espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2026-06-05 21:14:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'development' into development-restricted

Browse Source
This commit is contained in:
Gilles Peskine
2026-03-03 19:00:20 +01:00
parent 5e54829b68 1d088bb84e
commit 3d4b7cd3f9
49 changed files with 883 additions and 741 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/CMakeLists.txt
+2 -2
View File
@@ -58,10 +58,10 @@ if(GEN_FILES)
${CMAKE_CURRENT_SOURCE_DIR}/..
COMMAND
"${MBEDTLS_PYTHON_EXECUTABLE}"
"${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
"${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py"
DEPENDS
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
${PROJECT_SOURCE_DIR}/scripts/generate_tls_handshake_tests.py
)
add_custom_target(handshake-generated.sh
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)
tests/Makefile
+2 -2
View File
@@ -45,9 +45,9 @@ GENERATED_FILES = \
.PHONY: ssl-opt
opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
opt-testcases/handshake-generated.sh: ../scripts/generate_tls_handshake_tests.py
echo " Gen $@"
$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
$(PYTHON) ../scripts/generate_tls_handshake_tests.py -o $@
GENERATED_FILES += opt-testcases/handshake-generated.sh
ssl-opt: opt-testcases/handshake-generated.sh
tests/scripts/analyze_outcomes.py
+1 -455
View File
@@ -218,463 +218,9 @@ class CoverageTask(outcome_analysis.CoverageTask):
],
}
# The names that we give to classes derived from DriverVSReference do not
# follow the usual naming convention, because it's more readable to use
# underscores and parts of the configuration names. Also, these classes
# are just there to specify some data, so they don't need repetitive
# documentation.
#pylint: disable=invalid-name,missing-class-docstring
class DriverVSReference_hash(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_hash_use_psa'
DRIVER = 'test_psa_crypto_config_accel_hash_use_psa'
IGNORED_SUITES = [
# the software implementations that are being excluded
'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax',
'md.psa', # purposefully depends on whether drivers are present
'psa_crypto_low_hash.generated', # testing the builtins
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
}
class DriverVSReference_hmac(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_hmac'
DRIVER = 'test_psa_crypto_config_accel_hmac'
IGNORED_SUITES = [
# These suites require legacy hash support, which is disabled
# in the accelerated component.
'mdx', 'sha1', 'sha256', 'sha3', 'sha512', 'shax',
# This suite tests builtins directly, but these are missing
# in the accelerated case.
'psa_crypto_low_hash.generated',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(MD5|RIPEMD160|SHA[0-9]+)_.*'),
re.compile(r'.*\bMBEDTLS_MD_C\b')
],
'test_suite_md': [
# Builtin HMAC is not supported in the accelerate component.
re.compile('.*HMAC.*'),
# Following tests make use of functions which are not available
# when MD_C is disabled, as it happens in the accelerated
# test component.
re.compile('generic .* Hash file .*'),
'MD list',
],
'test_suite_md.psa': [
# "legacy only" tests require hash algorithms to be NOT
# accelerated, but this of course false for the accelerated
# test component.
re.compile('PSA dispatch .* legacy only'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
}
class DriverVSReference_cipher_aead_cmac(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_cipher_aead_cmac'
DRIVER = 'test_psa_crypto_config_accel_cipher_aead_cmac'
# Modules replaced by drivers.
IGNORED_SUITES = [
# low-level (block/stream) cipher modules
'aes', 'aria', 'camellia', 'des', 'chacha20',
# AEAD modes, CMAC and POLY1305
'ccm', 'chachapoly', 'cmac', 'gcm', 'poly1305',
# The Cipher abstraction layer
'cipher',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA|CHACHA20|DES)_.*'),
re.compile(r'.*\bMBEDTLS_(CCM|CHACHAPOLY|CMAC|GCM|POLY1305)_.*'),
re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
re.compile(r'.*\bMBEDTLS_CIPHER_.*'),
],
# PEM decryption is not supported so far.
# The rest of PEM (write, unencrypted read) works though.
'test_suite_pem': [
re.compile(r'PEM read .*(AES|DES|\bencrypt).*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# Following tests depend on AES_C/DES_C but are not about
