ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index fc49b06..9901334 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1743,6 +1743,36 @@
-S "error" \
-C "error"
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "RSA opaque key on server configured for decryption" \
+ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none" \
+ "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-RSA-" \
+ -s "key types: Opaque, Opaque" \
+ -s "Ciphersuite is TLS-RSA-" \
+ -S "error" \
+ -C "error"
+
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
+requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
+requires_config_enabled MBEDTLS_RSA_C
+run_test "RSA-PSK opaque key on server configured for decryption" \
+ "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \
+ psk=abc123 psk_identity=foo" \
+ "$P_CLI force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \
+ psk=abc123 psk_identity=foo" \
+ 0 \
+ -c "Verifying peer X.509 certificate... ok" \
+ -c "Ciphersuite is TLS-RSA-PSK-" \
+ -s "key types: Opaque, Opaque" \
+ -s "Ciphersuite is TLS-RSA-PSK-" \
+ -S "error" \
+ -C "error"
+
# Test using an EC opaque private key for server authentication
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_USE_PSA_CRYPTO