mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Merge remote-tracking branch 'mbedtls-3.6' into tls13-middlebox-compat-disabled-3.6
This commit is contained in:
Gilles Peskine
@ -576,7 +576,7 @@ KNOWN_TASKS = {
|
||||
'analyze_driver_vs_reference_tfm_config': {
|
||||
'test_function': do_analyze_driver_vs_reference,
|
||||
'args': {
|
||||
'component_ref': 'test_tfm_config',
|
||||
'component_ref': 'test_tfm_config_no_p256m',
|
||||
'component_driver': 'test_tfm_config_p256m_driver_accel_ec',
|
||||
'ignored_suites': [
|
||||
# Modules replaced by drivers
|
||||
|
||||
@ -31,7 +31,6 @@ for compiler in clang gcc; do
|
||||
run_in_docker programs/test/selftest
|
||||
run_in_docker -e OSSL_NO_DTLS=1 tests/compat.sh
|
||||
run_in_docker tests/ssl-opt.sh -e '\(DTLS\|SCSV\).*openssl'
|
||||
run_in_docker tests/scripts/test-ref-configs.pl
|
||||
run_in_docker tests/scripts/depends.py curves
|
||||
run_in_docker tests/scripts/depends.py kex
|
||||
done
|
||||
|
||||
@ -162,6 +162,25 @@ component_test_rsa_no_crt () {
|
||||
tests/context-info.sh
|
||||
}
|
||||
|
||||
component_test_config_no_entropy () {
|
||||
msg "build: configs/config-no-entropy.h"
|
||||
cp configs/config-no-entropy.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-no-entropy.h - unit tests"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_no_ctr_drbg_classic () {
|
||||
msg "build: Full minus CTR_DRBG, classic crypto in TLS"
|
||||
scripts/config.py full
|
||||
@ -516,6 +535,46 @@ component_test_full_no_ccm_star_no_tag () {
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_config_symmetric_only_legacy () {
|
||||
msg "build: configs/config-symmetric-only.h"
|
||||
cp configs/config-symmetric-only.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-symmetric-only.h - unit tests"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_config_symmetric_only_psa () {
|
||||
msg "build: configs/config-symmetric-only.h + USE_PSA_CRYPTO"
|
||||
cp configs/config-symmetric-only.h "$CONFIG_H"
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-symmetric-only.h + USE_PSA_CRYPTO - unit tests"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_full_no_bignum () {
|
||||
msg "build: full minus bignum"
|
||||
scripts/config.py full
|
||||
@ -841,7 +900,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
|
||||
# -----
|
||||
|
||||
# These hashes are needed for some ECDSA signature tests.
|
||||
loc_extra_list="ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
loc_extra_list="ALG_SHA_1 ALG_SHA_224 ALG_SHA_256 ALG_SHA_384 ALG_SHA_512 \
|
||||
ALG_SHA3_224 ALG_SHA3_256 ALG_SHA3_384 ALG_SHA3_512"
|
||||
|
||||
helper_libtestdriver1_make_drivers "$loc_accel_list" "$loc_extra_list"
|
||||
@ -1581,9 +1640,19 @@ component_test_psa_crypto_config_reference_ecc_ffdh_no_bignum () {
|
||||
common_test_psa_crypto_config_reference_ecc_ffdh_no_bignum "ECC_DH"
|
||||
}
|
||||
|
||||
component_test_tfm_config_as_is () {
|
||||
msg "build: configs/config-tfm.h"
|
||||
cp configs/config-tfm.h "$CONFIG_H"
|
||||
CC=$ASAN_CC cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-tfm.h - unit tests"
|
||||
make test
|
||||
}
|
||||
|
||||
# Helper for setting common configurations between:
|
||||
# - component_test_tfm_config_p256m_driver_accel_ec()
|
||||
# - component_test_tfm_config()
|
||||
# - component_test_tfm_config_no_p256m()
|
||||
common_tfm_config () {
|
||||
# Enable TF-M config
|
||||
cp configs/config-tfm.h "$CONFIG_H"