# them really, just need to know some error code is there.
'test_suite_error': [
'Low and high error',
'Single low error'
],
# The en/decryption part of PKCS#12 is not supported so far.
# The rest of PKCS#12 (key derivation) works though.
'test_suite_pkcs12': [
re.compile(r'PBE Encrypt, .*'),
re.compile(r'PBE Decrypt, .*'),
],
# The en/decryption part of PKCS#5 is not supported so far.
# The rest of PKCS#5 (PBKDF2) works though.
'test_suite_pkcs5': [
re.compile(r'PBES2 Encrypt, .*'),
re.compile(r'PBES2 Decrypt .*'),
],
# Encrypted keys are not supported so far.
# pylint: disable=line-too-long
'test_suite_pkparse': [
'Key ASN1 (Encrypted key PKCS12, trailing garbage data)',
'Key ASN1 (Encrypted key PKCS5, trailing garbage data)',
re.compile(r'Parse (RSA|EC) Key .*\(.* ([Ee]ncrypted|password).*\)'),
],
# Encrypted keys are not supported so far.
'ssl-opt': [
'TLS: password protected server key',
'TLS: password protected client key',
'TLS: password protected server key, two certificates',
],
}
class DriverVSReference_ecp_light_only(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_ecp_light_only'
DRIVER = 'test_psa_crypto_config_accel_ecc_ecp_light_only'
IGNORED_SUITES = [
# Modules replaced by drivers
'ecdsa', 'ecdh', 'ecjpake',
# Unit tests for the built-in implementation
'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# This test wants a legacy function that takes f_rng, p_rng
# arguments, and uses legacy ECDSA for that. The test is
# really about the wrapper around the PSA RNG, not ECDSA.
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
# In the accelerated test ECP_C is not set (only ECP_LIGHT is)
# so we must ignore disparities in the tests for which ECP_C
# is required.
'test_suite_ecp': [
re.compile(r'ECP check public-private .*'),
re.compile(r'ECP calculate public: .*'),
re.compile(r'ECP gen keypair .*'),
re.compile(r'ECP point muladd .*'),
re.compile(r'ECP point multiplication .*'),
re.compile(r'ECP test vectors .*'),
],
}
class DriverVSReference_no_ecp_at_all(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_no_ecp_at_all'
DRIVER = 'test_psa_crypto_config_accel_ecc_no_ecp_at_all'
IGNORED_SUITES = [
# Modules replaced by drivers
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
# Unit tests for the built-in implementation
'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
'test_suite_pkparse': [
# When PK_PARSE_C and ECP_C are defined then PK_PARSE_EC_COMPRESSED
# is automatically enabled in build_info.h (backward compatibility)
# even if it is disabled in config_psa_crypto_no_ecp_at_all(). As a
# consequence compressed points are supported in the reference
# component but not in the accelerated one, so they should be skipped
# while checking driver's coverage.
re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'),
],
}
class DriverVSReference_ecc_no_bignum(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_no_bignum'
DRIVER = 'test_psa_crypto_config_accel_ecc_no_bignum'
IGNORED_SUITES = [
# Modules replaced by drivers
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
# Unit tests for the built-in implementation
'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
# See no_ecp_at_all
'test_suite_pkparse': [
re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
}
class DriverVSReference_ecc_ffdh_no_bignum(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ecc_ffdh_no_bignum'
DRIVER = 'test_psa_crypto_config_accel_ecc_ffdh_no_bignum'
IGNORED_SUITES = [
# Modules replaced by drivers
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
# Unit tests for the built-in implementation
'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECJPAKE|ECP)_.*'),
re.compile(r'.*\bMBEDTLS_PK_PARSE_EC_COMPRESSED\b.*'),
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
# See no_ecp_at_all
'test_suite_pkparse': [
re.compile(r'Parse EC Key .*compressed\)'),
re.compile(r'Parse Public EC Key .*compressed\)'),
],
'test_suite_asn1parse': [
'INTEGER too large for mpi',
],
'test_suite_asn1write': [
re.compile(r'ASN.1 Write mpi.*'),
],
'test_suite_debug': [
re.compile(r'Debug print mbedtls_mpi.*'),
],
}
class DriverVSReference_ffdh_alg(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_ffdh'
DRIVER = 'test_psa_crypto_config_accel_ffdh'
IGNORED_TESTS = {
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
}
class DriverVSReference_tfm_config(outcome_analysis.DriverVSReference):
REFERENCE = 'test_tfm_config_no_p256m'
DRIVER = 'test_tfm_config_p256m_driver_accel_ec'
IGNORED_SUITES = [
# Modules replaced by drivers
'asn1parse', 'asn1write',
'ecp', 'ecdsa', 'ecdh', 'ecjpake',
'bignum_core', 'bignum_random', 'bignum_mod', 'bignum_mod_raw',
'bignum.generated', 'bignum.misc',
# Unit tests for the built-in implementation
'psa_crypto_ecp',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_BIGNUM_C\b.*'),
re.compile(r'.*\bMBEDTLS_(ASN1\w+)_C\b.*'),
re.compile(r'.*\bMBEDTLS_(ECDH|ECDSA|ECP)_.*'),
re.compile(r'.*\bMBEDTLS_PSA_P256M_DRIVER_ENABLED\b.*')
],
'test_suite_config.crypto_combinations': [
'Config: ECC: Weierstrass curves only',
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# See ecp_light_only
'test_suite_random': [
'PSA classic wrapper: ECDSA signature (SECP256R1)',
],
}
class DriverVSReference_rsa(outcome_analysis.DriverVSReference):
REFERENCE = 'test_psa_crypto_config_reference_rsa_crypto'
DRIVER = 'test_psa_crypto_config_accel_rsa_crypto'
IGNORED_SUITES = [
# Modules replaced by drivers.
'rsa', 'pkcs1_v15', 'pkcs1_v21',
# We temporarily don't care about PK stuff.
'pk', 'pkwrite', 'pkparse'
]
IGNORED_TESTS = {
'test_suite_bignum.misc': [
re.compile(r'.*\bmbedtls_mpi_is_prime.*'),
re.compile(r'.*\bmbedtls_mpi_gen_prime.*'),
],
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(PKCS1|RSA)_.*'),
re.compile(r'.*\bMBEDTLS_GENPRIME\b.*')
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
# Following tests depend on RSA_C but are not about
# them really, just need to know some error code is there.
'test_suite_error': [
'Low and high error',
'Single high error'
],
# Constant time operations only used for PKCS1_V15
'test_suite_constant_time': [
re.compile(r'mbedtls_ct_zeroize_if .*'),
re.compile(r'mbedtls_ct_memmove_left .*')
],
'test_suite_psa_crypto': [
# We don't support generate_key_custom entry points
# in drivers yet.
re.compile(r'PSA generate key custom: RSA, e=.*'),
re.compile(r'PSA generate key ext: RSA, e=.*'),
],
}
class DriverVSReference_block_cipher_dispatch(outcome_analysis.DriverVSReference):
REFERENCE = 'test_full_block_cipher_legacy_dispatch'
DRIVER = 'test_full_block_cipher_psa_dispatch'
IGNORED_SUITES = [
# Skipped in the accelerated component
'aes', 'aria', 'camellia',
# These require AES_C, ARIA_C or CAMELLIA_C to be enabled in
# order for the cipher module (actually cipher_wrapper) to work
# properly. However these symbols are disabled in the accelerated
# component so we ignore them.
'cipher.ccm', 'cipher.gcm', 'cipher.aes', 'cipher.aria',
'cipher.camellia',
]
