Remove RSA-PSK test cases
The test cases removed by this commit are specific to RSA-PSK, not
incidentally using RSA-PSK when testing other features, so there is no loss
of test coverage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index bf39952..44cbcd3 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -584,7 +584,7 @@
# with a pre-shared key, skip it. If the test looks like it's already using
# a pre-shared key, do nothing.
#
-# This code does not consider builds with ECDHE-PSK or RSA-PSK.
+# This code does not consider builds with ECDHE-PSK.
#
# Inputs:
# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands.
@@ -2540,22 +2540,6 @@
requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
requires_config_enabled MBEDTLS_RSA_C
requires_hash_alg SHA_256
-run_test "Opaque key for server authentication: RSA-PSK" \
- "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
- psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- psk=73776f726466697368 psk_identity=foo" \
- 0 \
- -c "Verifying peer X.509 certificate... ok" \
- -c "Ciphersuite is TLS-RSA-PSK-" \
- -s "key types: Opaque, Opaque" \
- -s "Ciphersuite is TLS-RSA-PSK-" \
- -S "error" \
- -C "error"
-
-requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
-requires_config_enabled MBEDTLS_RSA_C
-requires_hash_alg SHA_256
run_test "Opaque key for server authentication: RSA-" \
"$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \
"$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \
@@ -8584,50 +8568,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: opaque rsa-psk on client, no callback" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \
- "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
- "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
"$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
"$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
@@ -8762,52 +8702,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \
- "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \
- "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=foo psk=73776f726466697368 extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=foo psk=73776f726466697368 extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
"$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
@@ -8946,52 +8840,6 @@
-S "SSL - Unknown identity received" \
-S "SSL - Verification of the message MAC failed"
-run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=def psk=beef" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \
- "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \
- "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=def psk=beef" \
- 0 \
- -C "session hash for extended master secret"\
- -S "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
-run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \
- "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
- "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \
- psk_identity=abc psk=dead extended_ms=1" \
- 0 \
- -c "session hash for extended master secret"\
- -s "session hash for extended master secret"\
- -S "SSL - The handshake negotiation failed" \
- -S "SSL - Unknown identity received" \
- -S "SSL - Verification of the message MAC failed"
-
run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \
"$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
"$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
@@ -9996,27 +9844,6 @@
-s "Async resume (slot [0-9]): decrypt done, status=0"
requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt RSA-PSK, delay=0" \
- "$P_SRV psk=73776f726466697368 \
- async_operations=d async_private_delay1=0 async_private_delay2=0" \
- "$P_CLI psk=73776f726466697368 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
-run_test "SSL async private: decrypt RSA-PSK, delay=1" \
- "$P_SRV psk=73776f726466697368 \
- async_operations=d async_private_delay1=1 async_private_delay2=1" \
- "$P_CLI psk=73776f726466697368 \
- force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
- 0 \
- -s "Async decrypt callback: using key slot " \
- -s "Async resume (slot [0-9]): call 0 more times." \
- -s "Async resume (slot [0-9]): decrypt done, status=0"
-
-requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
run_test "SSL async private: sign callback not present" \
"$P_SRV \
async_operations=d async_private_delay1=1 async_private_delay2=1" \
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index c522459..8135ef1 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -452,26 +452,6 @@
depends_on:PSA_WANT_ALG_SHA_256:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-RSA-WITH-AES-256-CBC-SHA256":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, non-opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
-
-Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:0:MBEDTLS_TLS_RSA_PSK_WITH_AES_256_CBC_SHA384
-
-Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad alg
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_SIGN(PSA_ALG_ANY_HASH):PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, bad usage
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"abc123":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DERIVE:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
-Handshake, select RSA-PSK-WITH-AES-256-CBC-SHA384, opaque, no psk
-depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_CBC_NO_PADDING:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED:MBEDTLS_USE_PSA_CRYPTO:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_ciphersuite_select:"TLS-RSA-PSK-WITH-AES-256-CBC-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_RSA_PKCS1V15_CRYPT:PSA_ALG_NONE:PSA_KEY_USAGE_DECRYPT:MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE:0
-
Handshake, select DHE-RSA-WITH-AES-256-GCM-SHA384, non-opaque
depends_on:PSA_WANT_ALG_SHA_384:PSA_WANT_KEY_TYPE_AES:PSA_WANT_ALG_GCM:MBEDTLS_RSA_C:PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY:PSA_WANT_ECC_SECP_R1_384:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
handshake_ciphersuite_select:"TLS-DHE-RSA-WITH-AES-256-GCM-SHA384":MBEDTLS_PK_RSA:"":PSA_ALG_NONE:PSA_ALG_NONE:0:0:MBEDTLS_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384