|
||||
@ -1637,14 +1706,14 @@ component_test_tfm_config_p256m_driver_accel_ec () {
|
||||
# Keep this in sync with component_test_tfm_config_p256m_driver_accel_ec() as
|
||||
# they are both meant to be used in analyze_outcomes.py for driver's coverage
|
||||
# analysis.
|
||||
component_test_tfm_config () {
|
||||
component_test_tfm_config_no_p256m () {
|
||||
common_tfm_config
|
||||
|
||||
# Disable P256M driver, which is on by default, so that analyze_outcomes
|
||||
# can compare this test with test_tfm_config_p256m_driver_accel_ec
|
||||
echo "#undef MBEDTLS_PSA_P256M_DRIVER_ENABLED" >> "$CONFIG_H"
|
||||
|
||||
msg "build: TF-M config"
|
||||
msg "build: TF-M config without p256m"
|
||||
make CFLAGS='-Werror -Wall -Wextra -I../tests/include/spe' tests
|
||||
|
||||
# Check that p256m was not built
|
||||
@ -1654,7 +1723,7 @@ component_test_tfm_config () {
|
||||
# files, so we want to ensure that it has not be re-enabled accidentally.
|
||||
not grep mbedtls_cipher library/cipher.o
|
||||
|
||||
msg "test: TF-M config"
|
||||
msg "test: TF-M config without p256m"
|
||||
make test
|
||||
}
|
||||
|
||||
|
||||
@ -9,6 +9,72 @@
|
||||
#### Configuration Testing - TLS
|
||||
################################################################
|
||||
|
||||
component_test_config_suite_b_legacy () {
|
||||
msg "build: configs/config-suite-b.h"
|
||||
cp configs/config-suite-b.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-suite-b.h - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-suite-b.h - compat.sh"
|
||||
tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS
|
||||
|
||||
msg "build: configs/config-suite-b.h + DEBUG"
|
||||
MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
|
||||
make clean
|
||||
scripts/config.py set MBEDTLS_DEBUG_C
|
||||
scripts/config.py set MBEDTLS_ERROR_C
|
||||
make ssl-opt
|
||||
|
||||
msg "test: configs/config-suite-b.h + DEBUG - ssl-opt.sh"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_config_suite_b_psa () {
|
||||
msg "build: configs/config-suite-b.h + USE_PSA_CRYPTO"
|
||||
cp configs/config-suite-b.h "$CONFIG_H"
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO - compat.sh"
|
||||
tests/compat.sh -m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS
|
||||
|
||||
msg "build: configs/config-suite-b.h + USE_PSA_CRYPTO + DEBUG"
|
||||
MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
|
||||
make clean
|
||||
scripts/config.py set MBEDTLS_DEBUG_C
|
||||
scripts/config.py set MBEDTLS_ERROR_C
|
||||
make ssl-opt
|
||||
|
||||
msg "test: configs/config-suite-b.h + USE_PSA_CRYPTO + DEBUG - ssl-opt.sh"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_no_renegotiation () {
|
||||
msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min
|
||||
scripts/config.py unset MBEDTLS_SSL_RENEGOTIATION
|
||||
@ -191,6 +257,52 @@ component_test_tls1_2_default_cbc_legacy_cbc_etm_cipher_only_use_psa () {
|
||||
tests/ssl-opt.sh -f "TLS 1.2"
|
||||
}
|
||||
|
||||
component_test_config_thread_legacy () {
|
||||
msg "build: configs/config-thread.h"
|
||||
cp configs/config-thread.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-thread.h - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-thread.h - ssl-opt.sh"