IGNORED_TESTS = {
'test_suite_config': [
re.compile(r'.*\bMBEDTLS_(AES|ARIA|CAMELLIA)_.*'),
re.compile(r'.*\bMBEDTLS_AES(\w+)_C\b.*'),
],
'test_suite_cmac': [
# Following tests require AES_C/ARIA_C/CAMELLIA_C to be enabled,
# but these are not available in the accelerated component.
'CMAC null arguments',
re.compile('CMAC.* (AES|ARIA|Camellia).*'),
],
'test_suite_cipher.padding': [
# Following tests require AES_C/CAMELLIA_C to be enabled,
# but these are not available in the accelerated component.
re.compile('Set( non-existent)? padding with (AES|CAMELLIA).*'),
],
'test_suite_pkcs5': [
# The AES part of PKCS#5 PBES2 is not yet supported.
# The rest of PKCS#5 (PBKDF2) works, though.
re.compile(r'PBES2 .* AES-.*')
],
'test_suite_pkparse': [
# PEM (called by pkparse) requires AES_C in order to decrypt
# the key, but this is not available in the accelerated
# component.
re.compile('Parse RSA Key.*(password|AES-).*'),
],
'test_suite_pem': [
# Following tests require AES_C, but this is diabled in the
# accelerated component.
re.compile('PEM read .*AES.*'),
'PEM read (unknown encryption algorithm)',
],
'test_suite_error': [
# Following tests depend on AES_C but are not about them
# really, just need to know some error code is there.
'Single low error',
'Low and high error',
],
'test_suite_platform': [
# Incompatible with sanitizers (e.g. ASan). If the driver
# component uses a sanitizer but the reference component
# doesn't, we have a PASS vs SKIP mismatch.
'Check mbedtls_calloc overallocation',
],
}
#pylint: enable=invalid-name,missing-class-docstring
# List of tasks with a function that can handle this task and additional arguments if required
KNOWN_TASKS = {
KNOWN_TASKS: typing.Dict[str, typing.Type[outcome_analysis.Task]] = {
'analyze_coverage': CoverageTask,
'analyze_driver_vs_reference_hash': DriverVSReference_hash,
'analyze_driver_vs_reference_hmac': DriverVSReference_hmac,
'analyze_driver_vs_reference_cipher_aead_cmac': DriverVSReference_cipher_aead_cmac,
'analyze_driver_vs_reference_ecp_light_only': DriverVSReference_ecp_light_only,
'analyze_driver_vs_reference_no_ecp_at_all': DriverVSReference_no_ecp_at_all,
'analyze_driver_vs_reference_ecc_no_bignum': DriverVSReference_ecc_no_bignum,
'analyze_driver_vs_reference_ecc_ffdh_no_bignum': DriverVSReference_ecc_ffdh_no_bignum,
'analyze_driver_vs_reference_ffdh_alg': DriverVSReference_ffdh_alg,
'analyze_driver_vs_reference_tfm_config': DriverVSReference_tfm_config,
'analyze_driver_vs_reference_rsa': DriverVSReference_rsa,
'analyze_block_cipher_dispatch': DriverVSReference_block_cipher_dispatch,
}
if __name__ == '__main__':
tests/scripts/components-basic-checks.sh
+5 -4
View File
@@ -19,14 +19,14 @@ component_check_recursion () {
component_check_generated_files () {
msg "Check make_generated_files.py consistency"
$MAKE_COMMAND neat
$FRAMEWORK/scripts/make_generated_files.py
$FRAMEWORK/scripts/make_generated_files.py --check
scripts/make_generated_files.py
scripts/make_generated_files.py --check
$MAKE_COMMAND neat
msg "Check files generated with make"
MBEDTLS_ROOT_DIR="$PWD"
$MAKE_COMMAND generated_files
$FRAMEWORK/scripts/make_generated_files.py --check
scripts/make_generated_files.py --check
cd $TF_PSA_CRYPTO_ROOT_DIR
./framework/scripts/make_generated_files.py --check
@@ -39,10 +39,11 @@ component_check_generated_files () {
make
cd "$MBEDTLS_ROOT_DIR"
$FRAMEWORK/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check
scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR" --check
cd $TF_PSA_CRYPTO_ROOT_DIR
./framework/scripts/make_generated_files.py --root "$OUT_OF_SOURCE_DIR/tf-psa-crypto" --check
cd "$MBEDTLS_ROOT_DIR"
# This component ends with the generated files present in the source tree.
# This is necessary for subsequent components!
tests/scripts/components-configuration-crypto.sh
+1 -1
View File
@@ -528,7 +528,7 @@ component_test_crypto_for_psa_service () {
component_build_crypto_baremetal () {
msg "build: make, crypto only, baremetal config"
scripts/config.py crypto_baremetal
CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/" cmake .
CFLAGS="-O1 -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE" cmake .
cmake --build .
ctest
are_empty_libraries library/libmbedx509.* library/libmbedtls.*
tests/scripts/components-configuration.sh
+1 -1
View File
@@ -220,7 +220,7 @@ component_test_full_deprecated_warning () {
component_build_baremetal () {
msg "build: make, baremetal config"
scripts/config.py baremetal
$MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/"
$MAKE_COMMAND CFLAGS="-O1 -Werror -I$PWD/framework/tests/include/baremetal-override/ -DMBEDTLS_TEST_PLATFORM_IS_NOT_UNIXLIKE"
}
support_build_baremetal () {
tests/ssl-opt.sh
+50 -50
View File
@@ -9914,6 +9914,7 @@ run_test "DTLS reassembly: some fragmentation (gnutls server)" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -9923,6 +9924,8 @@ run_test "DTLS reassembly: more fragmentation (gnutls server)" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "ServerKeyExchange handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -9932,6 +9935,8 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "ServerKeyExchange handshake message has been buffered and reassembled" \
-C "error"
requires_gnutls
@@ -9942,6 +9947,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
"$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
@@ -9957,6 +9963,7 @@ run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
"$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-c "client hello, adding renegotiation extension" \
-c "found renegotiation extension" \
-c "=> renegotiate" \
@@ -9972,20 +9979,17 @@ run_test "DTLS reassembly: no fragmentation (openssl server)" \
-C "found fragmented DTLS handshake message" \
-C "error"
# Minimum possible MTU for OpenSSL server: 256 bytes.
# We expect the server Certificate handshake to be fragmented and verify that
# this is the case. Depending on the configuration, other handshake messages may
# also be fragmented.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: some fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS reassembly: more fragmentation (openssl server)" \
run_test "DTLS reassembly: fragmentation (openssl server)" \
"$O_SRV -dtls -mtu 256" \
"$P_CLI dtls=1 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
@@ -9994,6 +9998,7 @@ run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
"$P_CLI dtls=1 nbio=2 debug_level=2" \
0 \
-c "found fragmented DTLS handshake message" \
-c "Certificate handshake message has been buffered and reassembled" \
-C "error"
# Tests for sending fragmented handshake messages with DTLS
@@ -10662,7 +10667,7 @@ run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
# We use --insecure for the GnuTLS client because it expects
@@ -10684,7 +10689,7 @@ run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
mtu=512 force_version=dtls12" \
"$G_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
@@ -10696,7 +10701,7 @@ run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
@@ -10709,7 +10714,7 @@ run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
# interop tests for DTLS fragmentating with unreliable connection
#
@@ -10728,7 +10733,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
requires_gnutls_next
@@ -10744,7 +10749,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$G_NEXT_CLI -u --insecure 127.0.0.1" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
## The test below requires 1.1.1a or higher version of openssl, otherwise
## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902)
@@ -10761,7 +10766,7 @@ run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
key_file=$DATA_FILES_PATH/server8.key \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
0 \
-c "fragmenting handshake message" \
-c "fragmenting Certificate handshake message" \
-C "error"
## the test below will time out with certain seed.
@@ -10779,7 +10784,7 @@ run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
hs_timeout=250-60000 mtu=512 force_version=dtls12" \
"$O_CLI -dtls1_2" \
0 \
-s "fragmenting handshake message"
-s "fragmenting Certificate handshake message"
# Tests for DTLS-SRTP (RFC 5764)
requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
@@ -11496,9 +11501,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
hs_timeout=2500-60000" \
0 \
-c "Buffering HS message" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered$"\
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered"\
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11516,9 +11521,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message fragment on
-c "Buffering HS message" \
-c "found fragmented DTLS handshake message"\
-c "Next handshake message 1 not or only partially buffered" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered and reassembled"\
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11539,10 +11544,11 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
