mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-09 21:44:28 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Re-structure to share more common code

Browse Source 
Change-Id: I5034485f7511238d083c2725fbef8818d33ffb07
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This commit is contained in:
XiaokangQian 2022-06-08 07:49:31 +00:00
parent d5d5b60c07
commit b1847a234e
3 changed files with 8059 additions and 564 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8105
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

517
tests/scripts/generate_tls13_compat_tests.py
View File

@ -125,10 +125,13 @@ class TLSProgram(metaclass=abc.ABCMeta):
def post_checks(self): def post_checks(self):
return [] return []
def pre_cmd(self):
return []
class OpenSSLServ(TLSProgram):
class OpenSSLBase(TLSProgram):
""" """
Generate test commands for OpenSSL server. Generate base test commands for OpenSSL.
""" """
NAMED_GROUP = { NAMED_GROUP = {
@ -141,234 +144,9 @@ class OpenSSLServ(TLSProgram):
def cmd(self): def cmd(self):
super().cmd() super().cmd()
ret = ['$O_NEXT_SRV_NO_CERT'] ret = []
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)] ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-accept $SRV_PORT']
if self._ciphers:
ciphersuites = ':'.join(self._ciphers)
ret += ["-ciphersuites {ciphersuites}".format(ciphersuites=ciphersuites)]
if self._sig_algs:
signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
signature_algorithms = ':'.join(signature_algorithms)
ret += ["-sigalgs {signature_algorithms}".format(
signature_algorithms=signature_algorithms)]
if self._named_groups:
named_groups = ':'.join(
map(lambda named_group: self.NAMED_GROUP[named_group], self._named_groups))
ret += ["-groups {named_groups}".format(named_groups=named_groups)]
ret += ['-msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache']
if not self._compat_mode:
ret += ['-no_middlebox']
return ' '.join(ret)
def pre_checks(self):
return ["requires_openssl_tls1_3"]
def post_checks(self):
return ['-c "HTTP/1.0 200 ok"']
class GnuTLSServ(TLSProgram):
"""
Generate test commands for GnuTLS server.
"""
CIPHER_SUITE = {
'TLS_AES_256_GCM_SHA384': [
'AES-256-GCM',
'SHA384',
'AEAD'],
'TLS_AES_128_GCM_SHA256': [
'AES-128-GCM',
'SHA256',
'AEAD'],
'TLS_CHACHA20_POLY1305_SHA256': [
'CHACHA20-POLY1305',
'SHA256',
'AEAD'],
'TLS_AES_128_CCM_SHA256': [
'AES-128-CCM',
'SHA256',
'AEAD'],
'TLS_AES_128_CCM_8_SHA256': [
'AES-128-CCM-8',
'SHA256',
'AEAD']}
SIGNATURE_ALGORITHM = {
'ecdsa_secp256r1_sha256': ['SIGN-ECDSA-SECP256R1-SHA256'],
'ecdsa_secp521r1_sha512': ['SIGN-ECDSA-SECP521R1-SHA512'],
'ecdsa_secp384r1_sha384': ['SIGN-ECDSA-SECP384R1-SHA384'],
'rsa_pss_rsae_sha256': ['SIGN-RSA-PSS-RSAE-SHA256']}
NAMED_GROUP = {
'secp256r1': ['GROUP-SECP256R1'],
'secp384r1': ['GROUP-SECP384R1'],
'secp521r1': ['GROUP-SECP521R1'],
'x25519': ['GROUP-X25519'],
'x448': ['GROUP-X448'],
}
def pre_checks(self):
return ["requires_gnutls_tls1_3",
"requires_gnutls_next_no_ticket",
"requires_gnutls_next_disable_tls13_compat", ]
def post_checks(self):
return ['-c "HTTP/1.0 200 OK"']
def cmd(self):
super().cmd()
ret = ['$G_NEXT_SRV_NO_CERT', '--http',
'--disable-client-cert', '--debug=4']
