tests/extmod: Adjust ssl/tls tests to run on targets with axTLS.

Signed-off-by: Damien George <[email protected]>

Author: dpgeorge

tests/extmod/ssl_cadata.py

@@ -10,7 +10,7 @@
 # Invalid cadata.
 try:
     ssl.wrap_socket(io.BytesIO(), cadata=b"!")
-except TypeError:
+except AttributeError:
     # "cadata" keyword argument is not supported by axtls.
     print("SKIP")
     raise SystemExit

tests/extmod/ssl_keycert.py

@@ -9,11 +9,6 @@
 
 key = b"0\x82\x019\x02\x01\x00\x02A\x00\xf9\xe0}\xbd\xd7\x9cI\x18\x06\xc3\xcb\xb5\xec@r\xfbD\x18\x80\xaaWoZ{\xcc\xa3\xeb!\"\x0fY\x9e]-\xee\xe4\t!BY\x9f{7\xf3\xf2\x8f}}\r|.\xa8<\ta\xb2\xd7W\xb3\xc9\x19A\xc39\x02\x03\x01\x00\x01\x02@\x07:\x9fh\xa6\x9c6\xe1#\x10\xf7\x0b\xc4Q\xf9\x01\x9b\xee\xb9\x8a4\r\\\xa8\xc8:\xd5\xca\x97\x99\xaa\x16\x04)\xa8\xf9\x13\xdeq\x0ev`\xa7\x83\xc5\x8b`\xdb\xef \x9d\x93\xe8g\x84\x96\xfaV\\\xf4R\xda\xd0\xa1\x02!\x00\xfeR\xbf\n\x91Su\x87L\x98{\xeb%\xed\xfb\x06u)@\xfe\x1b\xde\xa0\xc6@\xab\xc5\xedg\x8e\x10[\x02!\x00\xfb\x86=\x85\xa4'\xde\x85\xb5L\xe0)\x99\xfaL\x8c3A\x02\xa8<\xdew\xad\x00\xe3\x1d\x05\xd8\xb4N\xfb\x02 \x08\xb0M\x04\x90hx\x88q\xcew\xd5U\xcbf\x9b\x16\xdf\x9c\xef\xd1\x85\xee\x9a7Ug\x02\xb0Z\x03'\x02 9\xa0D\xe2$|\xf9\xefz]5\x92rs\xb5+\xfd\xe6,\x1c\xadmn\xcf\xd5?3|\x0em)\x17\x02 5Z\xcc/\xa5?\n\x04%\x9b{N\x9dX\xddI\xbe\xd2\xb0\xa0\x03BQ\x02\x82\xc2\xe0u)\xbd\xb8\xaf"
 
-# This particular key was generated with:
-# $ openssl genrsa -out key.pem 512
-# $ openssl rsa -in key.pem -outform DER -out key.der
-keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U'
-
 # Invalid key
 try:
     ssl.wrap_socket(io.BytesIO(), key=b"!")
@@ -31,9 +26,3 @@
     ssl.wrap_socket(io.BytesIO(), key=key, cert=b"!")
 except ValueError as er:
     print(repr(er))
-
-# Valid key in PKCS8 format, invalid cert
-try:
-    ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!")
-except ValueError as er:
-    print(repr(er))

tests/extmod/ssl_keycert.py.exp

@@ -1,4 +1,3 @@
 ValueError('invalid key',)
 TypeError("can't convert 'NoneType' object to str implicitly",)
 ValueError('invalid cert',)
-ValueError('invalid cert',)

tests/extmod/ssl_keycert_pkcs8.py

@@ -0,0 +1,24 @@
+# Test ssl with key/cert passed in
+
+try:
+    import io
+    import ssl
+except ImportError:
+    print("SKIP")
+    raise SystemExit
+
+# Only mbedTLS supports PKCS8 keys.
+if not hasattr(ssl, "MBEDTLS_VERSION"):
+    print("SKIP")
+    raise SystemExit
+
+# This particular key was generated with:
+# $ openssl genrsa -out key.pem 512
+# $ openssl rsa -in key.pem -outform DER -out key.der
+keypkcs8 = b'0\x82\x01U\x02\x01\x000\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x04\x82\x01?0\x82\x01;\x02\x01\x00\x02A\x00\xae\x07\xbb\xbf \x8eL\\ G\x91\x1b\xc45\x89\x96\x0c\xca\x94\xa5\xc2%F\x84z\xea\xb2Y\xdd\x943\x1a\xe0\x1e\xfe%\xd3\xbc\x85\xf0\x05\x8eI\xca\x83\x8b\x86\xfd\x15P,\xa9t8\xc2s\x11\x7fk*[[w\xdd\x02\x03\x01\x00\x01\x02@?\x02-\xc7\x95Q\xef\xf3\xaa\xfc>]\x7f<\xa3\x03\xe0\xbd\xb7\xf4\x0b\xc6\xd31D\x0f\x95cT\x06D9\xed\xf0X\xa6\x18\xb4\xe7\x96\x8f\x91\xd6\xd7\xbfR\\V\xfd\x0e{\xd3\xa4e\xb4M\x01\xbb\xdf\xf1\xf0\xbcEA\x02!\x00\xd5\xd7f\xcc\x84\xf5Y&\xa7]\x00\x91\xc9\x8e\xb0\xf37\x108D\x7f&!JJ\x836\x83\x9f\n\xf2\x0f\x02!\x00\xd0W\x0ec\xa6\x86C\xf7\x8d\xbe\xf0\xbc2\xe3)|\xbb\xd6\xbb;\xb2\xafG\x05S\x0f-\x14X\n3S\x02 A\xf5\xb20\xcd\xa6<<\x8f\rA\xda\xb68<^\x99\x12x\xb8\xb0\x1b\x9b\xd3%\x8e\xb9\xa6\xf9\xcc\xcf\x83\x02!\x00\xa8.\xee\xdd\xc0\xeb8h\xda\x13^\xb0\xfe\x7fd\xd9]\xa5m\xc66k\xcap`\xe9\xaaav\xe4\xdd#\x02!\x00\xd1\xd0\x93\xe7wZ\xe0p\xd0M\x07\x9e\x13\xa7\xa7\x12\x95\x1e\x13h0O\xc0\x18\x1fa\x10")\x9f&U'
+
+# Valid key in PKCS8 format, invalid cert
+try:
+    ssl.wrap_socket(io.BytesIO(), key=keypkcs8, cert=b"!")
+except ValueError as er:
+    print(repr(er))

tests/extmod/ssl_keycert_pkcs8.py.exp

@@ -0,0 +1 @@
+ValueError('invalid cert',)

tests/extmod/ssl_sslcontext_verify_mode.py

@@ -1,24 +1,15 @@
 # Test ssl.SSLContext.verify_mode attribute.
-# It's not available in the axtls implementation, so has an independent test.
 
 try:
     import ssl
 except ImportError:
     print("SKIP")
     raise SystemExit
 
-if not hasattr(ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT), "verify_mode"):
-    print("SKIP")
-    raise SystemExit
-
 # Test default verify_mode for server (client default is different in MicroPython).
 ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
 print(ctx.verify_mode == ssl.CERT_NONE)
 
 # Test setting and getting verify_mode.
 ctx.verify_mode = ssl.CERT_NONE
 print(ctx.verify_mode == ssl.CERT_NONE)
-ctx.verify_mode = ssl.CERT_OPTIONAL
-print(ctx.verify_mode == ssl.CERT_OPTIONAL)
-ctx.verify_mode = ssl.CERT_REQUIRED
-print(ctx.verify_mode == ssl.CERT_REQUIRED)

tests/extmod/ssl_sslcontext_verify_mode2.py

@@ -0,0 +1,20 @@
+# Test ssl.SSLContext.verify_mode attribute, with additional CERT_xxx constants.
+# These aren't available in the axtls implementation.
+
+try:
+    import ssl
+except ImportError:
+    print("SKIP")
+    raise SystemExit
+
+if not hasattr(ssl, "OPENSSL_VERSION") and not hasattr(ssl, "MBEDTLS_VERSION"):
+    print("SKIP")
+    raise SystemExit
+
+ctx = ssl.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+
+# Test setting and getting verify_mode.
+ctx.verify_mode = ssl.CERT_OPTIONAL
+print(ctx.verify_mode == ssl.CERT_OPTIONAL)
+ctx.verify_mode = ssl.CERT_REQUIRED
+print(ctx.verify_mode == ssl.CERT_REQUIRED)

tests/extmod/tls_sslcontext_ciphers.py

@@ -2,7 +2,9 @@
 
 try:
     import tls
-except ImportError:
+
+    tls.SSLContext.get_ciphers
+except (ImportError, AttributeError):
     print("SKIP")
     raise SystemExit