mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-21 01:20:52 +00:00
Merge pull request #7848 from valeriosetti/issue7749
driver-only ECC: EPCf.TLS testing
This commit is contained in:
Manuel Pégourié-Gonnard
GitHub
commit
828b3acd6b
@ -1486,7 +1486,7 @@ struct mbedtls_ssl_config {
|
||||
const uint16_t *MBEDTLS_PRIVATE(sig_algs); /*!< allowed signature algorithms */
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
const mbedtls_ecp_group_id *MBEDTLS_PRIVATE(curve_list); /*!< allowed curves */
|
||||
#endif
|
||||
|
||||
@ -3634,7 +3634,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
|
||||
unsigned int bitlen);
|
||||
#endif /* MBEDTLS_DHM_C && MBEDTLS_SSL_CLI_C */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/**
|
||||
* \brief Set the allowed curves in order of preference.
|
||||
@ -3680,7 +3680,7 @@ void mbedtls_ssl_conf_dhm_min_bitlen(mbedtls_ssl_config *conf,
|
||||
void MBEDTLS_DEPRECATED mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
|
||||
const mbedtls_ecp_group_id *curves);
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
/**
|
||||
* \brief Set the allowed groups in order of preference.
|
||||
|
||||
@ -1567,10 +1567,10 @@ int mbedtls_ssl_set_calc_verify_md(mbedtls_ssl_context *ssl, int md);
|
||||
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_id);
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
MBEDTLS_CHECK_RETURN_CRITICAL
|
||||
int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id grp_id);
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
/**
|
||||
* \brief Return PSA EC info for the specified TLS ID.
|
||||
|
||||
@ -1150,7 +1150,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
|
||||
* mbedtls_ssl_conf_curves returns void and so can't return
|
||||
* any error codes.
|
||||
*/
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/* Heap allocate and translate curve_list from internal to IANA group ids */
|
||||
if (ssl->conf->curve_list != NULL) {
|
||||
@ -1185,7 +1185,7 @@ static int ssl_handshake_init(mbedtls_ssl_context *ssl)
|
||||
ssl->handshake->group_list_heap_allocated = 0;
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
@ -2924,7 +2924,7 @@ void mbedtls_ssl_conf_sig_algs(mbedtls_ssl_config *conf,
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
/*
|
||||
* Set the allowed elliptic curves
|
||||
@ -2941,7 +2941,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
|
||||
conf->group_list = NULL;
|
||||
}
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
/*
|
||||
* Set the allowed groups
|
||||
@ -2949,7 +2949,7 @@ void mbedtls_ssl_conf_curves(mbedtls_ssl_config *conf,
|
||||
void mbedtls_ssl_conf_groups(mbedtls_ssl_config *conf,
|
||||
const uint16_t *group_list)
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->curve_list = NULL;
|
||||
#endif
|
||||
conf->group_list = group_list;
|
||||
@ -4084,14 +4084,14 @@ void mbedtls_ssl_handshake_free(mbedtls_ssl_context *ssl)
|
||||
return;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
if (ssl->handshake->group_list_heap_allocated) {
|
||||
mbedtls_free((void *) handshake->group_list);
|
||||
}
|
||||
handshake->group_list = NULL;
|
||||
#endif /* MBEDTLS_DEPRECATED_REMOVED */
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
#if defined(MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED)
|
||||
#if !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
@ -5326,7 +5326,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
||||
conf->sig_algs = ssl_preset_suiteb_sig_algs;
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->curve_list = NULL;
|
||||
#endif
|
||||
conf->group_list = ssl_preset_suiteb_groups;
|
||||
@ -5352,7 +5352,7 @@ int mbedtls_ssl_config_defaults(mbedtls_ssl_config *conf,
|
||||
conf->sig_algs = ssl_preset_default_sig_algs;
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_C) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) && !defined(MBEDTLS_DEPRECATED_REMOVED)
|
||||
conf->curve_list = NULL;
|
||||
#endif
|
||||
conf->group_list = ssl_preset_default_groups;
|
||||
@ -5544,7 +5544,7 @@ int mbedtls_ssl_check_curve_tls_id(const mbedtls_ssl_context *ssl, uint16_t tls_
|
||||
return -1;
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
/*
|
||||
* Same as mbedtls_ssl_check_curve_tls_id() but with a mbedtls_ecp_group_id.