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
cert=cert, key=key)]
priority_string_list = []
def update_priority_string_list(items, map_table):
for item in items:
for i in map_table[item]:
if i not in priority_string_list:
yield i
if self._ciphers:
priority_string_list.extend(update_priority_string_list(
self._ciphers, self.CIPHER_SUITE))
else:
priority_string_list.extend(['CIPHER-ALL', 'MAC-ALL'])
if self._sig_algs:
signature_algorithms = set(self._sig_algs + self._cert_sig_algs)
priority_string_list.extend(update_priority_string_list(
signature_algorithms, self.SIGNATURE_ALGORITHM))
else:
priority_string_list.append('SIGN-ALL')
if self._named_groups:
priority_string_list.extend(update_priority_string_list(
self._named_groups, self.NAMED_GROUP))
else:
priority_string_list.append('GROUP-ALL')
priority_string_list = ['NONE'] + \
sorted(priority_string_list) + ['VERS-TLS1.3']
priority_string = ':+'.join(priority_string_list)
priority_string += ':%NO_TICKETS'
if not self._compat_mode:
priority_string += [':%DISABLE_TLS13_COMPAT_MODE']
ret += ['--priority={priority_string}'.format(
priority_string=priority_string)]
ret = ' '.join(ret)
return ret
class MbedTLSServ(TLSProgram):
"""
Generate test commands for mbedTLS server.
"""
CIPHER_SUITE = {
'TLS_AES_256_GCM_SHA384': 'TLS1-3-AES-256-GCM-SHA384',
'TLS_AES_128_GCM_SHA256': 'TLS1-3-AES-128-GCM-SHA256',
'TLS_CHACHA20_POLY1305_SHA256': 'TLS1-3-CHACHA20-POLY1305-SHA256',
'TLS_AES_128_CCM_SHA256': 'TLS1-3-AES-128-CCM-SHA256',
'TLS_AES_128_CCM_8_SHA256': 'TLS1-3-AES-128-CCM-8-SHA256'}
def cmd(self):
super().cmd()
ret = ['$P_SRV_NO_CERT']
ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
'debug_level=4', 'force_version=tls13']
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
ret += ['ca_file={cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
if self._ciphers:
ciphers = ','.join(
map(lambda cipher: self.CIPHER_SUITE[cipher], self._ciphers))
ret += ["force_ciphersuite={ciphers}".format(ciphers=ciphers)]
if self._sig_algs + self._cert_sig_algs:
ret += ['sig_algs={sig_algs}'.format(
sig_algs=','.join(set(self._sig_algs + self._cert_sig_algs)))]
if self._named_groups:
named_groups = ','.join(self._named_groups)
ret += ["curves={named_groups}".format(named_groups=named_groups)]
ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
ret = ' '.join(ret)
return ret
def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret
def post_checks(self):
check_strings = ["Protocol is TLSv1.3"]
if self._ciphers:
check_strings.append(
"server hello, chosen ciphersuite: {} ( id={:04d} )".format(
self.CIPHER_SUITE[self._ciphers[0]],
CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
if self._sig_algs:
check_strings.append(
"received signature algorithm: 0x{:x}".format(
SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
for named_group in self._named_groups:
check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
named_group=named_group,
iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
check_strings.append("Verifying peer X.509 certificate... ok")
return ['-s "{}"'.format(i) for i in check_strings]
class OpenSSLCli(TLSProgram):
"""
Generate test commands for OpenSSL client.
"""
NAMED_GROUP = {
'secp256r1': 'P-256',
'secp384r1': 'P-384',
'secp521r1': 'P-521',
'x25519': 'X25519',
'x448': 'X448',
}
def cmd(self):
super().cmd()
ret = ['$O_NEXT_CLI_NO_CERT']
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['-cert {cert} -key {key}'.format(cert=cert, key=key)]
ret += ['-CAfile {cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
if self._ciphers: if self._ciphers:
ciphersuites = ':'.join(self._ciphers) ciphersuites = ':'.join(self._ciphers)
@ -389,18 +167,42 @@ class OpenSSLCli(TLSProgram):
if not self._compat_mode: if not self._compat_mode:
ret += ['-no_middlebox'] ret += ['-no_middlebox']
#return ' '.join(ret)
return ret
def pre_checks(self):
return ["requires_openssl_tls1_3"]
def post_checks(self):
return []
class OpenSSLServ(OpenSSLBase):
"""
Generate test commands for OpenSSL server.
"""
def cmd(self):
ret = super().cmd()
ret += ['-accept $SRV_PORT']
ret += ['-num_tickets 0 -no_resume_ephemeral -no_cache']
return ' '.join(ret) return ' '.join(ret)
def pre_checks(self): def pre_checks(self):
return ["requires_openssl_tls1_3"] return ["requires_openssl_tls1_3"]
def post_checks(self): def post_checks(self):
return ['-s "HTTP/1.0 200 OK"'] return ['-c "HTTP/1.0 200 ok"']
def pre_cmd(self):
return '$O_NEXT_SRV_NO_CERT'
class GnuTLSCli(TLSProgram): class GnuTLSBase(TLSProgram):
""" """
Generate test commands for GnuTLS client. Generate base test commands for GnuTLS.
""" """
CIPHER_SUITE = { CIPHER_SUITE = {
@ -445,14 +247,11 @@ class GnuTLSCli(TLSProgram):
"requires_gnutls_next_disable_tls13_compat", ] "requires_gnutls_next_disable_tls13_compat", ]
def post_checks(self): def post_checks(self):
return ['-c "HTTP/1.0 200 OK"'] return []
def cmd(self): def cmd(self):
super().cmd() super().cmd()
ret = ['$G_NEXT_CLI_NO_CERT', '--debug=4'] ret = []
ret += ['localhost', '-p $SRV_PORT', '--single-key-share']
ret += ['--x509cafile {cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs): for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['--x509certfile {cert} --x509keyfile {key}'.format( ret += ['--x509certfile {cert} --x509keyfile {key}'.format(
@ -497,13 +296,37 @@ class GnuTLSCli(TLSProgram):
ret += ['--priority={priority_string}'.format( ret += ['--priority={priority_string}'.format(
priority_string=priority_string)] priority_string=priority_string)]
#ret = ' '.join(ret)
return ret
class GnuTLSServ(GnuTLSBase):
"""
Generate test commands for GnuTLS server.
"""
def pre_checks(self):
return ["requires_gnutls_tls1_3",
"requires_gnutls_next_no_ticket",
"requires_gnutls_next_disable_tls13_compat", ]
def post_checks(self):
return ['-c "HTTP/1.0 200 OK"']
def cmd(self):
ret = super().cmd()
ret += ['--http',
'--disable-client-cert', '--debug=4']
ret = ' '.join(ret) ret = ' '.join(ret)
return ret return ret
def pre_cmd(self):
return '$G_NEXT_SRV_NO_CERT'
class MbedTLSCli(TLSProgram):
class MbedTLSBase(TLSProgram):
""" """
Generate test commands for mbedTLS client. Generate base test commands for mbedTLS.
""" """
CIPHER_SUITE = { CIPHER_SUITE = {
@ -515,8 +338,7 @@ class MbedTLSCli(TLSProgram):
def cmd(self): def cmd(self):
super().cmd() super().cmd()
ret = ['$P_CLI'] ret = ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
ret += ['server_addr=127.0.0.1', 'server_port=$SRV_PORT',
'debug_level=4'] 'debug_level=4']
ret += ['ca_file={cafile}'.format( ret += ['ca_file={cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)] cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
@ -534,6 +356,38 @@ class MbedTLSCli(TLSProgram):
named_groups = ','.join(self._named_groups) named_groups = ','.join(self._named_groups)
ret += ["curves={named_groups}".format(named_groups=named_groups)] ret += ["curves={named_groups}".format(named_groups=named_groups)]
#ret = ' '.join(ret)
return ret
def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret
def post_checks(self):
return []
class MbedTLSServ(MbedTLSBase):
"""
Generate test commands for mbedTLS server.
