test: psa_pake: add a separate test for opaque password

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2025-02-21 15:41:00 +00:00 · 2022-11-30 16:44:49 +01:00 · 2022-11-30 16:44:49 +01:00 · a6b69dabc5
commit a6b69dabc5
parent 661b9bca75
2 changed files with 19 additions and 3 deletions
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@ -1456,13 +1456,28 @@ component_test_tls1_2_ecjpake_compatibility() {
    make -C programs test/udp_proxy test/query_compile_time_config

    msg "test: server w/o USE_PSA - client w/ USE_PSA"
-    P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE
+    P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE -e ECJPAKE_OPAQUE_PW
    msg "test: client w/o USE_PSA - server w/ USE_PSA"
-    P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE
+    P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE -e ECJPAKE_OPAQUE_PW

    rm s2_no_use_psa c2_no_use_psa
 }

+# Opaque password testing requires a separate test with repect to
+# "test_tls1_2_ecjpake_compatibility". In that case there's a mix of PSA and
+# MbedTLS based implementations of EC-JPAKE which makes it difficult to parse
+# proper strings during the test. As a consequence here we just build the
+# PSA variant for both client and server.
+component_test_tls1_2_ecjpake_opaque_password() {
+    msg "build: TLS1.2 server+client w/ opaque password support"
+    scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+    scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
+    make -C programs ssl/ssl_server2 ssl/ssl_client2
+    make -C programs test/udp_proxy test/query_compile_time_config
+
+    tests/ssl-opt.sh -f ECJPAKE_OPAQUE_PW
+}
+
 component_test_psa_external_rng_use_psa_crypto () {
    msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG"
    scripts/config.py full
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@ -8008,8 +8008,9 @@ run_test    "ECJPAKE: working, TLS" \
            -S "SSL - Verification of the message MAC failed"

 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "ECJPAKE: working, TLS, opaque password" \
+run_test    "ECJPAKE_OPAQUE_PW: working, TLS, opaque password" \
            "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \
            "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\
             force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \