mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-23 07:20:56 +00:00
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
RSA sign 3b: TLS 1.2 integration testing
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
21f82c7510
@ -2575,7 +2575,8 @@ int main( int argc, char *argv[] )
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opt.key_opaque != 0 )
|
||||
{
|
||||
if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY )
|
||||
if ( mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_ECKEY ||
|
||||
mbedtls_pk_get_type( &pkey ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey, &key_slot,
|
||||
PSA_ALG_ANY_HASH ) ) != 0 )
|
||||
@ -2586,7 +2587,8 @@ int main( int argc, char *argv[] )
|
||||
}
|
||||
}
|
||||
|
||||
if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY )
|
||||
if ( mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_ECKEY ||
|
||||
mbedtls_pk_get_type( &pkey2 ) == MBEDTLS_PK_RSA )
|
||||
{
|
||||
if( ( ret = mbedtls_pk_wrap_as_opaque( &pkey2, &key_slot2,
|
||||
PSA_ALG_ANY_HASH ) ) != 0 )
|
||||
|
||||
132
tests/ssl-opt.sh
132
tests/ssl-opt.sh
@ -1686,13 +1686,13 @@ run_test "CA callback on server" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using an opaque private key for client authentication
|
||||
# Test using an EC opaque private key for client authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "Opaque key for client authentication" \
|
||||
run_test "TLS-ECDHE-ECDSA Opaque key for client authentication" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
|
||||
@ -1705,13 +1705,51 @@ run_test "Opaque key for client authentication" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using an opaque private key for server authentication
|
||||
# Test using a RSA opaque private key for client authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-ECDHE-RSA Opaque key for client authentication" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-c "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-DHE-RSA Opaque key for client authentication" \
|
||||
"$P_SRV auth_mode=required crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-c "Ciphersuite is TLS-DHE-RSA" \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
-s "Ciphersuite is TLS-DHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using an EC opaque private key for server authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "Opaque key for server authentication" \
|
||||
run_test "TLS-ECDHE-ECDSA Opaque key for server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI crt_file=data_files/server5.crt \
|
||||
@ -1742,13 +1780,52 @@ run_test "Opaque key for server authentication (ECDH-)" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using an opaque private key for client/server authentication
|
||||
# Test using a RSA opaque private key for server authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-ECDHE-RSA Opaque key for server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
0 \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-DHE-RSA Opaque key for server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-DHE-RSA" \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "Ciphersuite is TLS-DHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using an EC opaque private key for client/server authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "Opaque key for client/server authentication" \
|
||||
run_test "TLS-ECDHE-ECDSA Opaque key for client/server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \
|
||||
key_file=data_files/server5.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
|
||||
@ -1763,6 +1840,49 @@ run_test "Opaque key for client/server authentication" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test using a RSA opaque private key for client/server authentication
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-ECDHE-RSA Opaque key for client/server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_ECDSA_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_config_enabled MBEDTLS_SHA256_C
|
||||
run_test "TLS-DHE-RSA Opaque key for client/server authentication" \
|
||||
"$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key" \
|
||||
"$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \
|
||||
key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
|
||||
0 \
|
||||
-c "key type: Opaque" \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-DHE-RSA" \
|
||||
-s "key types: Opaque, none" \
|
||||
-s "Verifying peer X.509 certificate... ok" \
|
||||
-s "Ciphersuite is TLS-DHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
# Test ciphersuites which we expect to be fully supported by PSA Crypto
|
||||
# and check that we don't fall back to Mbed TLS' internal crypto primitives.
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user