"""
def cmd(self):
ret = super().cmd()
ret += ['force_version=tls13']
for _, cert, key in map(lambda sig_alg: CERTIFICATES[sig_alg], self._cert_sig_algs):
ret += ['crt_file={cert} key_file={key}'.format(cert=cert, key=key)]
ret += ['tls13_kex_modes=ephemeral cookies=0 tickets=0']
ret = ' '.join(ret) ret = ' '.join(ret)
return ret return ret
@ -550,6 +404,107 @@ class MbedTLSCli(TLSProgram):
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT') 'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret return ret
def post_checks(self):
check_strings = ["Protocol is TLSv1.3"]
if self._ciphers:
check_strings.append(
"server hello, chosen ciphersuite: {} ( id={:04d} )".format(
self.CIPHER_SUITE[self._ciphers[0]],
CIPHER_SUITE_IANA_VALUE[self._ciphers[0]]))
if self._sig_algs:
check_strings.append(
"received signature algorithm: 0x{:x}".format(
SIG_ALG_IANA_VALUE[self._sig_algs[0]]))
for named_group in self._named_groups:
check_strings += ['got named group: {named_group}({iana_value:04x})'.format(
named_group=named_group,
iana_value=NAMED_GROUP_IANA_VALUE[named_group])]
check_strings.append("Verifying peer X.509 certificate... ok")
return ['-s "{}"'.format(i) for i in check_strings]
def pre_cmd(self):
return '$P_SRV_NO_CERT'
class OpenSSLCli(OpenSSLBase):
"""
Generate test commands for OpenSSL client.
"""
def cmd(self):
ret = super().cmd()
ret += ['-CAfile {cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
return ' '.join(ret)
def pre_checks(self):
return ["requires_openssl_tls1_3"]
def post_checks(self):
return ['-s "HTTP/1.0 200 OK"']
def pre_cmd(self):
return '$O_NEXT_CLI_NO_CERT'
class GnuTLSCli(GnuTLSBase):
"""
Generate test commands for GnuTLS client.
"""
def pre_checks(self):
return ["requires_gnutls_tls1_3",
"requires_gnutls_next_no_ticket",
"requires_gnutls_next_disable_tls13_compat", ]
def post_checks(self):
return ['-c "HTTP/1.0 200 OK"']
def cmd(self):
ret = super().cmd()
ret += ['--debug=4']
ret += ['localhost', '-p $SRV_PORT', '--single-key-share']
ret += ['--x509cafile {cafile}'.format(
cafile=CERTIFICATES[self._cert_sig_algs[0]].cafile)]
ret = ' '.join(ret)
return ret
def pre_cmd(self):
return '$G_NEXT_CLI_NO_CERT'
class MbedTLSCli(MbedTLSBase):
"""
Generate test commands for mbedTLS client.
