mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-01-26 03:35:35 +00:00
Add negative testing of ciphersuite selection using Opaque algs & usage
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
This commit is contained in:
parent
eb4390b27c
commit
8c52ed8d1e
@ -269,6 +269,58 @@ Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C
|
||||
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:PSA_ALG_NONE:PSA_ALG_NONE:0:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:0:MBEDTLS_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, invalid alg
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_SHA_256 ):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad alg
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:PSA_ALG_RSA_PSS( PSA_ALG_ANY_HASH ):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-RSA-WITH-AES-256-GCM-SHA384, opaque, bad usage
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_AES_C:MBEDTLS_GCM_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:PSA_ALG_RSA_PKCS1V15_SIGN( PSA_ALG_ANY_HASH ):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:PSA_ALG_NONE:PSA_ALG_NONE:0:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||
depends_on:MBEDTLS_SHA384_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CAMELLIA_C:MBEDTLS_SSL_PROTO_DTLS
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:PSA_ALG_NONE:PSA_ALG_NONE:0:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CCM_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:0:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, PSK-WITH-AES-128-CBC-SHA
|
||||
depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
|
||||
handshake_psk_cipher:"TLS-PSK-WITH-AES-128-CBC-SHA":MBEDTLS_PK_RSA:"abc123":0
|
||||
|
@ -60,7 +60,12 @@ typedef struct handshake_test_options
|
||||
mbedtls_ssl_protocol_version server_min_version;
|
||||
mbedtls_ssl_protocol_version server_max_version;
|
||||
mbedtls_ssl_protocol_version expected_negotiated_version;
|
||||
int expected_handshake_result;
|
||||
int expected_ciphersuite;
|
||||
int pk_alg;
|
||||
int opaque_alg;
|
||||
int opaque_alg2;
|
||||
int opaque_usage;
|
||||
data_t *psk_str;
|
||||
int dtls;
|
||||
int srv_auth_mode;
|
||||
@ -87,7 +92,12 @@ void init_handshake_options( handshake_test_options *opts )
|
||||
opts->server_min_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->server_max_version = MBEDTLS_SSL_VERSION_UNKNOWN;
|
||||
opts->expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
|
||||
opts->expected_handshake_result = 0;
|
||||
opts->expected_ciphersuite = 0;
|
||||
opts->pk_alg = MBEDTLS_PK_RSA;
|
||||
opts->opaque_alg = 0;
|
||||
opts->opaque_alg2 = 0;
|
||||
opts->opaque_usage = 0;
|
||||
opts->psk_str = NULL;
|
||||
opts->dtls = 0;
|
||||
opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
|
||||
@ -759,11 +769,16 @@ typedef struct mbedtls_endpoint
|
||||
*
|
||||
* \retval 0 on success, otherwise error code.
|
||||
*/
|
||||
int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
|
||||
int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg,
|
||||
int opaque_alg, int opaque_alg2,
|
||||
int opaque_usage )
|
||||
{
|
||||
int i = 0;
|
||||
int ret = -1;
|
||||
mbedtls_endpoint_certificate *cert;
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
mbedtls_svc_key_id_t key_slot = MBEDTLS_SVC_KEY_ID_INIT;
|
||||
#endif
|
||||
|
||||
if( ep == NULL )
|
||||
{
|
||||
@ -846,6 +861,19 @@ int mbedtls_endpoint_certificate_init( mbedtls_endpoint *ep, int pk_alg )
|
||||
}
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opaque_alg != 0 )
|
||||
{
|
||||
TEST_EQUAL( mbedtls_pk_wrap_as_opaque( &( cert->pkey ), &key_slot,
|
||||
opaque_alg, opaque_usage,
|
||||
opaque_alg2 ), 0 );
|
||||
}
|
||||
#else
|
||||
(void) opaque_alg;
|
||||
(void) opaque_alg2;
|
||||
(void) opaque_usage;
|
||||
#endif
|
||||
|
||||
mbedtls_ssl_conf_ca_chain( &( ep->conf ), &( cert->ca_cert ), NULL );
|
||||
|
||||
ret = mbedtls_ssl_conf_own_cert( &( ep->conf ), &( cert->cert ),
|
||||
@ -866,6 +894,10 @@ exit:
|
||||
{
|
||||
mbedtls_x509_crt_free( &( cert->ca_cert ) );
|
||||
mbedtls_x509_crt_free( &( cert->cert ) );
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( opaque_alg != 0 )
|
||||
psa_destroy_key( key_slot );
|
||||
#endif
|
||||
mbedtls_pk_free( &( cert->pkey ) );
|
||||
}
|
||||
|
||||
@ -888,6 +920,7 @@ exit:
|
||||
*/
|
||||
|
||||
int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
|
||||
int opaque_alg, int opaque_alg2, int opaque_usage,
|
||||
mbedtls_test_message_socket_context *dtls_context,
|
||||
mbedtls_test_message_queue *input_queue,
|
||||
mbedtls_test_message_queue *output_queue,
|
||||
@ -977,7 +1010,8 @@ int mbedtls_endpoint_init( mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
|
||||
mbedtls_ssl_conf_dtls_cookies( &( ep->conf ), NULL, NULL, NULL );
|
||||
#endif
|
||||
|
||||
ret = mbedtls_endpoint_certificate_init( ep, pk_alg );
|
||||
ret = mbedtls_endpoint_certificate_init( ep, pk_alg, opaque_alg,
|
||||
opaque_alg2, opaque_usage );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
TEST_EQUAL( mbedtls_ssl_conf_get_user_data_n( &ep->conf ), user_data_n );
|
||||
@ -997,6 +1031,14 @@ void mbedtls_endpoint_certificate_free( mbedtls_endpoint *ep )
|
||||
mbedtls_endpoint_certificate *cert = &( ep->cert );
|
||||
mbedtls_x509_crt_free( &( cert->ca_cert ) );
|
||||
mbedtls_x509_crt_free( &( cert->cert ) );
|
||||
#if defined(MBEDTLS_USE_PSA_CRYPTO)
|
||||
if( mbedtls_pk_get_type( &( cert->pkey ) ) == MBEDTLS_PK_OPAQUE )
|
||||
{
|
||||
mbedtls_svc_key_id_t *key_slot = cert->pkey.pk_ctx;
|
||||
|
||||
psa_destroy_key( *key_slot );
|
||||
}
|
||||
#endif
|
||||
mbedtls_pk_free( &( cert->pkey ) );
|
||||
}
|
||||
|
||||
@ -1929,7 +1971,7 @@ void perform_handshake( handshake_test_options* options )
|
||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||
int ret = -1;
|
||||
#endif
|
||||
int expected_handshake_result = 0;
|
||||
int expected_handshake_result = options->expected_handshake_result;
|
||||
|
||||
USE_PSA_INIT( );
|
||||
|
||||
@ -1942,7 +1984,11 @@ void perform_handshake( handshake_test_options* options )
|
||||
if( options->dtls != 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||
options->pk_alg, &client_context,
|
||||
options->pk_alg,
|
||||
options->opaque_alg,
|
||||
options->opaque_alg2,
|
||||
options->opaque_usage,
|
||||
&client_context,
|
||||
&client_queue,
|
||||
&server_queue, NULL ) == 0 );
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
@ -1954,7 +2000,11 @@ void perform_handshake( handshake_test_options* options )
|
||||
else
|
||||
{
|
||||
TEST_ASSERT( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||
options->pk_alg, NULL, NULL,
|
||||
options->pk_alg,
|
||||
options->opaque_alg,
|
||||
options->opaque_alg2,
|
||||
options->opaque_usage,
|
||||
NULL, NULL,
|
||||
NULL, NULL ) == 0 );
|
||||
}
|
||||
|
||||
@ -1988,7 +2038,11 @@ void perform_handshake( handshake_test_options* options )
|
||||
if( options->dtls != 0 )
|
||||
{
|
||||
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||
options->pk_alg, &server_context,
|
||||
options->pk_alg,
|
||||
options->opaque_alg,
|
||||
options->opaque_alg2,
|
||||
options->opaque_usage,
|
||||
&server_context,
|
||||
&server_queue,
|
||||
&client_queue, NULL ) == 0 );
|
||||
#if defined(MBEDTLS_TIMING_C)
|
||||
@ -2000,7 +2054,11 @@ void perform_handshake( handshake_test_options* options )
|
||||
else
|
||||
{
|
||||
TEST_ASSERT( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||
options->pk_alg, NULL, NULL,
|
||||
options->pk_alg,
|
||||
options->opaque_alg,
|
||||
options->opaque_alg2,
|
||||
options->opaque_usage,
|
||||
NULL, NULL,
|
||||
NULL, NULL ) == 0 );
|
||||
}
|
||||
|
||||
@ -2106,7 +2164,6 @@ void perform_handshake( handshake_test_options* options )
|
||||
MBEDTLS_SSL_HANDSHAKE_OVER ), 0 );
|
||||
|
||||
