mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-16 22:20:49 +00:00
Remove RSA-PSK test cases
The test cases removed by this commit are specific to RSA-PSK, not incidentally using RSA-PSK when testing other features, so there is no loss of test coverage. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
parent
e71f3c3a50
commit
7dfe7c9e4a
175
tests/ssl-opt.sh
175
tests/ssl-opt.sh
@ -584,7 +584,7 @@ adapt_cmd_for_psk () {
|
||||
# with a pre-shared key, skip it. If the test looks like it's already using
|
||||
# a pre-shared key, do nothing.
|
||||
#
|
||||
# This code does not consider builds with ECDHE-PSK or RSA-PSK.
|
||||
# This code does not consider builds with ECDHE-PSK.
|
||||
#
|
||||
# Inputs:
|
||||
# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands.
|
||||
@ -2537,22 +2537,6 @@ run_test "Opaque key for server authentication: DHE-RSA" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
run_test "Opaque key for server authentication: RSA-PSK" \
|
||||
"$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
|
||||
psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk=73776f726466697368 psk_identity=foo" \
|
||||
0 \
|
||||
-c "Verifying peer X.509 certificate... ok" \
|
||||
-c "Ciphersuite is TLS-RSA-PSK-" \
|
||||
-s "key types: Opaque, Opaque" \
|
||||
-s "Ciphersuite is TLS-RSA-PSK-" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
|
||||
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
|
||||
requires_config_enabled MBEDTLS_RSA_C
|
||||
requires_hash_alg SHA_256
|
||||
@ -8584,50 +8568,6 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \
|
||||
"$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
|
||||
@ -8762,52 +8702,6 @@ run_test "PSK callback: raw psk on client, static opaque on server, no callba
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=73776f726466697368" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=73776f726466697368 extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
@ -8946,52 +8840,6 @@ run_test "PSK callback: raw psk on client, no static PSK on server, opaque PS
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "session hash for extended master secret"\
|
||||
-S "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "session hash for extended master secret"\
|
||||
-s "session hash for extended master secret"\
|
||||
-S "SSL - The handshake negotiation failed" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
|
||||
@ -9995,27 +9843,6 @@ run_test "SSL async private: decrypt, delay=1" \
|
||||
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
|
||||
"$P_SRV psk=73776f726466697368 \
|
||||
async_operations=d async_private_delay1=0 async_private_delay2=0" \
|
||||
"$P_CLI psk=73776f726466697368 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-s "Async decrypt callback: using key slot " \
|
||||
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
|
||||
"$P_SRV psk=73776f726466697368 \
|
||||
async_operations=d async_private_delay1=1 async_private_delay2=1" \
|
||||
"$P_CLI psk=73776f726466697368 \
|
||||
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||
0 \
|
||||
-s "Async decrypt callback: using key slot " \
|
||||
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||
|
||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
|
||||
run_test "SSL async private: sign callback not present" \
|
||||
"$P_SRV \
|
||||
|
@ -452,26 +452,6 @@ Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage
|
||||
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
Loading…
x
Reference in New Issue
Block a user