|
||||
tests/ssl-opt.sh -f 'ECJPAKE.*nolog'
|
||||
}
|
||||
|
||||
component_test_config_thread_psa () {
|
||||
msg "build: configs/config-thread.h + USE_PSA_CRYPTO"
|
||||
cp configs/config-thread.h "$CONFIG_H"
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-thread.h + USE_PSA_CRYPTO - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-thread.h + USE_PSA_CRYPTO - ssl-opt.sh"
|
||||
tests/ssl-opt.sh -f 'ECJPAKE.*nolog'
|
||||
}
|
||||
|
||||
# We're not aware of any other (open source) implementation of EC J-PAKE in TLS
|
||||
# that we could use for interop testing. However, we now have sort of two
|
||||
# implementations ourselves: one using PSA, the other not. At least test that
|
||||
@ -224,6 +336,118 @@ component_test_tls1_2_ecjpake_compatibility () {
|
||||
rm s2_no_use_psa c2_no_use_psa
|
||||
}
|
||||
|
||||
component_test_tls1_2_ccm_psk_legacy () {
|
||||
msg "build: configs/config-ccm-psk-tls1_2.h"
|
||||
cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-tls1_2.h - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-ccm-psk-tls1_2.h - compat.sh"
|
||||
tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
|
||||
}
|
||||
|
||||
component_test_tls1_2_ccm_psk_psa () {
|
||||
msg "build: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO"
|
||||
cp configs/config-ccm-psk-tls1_2.h "$CONFIG_H"
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-ccm-psk-tls1_2.h + USE_PSA_CRYPTO - compat.sh"
|
||||
tests/compat.sh -m tls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
|
||||
}
|
||||
|
||||
component_test_tls1_2_ccm_psk_dtls_legacy () {
|
||||
msg "build: configs/config-ccm-psk-dtls1_2.h"
|
||||
cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h - compat.sh"
|
||||
tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
|
||||
|
||||
msg "build: configs/config-ccm-psk-dtls1_2.h + DEBUG"
|
||||
MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
|
||||
make clean
|
||||
scripts/config.py set MBEDTLS_DEBUG_C
|
||||
scripts/config.py set MBEDTLS_ERROR_C
|
||||
make ssl-opt
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h + DEBUG - ssl-opt.sh"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_tls1_2_ccm_psk_dtls_psa () {
|
||||
msg "build: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO"
|
||||
cp configs/config-ccm-psk-dtls1_2.h "$CONFIG_H"
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py set MBEDTLS_USE_PSA_CRYPTO
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO - unit tests"
|
||||
make test
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO - compat.sh"
|
||||
tests/compat.sh -m dtls12 -f '^TLS_PSK_WITH_AES_..._CCM_8'
|
||||
|
||||
msg "build: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO + DEBUG"
|
||||
MBEDTLS_TEST_CONFIGURATION="$MBEDTLS_TEST_CONFIGURATION+DEBUG"
|
||||
make clean
|
||||
scripts/config.py set MBEDTLS_DEBUG_C
|
||||
scripts/config.py set MBEDTLS_ERROR_C
|
||||
make ssl-opt
|
||||
|
||||
msg "test: configs/config-ccm-psk-dtls1_2.h + USE_PSA_CRYPTO + DEBUG - ssl-opt.sh"
|
||||
tests/ssl-opt.sh
|
||||
}
|
||||
|
||||
component_test_small_ssl_out_content_len () {
|
||||
msg "build: small SSL_OUT_CONTENT_LEN (ASan build)"