"""
def cmd(self):
ret = super().cmd()
ret = ' '.join(ret)
return ret
def pre_cmd(self):
return '$P_CLI'
def pre_checks(self):
ret = ['requires_config_enabled MBEDTLS_DEBUG_C',
'requires_config_enabled MBEDTLS_SSL_CLI_C',
'requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3']
if self._compat_mode:
ret += ['requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE']
if 'rsa_pss_rsae_sha256' in self._sig_algs + self._cert_sig_algs:
ret.append(
'requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT')
return ret
def post_checks(self): def post_checks(self):
check_strings = ["Protocol is TLSv1.3"] check_strings = ["Protocol is TLSv1.3"]
if self._ciphers: if self._ciphers:
@ -571,11 +526,9 @@ class MbedTLSCli(TLSProgram):
return ['-c "{}"'.format(i) for i in check_strings] return ['-c "{}"'.format(i) for i in check_strings]
SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ} SERVER_CLASSES = {'OpenSSL': OpenSSLServ, 'GnuTLS': GnuTLSServ, 'mbedTLS': MbedTLSServ}
CLIENT_CLASSES = {'mbedTLS': MbedTLSCli} CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
SERVER_SERVER_CLASSES = {'mbedTLS': MbedTLSServ}
SERVER_CLIENT_CLASSES = {'OpenSSL': OpenSSLCli, 'GnuTLS': GnuTLSCli, 'mbedTLS': MbedTLSCli}
def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None): def generate_compat_test(client=None, server=None, cipher=None, named_group=None, sig_alg=None):
""" """
@ -593,35 +546,8 @@ def generate_compat_test(client=None, server=None, cipher=None, named_group=None
signature_algorithm=sig_alg, signature_algorithm=sig_alg,
cert_sig_alg=sig_alg) cert_sig_alg=sig_alg)
cmd = ['run_test "{}"'.format(name), '"{}"'.format( cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks()
cmd += client_object.post_checks()
cmd += ['-C "received HelloRetryRequest message"']
prefix = ' \\\n' + (' '*9)
cmd = prefix.join(cmd)
return '\n'.join(server_object.pre_checks() + client_object.pre_checks() + [cmd])
def generate_server_side_compat_test(client=None, server=None, cipher=None,
named_group=None, sig_alg=None):
"""
Generate server side test case with `ssl-opt.sh` format.
"""
name = 'TLS 1.3 server side {client[0]}->{server[0]}: {cipher},{named_group},{sig_alg}'.format(
client=client, server=server, cipher=cipher[4:], sig_alg=sig_alg, named_group=named_group)
server_object = SERVER_SERVER_CLASSES[server](ciphersuite=cipher,
named_group=named_group,
signature_algorithm=sig_alg,
cert_sig_alg=sig_alg)
client_object = SERVER_CLIENT_CLASSES[client](ciphersuite=cipher,
named_group=named_group,
signature_algorithm=sig_alg,
cert_sig_alg=sig_alg)
cmd = ['run_test "{}"'.format(name), '"{}"'.format(
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0']
cmd += server_object.post_checks() cmd += server_object.post_checks()
cmd += client_object.post_checks() cmd += client_object.post_checks()
cmd += ['-C "received HelloRetryRequest message"'] cmd += ['-C "received HelloRetryRequest message"']
@ -646,8 +572,8 @@ def generate_hrr_compat_test(client=None, server=None,
cert_sig_alg=cert_sig_alg) cert_sig_alg=cert_sig_alg)
client_object.add_named_groups(server_named_group) client_object.add_named_groups(server_named_group)
cmd = ['run_test "{}"'.format(name), '"{}"'.format( cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks() cmd += server_object.post_checks()
cmd += client_object.post_checks() cmd += client_object.post_checks()
cmd += ['-c "received HelloRetryRequest message"'] cmd += ['-c "received HelloRetryRequest message"']
@ -668,15 +594,15 @@ def generate_server_hrr_compat_test(client=None, server=None,
name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format( name = 'TLS 1.3 {client[0]}->{server[0]}: Server HRR {c_named_group} -> {s_named_group}'.format(
client=client, server=server, c_named_group=client_named_group, client=client, server=server, c_named_group=client_named_group,
s_named_group=server_named_group) s_named_group=server_named_group)
