mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-01 04:13:29 +00:00
Add missing key exchange requirements to test_suite_ssl
Some of the tests use mbedtls_test_cli_key_rsa_der and mbedtls_test_cli_crt_rsa_der, and these can be used with specific ciphersuites. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
This commit is contained in:
Andrzej Kurek
parent
1ff7336e2c
commit
714ae6551e
@ -114,58 +114,59 @@ Test moving clients handshake to state: SERVER_HELLO
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO:1
|
||||
|
||||
Test moving clients handshake to state: SERVER_CERTIFICATE
|
||||
depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CERTIFICATE:1
|
||||
|
||||
Test moving clients handshake to state: SERVER_KEY_EXCHANGE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
|
||||
|
||||
Test moving clients handshake to state: CERTIFICATE_REQUEST
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
|
||||
|
||||
Test moving clients handshake to state: SERVER_HELLO_DONE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_HELLO_DONE:1
|
||||
|
||||
Test moving clients handshake to state: CLIENT_CERTIFICATE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
|
||||
|
||||
Test moving clients handshake to state: CLIENT_KEY_EXCHANGE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
|
||||
|
||||
Test moving clients handshake to state: CERTIFICATE_VERIFY
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
|
||||
|
||||
Test moving clients handshake to state: CLIENT_CHANGE_CIPHER_SPEC
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
|
||||
|
||||
Test moving clients handshake to state: CLIENT_FINISHED
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_CLIENT_FINISHED:1
|
||||
|
||||
Test moving clients handshake to state: SERVER_CHANGE_CIPHER_SPEC
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
|
||||
|
||||
Test moving clients handshake to state: SERVER_FINISHED
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_SERVER_FINISHED:1
|
||||
|
||||
Test moving clients handshake to state: FLUSH_BUFFERS
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_FLUSH_BUFFERS:1
|
||||
|
||||
Test moving clients handshake to state: HANDSHAKE_WRAPUP
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
|
||||
|
||||
Test moving clients handshake to state: HANDSHAKE_OVER
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_HANDSHAKE_OVER:1
|
||||
|
||||
Test moving servers handshake to state: HELLO_REQUEST
|
||||
@ -175,61 +176,63 @@ Test moving servers handshake to state: CLIENT_HELLO
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_HELLO:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_HELLO
|
||||
depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_CERTIFICATE
|
||||
depends_on:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CERTIFICATE:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_KEY_EXCHANGE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_KEY_EXCHANGE:1
|
||||
|
||||
Test moving servers handshake to state: CERTIFICATE_REQUEST
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_REQUEST:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_HELLO_DONE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_HELLO_DONE:1
|
||||
|
||||
Test moving servers handshake to state: CLIENT_CERTIFICATE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE:1
|
||||
|
||||
Test moving servers handshake to state: CLIENT_KEY_EXCHANGE
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_KEY_EXCHANGE:1
|
||||
|
||||
Test moving servers handshake to state: CERTIFICATE_VERIFY
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CERTIFICATE_VERIFY:1
|
||||
|
||||
Test moving servers handshake to state: CLIENT_CHANGE_CIPHER_SPEC
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC:1
|
||||
|
||||
Test moving servers handshake to state: CLIENT_FINISHED
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_FINISHED:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_CHANGE_CIPHER_SPEC
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC:1
|
||||
|
||||
Test moving servers handshake to state: SERVER_FINISHED
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_FINISHED:1
|
||||
|
||||
Test moving servers handshake to state: FLUSH_BUFFERS
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_FLUSH_BUFFERS:1
|
||||
|
||||
Test moving servers handshake to state: HANDSHAKE_WRAPUP
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_WRAPUP:1
|
||||
|
||||
Test moving servers handshake to state: HANDSHAKE_OVER
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_HANDSHAKE_OVER:1
|
||||
|
||||
Negative test moving clients ssl to state: VERIFY_REQUEST_SENT
|
||||
@ -257,7 +260,7 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
|
||||
move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY:1
|
||||
|
||||
Handshake, tls1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Handshake, tls1_3
|
||||
@ -289,7 +292,7 @@ depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SE
|
||||
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
|
||||
|
||||
DTLS Handshake, tls1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
handshake_version:1:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
DTLS Handshake, ECDHE-RSA-WITH-AES-256-GCM-SHA384
|
||||
@ -329,7 +332,7 @@ depends_on:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
|
||||
|
||||
Handshake min/max version check, all -> 1.2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
|
||||
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_2
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
|
||||
@ -3509,11 +3512,11 @@ Sanity test cid functions
|
||||
cid_sanity:
|
||||
|
||||
Raw key agreement: nominal
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
raw_key_agreement_fail:0
|
||||
|
||||
Raw key agreement: bad server key
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
depends_on:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
raw_key_agreement_fail:1
|
||||
|
||||
Force a bad session id length
|
||||
|
||||
@ -17,6 +17,11 @@
|
||||
#include <constant_time_internal.h>
|
||||
#include <test/constant_flow.h>
|
||||
|
||||
#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
|
||||
#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
|
||||
#endif
|
||||
enum {
|
||||
#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
|
||||
tls13_label_ ## name,
|
||||
@ -5129,7 +5134,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user