hs_timeout=2500-60000" \
0 \
-c "Buffering HS message" \
-c "Next handshake message has been buffered - load"\
-c "Certificate handshake message has been buffered and reassembled"\
-c "ServerKeyExchange handshake message has been buffered$"\
-C "attempt to make space by freeing buffered messages" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11566,7 +11572,7 @@ run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling nex
-c "attempt to make space by freeing buffered future messages" \
-c "Enough space available after freeing buffered HS messages" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load"\
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11582,9 +11588,9 @@ run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-s "Buffering HS message" \
-s "Next handshake message has been buffered - load" \
-s "ClientKeyExchange handshake message has been buffered$" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11601,9 +11607,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load" \
-S "handshake message has been buffered" \
-c "Injecting buffered CCS message" \
-c "Remember CCS message" \
-S "Injecting buffered CCS message" \
@@ -11619,9 +11625,9 @@ run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
hs_timeout=2500-60000" \
0 \
-C "Buffering HS message" \
-C "Next handshake message has been buffered - load"\
-C "handshake message has been buffered" \
-S "Buffering HS message" \
-S "Next handshake message has been buffered - load" \
-S "handshake message has been buffered" \
-C "Injecting buffered CCS message" \
-C "Remember CCS message" \
-s "Injecting buffered CCS message" \
@@ -11857,10 +11863,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 768" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
-c "HTTP/1.0 200 OK" \
-c "Certificate handshake message has been buffered and reassembled"
requires_openssl_next
client_needs_more_time 8
@@ -11868,10 +11875,11 @@ not_with_valgrind # risk of non-mbedtls peer timing out
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
"$O_NEXT_SRV -dtls1_2 -mtu 768" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
"$O_NEXT_SRV -dtls1_2 -mtu 256" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2 tickets=0" \
0 \
-c "HTTP/1.0 200 OK"
-c "HTTP/1.0 200 OK" \
-c "Certificate handshake message has been buffered and reassembled"
requires_gnutls
client_needs_more_time 6
@@ -11892,10 +11900,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-c "Extra-header:" \
-c "Certificate handshake message has been buffered and reassembled"
requires_gnutls_next
client_needs_more_time 8
@@ -11904,10 +11913,11 @@ requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
-p "$P_PXY drop=5 delay=5 duplicate=5" \
"$G_NEXT_SRV -u --mtu 512" \
"$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
"$P_CLI dgram_packing=0 dtls=1 debug_level=2 hs_timeout=500-60000 nbio=2" \
0 \
-s "Extra-header:" \
-c "Extra-header:"
-c "Extra-header:" \
-c "Certificate handshake message has been buffered and reassembled"
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "export keys functionality" \
@@ -13766,16 +13776,6 @@ run_test "TLS 1.2 ClientHello indicating support for deflate compression meth
# Most test cases are in opt-testcases/handshake-generated.sh
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_certificate_authentication
run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \
"$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
"$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
1 \
-s "The SSL configuration is tls12 only" \
-s "bad client hello message" \
-s "SSL - A message could not be parsed due to a syntactic error"
# Test server-side buffer resizing with fragmented handshake on TLS1.2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
tests/suites/test_suite_debug.data
+34
View File
@@ -1,12 +1,46 @@
printf "%" MBEDTLS_PRINTF_SIZET, 0
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0:"0"
printf "%" MBEDTLS_PRINTF_SIZET, 1 byte
printf_int_expr:PRINTF_SIZET:sizeof(size_t):42:"42"
printf "%" MBEDTLS_PRINTF_SIZET, 4 bytes
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_SIZET, 8 bytes
depends_on:SIZE_MAX>=0xffffffffffffffff
printf_int_expr:PRINTF_SIZET:sizeof(size_t):0xfedcba9876543210:"18364758544493064720"
printf "%" MBEDTLS_PRINTF_LONGLONG, 0
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0:"0"
printf "%" MBEDTLS_PRINTF_LONGLONG, 1 byte
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):42:"42"
printf "%" MBEDTLS_PRINTF_LONGLONG, 4 bytes
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):0x7edcba9876543210:"9141386507638288912"
printf "%" MBEDTLS_PRINTF_LONGLONG, 8 bytes, negative
printf_int_expr:PRINTF_LONGLONG:sizeof(long long):-0x7edcba9876543210:"-9141386507638288912"
printf "%" MBEDTLS_PRINTF_MS_TIME, 0
