mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 20:11:06 +00:00
compat.sh: add ARIA interop tests with OpenSSL
Disabled by default, needs OpenSSL >= 1.1.1 - tested locally with 1.1.1-pre1 Local version of OpenSSL was compiled with: ./config --prefix=$HOME/usr/openssl-1.1.1-pre1 -Wl,--enable-new-dtags,-rpath,'$(LIBRPATH)' make make install With OpenSSL 1.1.1-pre1, two ciphersuites were incorrectly skipped, but this has since been fixed in OpenSSL master, see: https://github.com/openssl/openssl/issues/5406
This commit is contained in:
parent
a0e47088d8
commit
7299dfd86b
|
@ -53,7 +53,12 @@ MODES="tls1 tls1_1 tls1_2 dtls1 dtls1_2"
|
||||||
VERIFIES="NO YES"
|
VERIFIES="NO YES"
|
||||||
TYPES="ECDSA RSA PSK"
|
TYPES="ECDSA RSA PSK"
|
||||||
FILTER=""
|
FILTER=""
|
||||||
EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR' # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
|
# exclude:
|
||||||
|
# - NULL: excluded from our default config
|
||||||
|
# - RC4, single-DES: requires legacy OpenSSL/GnuTLS versions
|
||||||
|
# avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL)
|
||||||
|
# - ARIA: requires OpenSSL >= 1.1.1
|
||||||
|
EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA'
|
||||||
VERBOSE=""
|
VERBOSE=""
|
||||||
MEMCHECK=0
|
MEMCHECK=0
|
||||||
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
PEERS="OpenSSL$PEER_GNUTLS mbedTLS"
|
||||||
|
@ -226,6 +231,9 @@ reset_ciphersuites()
|
||||||
G_CIPHERS=""
|
G_CIPHERS=""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Ciphersuites that can be used with all peers.
|
||||||
|
# Since we currently have three possible peers, each ciphersuite should appear
|
||||||
|
# three times: in each peer's list (with the name that this peer uses).
|
||||||
add_common_ciphersuites()
|
add_common_ciphersuites()
|
||||||
{
|
{
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
@ -422,6 +430,12 @@ add_common_ciphersuites()
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Ciphersuites usable only with Mbed TLS and OpenSSL
|
||||||
|
# Each ciphersuite should appear two times, once with its OpenSSL name, once
|
||||||
|
# with its Mbed TLS name.
|
||||||
|
#
|
||||||
|
# NOTE: for some reason RSA-PSK doesn't work with OpenSSL,
|
||||||
|
# so RSA-PSK ciphersuites need to go in other sections.
|
||||||
add_openssl_ciphersuites()
|
add_openssl_ciphersuites()
|
||||||
{
|
{
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
@ -451,12 +465,16 @@ add_openssl_ciphersuites()
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
TLS-ECDH-ECDSA-WITH-AES-256-CBC-SHA384 \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
TLS-ECDH-ECDSA-WITH-AES-128-GCM-SHA256 \
|
||||||
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
TLS-ECDH-ECDSA-WITH-AES-256-GCM-SHA384 \
|
||||||
|
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
"
|
"
|
||||||
O_CIPHERS="$O_CIPHERS \
|
O_CIPHERS="$O_CIPHERS \
|
||||||
ECDH-ECDSA-AES128-SHA256 \
|
ECDH-ECDSA-AES128-SHA256 \
|
||||||
ECDH-ECDSA-AES256-SHA384 \
|
ECDH-ECDSA-AES256-SHA384 \
|
||||||
ECDH-ECDSA-AES128-GCM-SHA256 \
|
ECDH-ECDSA-AES128-GCM-SHA256 \
|
||||||
ECDH-ECDSA-AES256-GCM-SHA384 \
|
ECDH-ECDSA-AES256-GCM-SHA384 \
|
||||||
|
ECDHE-ECDSA-ARIA256-GCM-SHA384 \
|
||||||
|
ECDHE-ECDSA-ARIA128-GCM-SHA256 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
@ -470,13 +488,42 @@ add_openssl_ciphersuites()
|
||||||
DES-CBC-SHA \
|
DES-CBC-SHA \
|
||||||
EDH-RSA-DES-CBC-SHA \
|
EDH-RSA-DES-CBC-SHA \
|
||||||
"
|
"
|
||||||
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
|
then
|
||||||
|
M_CIPHERS="$M_CIPHERS \
|
||||||
|
TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
"
|
||||||
|
O_CIPHERS="$O_CIPHERS \
|
||||||
|
ECDHE-ARIA256-GCM-SHA384 \
|
||||||
|
DHE-RSA-ARIA256-GCM-SHA384 \
|
||||||
|
ECDHE-ARIA128-GCM-SHA256 \
|
||||||
|
DHE-RSA-ARIA128-GCM-SHA256 \
|
||||||
|
"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"PSK")
|
"PSK")
|
||||||
|
if [ `minor_ver "$MODE"` -ge 3 ]
|
||||||
|
then
|
||||||
|
M_CIPHERS="$M_CIPHERS \
|
||||||
|
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
|
||||||
|
"
|
||||||
|
O_CIPHERS="$O_CIPHERS \
|
||||||
|
PSK-ARIA256-GCM-SHA384 \
|
||||||
|
PSK-ARIA128-GCM-SHA256 \
|
||||||
|
"
|
||||||
|
fi
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Ciphersuites usable only with Mbed TLS and GnuTLS
|
||||||
|
# Each ciphersuite should appear two times, once with its GnuTLS name, once
|
||||||
|
# with its Mbed TLS name.
|
||||||
add_gnutls_ciphersuites()
|
add_gnutls_ciphersuites()
|
||||||
{
|
{
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
@ -661,6 +708,9 @@ add_gnutls_ciphersuites()
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Ciphersuites usable only with Mbed TLS (not currently supported by another
|
||||||
|
# peer usable in this script). This provide only very rudimentaty testing, as
|
||||||
|
# this is not interop testing, but it's better than nothing.
|
||||||
add_mbedtls_ciphersuites()
|
add_mbedtls_ciphersuites()
|
||||||
{
|
{
|
||||||
case $TYPE in
|
case $TYPE in
|
||||||
|
@ -682,9 +732,7 @@ add_mbedtls_ciphersuites()
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CCM \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
|
||||||
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
|
TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
TLS-ECDHE-ECDSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
TLS-ECDHE-ECDSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
|
@ -702,12 +750,8 @@ add_mbedtls_ciphersuites()
|
||||||
TLS-RSA-WITH-AES-256-CCM-8 \
|
TLS-RSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
|
TLS-DHE-RSA-WITH-AES-128-CCM-8 \
|
||||||
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
|
TLS-DHE-RSA-WITH-AES-256-CCM-8 \
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-DHE-RSA-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
TLS-ECDHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
TLS-DHE-RSA-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-DHE-RSA-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
TLS-ECDHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
TLS-DHE-RSA-WITH-ARIA-128-CBC-SHA256 \
|
||||||
"
|
"
|
||||||
|
@ -738,14 +782,12 @@ add_mbedtls_ciphersuites()
|
||||||
TLS-PSK-WITH-AES-256-CCM-8 \
|
TLS-PSK-WITH-AES-256-CCM-8 \
|
||||||
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
|
TLS-DHE-PSK-WITH-AES-128-CCM-8 \
|
||||||
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
|
TLS-DHE-PSK-WITH-AES-256-CCM-8 \
|
||||||
TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
|
TLS-RSA-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
|
TLS-RSA-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
TLS-PSK-WITH-ARIA-256-GCM-SHA384 \
|
|
||||||
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
|
TLS-PSK-WITH-ARIA-256-CBC-SHA384 \
|
||||||
TLS-PSK-WITH-ARIA-128-GCM-SHA256 \
|
|
||||||
TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
|
TLS-PSK-WITH-ARIA-128-CBC-SHA256 \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-256-GCM-SHA384 \
|
||||||
|
TLS-RSA-PSK-WITH-ARIA-128-GCM-SHA256 \
|
||||||
"
|
"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
Loading…
Reference in a new issue