mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 22:15:43 +01:00
SSL asynchronous decryption (server side): tests
Test SSL asynchronous private operation for the case of a decryption operation on a server.
This commit is contained in:
parent
2c6078ed3b
commit
fcca9d8cef
@ -108,6 +108,7 @@ int main( void )
|
|||||||
#define DFL_KEY_FILE ""
|
#define DFL_KEY_FILE ""
|
||||||
#define DFL_CRT_FILE2 ""
|
#define DFL_CRT_FILE2 ""
|
||||||
#define DFL_KEY_FILE2 ""
|
#define DFL_KEY_FILE2 ""
|
||||||
|
#define DFL_ASYNC_OPERATIONS "-"
|
||||||
#define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
|
#define DFL_ASYNC_PRIVATE_DELAY1 ( -1 )
|
||||||
#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
|
#define DFL_ASYNC_PRIVATE_DELAY2 ( -1 )
|
||||||
#define DFL_ASYNC_PRIVATE_ERROR ( 0 )
|
#define DFL_ASYNC_PRIVATE_ERROR ( 0 )
|
||||||
@ -200,6 +201,7 @@ int main( void )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
||||||
#define USAGE_SSL_ASYNC \
|
#define USAGE_SSL_ASYNC \
|
||||||
|
" async_operations=%%c... d=decrypt, s=sign (default: -=off)\n" \
|
||||||
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
|
" async_private_delay1=%%d Asynchronous delay for key_file or preloaded key\n" \
|
||||||
" async_private_delay2=%%d Asynchronous delay for key_file2\n" \
|
" async_private_delay2=%%d Asynchronous delay for key_file2\n" \
|
||||||
" default: -1 (not asynchronous)\n" \
|
" default: -1 (not asynchronous)\n" \
|
||||||
@ -421,6 +423,7 @@ struct options
|
|||||||
const char *key_file; /* the file with the server key */
|
const char *key_file; /* the file with the server key */
|
||||||
const char *crt_file2; /* the file with the 2nd server certificate */
|
const char *crt_file2; /* the file with the 2nd server certificate */
|
||||||
const char *key_file2; /* the file with the 2nd server key */
|
const char *key_file2; /* the file with the 2nd server key */
|
||||||
|
const char *async_operations; /* supported SSL asynchronous operations */
|
||||||
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
int async_private_delay1; /* number of times f_async_resume needs to be called for key 1, or -1 for no async */
|
||||||
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
int async_private_delay2; /* number of times f_async_resume needs to be called for key 2, or -1 for no async */
|
||||||
int async_private_error; /* inject error in async private callback */
|
int async_private_error; /* inject error in async private callback */
|
||||||
@ -892,21 +895,23 @@ void ssl_async_set_key( ssl_async_key_context_t *ctx,
|
|||||||
++ctx->slots_used;
|
++ctx->slots_used;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#define SSL_ASYNC_INPUT_MAX_SIZE 512
|
||||||
typedef struct
|
typedef struct
|
||||||
{
|
{
|
||||||
size_t slot;
|
size_t slot;
|
||||||
mbedtls_md_type_t md_alg;
|
mbedtls_md_type_t md_alg;
|
||||||
unsigned char hash[MBEDTLS_MD_MAX_SIZE];
|
unsigned char input[SSL_ASYNC_INPUT_MAX_SIZE];
|
||||||
size_t hash_len;
|
size_t input_len;
|
||||||
unsigned delay;
|
unsigned delay;
|
||||||
} ssl_async_operation_context_t;
|
} ssl_async_operation_context_t;
|
||||||
|
|
||||||
int ssl_async_sign( void *connection_ctx_arg,
|
static int ssl_async_start( void *connection_ctx_arg,
|
||||||
void **p_operation_ctx,
|
void **p_operation_ctx,
|
||||||
mbedtls_x509_crt *cert,
|
mbedtls_x509_crt *cert,
|
||||||
mbedtls_md_type_t md_alg,
|
const char *op_name,
|
||||||
const unsigned char *hash,
|
mbedtls_md_type_t md_alg,
|
||||||
size_t hash_len )
|
const unsigned char *input,
|
||||||
|
size_t input_len )
|
||||||
{
|
{
|
||||||
ssl_async_key_context_t *key_ctx = connection_ctx_arg;
|
ssl_async_key_context_t *key_ctx = connection_ctx_arg;
|
||||||