TEST_ASSERT( mbedtls_ssl_is_handshake_over( &server.ssl ) == 1 );
|
||||
|
||||
/* Check that both sides have negotiated the expected version. */
|
||||
mbedtls_test_set_step( 0 );
|
||||
if( ! check_ssl_version( options->expected_negotiated_version,
|
||||
@ -2118,6 +2175,12 @@ void perform_handshake( handshake_test_options* options )
|
||||
&server.ssl ) )
|
||||
goto exit;
|
||||
|
||||
if( options->expected_ciphersuite != 0 )
|
||||
{
|
||||
TEST_EQUAL( server.ssl.session->ciphersuite,
|
||||
options->expected_ciphersuite );
|
||||
}
|
||||
|
||||
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
|
||||
if( options->resize_buffers != 0 )
|
||||
{
|
||||
@ -4710,13 +4773,13 @@ void mbedtls_endpoint_sanity( int endpoint_type )
|
||||
int ret = -1;
|
||||
|
||||
ret = mbedtls_endpoint_init( NULL, endpoint_type, MBEDTLS_PK_RSA,
|
||||
NULL, NULL, NULL, NULL );
|
||||
0, 0, 0, NULL, NULL, NULL, NULL );
|
||||
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
||||
|
||||
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA );
|
||||
ret = mbedtls_endpoint_certificate_init( NULL, MBEDTLS_PK_RSA, 0, 0, 0 );
|
||||
TEST_ASSERT( MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret );
|
||||
|
||||
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA,
|
||||
ret = mbedtls_endpoint_init( &ep, endpoint_type, MBEDTLS_PK_RSA, 0, 0, 0,
|
||||
NULL, NULL, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
@ -4735,13 +4798,14 @@ void move_handshake_to_state(int endpoint_type, int state, int need_pass)
|
||||
USE_PSA_INIT( );
|
||||
|
||||
ret = mbedtls_endpoint_init( &base_ep, endpoint_type, MBEDTLS_PK_RSA,
|
||||
NULL, NULL, NULL, NULL );
|
||||
0, 0, 0, NULL, NULL, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
ret = mbedtls_endpoint_init( &second_ep,
|
||||
( endpoint_type == MBEDTLS_SSL_IS_SERVER ) ?
|
||||
MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL );
|
||||
MBEDTLS_PK_RSA, 0, 0, 0,
|
||||
NULL, NULL, NULL, NULL );
|
||||
TEST_ASSERT( ret == 0 );
|
||||
|
||||
ret = mbedtls_mock_socket_connect( &(base_ep.socket),
|
||||
@ -4824,6 +4888,30 @@ void handshake_cipher( char* cipher, int pk_alg, int dtls )
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
|
||||
void handshake_ciphersuite_select( char* cipher, int pk_alg, int psa_alg,
|
||||
int psa_alg2, int psa_usage, int dtls,
|
||||
int expected_handshake_result,
|
||||
int expected_ciphersuite )
|
||||
{
|
||||
handshake_test_options options;
|
||||
init_handshake_options( &options );
|
||||
|
||||
options.cipher = cipher;
|
||||
options.dtls = dtls;
|
||||
options.pk_alg = pk_alg;
|
||||
options.opaque_alg = psa_alg;
|
||||
options.opaque_alg2 = psa_alg2;
|
||||
options.opaque_usage = psa_usage;
|
||||
options.expected_handshake_result = expected_handshake_result;
|
||||
options.expected_ciphersuite = expected_ciphersuite;
|
||||
perform_handshake( &options );
|
||||
|
||||
/* The goto below is used to avoid an "unused label" warning.*/
|
||||
goto exit;
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C */
|
||||
void app_data( int mfl, int cli_msg_len, int srv_msg_len,
|
||||
int expected_cli_fragments,
|
||||
@ -5479,13 +5567,13 @@ void raw_key_agreement_fail( int bad_server_ecdhe_key )
|
||||
* the raw key agreement. Flipping the first byte makes the
|
||||
* required 0x04 identifier invalid. */
|
||||
TEST_EQUAL( mbedtls_endpoint_init( &client, MBEDTLS_SSL_IS_CLIENT,
|
||||
MBEDTLS_PK_ECDSA, NULL, NULL,
|
||||
MBEDTLS_PK_ECDSA, 0, 0, 0, NULL, NULL,
|
||||
NULL, iana_tls_group_list ), 0 );
|
||||
|
||||
/* Server side */
|
||||
TEST_EQUAL( mbedtls_endpoint_init( &server, MBEDTLS_SSL_IS_SERVER,
|
||||
MBEDTLS_PK_ECDSA, NULL, NULL,
|
||||
NULL, NULL ), 0 );
|
||||
MBEDTLS_PK_ECDSA, 0, 0, 0,
|
||||
NULL, NULL, NULL, NULL ), 0 );
|
||||
|
||||
TEST_EQUAL( mbedtls_mock_socket_connect( &(client.socket),
|
||||
&(server.socket),
|
||||
|
Loading…
x
Reference in New Issue
Block a user