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0:"0"
printf "%" MBEDTLS_PRINTF_MS_TIME, 1 byte
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):42:"42"
printf "%" MBEDTLS_PRINTF_MS_TIME, 4 bytes
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0xfedcba98:"4275878552"
printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):0x7edcba9876543210:"9141386507638288912"
printf "%" MBEDTLS_PRINTF_MS_TIME, 8 bytes, negative
printf_int_expr:PRINTF_MS_TIME:sizeof(mbedtls_ms_time_t):-0x7edcba9876543210:"-9141386507638288912"
Debug print msg (threshold 1, level 0)
debug_print_msg_threshold:1:0:"MyFile":999:"MyFile(0999)\: Text message, 2 == 2\n"
tests/suites/test_suite_debug.function
+3 -3
View File
@@ -116,11 +116,11 @@ void printf_int_expr(int format_indicator, intmax_t sizeof_x, intmax_t x, char *
/* Nominal case: buffer just large enough */
TEST_CALLOC(output, n + 1);
if ((size_t) sizeof_x <= sizeof(int)) { // Any smaller integers would be promoted to an int due to calling a vararg function
TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (int) x));
TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (int) x));
} else if (sizeof_x == sizeof(long)) {
TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long) x));
TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long) x));
} else if (sizeof_x == sizeof(long long)) {
TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, (long long) x));
TEST_EQUAL(n, mbedtls_debug_snprintf(output, n + 1, format, (long long) x));
} else {
TEST_FAIL(
"sizeof_x <= sizeof(int) || sizeof_x == sizeof(long) || sizeof_x == sizeof(long long)");
tests/suites/test_suite_ssl.data
+160
View File
@@ -3031,6 +3031,166 @@ ssl_serialize_session_load_buf_size:0:"":MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_VERSI
Test configuration of EC groups through mbedtls_ssl_conf_groups()
conf_group:
Get supported group list: x25519, positive
depends_on:PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:1
Get supported group list: x25519, negative
depends_on:!PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:0
Get supported group list: secp256r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:1
Get supported group list: secp256r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:0
Get supported group list: secp384r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:1
Get supported group list: secp384r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:0
Get supported group list: x448, positive
depends_on:PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:1
Get supported group list: x448, negative
depends_on:!PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_X448:0
Get supported group list: secp521r1, positive
depends_on:PSA_WANT_ECC_SECP_R1_521
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:1
Get supported group list: secp521r1, negative
depends_on:!PSA_WANT_ECC_SECP_R1_521
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:0
Get supported group list: brainpool256r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:1
Get supported group list: brainpool256r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:0
Get supported group list: brainpool384r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:1
Get supported group list: brainpool384r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:0
Get supported group list: brainpool512r1, positive
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:1
Get supported group list: brainpool512r1, negative
depends_on:!PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:0
Get supported group list: ffdhe2048, positive
depends_on:PSA_WANT_DH_RFC7919_2048
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:1
Get supported group list: ffdhe2048, negative
depends_on:!PSA_WANT_DH_RFC7919_2048
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:0
Get supported group list: ffdhe3072, positive
depends_on:PSA_WANT_DH_RFC7919_3072
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:1
Get supported group list: ffdhe3072, negative
depends_on:!PSA_WANT_DH_RFC7919_3072
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:0
Get supported group list: ffdhe4096, positive
depends_on:PSA_WANT_DH_RFC7919_4096
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:1
Get supported group list: ffdhe4096, negative
depends_on:!PSA_WANT_DH_RFC7919_4096
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:0
Get supported group list: ffdhe6144, positive
depends_on:PSA_WANT_DH_RFC7919_6144
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:1
Get supported group list: ffdhe6144, negative
depends_on:!PSA_WANT_DH_RFC7919_6144
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:0
Get supported group list: ffdhe8192, positive
depends_on:PSA_WANT_DH_RFC7919_8192
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:1