size_t slot;
|
size_t slot;
|
||||||
@ -914,7 +919,7 @@ int ssl_async_sign( void *connection_ctx_arg,
|
|||||||
{
|
{
|
||||||
char dn[100];
|
char dn[100];
|
||||||
mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject );
|
mbedtls_x509_dn_gets( dn, sizeof( dn ), &cert->subject );
|
||||||
mbedtls_printf( "Async sign callback: looking for DN=%s\n", dn );
|
mbedtls_printf( "Async %s callback: looking for DN=%s\n", op_name, dn );
|
||||||
}
|
}
|
||||||
for( slot = 0; slot < key_ctx->slots_used; slot++ )
|
for( slot = 0; slot < key_ctx->slots_used; slot++ )
|
||||||
{
|
{
|
||||||
@ -923,25 +928,26 @@ int ssl_async_sign( void *connection_ctx_arg,
|
|||||||
}
|
}
|
||||||
if( slot == key_ctx->slots_used )
|
if( slot == key_ctx->slots_used )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "Async sign callback: no key matches this certificate.\n" );
|
mbedtls_printf( "Async %s callback: no key matches this certificate.\n",
|
||||||
|
op_name );
|
||||||
return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH );
|
return( MBEDTLS_ERR_SSL_HW_ACCEL_FALLTHROUGH );
|
||||||
}
|
}
|
||||||
mbedtls_printf( "Async sign callback: using key slot %zd, delay=%u.\n",
|
mbedtls_printf( "Async %s callback: using key slot %zd, delay=%u.\n",
|
||||||
slot, key_ctx->slots[slot].delay );
|
op_name, slot, key_ctx->slots[slot].delay );
|
||||||
if( key_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_START )
|
if( key_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_START )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "Async sign callback: injected error\n" );
|
mbedtls_printf( "Async %s callback: injected error\n", op_name );
|
||||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
if( hash_len > MBEDTLS_MD_MAX_SIZE )
|
if( input_len > SSL_ASYNC_INPUT_MAX_SIZE )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
|
ctx = mbedtls_calloc( 1, sizeof( *ctx ) );
|
||||||
if( ctx == NULL )
|
if( ctx == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
ctx->slot = slot;
|
ctx->slot = slot;
|
||||||
ctx->md_alg = md_alg;
|
ctx->md_alg = md_alg;
|
||||||
memcpy( ctx->hash, hash, hash_len );
|
memcpy( ctx->input, input, input_len );
|
||||||
ctx->hash_len = hash_len;
|
ctx->input_len = input_len;
|
||||||
ctx->delay = key_ctx->slots[slot].delay;
|
ctx->delay = key_ctx->slots[slot].delay;
|
||||||
*p_operation_ctx = ctx;
|
*p_operation_ctx = ctx;
|
||||||
if( ctx->delay == 0 )
|
if( ctx->delay == 0 )
|
||||||
@ -950,16 +956,40 @@ int ssl_async_sign( void *connection_ctx_arg,
|
|||||||
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
|
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
|
||||||
}
|
}
|
||||||
|
|
||||||
int ssl_async_resume( void *connection_ctx_arg,
|
static int ssl_async_sign( void *connection_ctx_arg,
|
||||||
void *operation_ctx_arg,
|
void **p_operation_ctx,
|
||||||
unsigned char *output,
|
mbedtls_x509_crt *cert,
|
||||||
size_t *output_len,
|
mbedtls_md_type_t md_alg,
|
||||||
size_t output_size )
|
const unsigned char *hash,
|
||||||
|
size_t hash_len )
|
||||||
|
{
|
||||||
|
return( ssl_async_start( connection_ctx_arg, p_operation_ctx, cert,
|
||||||
|
"sign", md_alg,
|
||||||
|
hash, hash_len ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ssl_async_decrypt( void *connection_ctx_arg,
|
||||||
|
void **p_operation_ctx,
|
||||||
|
mbedtls_x509_crt *cert,
|
||||||
|
const unsigned char *input,
|
||||||
|
size_t input_len )
|
||||||
|
{
|
||||||
|
return( ssl_async_start( connection_ctx_arg, p_operation_ctx, cert,
|
||||||
|
"decrypt", MBEDTLS_MD_NONE,
|
||||||
|
input, input_len ) );
|
||||||
|
}
|
||||||
|
|
||||||
|
static int ssl_async_resume( void *connection_ctx_arg,
|
||||||
|
void *operation_ctx_arg,
|
||||||
|
unsigned char *output,