|
||||
*/
|
||||
@ -5558,62 +5558,55 @@ int mbedtls_ssl_check_curve(const mbedtls_ssl_context *ssl, mbedtls_ecp_group_id
|
||||
|
||||
return mbedtls_ssl_check_curve_tls_id(ssl, tls_id);
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
#define EC_NAME(_name_) _name_
|
||||
#else
|
||||
#define EC_NAME(_name_) NULL
|
||||
#endif
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
static const struct {
|
||||
uint16_t tls_id;
|
||||
mbedtls_ecp_group_id ecp_group_id;
|
||||
psa_ecc_family_t psa_family;
|
||||
uint16_t bits;
|
||||
const char *name;
|
||||
} tls_id_match_table[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521, EC_NAME("secp521r1") },
|
||||
{ 25, MBEDTLS_ECP_DP_SECP521R1, PSA_ECC_FAMILY_SECP_R1, 521 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512, EC_NAME("brainpoolP512r1") },
|
||||
{ 28, MBEDTLS_ECP_DP_BP512R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 512 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384, EC_NAME("secp384r1") },
|
||||
{ 24, MBEDTLS_ECP_DP_SECP384R1, PSA_ECC_FAMILY_SECP_R1, 384 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384, EC_NAME("brainpoolP384r1") },
|
||||
{ 27, MBEDTLS_ECP_DP_BP384R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 384 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256, EC_NAME("secp256r1") },
|
||||
{ 23, MBEDTLS_ECP_DP_SECP256R1, PSA_ECC_FAMILY_SECP_R1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256, EC_NAME("secp256k1") },
|
||||
{ 22, MBEDTLS_ECP_DP_SECP256K1, PSA_ECC_FAMILY_SECP_K1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256, EC_NAME("brainpoolP256r1") },
|
||||
{ 26, MBEDTLS_ECP_DP_BP256R1, PSA_ECC_FAMILY_BRAINPOOL_P_R1, 256 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224, EC_NAME("secp224r1") },
|
||||
{ 21, MBEDTLS_ECP_DP_SECP224R1, PSA_ECC_FAMILY_SECP_R1, 224 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224, EC_NAME("secp224k1") },
|
||||
{ 20, MBEDTLS_ECP_DP_SECP224K1, PSA_ECC_FAMILY_SECP_K1, 224 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192, EC_NAME("secp192r1") },
|
||||
{ 19, MBEDTLS_ECP_DP_SECP192R1, PSA_ECC_FAMILY_SECP_R1, 192 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192, EC_NAME("secp192k1") },
|
||||
{ 18, MBEDTLS_ECP_DP_SECP192K1, PSA_ECC_FAMILY_SECP_K1, 192 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255, EC_NAME("x25519") },
|
||||
{ 29, MBEDTLS_ECP_DP_CURVE25519, PSA_ECC_FAMILY_MONTGOMERY, 255 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448, EC_NAME("x448") },
|
||||
{ 30, MBEDTLS_ECP_DP_CURVE448, PSA_ECC_FAMILY_MONTGOMERY, 448 },
|
||||
#endif
|
||||
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0, NULL },
|
||||
{ 0, MBEDTLS_ECP_DP_NONE, 0, 0 },
|
||||
};
|
||||
|
||||
int mbedtls_ssl_get_psa_curve_info_from_tls_id(uint16_t tls_id,
|
||||
@ -5659,11 +5652,32 @@ uint16_t mbedtls_ssl_get_tls_id_from_ecp_group_id(mbedtls_ecp_group_id grp_id)
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_DEBUG_C)
|
||||
static const struct {
|
||||
uint16_t tls_id;
|
||||
const char *name;
|
||||
} tls_id_curve_name_table[] =
|
||||
{
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519" },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448" },
|
||||
{ 0, NULL },
|
||||
};
|
||||
|
||||
const char *mbedtls_ssl_get_curve_name_from_tls_id(uint16_t tls_id)
|
||||
{
|
||||
for (int i = 0; tls_id_match_table[i].tls_id != 0; i++) {
|
||||
if (tls_id_match_table[i].tls_id == tls_id) {
|
||||
return tls_id_match_table[i].name;
|
||||
for (int i = 0; tls_id_curve_name_table[i].tls_id != 0; i++) {
|
||||
if (tls_id_curve_name_table[i].tls_id == tls_id) {
|
||||
return tls_id_curve_name_table[i].name;
|
||||
}
|
||||
}
|
||||
|
||||
@ -7344,7 +7358,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
|
||||
* Secondary checks: always done, but change 'ret' only if it was 0
|
||||
*/
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS)
|
||||
{
|
||||
const mbedtls_pk_context *pk = &chain->pk;
|
||||
|
||||
@ -7371,7 +7385,7 @@ static int ssl_parse_certificate_verify(mbedtls_ssl_context *ssl,
|
||||
}
|
||||
}
|
||||
}
|
||||
#endif /* MBEDTLS_ECP_LIGHT */
|
||||
#endif /* MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
|
||||
if (mbedtls_ssl_check_cert_usage(chain,
|
||||
ciphersuite_info,
|
||||
|
||||
@ -261,7 +261,7 @@ int main(void)
|
||||
#define USAGE_ALPN ""
