mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Update generate scripts and tls13 test cases

Browse Source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This commit is contained in:
Jerry Yu 2021-11-29 16:50:13 +08:00
parent 31018adb81
commit cdcb683568
3 changed files with 1656 additions and 1817 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3404
tests/opt-testcases/tls13-compat.sh
View File

File diff suppressed because it is too large Load Diff

63
tests/scripts/generate_tls13_compat_tests.py
View File

@ -44,6 +44,8 @@ CERTIFICATES = {
) )
} }
CAFILE = { CAFILE = {
'ecdsa_secp256r1_sha256': 'data_files/test-ca2.crt', 'ecdsa_secp256r1_sha256': 'data_files/test-ca2.crt',
'ecdsa_secp384r1_sha384': 'data_files/test-ca2.crt', 'ecdsa_secp384r1_sha384': 'data_files/test-ca2.crt',
@ -74,6 +76,7 @@ NAMED_GROUP_IANA_VALUE = {
'x448': 0x1e, 'x448': 0x1e,
} }
OUTPUT_FILE=sys.stdout
def remove_duplicates(seq): def remove_duplicates(seq):
seen = set() seen = set()
@ -365,15 +368,45 @@ def generate_compat_test(server=None, client=None, cipher=None, # pylint: disab
server.cmd()), '"{}"'.format(client.cmd()), '0'] server.cmd()), '"{}"'.format(client.cmd()), '0']
cmd += server.post_checks() cmd += server.post_checks()
cmd += client.post_checks() cmd += client.post_checks()
prefix = ' \\\n' + (' '*12) prefix = ' \\\n' + (' '*9)
cmd = prefix.join(cmd) cmd = prefix.join(cmd)
print('\n'.join(server.pre_checks() + client.pre_checks() + [cmd])) return '\n'.join(server.pre_checks() + client.pre_checks() + [cmd])
return 0
SSL_OUTPUT_HEADER='''#!/bin/sh
# {filename}
#
# Copyright The Mbed TLS Contributors
# SPDX-License-Identifier: Apache-2.0
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Purpose
#
# List TLS1.3 compat test cases. They are generated by
# `generate_tls13_compat_tests.py -a`.
#
# PLEASE DO NOT EDIT THIS FILE. IF NEEDED, PLEASE MODIFY `generate_tls13_compat_tests.py`
# AND REGENERATE THIS FILE.
#
'''
def main(): def main():
parser = argparse.ArgumentParser() parser = argparse.ArgumentParser()
parser.add_argument('-o', '--output', nargs='?',
default=None, help='Output file path')
parser.add_argument('-a', '--generate-all-tls13-compat-tests', action='store_true', parser.add_argument('-a', '--generate-all-tls13-compat-tests', action='store_true',
default=False, help='Generate all available tls13 compat tests') default=False, help='Generate all available tls13 compat tests')
@ -409,29 +442,35 @@ def main():
help='Choose cipher suite for test') help='Choose cipher suite for test')
args = parser.parse_args() args = parser.parse_args()
if args.output:
OUTPUT_FILE=open(args.output,'w')
OUTPUT_FILE.write(SSL_OUTPUT_HEADER.format(filename=args.output))
if args.generate_all_tls13_compat_tests: if args.generate_all_tls13_compat_tests:
for i in itertools.product(CIPHER_SUITE_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys(), for i in itertools.product(CIPHER_SUITE_IANA_VALUE.keys(), SIG_ALG_IANA_VALUE.keys(),
NAMED_GROUP_IANA_VALUE.keys(), SERVER_CLS.keys(), NAMED_GROUP_IANA_VALUE.keys(), SERVER_CLS.keys(),
CLIENT_CLS.keys()): CLIENT_CLS.keys()):
generate_compat_test( test_case = generate_compat_test( **dict(
**dict(zip(['cipher', 'sig_alg', 'named_group', 'server', 'client'], i))) zip(['cipher', 'sig_alg', 'named_group', 'server', 'client'], i)))
print() print(test_case,file=OUTPUT_FILE)
return 0 return 0
if args.list_ciphers or args.list_sig_algs or args.list_named_groups \ if args.list_ciphers or args.list_sig_algs or args.list_named_groups \
or args.list_servers or args.list_clients: or args.list_servers or args.list_clients:
if args.list_ciphers: if args.list_ciphers:
print(*CIPHER_SUITE_IANA_VALUE.keys()) print(*CIPHER_SUITE_IANA_VALUE.keys(),file=OUTPUT_FILE)
if args.list_sig_algs: if args.list_sig_algs:
print(*SIG_ALG_IANA_VALUE.keys()) print(*SIG_ALG_IANA_VALUE.keys(),file=OUTPUT_FILE)
if args.list_named_groups: if args.list_named_groups:
print(*NAMED_GROUP_IANA_VALUE.keys()) print(*NAMED_GROUP_IANA_VALUE.keys(),file=OUTPUT_FILE)
if args.list_servers: if args.list_servers:
print(*SERVER_CLS.keys()) print(*SERVER_CLS.keys(),file=OUTPUT_FILE)
if args.list_clients: if args.list_clients:
print(*CLIENT_CLS.keys()) print(*CLIENT_CLS.keys(),file=OUTPUT_FILE)
return 0 return 0
return generate_compat_test(**vars(args))
print(generate_compat_test(**vars(args)),file=OUTPUT_FILE)
return 0
if __name__ == "__main__": if __name__ == "__main__":

6
tests/ssl-opt.sh
View File

@ -8989,8 +8989,10 @@ run_test "TLS1.3: HelloRetryRequest check - gnutls" \
-c "HRR not supported" \ -c "HRR not supported" \
-c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \ -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \
-s "HELLO RETRY REQUEST was queued" -s "HELLO RETRY REQUEST was queued"
for i in $(ls opt-testcases/*.sh)
. opt-testcases/tls13-compat.sh do
. $i
done
# Test heap memory usage after handshake # Test heap memory usage after handshake
requires_config_enabled MBEDTLS_MEMORY_DEBUG requires_config_enabled MBEDTLS_MEMORY_DEBUG