mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-25 15:45:36 +00:00
Add runs for specific PSA-supported ciphersuites to ssl-opt.sh
So far, make sure we test the following ciphersuites without any fallback to non-PSA ciphers: TLS-ECDHE-ECDSA-WITH-AES-128-CCM TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 TLS-ECDHE-ECDSA-WITH-AES-256-CCM TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
This commit is contained in:
parent
2dd04907e2
commit
f43177d1d0
|
@ -752,6 +752,23 @@ run_test() {
|
|||
rm -f $SRV_OUT $CLI_OUT $PXY_OUT
|
||||
}
|
||||
|
||||
run_test_psa() {
|
||||
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
|
||||
run_test "Default, PSA ($1)" \
|
||||
"$P_SRV debug_level=1 force_version=tls1_2" \
|
||||
"$P_CLI debug_level=1 force_version=tls1_2 force_ciphersuite=$1" \
|
||||
0 \
|
||||
-c "Successfully setup PSA-based decryption cipher context" \
|
||||
-c "Successfully setup PSA-based encryption cipher context" \
|
||||
-s "Successfully setup PSA-based decryption cipher context" \
|
||||
-s "Successfully setup PSA-based encryption cipher context" \
|
||||
-C "Failed to setup PSA-based cipher context"\
|
||||
-S "Failed to setup PSA-based cipher context"\
|
||||
-s "Protocol is TLSv1.2" \
|
||||
-S "error" \
|
||||
-C "error"
|
||||
}
|
||||
|
||||
cleanup() {
|
||||
rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
|
||||
test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
|
||||
|
@ -883,6 +900,18 @@ run_test "Default, DTLS" \
|
|||
-s "Protocol is DTLSv1.2" \
|
||||
-s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
|
||||
|
||||
# Test ciphersuites which we expect to be fully supported by PSA Crypto
|
||||
# and check that we don't fall back to Mbed TLS' internal crypto primitives.
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
|
||||
run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
|
||||
|
||||
# Test current time in ServerHello
|
||||
requires_config_enabled MBEDTLS_HAVE_TIME
|
||||
run_test "ServerHello contains gmt_unix_time" \
|
||||
|
|
Loading…
Reference in a new issue