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
#define USAGE_GROUPS \
|
||||
@ -1901,7 +1901,7 @@ usage:
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
if (opt.groups != NULL &&
|
||||
|
||||
@ -446,7 +446,7 @@ int main(void)
|
||||
#define USAGE_EARLY_DATA ""
|
||||
#endif /* MBEDTLS_SSL_EARLY_DATA */
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
#define USAGE_GROUPS \
|
||||
@ -3095,7 +3095,7 @@ usage:
|
||||
}
|
||||
#endif
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT) || \
|
||||
#if defined(MBEDTLS_PK_HAVE_ECC_KEYS) || \
|
||||
(defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH))
|
||||
if (opt.groups != NULL &&
|
||||
|
||||
@ -30,6 +30,8 @@
|
||||
|
||||
#if !defined(MBEDTLS_SSL_TEST_IMPOSSIBLE)
|
||||
|
||||
#define ARRAY_LENGTH(x) (sizeof(x)/sizeof(x[0]))
|
||||
|
||||
void my_debug(void *ctx, int level,
|
||||
const char *file, int line,
|
||||
const char *str)
|
||||
@ -449,64 +451,117 @@ void test_hooks_free(void)
|
||||
|
||||
#endif /* MBEDTLS_TEST_HOOKS */
|
||||
|
||||
static const struct {
|
||||
uint16_t tls_id;
|
||||
const char *name;
|
||||
uint8_t is_supported;
|
||||
} tls_id_group_name_table[] =
|
||||
{
|
||||
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_521)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1, "secp521r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_512)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1, "brainpoolP512r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_384)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1, "secp384r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_384)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1, "brainpoolP384r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1, "secp256r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1, "secp256k1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) || defined(PSA_WANT_ECC_BRAINPOOL_P_R1_256)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1, "brainpoolP256r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_224)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224R1, "secp224r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_224)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP224K1, "secp224k1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) || defined(PSA_WANT_ECC_SECP_R1_192)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192R1, "secp192r1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) || defined(PSA_WANT_ECC_SECP_K1_192)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_SECP192K1, "secp192k1", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_255)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X25519, "x25519", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_DP_CURVE448_ENABLED) || defined(PSA_WANT_ECC_MONTGOMERY_448)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_X448, "x448", 0 },
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH)
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 1 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 1 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 1 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 1 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 1 },
|
||||
#else
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048, "ffdhe2048", 0 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072, "ffdhe3072", 0 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096, "ffdhe4096", 0 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144, "ffdhe6144", 0 },
|
||||
{ MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192, "ffdhe8192", 0 },
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
|
||||
{ 0, NULL, 0 },
|
||||
};
|
||||
|
||||
/* Finite Field Group Names (DHE) */
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048 "ffdhe2048"
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072 "ffdhe3072"
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096 "ffdhe4096"
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144 "ffdhe6144"
|
||||
#define MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192 "ffdhe8192"
|
||||
|
||||
static uint16_t mbedtls_ssl_ffdh_group_from_name(const char *name)
|
||||
static uint16_t mbedtls_ssl_get_curve_tls_id_from_name(const char *name)
|
||||
{
|
||||
if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048) == 0) {
