AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Test restartable ECC with a curve that supports it

Browse Source 
The default curve is now Curve25519, which doesn't support restartable ECC.
So run the restartable ECC tests with a curve that does support it. Use
secp256r1 which is required for these tests anyway for the server's
certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-03 11:12:40 +02:00
parent 3b3aa36962
commit 4a02cef402
1 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
tests/ssl-opt.sh
View File

@ -5933,9 +5933,12 @@ run_test "Large server packet TLS 1.2 AEAD shorter tag" \
# Tests for restartable ECC
# Force the use of a curve that supports restartable ECC (secp256r1).
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, default" \
"$P_SRV auth_mode=required" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1" \
@ -5946,8 +5949,9 @@ run_test "EC restart: TLS, default" \
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=0" \
"$P_SRV auth_mode=required" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=0" \
@ -5958,8 +5962,9 @@ run_test "EC restart: TLS, max_ops=0" \
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=65535" \
"$P_SRV auth_mode=required" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=65535" \
@ -5970,8 +5975,9 @@ run_test "EC restart: TLS, max_ops=65535" \
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000" \
"$P_SRV auth_mode=required" \
"$P_SRV curves=secp256r1 auth_mode=required" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
debug_level=1 ec_max_ops=1000" \
@ -5982,8 +5988,9 @@ run_test "EC restart: TLS, max_ops=1000" \
-c "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, badsign" \
"$P_SRV auth_mode=required \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -5999,8 +6006,9 @@ run_test "EC restart: TLS, max_ops=1000, badsign" \
-c "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
"$P_SRV auth_mode=required \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -6016,8 +6024,9 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
"$P_SRV auth_mode=required \
"$P_SRV curves=secp256r1 auth_mode=required \
crt_file=data_files/server5-badsign.crt \
key_file=data_files/server5.key" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
@ -6033,8 +6042,9 @@ run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
-C "X509 - Certificate verification failed"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: DTLS, max_ops=1000" \
"$P_SRV auth_mode=required dtls=1" \
"$P_SRV curves=secp256r1 auth_mode=required dtls=1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
key_file=data_files/server5.key crt_file=data_files/server5.crt \
dtls=1 debug_level=1 ec_max_ops=1000" \
@ -6045,8 +6055,9 @@ run_test "EC restart: DTLS, max_ops=1000" \
-c "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000 no client auth" \
"$P_SRV" \
"$P_SRV curves=secp256r1" \
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
debug_level=1 ec_max_ops=1000" \
0 \
@ -6056,8 +6067,9 @@ run_test "EC restart: TLS, max_ops=1000 no client auth" \
-C "mbedtls_pk_sign.*4b00"
requires_config_enabled MBEDTLS_ECP_RESTARTABLE
requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
"$P_SRV psk=abc123" \
"$P_SRV curves=secp256r1 psk=abc123" \
"$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
psk=abc123 debug_level=1 ec_max_ops=1000" \
0 \