|
||||||
|
size_t *output_len,
|
||||||
|
size_t output_size )
|
||||||
{
|
{
|
||||||
ssl_async_operation_context_t *ctx = operation_ctx_arg;
|
ssl_async_operation_context_t *ctx = operation_ctx_arg;
|
||||||
ssl_async_key_context_t *connection_ctx = connection_ctx_arg;
|
ssl_async_key_context_t *connection_ctx = connection_ctx_arg;
|
||||||
ssl_async_key_slot_t *key_slot = &connection_ctx->slots[ctx->slot];
|
ssl_async_key_slot_t *key_slot = &connection_ctx->slots[ctx->slot];
|
||||||
int ret;
|
int ret;
|
||||||
|
const char *op_name;
|
||||||
if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
|
if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_RESUME )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "Async resume callback: injected error\n" );
|
mbedtls_printf( "Async resume callback: injected error\n" );
|
||||||
@ -972,25 +1002,37 @@ int ssl_async_resume( void *connection_ctx_arg,
|
|||||||
ctx->slot, ctx->delay );
|
ctx->slot, ctx->delay );
|
||||||
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
|
return( MBEDTLS_ERR_SSL_ASYNC_IN_PROGRESS );
|
||||||
}
|
}
|
||||||
(void) output_size; /* mbedtls_pk_size lacks this parameter */
|
if( ctx->md_alg == MBEDTLS_MD_NONE )
|
||||||
ret = mbedtls_pk_sign( key_slot->pk,
|
{
|
||||||
ctx->md_alg,
|
op_name = "decrypt";
|
||||||
ctx->hash, ctx->hash_len,
|
ret = mbedtls_pk_decrypt( key_slot->pk,
|
||||||
output, output_len,
|
ctx->input, ctx->input_len,
|
||||||
connection_ctx->f_rng, connection_ctx->p_rng );
|
output, output_len, output_size,
|
||||||
|
connection_ctx->f_rng, connection_ctx->p_rng );
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
op_name = "sign";
|
||||||
|
ret = mbedtls_pk_sign( key_slot->pk,
|
||||||
|
ctx->md_alg,
|
||||||
|
ctx->input, ctx->input_len,
|
||||||
|
output, output_len,
|
||||||
|
connection_ctx->f_rng, connection_ctx->p_rng );
|
||||||
|
}
|
||||||
if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_PK )
|
if( connection_ctx->inject_error == SSL_ASYNC_INJECT_ERROR_PK )
|
||||||
{
|
{
|
||||||
mbedtls_printf( "Async resume callback: done but injected error\n" );
|
mbedtls_printf( "Async resume callback: %s done but injected error\n",
|
||||||
|
op_name );
|
||||||
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
|
||||||
}
|
}
|
||||||
mbedtls_printf( "Async resume (slot %zd): done, status=%d.\n",
|
mbedtls_printf( "Async resume (slot %zd): %s done, status=%d.\n",
|
||||||
ctx->slot, ret );
|
ctx->slot, op_name, ret );
|
||||||
mbedtls_free( ctx );
|
mbedtls_free( ctx );
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
void ssl_async_cancel( void *connection_ctx_arg,
|
static void ssl_async_cancel( void *connection_ctx_arg,
|
||||||
void *operation_ctx_arg )
|
void *operation_ctx_arg )
|
||||||
{
|
{
|
||||||
ssl_async_operation_context_t *ctx = operation_ctx_arg;
|
ssl_async_operation_context_t *ctx = operation_ctx_arg;
|
||||||
(void) connection_ctx_arg;
|
(void) connection_ctx_arg;
|
||||||
@ -1142,6 +1184,7 @@ int main( int argc, char *argv[] )
|
|||||||
opt.key_file = DFL_KEY_FILE;
|
opt.key_file = DFL_KEY_FILE;
|
||||||
opt.crt_file2 = DFL_CRT_FILE2;
|
opt.crt_file2 = DFL_CRT_FILE2;
|
||||||
opt.key_file2 = DFL_KEY_FILE2;
|
opt.key_file2 = DFL_KEY_FILE2;
|
||||||
|
opt.async_operations = DFL_ASYNC_OPERATIONS;
|
||||||
opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
|
opt.async_private_delay1 = DFL_ASYNC_PRIVATE_DELAY1;
|
||||||
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
opt.async_private_delay2 = DFL_ASYNC_PRIVATE_DELAY2;
|
||||||
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
|
opt.async_private_error = DFL_ASYNC_PRIVATE_ERROR;
|
||||||
@ -1232,6 +1275,8 @@ int main( int argc, char *argv[] )
|
|||||||
else if( strcmp( p, "dhm_file" ) == 0 )
|
else if( strcmp( p, "dhm_file" ) == 0 )
|
||||||
opt.dhm_file = q;
|
opt.dhm_file = q;
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
||||||
|
else if( strcmp( p, "async_operations" ) == 0 )
|
||||||
|
opt.async_operations = q;
|
||||||
else if( strcmp( p, "async_private_delay1" ) == 0 )
|
else if( strcmp( p, "async_private_delay1" ) == 0 )
|
||||||
opt.async_private_delay1 = atoi( q );
|
opt.async_private_delay1 = atoi( q );
|
||||||
else if( strcmp( p, "async_private_delay2" ) == 0 )
|
else if( strcmp( p, "async_private_delay2" ) == 0 )
|
||||||
@ -2152,16 +2197,31 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
#if defined(MBEDTLS_SSL_ASYNC_PRIVATE_C)
|
||||||
if( opt.async_private_delay1 >= 0 || opt.async_private_delay2 >= 0 )
|
if( opt.async_operations[0] != '-' )
|
||||||
{
|
{
|
||||||
|
mbedtls_ssl_async_sign_t *sign = NULL;
|
||||||
|
mbedtls_ssl_async_decrypt_t *decrypt = NULL;
|
||||||
|
const char *p;
|
||||||
|
for( p = opt.async_operations; *p; p++ )
|
||||||
|
{
|
||||||
|
switch( *p )
|
||||||
|
{
|
||||||
|
case 'd':
|
||||||
|
decrypt = ssl_async_decrypt;
|
||||||
|
break;
|
||||||
|
case 's':
|
||||||
|
sign = ssl_async_sign;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
|
ssl_async_keys.inject_error = ( opt.async_private_error < 0 ?
|
||||||
- opt.async_private_error :
|
- opt.async_private_error :
|
||||||
opt.async_private_error );
|
opt.async_private_error );
|
||||||
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
|
ssl_async_keys.f_rng = mbedtls_ctr_drbg_random;
|
||||||
ssl_async_keys.p_rng = &ctr_drbg;
|
ssl_async_keys.p_rng = &ctr_drbg;
|
||||||
mbedtls_ssl_conf_async_private_cb( &conf,
|
mbedtls_ssl_conf_async_private_cb( &conf,
|
||||||
ssl_async_sign,
|
sign,
|
||||||
NULL,
|
decrypt,
|
||||||
ssl_async_resume,
|
ssl_async_resume,
|
||||||
ssl_async_cancel,
|
ssl_async_cancel,
|
||||||
&ssl_async_keys );
|
&ssl_async_keys );
|
||||||
|
192
tests/ssl-opt.sh
192
tests/ssl-opt.sh
@ -3639,71 +3639,145 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \
|
|||||||
# Tests of asynchronous private key support in SSL
|
# Tests of asynchronous private key support in SSL
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: delay=0" \
|
run_test "SSL async private: sign, delay=0" \
|
||||||
"$P_SRV async_private_delay1=0 async_private_delay2=0" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=0 async_private_delay2=0" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
-s "Async resume (slot [0-9]): done, status=0"
|
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: delay=1" \
|
run_test "SSL async private: sign, delay=1" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
-s "Async resume (slot [0-9]): call 0 more times." \
|
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||||
-s "Async resume (slot [0-9]): done, status=0"
|
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: decrypt, delay=0" \
|
||||||
|
"$P_SRV \
|
||||||
|
async_operations=d async_private_delay1=0 async_private_delay2=0" \
|
||||||
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: decrypt, delay=1" \
|
||||||
|
"$P_SRV \
|
||||||
|
async_operations=d async_private_delay1=1 async_private_delay2=1" \
|
||||||
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: decrypt RSA-PSK, delay=0" \
|
||||||
|
"$P_SRV psk=abc123 \
|
||||||
|
async_operations=d async_private_delay1=0 async_private_delay2=0" \
|
||||||
|
"$P_CLI psk=abc123 \
|
||||||
|
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: decrypt RSA-PSK, delay=1" \
|
||||||
|
"$P_SRV psk=abc123 \
|
||||||
|
async_operations=d async_private_delay1=1 async_private_delay2=1" \
|
||||||
|
"$P_CLI psk=abc123 \
|
||||||
|