|
||||
scripts/config.py set MBEDTLS_SSL_IN_CONTENT_LEN 16384
|
||||
|
||||
@ -129,21 +129,6 @@ component_test_full_cmake_gcc_asan_new_bignum () {
|
||||
tests/context-info.sh
|
||||
}
|
||||
|
||||
component_test_ref_configs () {
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
# test-ref-configs works by overwriting mbedtls_config.h; this makes cmake
|
||||
# want to re-generate generated files that depend on it, quite correctly.
|
||||
# However this doesn't work as the generation script expects a specific
|
||||
# format for mbedtls_config.h, which the other files don't follow. Also,
|
||||
# cmake can't know this, but re-generation is actually not necessary as
|
||||
# the generated files only depend on the list of available options, not
|
||||
# whether they're on or off. So, disable cmake's (over-sensitive here)
|
||||
# dependency resolution for generated files and just rely on them being
|
||||
# present (thanks to pre_generate_files) by turning GEN_FILES off.
|
||||
CC=$ASAN_CC cmake -D GEN_FILES=Off -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
tests/scripts/test-ref-configs.pl
|
||||
}
|
||||
|
||||
component_test_full_cmake_clang () {
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
scripts/config.py full
|
||||
|
||||
@ -537,7 +537,7 @@ def main():
|
||||
default=True)
|
||||
options = parser.parse_args()
|
||||
os.chdir(options.directory)
|
||||
conf = config.ConfigFile(options.config)
|
||||
conf = config.MbedTLSConfig(options.config)
|
||||
domain_data = DomainData(options, conf)
|
||||
|
||||
if options.tasks is True:
|
||||
|
||||
@ -1,158 +0,0 @@
|
||||
#!/usr/bin/env perl
|
||||
|
||||
# test-ref-configs.pl
|
||||
#
|
||||
# Copyright The Mbed TLS Contributors
|
||||
# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
|
||||
#
|
||||
# Purpose
|
||||
#
|
||||
# For each reference configuration file in the configs directory, build the
|
||||
# configuration, run the test suites and compat.sh
|
||||
#
|
||||
# Usage: tests/scripts/test-ref-configs.pl [config-name [...]]
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
my %configs = (
|
||||
'config-ccm-psk-tls1_2.h' => {
|
||||
'compat' => '-m tls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
|
||||
},
|
||||
'config-ccm-psk-dtls1_2.h' => {
|
||||
'compat' => '-m dtls12 -f \'^TLS_PSK_WITH_AES_..._CCM_8\'',
|
||||
'opt' => ' ',
|
||||
'opt_needs_debug' => 1,
|
||||
},
|
||||
'config-no-entropy.h' => {
|
||||
},
|
||||
'config-suite-b.h' => {
|
||||
'compat' => "-m tls12 -f 'ECDHE_ECDSA.*AES.*GCM' -p mbedTLS",
|
||||
'opt' => ' ',
|
||||
'opt_needs_debug' => 1,
|
||||
},
|
||||
'config-symmetric-only.h' => {
|
||||
},
|
||||
'config-tfm.h' => {
|
||||
},
|
||||
'config-thread.h' => {
|
||||
'opt' => '-f ECJPAKE.*nolog',
|
||||
},
|
||||
);
|
||||
|
||||
# If no config-name is provided, use all known configs.
|
||||
# Otherwise, use the provided names only.
|
||||
my @configs_to_test = sort keys %configs;
|
||||
if ($#ARGV >= 0) {
|
||||
foreach my $conf_name ( @ARGV ) {
|
||||
if( ! exists $configs{$conf_name} ) {
|
||||
die "Unknown configuration: $conf_name\n";
|
||||
}
|
||||
}
|
||||
@configs_to_test = @ARGV;
|
||||
}
|
||||
|
||||
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
|
||||
|
||||
my $config_h = 'include/mbedtls/mbedtls_config.h';
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
sub abort {
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
# use an exit code between 1 and 124 for git bisect (die returns 255)
|
||||
warn $_[0];
|
||||
exit 1;
|
||||
}
|
||||
|
||||
# Create a seedfile for configurations that enable MBEDTLS_ENTROPY_NV_SEED.
|
||||
# For test purposes, this doesn't have to be cryptographically random.
|
||||
if (!-e "tests/seedfile" || -s "tests/seedfile" < 64) {
|
||||
local *SEEDFILE;
|
||||
open SEEDFILE, ">tests/seedfile" or die;
|
||||
print SEEDFILE "*" x 64 or die;
|
||||
close SEEDFILE or die;
|
||||
}
|
||||
|
||||
sub perform_test {
|
||||
my $conf_file = $_[0];
|
||||
my $data = $_[1];
|
||||
my $test_with_psa = $_[2];
|
||||
|
||||
my $conf_name = $conf_file;
|
||||
if ( $test_with_psa )
|
||||
{
|
||||
$conf_name .= "+PSA";
|
||||
}
|
||||
|
||||
system( "cp $config_h.bak $config_h" ) and die;
|
||||
system( "make clean" ) and die;
|
||||
|
||||
print "\n******************************************\n";
|
||||
print "* Testing configuration: $conf_name\n";
|
||||
print "******************************************\n";
|
||||
|
||||
$ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
|
||||
|
||||
system( "cp configs/$conf_file $config_h" )
|
||||
and abort "Failed to activate $conf_file\n";
|
||||
|
||||
if ( $test_with_psa )
|
||||
{
|
||||
system( "scripts/config.py set MBEDTLS_PSA_CRYPTO_C" );
|
||||
system( "scripts/config.py set MBEDTLS_USE_PSA_CRYPTO" );
|
||||
}
|
||||
|
||||
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
|
||||
system( "make test" ) and abort "Failed test suite: $conf_name\n";
|
||||
|
||||
my $compat = $data->{'compat'};
|
||||
if( $compat )
|
||||
{
|
||||
print "\nrunning compat.sh $compat ($conf_name)\n";
|
||||
system( "tests/compat.sh $compat" )
|
||||
and abort "Failed compat.sh: $conf_name\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print "\nskipping compat.sh ($conf_name)\n";
|
||||
}
|
||||
|
||||
my $opt = $data->{'opt'};
|
||||
if( $opt )
|
||||
{
|
||||
if( $data->{'opt_needs_debug'} )
|
||||
{
|
||||
print "\nrebuilding with debug traces for ssl-opt ($conf_name)\n";
|
||||
$conf_name .= '+DEBUG';
|
||||
$ENV{MBEDTLS_TEST_CONFIGURATION} = $conf_name;
|
||||
system( "make clean" );
|
||||
system( "scripts/config.py set MBEDTLS_DEBUG_C" );
|
||||
system( "scripts/config.py set MBEDTLS_ERROR_C" );
|
||||
system( "CFLAGS='-Os -Werror -Wall -Wextra' make" ) and abort "Failed to build: $conf_name\n";
|
||||
}
|
||||
|
||||
print "\nrunning ssl-opt.sh $opt ($conf_name)\n";
|
||||
system( "tests/ssl-opt.sh $opt" )
|
||||
and abort "Failed ssl-opt.sh: $conf_name\n";
|
||||
}
|
||||
else
|
||||
{
|
||||
print "\nskipping ssl-opt.sh ($conf_name)\n";
|
||||
}
|
||||
}
|
||||
|
||||
foreach my $conf ( @configs_to_test ) {
|
||||
system("grep '//#define MBEDTLS_USE_PSA_CRYPTO' configs/$conf > /dev/null");
|
||||
die "grep ... configs/$conf: $!" if $? != 0 && $? != 0x100;
|
||||
my $test_with_psa = $? == 0;
|
||||
|
||||
if ( $test_with_psa )
|
||||
{
|
||||
perform_test( $conf, $configs{$conf}, $test_with_psa );
|
||||
}
|
||||
perform_test( $conf, $configs{$conf}, 0 );
|
||||
}
|
||||
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
system( "make clean" );
|
||||
exit 0;
|
||||
@ -895,15 +895,15 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_RSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY pair DECRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair DECRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECDSA pair DECRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY public DECRYPT (bad)
|
||||
@ -919,15 +919,15 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBED
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY pair ENCRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair ENCRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECDSA pair ENCRYPT (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY public ENCRYPT (bad)
|
||||
@ -943,15 +943,15 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBED
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_ENCRYPT:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY pair DERIVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair DERIVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_DERIVE:1:PSA_ALG_ECDH
|
||||
|
||||
PSA attributes for pk: ECDSA pair DERIVE (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY public DERIVE (bad)
|
||||
@ -967,35 +967,35 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBED
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY pair SIGN_MESSAGE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECDSA pair SIGN_MESSAGE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECKEY pair SIGN_HASH
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECDSA pair SIGN_HASH