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048;
|
||||
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072) == 0) {
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072;
|
||||
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096) == 0) {
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096;
|
||||
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144) == 0) {
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144;
|
||||
} else if (strcmp(name, MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192) == 0) {
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192;
|
||||
if (name == NULL) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
|
||||
if (strcmp(tls_id_group_name_table[i].name, name) == 0) {
|
||||
return tls_id_group_name_table[i].tls_id;
|
||||
}
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const uint16_t *mbedtls_ssl_ffdh_supported_groups(void)
|
||||
static void mbedtls_ssl_print_supported_groups_list(void)
|
||||
{
|
||||
static const uint16_t ffdh_groups[] = {
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144,
|
||||
MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192,
|
||||
0
|
||||
};
|
||||
return ffdh_groups;
|
||||
}
|
||||
|
||||
static inline const char *mbedtls_ssl_ffdh_name_from_group(uint16_t group)
|
||||
{
|
||||
switch (group) {
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE2048;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE3072;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE4096;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE6144;
|
||||
case MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:
|
||||
return MBEDTLS_SSL_IANA_TLS_GROUP_NAME_FFDHE8192;
|
||||
default:
|
||||
return NULL;
|
||||
for (int i = 0; tls_id_group_name_table[i].tls_id != 0; i++) {
|
||||
if (tls_id_group_name_table[i].is_supported == 1) {
|
||||
mbedtls_printf("%s ", tls_id_group_name_table[i].name);
|
||||
}
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED && PSA_WANT_ALG_FFDH */
|
||||
|
||||
int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len)
|
||||
{
|
||||
@ -519,14 +574,9 @@ int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len
|
||||
} else if (strcmp(p, "default") != 0) {
|
||||
/* Leave room for a final NULL in group list */
|
||||
while (i < group_list_len - 1 && *p != '\0') {
|
||||
uint16_t curve_tls_id;
|
||||
q = p;
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH)
|
||||
uint16_t ffdh_group = 0;
|
||||
#endif
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
const mbedtls_ecp_curve_info *curve_cur = NULL;
|
||||
#endif
|
||||
|
||||
/* Terminate the current string */
|
||||
while (*p != ',' && *p != '\0') {
|
||||
p++;
|
||||
@ -535,36 +585,12 @@ int parse_groups(const char *groups, uint16_t *group_list, size_t group_list_len
|
||||
*p++ = '\0';
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
if ((curve_cur = mbedtls_ecp_curve_info_from_name(q)) != NULL) {
|
||||
group_list[i++] = curve_cur->tls_id;
|
||||
} else
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH)
|
||||
if ((ffdh_group = mbedtls_ssl_ffdh_group_from_name(q)) != 0) {
|
||||
group_list[i++] = ffdh_group;
|
||||
} else
|
||||
#endif
|
||||
{
|
||||
if ((curve_tls_id = mbedtls_ssl_get_curve_tls_id_from_name(q)) != 0) {
|
||||
group_list[i++] = curve_tls_id;
|
||||
} else {
|
||||
mbedtls_printf("unknown group %s\n", q);
|
||||
mbedtls_printf("supported groups: ");
|
||||
#if defined(MBEDTLS_ECP_LIGHT)
|
||||
for (curve_cur = mbedtls_ecp_curve_list();
|
||||
curve_cur->grp_id != MBEDTLS_ECP_DP_NONE;
|
||||
curve_cur++) {
|
||||
mbedtls_printf("%s ", curve_cur->name);
|
||||
}
|
||||
#endif
|
||||
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_EPHEMERAL_ENABLED) && \
|
||||
defined(PSA_WANT_ALG_FFDH)
|
||||
const uint16_t *supported_ffdh_group = mbedtls_ssl_ffdh_supported_groups();
|
||||
while (*supported_ffdh_group != 0) {
|
||||
mbedtls_printf("%s ",
|
||||
mbedtls_ssl_ffdh_name_from_group(*supported_ffdh_group));
|
||||
supported_ffdh_group++;
|
||||
}
|
||||
#endif
|
||||
mbedtls_ssl_print_supported_groups_list();
|
||||
mbedtls_printf("\n");
|
||||
return -1;
|
||||
}
|
||||
|
||||
@ -2527,15 +2527,6 @@ config_psa_crypto_no_ecp_at_all () {
|
||||
# start with full config for maximum coverage (also enables USE_PSA)
|
||||
helper_libtestdriver1_adjust_config "full"