force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): call 0 more times." \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: sign callback not present" \
|
||||||
|
"$P_SRV \
|
||||||
|
async_operations=d async_private_delay1=1 async_private_delay2=1" \
|
||||||
|
"$P_CLI; [ \$? -eq 1 ] &&
|
||||||
|
$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-S "Async sign callback" \
|
||||||
|
-s "! mbedtls_ssl_handshake returned" \
|
||||||
|
-s "The own private key or pre-shared key is not set, but needed" \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0" \
|
||||||
|
-s "Successful connection"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
run_test "SSL async private: decrypt callback not present" \
|
||||||
|
"$P_SRV debug_level=1 \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1" \
|
||||||
|
"$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA;
|
||||||
|
[ \$? -eq 1 ] && $P_CLI" \
|
||||||
|
0 \
|
||||||
|
-S "Async decrypt callback" \
|
||||||
|
-s "! mbedtls_ssl_handshake returned" \
|
||||||
|
-s "got no RSA private key" \
|
||||||
|
-s "Async resume (slot [0-9]): sign done, status=0" \
|
||||||
|
-s "Successful connection"
|
||||||
|
|
||||||
# key1: ECDSA, key2: RSA; use key1 from slot 0
|
# key1: ECDSA, key2: RSA; use key1 from slot 0
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: slot 0 used with key1" \
|
run_test "SSL async private: slot 0 used with key1" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay1=1 \
|
||||||
async_private_delay1=1" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot 0," \
|
-s "Async sign callback: using key slot 0," \
|
||||||
-s "Async resume (slot 0): call 0 more times." \
|
-s "Async resume (slot 0): call 0 more times." \
|
||||||
-s "Async resume (slot 0): done, status=0"
|
-s "Async resume (slot 0): sign done, status=0"
|
||||||
|
|
||||||
# key1: ECDSA, key2: RSA; use key2 from slot 0
|
# key1: ECDSA, key2: RSA; use key2 from slot 0
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: slot 0 used with key2" \
|
run_test "SSL async private: slot 0 used with key2" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay2=1 \
|
||||||
async_private_delay2=1" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot 0," \
|
-s "Async sign callback: using key slot 0," \
|
||||||
-s "Async resume (slot 0): call 0 more times." \
|
-s "Async resume (slot 0): call 0 more times." \
|
||||||
-s "Async resume (slot 0): done, status=0"
|
-s "Async resume (slot 0): sign done, status=0"
|
||||||
|
|
||||||
# key1: ECDSA, key2: RSA; use key2 from slot 1
|
# key1: ECDSA, key2: RSA; use key2 from slot 1
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: slot 1 used" \
|
run_test "SSL async private: slot 1 used" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay1=1 async_private_delay2=1\
|
||||||
async_private_delay1=1 async_private_delay2=1" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot 1," \
|
-s "Async sign callback: using key slot 1," \
|
||||||
-s "Async resume (slot 1): call 0 more times." \
|
-s "Async resume (slot 1): call 0 more times." \
|
||||||
-s "Async resume (slot 1): done, status=0"
|
-s "Async resume (slot 1): sign done, status=0"
|
||||||
|
|
||||||
# key1: ECDSA, key2: RSA; use key2 directly
|
# key1: ECDSA, key2: RSA; use key2 directly
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: fall back to transparent key" \
|
run_test "SSL async private: fall back to transparent key" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay1=1 \
|
||||||
async_private_delay1=1" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
"$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: no key matches this certificate."
|
-s "Async sign callback: no key matches this certificate."