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:1:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECKEY pair->public VERIFY_MESSAGE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECDSA pair->public VERIFY_MESSAGE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECKEY pair->public VERIFY_HASH
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECDSA pair->public VERIFY_HASH
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_get_psa_attributes:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:0:PSA_ALG_ECDSA(PSA_ALG_ANY_HASH)
|
||||
|
||||
PSA attributes for pk: ECKEY public VERIFY_MESSAGE
|
||||
@ -1031,19 +1031,19 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBED
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair SIGN_MESSAGE (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair SIGN_HASH (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair VERIFY_MESSAGE (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_MESSAGE:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH pair VERIFY_HASH (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_get_psa_attributes_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_USAGE_VERIFY_HASH:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA attributes for pk: ECKEY_DH public SIGN_MESSAGE (bad)
|
||||
@ -1223,39 +1223,39 @@ depends_on:MBEDTLS_RSA_C
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_RSA:FROM_PAIR:PSA_KEY_TYPE_RSA_PUBLIC_KEY:RSA_KEY_SIZE + 8:MBEDTLS_ERR_PK_INVALID_ALG
|
||||
|
||||
PSA import into PSA: ECKEY pair to RSA (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY_DH pair to RSA (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECDSA pair to RSA (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_AT_LEAST_ONE_CURVE:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_RSA_KEY_PAIR:0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY pair to different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY_DH pair to different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECDSA pair to different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY pair to public, different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY_DH pair to public, different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECDSA pair to public, different curve (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY public to different curve (bad)
|
||||
@ -1271,15 +1271,15 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_FAMILIES:MBEDT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ANOTHER_FAMILY):0:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY pair to different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY_DH pair to different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECDSA pair to different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_KEY_PAIR(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY public to different bits (bad)
|
||||
@ -1295,15 +1295,15 @@ depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_P
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PUBLIC:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY private to public, different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY_DH private to public, different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECKEY_DH:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECDSA private to public, different bits (bad)
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SOME
|
||||
depends_on:MBEDTLS_PK_HAVE_ECC_KEYS:MBEDTLS_TEST_PSA_ECC_HAVE_TWO_BITS:MBEDTLS_PK_CAN_ECDSA_SIGN
|
||||
pk_import_into_psa_fail:MBEDTLS_PK_ECDSA:FROM_PAIR:PSA_KEY_TYPE_ECC_PUBLIC_KEY(MBEDTLS_TEST_PSA_ECC_ONE_CURVE_BITS):MBEDTLS_TEST_PSA_ECC_ANOTHER_CURVE_BITS:MBEDTLS_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
PSA import into PSA: ECKEY public to pair (bad)
|
||||
|
||||
@ -377,11 +377,11 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDT
|
||||
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:0
|
||||
|
||||
Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
|
||||
depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:0
|
||||
|
||||
Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:0
|
||||
|
||||
Handshake, PSK-WITH-AES-128-CBC-SHA
|
||||
@ -405,11 +405,11 @@ depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDT
|
||||
handshake_cipher:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:1
|
||||
|
||||
DTLS Handshake, ECDHE-ECDSA-WITH-AES-256-CCM
|
||||
depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_cipher:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:1
|
||||
|
||||
DTLS Handshake, ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_cipher:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:1
|
||||
|
||||
DTLS Handshake, PSK-WITH-AES-128-CBC-SHA
