From a6b69dabc5edc13b3c7bb42233237652964c8ecd Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Wed, 30 Nov 2022 16:44:49 +0100 Subject: [PATCH] test: psa_pake: add a separate test for opaque password Signed-off-by: Valerio Setti --- tests/scripts/all.sh | 19 +++++++++++++++++-- tests/ssl-opt.sh | 3 ++- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b43f999d80..f465616d08 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -1456,13 +1456,28 @@ component_test_tls1_2_ecjpake_compatibility() { make -C programs test/udp_proxy test/query_compile_time_config msg "test: server w/o USE_PSA - client w/ USE_PSA" - P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE + P_SRV=../s2_no_use_psa tests/ssl-opt.sh -f ECJPAKE -e ECJPAKE_OPAQUE_PW msg "test: client w/o USE_PSA - server w/ USE_PSA" - P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE + P_CLI=../c2_no_use_psa tests/ssl-opt.sh -f ECJPAKE -e ECJPAKE_OPAQUE_PW rm s2_no_use_psa c2_no_use_psa } +# Opaque password testing requires a separate test with repect to +# "test_tls1_2_ecjpake_compatibility". In that case there's a mix of PSA and +# MbedTLS based implementations of EC-JPAKE which makes it difficult to parse +# proper strings during the test. As a consequence here we just build the +# PSA variant for both client and server. +component_test_tls1_2_ecjpake_opaque_password() { + msg "build: TLS1.2 server+client w/ opaque password support" + scripts/config.py set MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED + scripts/config.py set MBEDTLS_USE_PSA_CRYPTO + make -C programs ssl/ssl_server2 ssl/ssl_client2 + make -C programs test/udp_proxy test/query_compile_time_config + + tests/ssl-opt.sh -f ECJPAKE_OPAQUE_PW +} + component_test_psa_external_rng_use_psa_crypto () { msg "build: full + PSA_CRYPTO_EXTERNAL_RNG + USE_PSA_CRYPTO minus CTR_DRBG" scripts/config.py full diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 53fe49e062..f9393d779c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -8008,8 +8008,9 @@ run_test "ECJPAKE: working, TLS" \ -S "SSL - Verification of the message MAC failed" requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED +requires_config_enabled MBEDTLS_USE_PSA_CRYPTO requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 -run_test "ECJPAKE: working, TLS, opaque password" \ +run_test "ECJPAKE_OPAQUE_PW: working, TLS, opaque password" \ "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \