tests/extmod: Adjust ssl/tls tests to run on targets with axTLS.

Signed-off-by: Damien George <damien@micropython.org>
This commit is contained in:
Damien George 2024-10-18 23:12:47 +11:00
parent 7d442373af
commit 1e3b24238e
8 changed files with 49 additions and 23 deletions

View File

@ -10,7 +10,7 @@ except ImportError:
# Invalid cadata. # Invalid cadata.
try: try:
ssl.wrap_socket(io.BytesIO(), cadata=b"!") ssl.wrap_socket(io.BytesIO(), cadata=b"!")
except TypeError: except AttributeError:
# "cadata" keyword argument is not supported by axtls. # "cadata" keyword argument is not supported by axtls.
print("SKIP") print("SKIP")
raise SystemExit raise SystemExit

View File

@ -9,11 +9,6 @@ except ImportError:
key = b"0\x82\x019\x02\x01\x00\x02A\x00\xf9\xe0}\xbd\xd7\x9cI\x18\x06\xc3\xcb\xb5\xec@r\xfbD\x18\x80\xaaWoZ{\xcc\xa3\xeb!\"\x0fY\x9e]-\xee\xe4\t!BY\x9f{7\xf3\xf2\x8f}}\r|.\xa8<\ta\xb2\xd7W\xb3\xc9\x19A\xc39\x02\x03\x01\x00\x01\x02@\x07:\x9fh\xa6\x9c6\xe1#\x10\xf7\x0b\xc4Q\xf9\x01\x9b\xee\xb9\x8a4\r\\\xa8\xc8:\xd5\xca\x97\x99\xaa\x16\x04)\xa8\xf9\x13\xdeq\x0ev`\xa7\x83\xc5\x8b`\xdb\xef \x9d\x93\xe8g\x84\x96\xfaV\\\xf4R\xda\xd0\xa1\x02!\x00\xfeR\xbf\n\x91Su\x87L\x98{\xeb%\xed\xfb\x06u)@\xfe\x1b\xde\xa0\xc6@\xab\xc5\xedg\x8e\x10[\x02!\x00\xfb\x86=\x85\xa4'\xde\x85\xb5L\xe0)\x99\xfaL\x8c3A\x02\xa8<\xdew\xad\x00\xe3\x1d\x05\xd8\xb4N\xfb\x02 \x08\xb0M\x04\x90hx\x88q\xcew\xd5U\xcbf\x9b\x16\xdf\x9c\xef\xd1\x85\xee\x9a7Ug\x02\xb0Z\x03'\x02 9\xa0D\xe2$|\xf9\xefz]5\x92rs\xb5+\xfd\xe6,\x1c\xadmn\xcf\xd5?3|\x0em)\x17\x02 5Z\xcc/\xa5?\n\x04%\x9b{N\x9dX\xddI\xbe\xd2\xb0\xa0\x03BQ\x02\x82\xc2\xe0u)\xbd\xb8\xaf" key = b"0\x82\x019\x02\x01\x00\x02A\x00\xf9\xe0}\xbd\xd7\x9cI\x18\x06\xc3\xcb\xb5\xec@r\xfbD\x18\x80\xaaWoZ{\xcc\xa3\xeb!\"\x0fY\x9e]-\xee\xe4\t!BY\x9f{7\xf3\xf2\x8f}}\r|.\xa8<\ta\xb2\xd7W\xb3\xc9\x19A\xc39\x02\x03\x01\x00\x01\x02@\x07:\x9fh\xa6\x9c6\xe1#\x10\xf7\x0b\xc4Q\xf9\x01\x9b\xee\xb9\x8a4\r\\\xa8\xc8:\xd5\xca\x97\x99\xaa\x16\x04)\xa8\xf9\x13\xdeq\x0ev`\xa7\x83\xc5\x8b`\xdb\xef \x9d\x93\xe8g\x84\x96\xfaV\\\xf4R\xda\xd0\xa1\x02!\x00\xfeR\xbf\n\x91Su\x87L\x98{\xeb%\xed\xfb\x06u)@\xfe\x1b\xde\xa0\xc6@\xab\xc5\xedg\x8e\x10[\x02!\x00\xfb\x86=\x85\xa4'\xde\x85\xb5L\xe0)\x99\xfaL\x8c3A\x02\xa8<\xdew\xad\x00\xe3\x1d\x05\xd8\xb4N\xfb\x02 \x08\xb0M\x04\x90hx\x88q\xcew\xd5U\xcbf\x9b\x16\xdf\x9c\xef\xd1\x85\xee\x9a7Ug\x02\xb0Z\x03'\x02 9\xa0D\xe2$|\xf9\xefz]5\x92rs\xb5+\xfd\xe6,\x1c\xadmn\xcf\xd5?3|\x0em)\x17\x02 5Z\xcc/\xa5?\n\x04%\x9b{N\x9dX\xddI\xbe\xd2\xb0\xa0\x03BQ\x02\x82\xc2\xe0u)\xbd\xb8\xaf"
# This particular key was generated with:
# $ openssl genrsa -out key.pem 512
# $ openssl rsa -in key.pem -outform DER -out key.der
keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U'
# Invalid key # Invalid key
try: try:
ssl.wrap_socket(io.BytesIO(), key=b"!") ssl.wrap_socket(io.BytesIO(), key=b"!")
@ -31,9 +26,3 @@ try:
ssl.wrap_socket(io.BytesIO(), key=key, cert=b"!") ssl.wrap_socket(io.BytesIO(), key=key, cert=b"!")
except ValueError as er: except ValueError as er:
print(repr(er)) print(repr(er))
# Valid key in PKCS8 format, invalid cert
try:
ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!")
except ValueError as er:
print(repr(er))

View File

@ -1,4 +1,3 @@
ValueError('invalid key',) ValueError('invalid key',)
TypeError("can't convert 'NoneType' object to str implicitly",) TypeError("can't convert 'NoneType' object to str implicitly",)
ValueError('invalid cert',) ValueError('invalid cert',)
ValueError('invalid cert',)

View File

@ -0,0 +1,24 @@
# Test ssl with key/cert passed in
try:
import io
import ssl
except ImportError:
print("SKIP")
raise SystemExit
# Only mbedTLS supports PKCS8 keys.
if not hasattr(ssl, "MBEDTLS_VERSION"):
print("SKIP")
raise SystemExit
# This particular key was generated with:
# $ openssl genrsa -out key.pem 512
# $ openssl rsa -in key.pem -outform DER -out key.der
keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U'
# Valid key in PKCS8 format, invalid cert
try:
ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!")
except ValueError as er:
print(repr(er))

View File

@ -0,0 +1 @@
ValueError('invalid cert',)

View File

@ -1,5 +1,4 @@
# Test ssl.SSLContext.verify_mode attribute. # Test ssl.SSLContext.verify_mode attribute.
# It's not available in the axtls implementation, so has an independent test.
try: try:
import ssl import ssl
@ -7,10 +6,6 @@ except ImportError:
print("SKIP") print("SKIP")
raise SystemExit raise SystemExit
if not hasattr(ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT), "verify_mode"):
print("SKIP")
raise SystemExit
# Test default verify_mode for server (client default is different in MicroPython). # Test default verify_mode for server (client default is different in MicroPython).
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER) ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
print(ctx.verify_mode == ssl.CERT_NONE) print(ctx.verify_mode == ssl.CERT_NONE)
@ -18,7 +13,3 @@ print(ctx.verify_mode == ssl.CERT_NONE)
# Test setting and getting verify_mode. # Test setting and getting verify_mode.
ctx.verify_mode = ssl.CERT_NONE ctx.verify_mode = ssl.CERT_NONE
print(ctx.verify_mode == ssl.CERT_NONE) print(ctx.verify_mode == ssl.CERT_NONE)
ctx.verify_mode = ssl.CERT_OPTIONAL
print(ctx.verify_mode == ssl.CERT_OPTIONAL)
ctx.verify_mode = ssl.CERT_REQUIRED
print(ctx.verify_mode == ssl.CERT_REQUIRED)

View File

@ -0,0 +1,20 @@
# Test ssl.SSLContext.verify_mode attribute, with additional CERT_xxx constants.
# These aren't available in the axtls implementation.
try:
import ssl
except ImportError:
print("SKIP")
raise SystemExit
if not hasattr(ssl, "OPENSSL_VERSION") and not hasattr(ssl, "MBEDTLS_VERSION"):
print("SKIP")
raise SystemExit
ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
# Test setting and getting verify_mode.
ctx.verify_mode = ssl.CERT_OPTIONAL
print(ctx.verify_mode == ssl.CERT_OPTIONAL)
ctx.verify_mode = ssl.CERT_REQUIRED
print(ctx.verify_mode == ssl.CERT_REQUIRED)

View File

@ -2,7 +2,9 @@
try: try:
import tls import tls
except ImportError:
tls.SSLContext.get_ciphers
except (ImportError, AttributeError):
print("SKIP") print("SKIP")
raise SystemExit raise SystemExit