mirror of
https://github.com/cuberite/polarssl.git
synced 2025-11-04 04:32:24 -05:00
Add tests to ssl-opt.sh exercising server-side opaque PSK
This commit is contained in:
Hanno Becker
parent
4855c2d4c2
commit
5a1d6da8f8
178
tests/ssl-opt.sh
178
tests/ssl-opt.sh
@ -3886,6 +3886,184 @@ run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_slot=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_slot=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_slot=1 min_version=tls1_2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
0 \
|
||||
-c "using extended master secret"\
|
||||
-s "using extended master secret"\
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_slot=1 min_version=tls1_2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=foo psk=abc123 extended_ms=1" \
|
||||
0 \
|
||||
-c "using extended master secret"\
|
||||
-s "using extended master secret"\
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
|
||||
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=1 min_version=tls1_2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "using extended master secret"\
|
||||
-s "using extended master secret"\
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
|
||||
"$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=1 min_version=tls1_2 \
|
||||
force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
|
||||
"$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
|
||||
psk_identity=abc psk=dead extended_ms=1" \
|
||||
0 \
|
||||
-c "using extended master secret"\
|
||||
-s "using extended master secret"\
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_slot=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_slot=2 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-s "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_slot=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_slot=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
0 \
|
||||
-C "skip PMS generation for opaque PSK"\
|
||||
-C "using extended master secret"\
|
||||
-S "using extended master secret"\
|
||||
-S "SSL - None of the common ciphersuites is usable" \
|
||||
-S "SSL - Unknown identity received" \
|
||||
-S "SSL - Verification of the message MAC failed"
|
||||
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
|
||||
"$P_SRV extended_ms=0 psk_slot=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
|
||||
"$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
psk_identity=def psk=beef" \
|
||||
1 \
|
||||
-s "SSL - Verification of the message MAC failed"
|
||||
|
||||
run_test "PSK callback: no psk, no callback" \
|
||||
"$P_SRV" \
|
||||
"$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user