|
||||
|
||||
# keep excluding TLS and key exchanges (this will be removed in #7749)
|
||||
# Note: key exchanges are not explicitly disabled here because they are
|
||||
# auto-disabled in build_info.h as long as the following symbols
|
||||
# are not enabled.
|
||||
scripts/config.py unset MBEDTLS_SSL_TLS_C
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_DTLS
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_2
|
||||
scripts/config.py unset MBEDTLS_SSL_PROTO_TLS1_3
|
||||
|
||||
# enable support for drivers and configuring PSA-only algorithms
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_CONFIG
|
||||
if [ "$DRIVER_ONLY" -eq 1 ]; then
|
||||
@ -2564,7 +2555,7 @@ config_psa_crypto_no_ecp_at_all () {
|
||||
#
|
||||
# Keep in sync with component_test_psa_crypto_config_reference_ecc_no_ecp_at_all()
|
||||
component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
||||
msg "build: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
|
||||
msg "build: full + accelerated EC algs + USE_PSA - ECP"
|
||||
|
||||
# Algorithms and key types to accelerate
|
||||
loc_accel_list="ALG_ECDSA ALG_DETERMINISTIC_ECDSA \
|
||||
@ -2603,22 +2594,28 @@ component_test_psa_crypto_config_accel_ecc_no_ecp_at_all () {
|
||||
# Run the tests
|
||||
# -------------
|
||||
|
||||
msg "test: full + accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE - ECP"
|
||||
msg "test: full + accelerated EC algs + USE_PSA - ECP"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: full + accelerated EC algs + USE_PSA - ECP"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
# Reference function used for driver's coverage analysis in analyze_outcomes.py
|
||||
# in conjunction with component_test_psa_crypto_config_accel_ecc_no_ecp_at_all().
|
||||
# Keep in sync with its accelerated counterpart.
|
||||
component_test_psa_crypto_config_reference_ecc_no_ecp_at_all () {
|
||||
msg "build: full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
|
||||
msg "build: full + non accelerated EC algs + USE_PSA"
|
||||
|
||||
config_psa_crypto_no_ecp_at_all 0
|
||||
|
||||
make
|
||||
|
||||
msg "test: crypto_full + non accelerated EC algs + USE_PSA - TLS - KEY_EXCHANGE"
|
||||
msg "test: full + non accelerated EC algs + USE_PSA"
|
||||
make test
|
||||
|
||||
msg "ssl-opt: full + non accelerated EC algs + USE_PSA"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
# Helper function used in:
|
||||
|
||||
@ -63,5 +63,5 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_MD_CAN_SHA
|
||||
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:!MBEDTLS_X509_REMOVE_INFO
|
||||
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
@ -437,87 +437,87 @@ depends_on:MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_TEST_AT_LEAST_ONE_TLS1_3_CIPHERSUITE
|
||||
handshake_version:0:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_UNKNOWN:MBEDTLS_SSL_VERSION_TLS1_3
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_WITH_AES_256_CBC_SHA256
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-WITH-AES-256-CBC-SHA256, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_384):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_LIGHT:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||
|
||||
@ -2580,7 +2580,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS */
|
||||
void move_handshake_to_state(int endpoint_type, int tls_version, int state, int need_pass)
|
||||
{
|
||||
enum { BUFFSIZE = 1024 };
|
||||
@ -2653,7 +2653,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void handshake_version(int dtls, int client_min_version, int client_max_version,
|
||||
int server_min_version, int server_max_version,
|
||||
int expected_negotiated_version)
|
||||
@ -2774,7 +2774,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_ECP_LIGHT:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_MD_CAN_SHA256:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
|
||||
void app_data_tls(int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
int expected_srv_fragments)
|
||||
@ -3062,7 +3062,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_LIGHT:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:!MBEDTLS_DEPRECATED_REMOVED:!MBEDTLS_DEPRECATED_WARNING:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_ECP_DP_SECP224R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED */
|
||||
void conf_curve()
|
||||
{
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user