|
||||
@ -521,23 +521,23 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_GCM:MBEDT
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, PSA_ALG_SHA_256
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_256):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:0:MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDHE-ECDSA-WITH-AES-256-CCM, opaque, bad usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA256:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CCM:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
|
||||
handshake_ciphersuite_select:"TLS-ECDHE-ECDSA-WITH-AES-256-CCM":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-RSA-WITH-AES-256-CBC-SHA384, non-opaque
|
||||
@ -557,23 +557,23 @@ depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_AES:MBEDTLS_SSL_HAVE_CBC:MBEDT
|
||||
handshake_ciphersuite_select:"TLS-ECDH-RSA-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDH:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, non-opaque
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_ANY_HASH
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, PSA_ALG_SHA_384
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_SHA_384):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:0:MBEDTLS_TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing alg
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_SIGN_HASH|PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Handshake, select ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384, opaque, missing usage
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
depends_on:MBEDTLS_MD_CAN_SHA384:MBEDTLS_SSL_HAVE_CAMELLIA:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO
|
||||
handshake_ciphersuite_select:"TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384":MBEDTLS_PK_ECDSA:"":PSA_ALG_ECDSA(PSA_ALG_ANY_HASH):PSA_ALG_ECDH:PSA_KEY_USAGE_SIGN_HASH:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
|
||||
|
||||
Sending app data via TLS, MFL=512 without fragmentation
|
||||
@ -2858,7 +2858,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #1
|
||||
# - App data payload: 70696e67
|
||||
# - Complete record: 1703030015c74061535eb12f5f25a781957874742ab7fb305dd5
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"70696e67":"c74061535eb12f5f25a781957874742ab7fb305dd5"
|
||||
|
||||
SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
|
||||
@ -2869,7 +2869,7 @@ SSL TLS 1.3 Record Encryption, tls13.ulfheim.net Example #2
|
||||
# - App data payload: 706f6e67
|
||||
# - Complete record: 1703030015370e5f168afa7fb16b663ecdfca3dbb81931a90ca7
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"0b6d22c8ff68097ea871c672073773bf":"1b13dd9f8d8f17091d34b349":"49134b95328f279f0183860589ac6707":"bc4dd5f7b98acff85466261d":"706f6e67":"370e5f168afa7fb16b663ecdfca3dbb81931a90ca7"
|
||||
|
||||
SSL TLS 1.3 Record Encryption RFC 8448 Example #1
|
||||
@ -2888,7 +2888,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #1
|
||||
# 62 97 4e 1f 5a 62 92 a2 97 70 14 bd 1e 3d ea e6
|
||||
# 3a ee bb 21 69 49 15 e4
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_CLIENT:0:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"a23f7054b62c94d0affafe8228ba55cbefacea42f914aa66bcab3f2b9819a8a5b46b395bd54a9a20441e2b62974e1f5a6292a2977014bd1e3deae63aeebb21694915e4"
|
||||
|
||||
SSL TLS 1.3 Record Encryption RFC 8448 Example #2
|
||||
@ -2907,7 +2907,7 @@ SSL TLS 1.3 Record Encryption RFC 8448 Example #2
|
||||
# fc c4 9c 4b f2 e5 f0 a2 1c 00 47 c2 ab f3 32 54
|
||||
# 0d d0 32 e1 67 c2 95 5d
|
||||
# - Padding used: No (== granularity 1)
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256:MBEDTLS_PK_CAN_ECDSA_SOME:MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
|
||||
depends_on:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:PSA_WANT_ALG_SHA_256
|
||||
ssl_tls13_record_protection:MBEDTLS_TLS1_3_AES_128_GCM_SHA256:MBEDTLS_SSL_IS_SERVER:1:1:"9f02283b6c9c07efc26bb9f2ac92e356":"cf782b88dd83549aadf1e984":"17422dda596ed5d9acd890e3c63f5051":"5b78923dee08579033e523d9":"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f3031":"2e937e11ef4ac740e538ad36005fc4a46932fc3225d05f82aa1b36e30efaf97d90e6dffc602dcb501a59a8fcc49c4bf2e5f0a21c0047c2abf332540dd032e167c2955d"
|
||||
|
||||
SSL TLS 1.3 Key schedule: Application secrets derivation helper
|
||||
|
||||
@ -3297,7 +3297,7 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SOME */
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_HAVE_SECP256R1:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_PK_CAN_ECDSA_SIGN */
|
||||
void raw_key_agreement_fail(int bad_server_ecdhe_key)
|
||||
{
|
||||
enum { BUFFSIZE = 17000 };
|
||||
|
||||
Reference in New Issue
Block a user