ssl-opt.sh: add tests for key_opaque_algs option Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: c454aba2034a9f35aad7923de178b5ae5bf063d7 [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Thu Jul 07 09:56:13 2022 +0200
committer: Ronald Cron <ronald.cron@arm.com> Thu Sep 15 14:22:29 2022 +0200
tree: 23e5ad69f94db0d2b4d197775ce828550c7ac27c
parent: 632939df4b6246c1a56cebe1489db22f4894cb19 [diff] [blame]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 9e14af1..11fc357 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -2042,6 +2042,48 @@
             -S "error" \
             -C "error"
 
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test    "TLS1.3 opaque key: no suitable algorithm found" \
+            "$P_SRV debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
+            "$P_CLI debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+            1 \
+            -c "The SSL configuration is tls13 only" \
+            -s "The SSL configuration is tls13 only" \
+            -c "key type: Opaque" \
+            -s "key types: Opaque, Opaque" \
+            -c "error" \
+            -s "select_sig_alg_for_certificate_verify:no suitable signature algorithm found" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test    "TLS1.3 opaque key: suitable algorithm found" \
+            "$P_SRV debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+            "$P_CLI debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+            0 \
+            -c "The SSL configuration is tls13 only" \
+            -s "The SSL configuration is tls13 only" \
+            -c "key type: Opaque" \
+            -s "key types: Opaque, Opaque" \
+            -C "error" \
+            -S "error" \
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test    "TLS1.3 opaque key: 2 keys on server, suitable algorithm found" \
+            "$P_SRV debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+            "$P_CLI debug_level=4 force_version=tls13 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \
+            0 \
+            -c "The SSL configuration is tls13 only" \
+            -s "The SSL configuration is tls13 only" \
+            -c "key type: Opaque" \
+            -s "key types: Opaque, Opaque" \
+            -C "error" \
+            -S "error" \
+
 # Test using a RSA opaque private key for server authentication
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
commit	c454aba2034a9f35aad7923de178b5ae5bf063d7	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Thu Jul 07 09:56:13 2022 +0200
committer	Ronald Cron <ronald.cron@arm.com>	Thu Sep 15 14:22:29 2022 +0200
tree	23e5ad69f94db0d2b4d197775ce828550c7ac27c
parent	632939df4b6246c1a56cebe1489db22f4894cb19 [diff] [blame]