Get supported group list: ffdhe8192, negative
depends_on:!PSA_WANT_DH_RFC7919_8192
test_mbedtls_ssl_get_supported_group_list:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:0
TLS ID <-> group name: x25519
depends_on:PSA_WANT_ECC_MONTGOMERY_255
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X25519:"x25519"
TLS ID <-> group name: secp256r1
depends_on:PSA_WANT_ECC_SECP_R1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256R1:"secp256r1"
TLS ID <-> group name: secp256k1
depends_on:PSA_WANT_ECC_SECP_K1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP256K1:"secp256k1"
TLS ID <-> group name: secp384r1
depends_on:PSA_WANT_ECC_SECP_R1_384
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP384R1:"secp384r1"
TLS ID <-> group name: x448
depends_on:PSA_WANT_ECC_MONTGOMERY_448
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_X448:"x448"
TLS ID <-> group name: secp521r1
depends_on:PSA_WANT_ECC_SECP_R1_521
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_SECP521R1:"secp521r1"
TLS ID <-> group name: brainpoolP256r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_256
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP256R1:"brainpoolP256r1"
TLS ID <-> group name: brainpoolP384r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_384
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP384R1:"brainpoolP384r1"
TLS ID <-> group name: brainpoolP512r1
depends_on:PSA_WANT_ECC_BRAINPOOL_P_R1_512
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_BP512R1:"brainpoolP512r1"
TLS ID <-> group name: ffdhe2048
depends_on:PSA_WANT_DH_RFC7919_2048
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE2048:"ffdhe2048"
TLS ID <-> group name: ffdhe3072
depends_on:PSA_WANT_DH_RFC7919_3072
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE3072:"ffdhe3072"
TLS ID <-> group name: ffdhe4096
depends_on:PSA_WANT_DH_RFC7919_4096
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE4096:"ffdhe4096"
TLS ID <-> group name: ffdhe6144
depends_on:PSA_WANT_DH_RFC7919_6144
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE6144:"ffdhe6144"
TLS ID <-> group name: ffdhe8192
depends_on:PSA_WANT_DH_RFC7919_8192
test_mbedtls_tls_id_group_name_table:MBEDTLS_SSL_IANA_TLS_GROUP_FFDHE8192:"ffdhe8192"
Version config: valid client TLS 1.2 only
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
conf_version:MBEDTLS_SSL_IS_CLIENT:MBEDTLS_SSL_TRANSPORT_STREAM:MBEDTLS_SSL_VERSION_TLS1_2:MBEDTLS_SSL_VERSION_TLS1_2:0
tests/suites/test_suite_ssl.function
+59
View File
@@ -3574,6 +3574,65 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE */
void test_mbedtls_ssl_get_supported_group_list(int iana_group_id, int is_available)
{
const uint16_t *list = mbedtls_ssl_get_supported_group_list();
int found = 0;
/* First: go through the list returned by mbedtls_ssl_get_supported_group_list() and
* check that the specified group ID is supported/unsupported as expected. */
for (int i = 0; list[i] != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; i++) {
if (list[i] == iana_group_id) {
found = 1;
break;
}
}
TEST_EQUAL(found, is_available);
/* Second: check that supported/unsupported property for the specified group is also
* correctly set in the array initialized by MBEDTLS_SSL_IANA_TLS_GROUP_INFO. */
mbedtls_ssl_iana_tls_group_info_t group_info_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
mbedtls_ssl_iana_tls_group_info_t *ptr;
for (ptr = &group_info_table[0]; ptr->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; ptr++) {
if (ptr->tls_id == iana_group_id) {
TEST_EQUAL(ptr->is_supported, is_available);
}
}
exit:;
}
/* END_CASE */
/* BEGIN_CASE */
void test_mbedtls_tls_id_group_name_table(int group_id, char *group_name)
{
mbedtls_ssl_iana_tls_group_info_t test_table[] = MBEDTLS_SSL_IANA_TLS_GROUPS_INFO;
mbedtls_ssl_iana_tls_group_info_t *item;
const char *table_name = NULL;
/* Ensure that the list includes at least 1 valid entry. */
TEST_ASSERT(test_table[0].tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE);
for (item = &test_table[0]; item->tls_id != MBEDTLS_SSL_IANA_TLS_GROUP_NONE; item++) {
if (item->tls_id == group_id) {
table_name = item->group_name;
}
}
TEST_ASSERT(table_name != NULL);
TEST_MEMORY_COMPARE(table_name, strlen(table_name), group_name, strlen(group_name));
#if defined(MBEDTLS_DEBUG_C)
const char *builtin_table_name = mbedtls_ssl_get_curve_name_from_tls_id(group_id);
TEST_MEMORY_COMPARE(builtin_table_name, strlen(builtin_table_name), group_name,
strlen(group_name));
#endif /* MBEDTLS_DEBUG_C */
exit:;
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SSL_SRV_C:MBEDTLS_SSL_CACHE_C:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_DEBUG_C:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:MBEDTLS_RSA_C:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_PKCS1_V15:PSA_WANT_ALG_SHA_256 */
void force_bad_session_id_len()
{