciphersuite in the client side" \
|
||||
|
|
@ -8576,7 +8682,7 @@ run_test "Force a non ECC ciphersuite in the client side" \
|
|||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Force a non ECC ciphersuite in the server side" \
|
||||
|
|
@ -8588,7 +8694,7 @@ run_test "Force a non ECC ciphersuite in the server side" \
|
|||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Force an ECC ciphersuite in the client side" \
|
||||
|
|
@ -8602,7 +8708,7 @@ run_test "Force an ECC ciphersuite in the client side" \
|
|||
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
run_test "Force an ECC ciphersuite in the server side" \
|
||||
|
|
@ -9140,7 +9246,7 @@ run_test "DTLS fragmenting: both (MTU=1024)" \
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
requires_config_enabled MBEDTLS_GCM_C
|
||||
|
|
@ -9377,7 +9483,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_CHACHAPOLY_C
|
||||
|
|
@ -9410,7 +9516,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
|
|
@ -9444,7 +9550,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
|
|
@ -9478,7 +9584,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
|
|
@ -9513,7 +9619,7 @@ not_with_valgrind # spurious autoreduction due to timeout
|
|||
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
requires_hash_alg SHA_256
|
||||
requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||
requires_config_enabled MBEDTLS_AES_C
|
||||
|
|
|
|||
Loading…
Reference in a new issue