server_object = SERVER_SERVER_CLASSES[server](named_group=server_named_group, server_object = SERVER_CLASSES[server](named_group=server_named_group,
cert_sig_alg=cert_sig_alg) cert_sig_alg=cert_sig_alg)
client_object = SERVER_CLIENT_CLASSES[client](named_group=client_named_group, client_object = CLIENT_CLASSES[client](named_group=client_named_group,
cert_sig_alg=cert_sig_alg) cert_sig_alg=cert_sig_alg)
client_object.add_named_groups(server_named_group) client_object.add_named_groups(server_named_group)
cmd = ['run_test "{}"'.format(name), '"{}"'.format( cmd = ['run_test "{}"'.format(name), '"{} {}"'.format(server_object.pre_cmd(),
server_object.cmd()), '"{}"'.format(client_object.cmd()), '0'] server_object.cmd()), '"{} {}"'.format(client_object.pre_cmd(), client_object.cmd()), '0']
cmd += server_object.post_checks() cmd += server_object.post_checks()
cmd += client_object.post_checks() cmd += client_object.post_checks()
cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)] cmd += ['-s "HRR selected_group: {:s}"'.format(server_named_group)]
@ -768,19 +694,11 @@ def main():
CIPHER_SUITE_IANA_VALUE.keys(), CIPHER_SUITE_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys(),
SIG_ALG_IANA_VALUE.keys()): SIG_ALG_IANA_VALUE.keys()):
yield generate_compat_test(client=client, server=server, if(server == 'mbedTLS' or client == 'mbedTLS'):
yield generate_compat_test(client=client, server=server,
cipher=cipher, named_group=named_group, cipher=cipher, named_group=named_group,
sig_alg=sig_alg) sig_alg=sig_alg)
for client, server, cipher, named_group, sig_alg in \
itertools.product(SERVER_CLIENT_CLASSES.keys(),
SERVER_SERVER_CLASSES.keys(),
CIPHER_SUITE_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(),
SIG_ALG_IANA_VALUE.keys()):
yield generate_server_side_compat_test(client=client, server=server,
cipher=cipher, named_group=named_group,
sig_alg=sig_alg)
# Generate Hello Retry Request compat test cases # Generate Hello Retry Request compat test cases
for client, server, client_named_group, server_named_group in \ for client, server, client_named_group, server_named_group in \
@ -788,22 +706,25 @@ def main():
SERVER_CLASSES.keys(), SERVER_CLASSES.keys(),
NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys()): NAMED_GROUP_IANA_VALUE.keys()):
if client_named_group != server_named_group: if(client == 'mbedTLS'):
yield generate_hrr_compat_test(client=client, server=server, if client_named_group != server_named_group:
yield generate_hrr_compat_test(client=client, server=server,
client_named_group=client_named_group, client_named_group=client_named_group,
server_named_group=server_named_group, server_named_group=server_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256") cert_sig_alg="ecdsa_secp256r1_sha256")
for client, server, client_named_group, server_named_group in \ for client, server, client_named_group, server_named_group in \
itertools.product(SERVER_CLIENT_CLASSES.keys(), itertools.product(CLIENT_CLASSES.keys(),
SERVER_SERVER_CLASSES.keys(), SERVER_CLASSES.keys(),
NAMED_GROUP_IANA_VALUE.keys(), NAMED_GROUP_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys()): NAMED_GROUP_IANA_VALUE.keys()):
if client_named_group != server_named_group: if(server == 'mbedTLS'):
yield generate_server_hrr_compat_test(client=client, server=server, if client_named_group != server_named_group:
client_named_group=client_named_group, yield generate_server_hrr_compat_test(client=client, server=server,
server_named_group=server_named_group, client_named_group=client_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256") server_named_group=server_named_group,
cert_sig_alg="ecdsa_secp256r1_sha256")
if args.generate_all_tls13_compat_tests: if args.generate_all_tls13_compat_tests:
if args.output: if args.output:

1
tests/ssl-opt.sh
View File

@ -86,6 +86,7 @@ if [ -n "${OPENSSL_NEXT:-}" ]; then
else else
O_NEXT_SRV=false O_NEXT_SRV=false
O_NEXT_SRV_NO_CERT=false O_NEXT_SRV_NO_CERT=false
O_NEXT_CLI_NO_CERT=false
O_NEXT_CLI=false O_NEXT_CLI=false
fi fi