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: error in start" \
|
run_test "SSL async private: error in start" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=1" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=1" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
1 \
|
1 \
|
||||||
-s "Async sign callback: injected error" \
|
-s "Async sign callback: injected error" \
|
||||||
@ -3712,7 +3786,9 @@ run_test "SSL async private: error in start" \
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: cancel after start" \
|
run_test "SSL async private: cancel after start" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=2" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=2" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
1 \
|
1 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
@ -3721,7 +3797,9 @@ run_test "SSL async private: cancel after start" \
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: error in resume" \
|
run_test "SSL async private: error in resume" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=3" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=3" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
1 \
|
1 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
@ -3730,16 +3808,20 @@ run_test "SSL async private: error in resume" \
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: error in pk" \
|
run_test "SSL async private: error in pk" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=4" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=4" \
|
||||||
"$P_CLI" \
|
"$P_CLI" \
|
||||||
1 \
|
1 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
-s "Async resume callback: done but injected error" \
|
-s "Async resume callback: sign done but injected error" \
|
||||||
-s "! mbedtls_ssl_handshake returned"
|
-s "! mbedtls_ssl_handshake returned"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: cancel after start then operate correctly" \
|
run_test "SSL async private: cancel after start then operate correctly" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=-2" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=-2" \
|
||||||
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
|
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async cancel" \
|
-s "Async cancel" \
|
||||||
@ -3749,7 +3831,9 @@ run_test "SSL async private: cancel after start then operate correctly" \
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: error in resume then operate correctly" \
|
run_test "SSL async private: error in resume then operate correctly" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 async_private_error=-3" \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
async_private_error=-3" \
|
||||||
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
|
"$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
|
||||||
0 \
|
0 \
|
||||||
-s "! mbedtls_ssl_handshake returned" \
|
-s "! mbedtls_ssl_handshake returned" \
|
||||||
@ -3759,9 +3843,10 @@ run_test "SSL async private: error in resume then operate correctly" \
|
|||||||
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
|
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: cancel after start then fall back to transparent key" \
|
run_test "SSL async private: cancel after start then fall back to transparent key" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay1=1 async_private_error=-2 \
|
||||||
async_private_delay1=1 async_private_error=-2" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
|
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
|
||||||
[ \$? -eq 1 ] &&
|
[ \$? -eq 1 ] &&
|
||||||
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
||||||
@ -3775,9 +3860,10 @@ run_test "SSL async private: cancel after start then fall back to transparent
|
|||||||
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
|
# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
run_test "SSL async private: error in resume then fall back to transparent key" \
|
run_test "SSL async private: error in resume then fall back to transparent key" \
|
||||||
"$P_SRV key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
"$P_SRV \
|
||||||
key_file2=data_files/server2.key crt_file2=data_files/server2.crt \
|
async_operations=s async_private_delay1=1 async_private_error=-3 \
|
||||||
async_private_delay1=1 async_private_error=-3" \
|
key_file=data_files/server5.key crt_file=data_files/server5.crt \
|
||||||
|
key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
|
||||||
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
|
"$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
|
||||||
[ \$? -eq 1 ] &&
|
[ \$? -eq 1 ] &&
|
||||||
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
|
||||||
@ -3789,23 +3875,49 @@ run_test "SSL async private: error in resume then fall back to transparent ke
|
|||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
run_test "SSL async private: renegotiation: client-initiated" \
|
run_test "SSL async private: renegotiation: client-initiated; sign" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
exchanges=2 renegotiation=1" \
|
exchanges=2 renegotiation=1" \
|
||||||
"$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
|
"$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
-s "Async resume (slot [0-9]): done, status=0"
|
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||||
|
|
||||||
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
run_test "SSL async private: renegotiation: server-initiated" \
|
run_test "SSL async private: renegotiation: server-initiated; sign" \
|
||||||
"$P_SRV async_private_delay1=1 async_private_delay2=1 \
|
"$P_SRV \
|
||||||
|
async_operations=s async_private_delay1=1 async_private_delay2=1 \
|
||||||
exchanges=2 renegotiation=1 renegotiate=1" \
|
exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
"$P_CLI exchanges=2 renegotiation=1" \
|
"$P_CLI exchanges=2 renegotiation=1" \
|
||||||
0 \
|
0 \
|
||||||
-s "Async sign callback: using key slot " \
|
-s "Async sign callback: using key slot " \
|
||||||
-s "Async resume (slot [0-9]): done, status=0"
|
-s "Async resume (slot [0-9]): sign done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
run_test "SSL async private: renegotiation: client-initiated; decrypt" \
|
||||||
|
"$P_SRV \
|
||||||
|
async_operations=d async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
exchanges=2 renegotiation=1" \
|
||||||
|
"$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \
|
||||||
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
|
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE_C
|
||||||
|
requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
run_test "SSL async private: renegotiation: server-initiated; decrypt" \
|
||||||
|
"$P_SRV \
|
||||||
|
async_operations=d async_private_delay1=1 async_private_delay2=1 \
|
||||||
|
exchanges=2 renegotiation=1 renegotiate=1" \
|
||||||
|
"$P_CLI exchanges=2 renegotiation=1 \
|
||||||
|
force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
|
||||||
|
0 \
|
||||||
|
-s "Async decrypt callback: using key slot " \
|
||||||
|
-s "Async resume (slot [0-9]): decrypt done, status=0"
|
||||||
|
|
||||||
# Tests for DTLS HelloVerifyRequest
|
# Tests for DTLS HelloVerifyRequest
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user