From e94ab3cbdfd960985dcdf6b85ecb6ff81aa4d21e Mon Sep 17 00:00:00 2001 From: Valerio Setti Date: Mon, 20 Jan 2025 11:07:09 +0100 Subject: [PATCH] test_suite_ssl: add ECDHE-RSA case for handshake_fragmentation() This is the backport of commit b8ef2a4455 from the "development" branch which adapts handshake_fragmentation() to use ECDHE-RSA instead of DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch, here tests are added instead of replaced. Signed-off-by: Valerio Setti --- tests/suites/test_suite_ssl.data | 20 ++++++++++++++------ tests/suites/test_suite_ssl.function | 7 ++++--- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index 872ee60bb1..0eeb9e4e4d 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -428,13 +428,21 @@ DTLS Handshake with serialization, tls1_2 depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS handshake_serialization -DTLS Handshake fragmentation, MFL=512 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1 +DTLS Handshake fragmentation, MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA256 +handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" -DTLS Handshake fragmentation, MFL=1024 -depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH -handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1 +DTLS Handshake fragmentation, MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256 +depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA256 +handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256" + +DTLS Handshake fragmentation, MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA384 +handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" + +DTLS Handshake fragmentation, MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384 +depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA384 +handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" Handshake min/max version check, all -> 1.2 depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index a16ac64374..1d65706769 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -2761,10 +2761,11 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */ +/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC */ void handshake_fragmentation(int mfl, int expected_srv_hs_fragmentation, - int expected_cli_hs_fragmentation) + int expected_cli_hs_fragmentation, + char *ciphersuite) { mbedtls_test_handshake_test_options options; mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern; @@ -2778,7 +2779,7 @@ void handshake_fragmentation(int mfl, options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2; options.mfl = mfl; /* Set cipher to one using CBC so that record splitting can be tested */ - options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"; + options.cipher = ciphersuite; options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED; options.srv_log_obj = &srv_pattern; options.cli_log_obj = &cli_pattern;