test_suite_ssl: add ECDHE-RSA case for handshake_fragmentation()
This is the backport of commit b8ef2a4455 from the "development" branch
which adapts handshake_fragmentation() to use ECDHE-RSA instead of
DHE-RSA. However, since DHE-RSA is not removed in the mbedtls-3.6 branch,
here tests are added instead of replaced.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 872ee60..0eeb9e4 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -428,13 +428,21 @@
depends_on:MBEDTLS_RSA_C:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_SSL_PROTO_DTLS
handshake_serialization
-DTLS Handshake fragmentation, MFL=512
-depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1
+DTLS Handshake fragmentation, MFL=512, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA256
+handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
-DTLS Handshake fragmentation, MFL=1024
-depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH
-handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1
+DTLS Handshake fragmentation, MFL=1024, DHE-RSA-WITH-AES-256-CBC-SHA256
+depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA256
+handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1:"TLS-DHE-RSA-WITH-AES-256-CBC-SHA256"
+
+DTLS Handshake fragmentation, MFL=512, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA384
+handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_512:1:1:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
+
+DTLS Handshake fragmentation, MFL=1024, ECDHE-RSA-WITH-AES-256-CBC-SHA384
+depends_on:MBEDTLS_SSL_PROTO_DTLS:!MBEDTLS_AES_ONLY_128_BIT_KEY_LENGTH:MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED:MBEDTLS_MD_CAN_SHA384
+handshake_fragmentation:MBEDTLS_SSL_MAX_FRAG_LEN_1024:0:1:"TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384"
Handshake min/max version check, all -> 1.2
depends_on:MBEDTLS_SSL_PROTO_TLS1_2:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index a16ac64..1d65706 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -2761,10 +2761,11 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC:MBEDTLS_MD_CAN_SHA256:MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED */
+/* BEGIN_CASE depends_on:MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED:!MBEDTLS_SSL_PROTO_TLS1_3:MBEDTLS_PKCS1_V15:MBEDTLS_RSA_C:MBEDTLS_SSL_HAVE_AES:MBEDTLS_ECP_HAVE_SECP384R1:MBEDTLS_DEBUG_C:MBEDTLS_SSL_MAX_FRAGMENT_LENGTH:MBEDTLS_SSL_HAVE_CBC */
void handshake_fragmentation(int mfl,
int expected_srv_hs_fragmentation,
- int expected_cli_hs_fragmentation)
+ int expected_cli_hs_fragmentation,
+ char *ciphersuite)
{
mbedtls_test_handshake_test_options options;
mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern;
@@ -2778,7 +2779,7 @@
options.expected_negotiated_version = MBEDTLS_SSL_VERSION_TLS1_2;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
- options.cipher = "TLS-DHE-RSA-WITH-AES-256-CBC-SHA256";
+ options.cipher = ciphersuite;
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;