Merge pull request #10029 from gilles-peskine-arm/tls-defragment-generate-tests-3.6 Backport 3.6: Generate TLS handshake defragmentation tests

commit: 134677d44c4e93ca81d07bd39bfd060d5b657193 [log] [tgz]
author: Gilles Peskine <gilles.peskine@arm.com> Wed Mar 05 16:49:21 2025 +0100
committer: GitHub <noreply@github.com> Wed Mar 05 16:49:21 2025 +0100
tree: e30ef37a18591435a5813532ac8a9bb80eeff50c
parent: abb08f10882b762a6e099f14aeaf7aad4bc1be97 [diff]
parent: 2e7def5748299c60896e2db15708b93175692b35 [diff]
diff --git a/framework b/framework
index 523a12d..4a009d4 160000
--- a/framework
+++ b/framework

@@ -1 +1 @@
-Subproject commit 523a12d05b91301b020e2aa560d9774135e3a801
+Subproject commit 4a009d4b3cf6c55a558d90c92c1aa2d1ea2bb99b

diff --git a/scripts/make_generated_files.bat b/scripts/make_generated_files.bat
index 0c15c38..75c2de0 100644
--- a/scripts/make_generated_files.bat
+++ b/scripts/make_generated_files.bat

@@ -28,4 +28,5 @@
 python framework\scripts\generate_psa_tests.py || exit /b 1

 python framework\scripts\generate_test_keys.py --output framework\tests\include\test\test_keys.h || exit /b 1

 python framework\scripts\generate_test_cert_macros.py --output tests\src\test_certs.h || exit /b 1

+python framework\scripts\generate_tls_handshake_tests.py || exit /b 1

 python framework\scripts\generate_tls13_compat_tests.py || exit /b 1


diff --git a/tests/.gitignore b/tests/.gitignore
index 0c58875..10eb873 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore

@@ -18,6 +18,7 @@
 
 ###START_GENERATED_FILES###
 # Generated source files
+/opt-testcases/handshake-generated.sh
 /opt-testcases/tls13-compat.sh
 /suites/*.generated.data
 /suites/test_suite_config.mbedtls_boolean.data

diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 98973c9..aa8ae23 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt

@@ -124,6 +124,24 @@
             # change too often in ways that don't affect the result
             # ((un)commenting some options).
     )
+
+    add_custom_command(
+        OUTPUT
+            ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh
+        WORKING_DIRECTORY
+            ${CMAKE_CURRENT_SOURCE_DIR}/..
+        COMMAND
+            "${MBEDTLS_PYTHON_EXECUTABLE}"
+            "${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py"
+        DEPENDS
+            ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/mbedtls_framework/tls_test_case.py
+            ${CMAKE_CURRENT_SOURCE_DIR}/../framework/scripts/generate_tls_handshake_tests.py
+    )
+    add_custom_target(handshake-generated.sh
+        DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/opt-testcases/handshake-generated.sh)
+    set_target_properties(handshake-generated.sh PROPERTIES EXCLUDE_FROM_ALL NO)
+    add_dependencies(${ssl_opt_target} handshake-generated.sh)
+
     add_custom_command(
         OUTPUT
             ${ecp_generated_data_files}

diff --git a/tests/Makefile b/tests/Makefile
index dd1af15..1fa5dd1 100644
--- a/tests/Makefile
+++ b/tests/Makefile

@@ -58,6 +58,13 @@
 # Generated files needed to (fully) run ssl-opt.sh
 .PHONY: ssl-opt
 
+opt-testcases/handshake-generated.sh: ../framework/scripts/mbedtls_framework/tls_test_case.py
+opt-testcases/handshake-generated.sh: ../framework/scripts/generate_tls_handshake_tests.py
+	echo "  Gen   $@"
+	$(PYTHON) ../framework/scripts/generate_tls_handshake_tests.py -o $@
+GENERATED_FILES += opt-testcases/handshake-generated.sh
+ssl-opt: opt-testcases/handshake-generated.sh
+
 opt-testcases/tls13-compat.sh: ../framework/scripts/generate_tls13_compat_tests.py
 	echo "  Gen   $@"
 	$(PYTHON) ../framework/scripts/generate_tls13_compat_tests.py -o $@

diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index 7201432..7704170 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py

@@ -34,6 +34,13 @@
                           re.DOTALL)
 
     IGNORED_TESTS = {
+        'handshake-generated': [
+            # Temporary disable Handshake defragmentation tests until mbedtls
+            # pr #10011 has been merged.
+            'Handshake defragmentation on client: len=4, TLS 1.2',
+            'Handshake defragmentation on client: len=5, TLS 1.2',
+            'Handshake defragmentation on client: len=13, TLS 1.2'
+        ],
         'ssl-opt': [
             # We don't run ssl-opt.sh with Valgrind on the CI because
             # it's extremely slow. We don't intend to change this.
@@ -53,11 +60,6 @@
             # https://github.com/Mbed-TLS/mbedtls/issues/9581
             'Opaque key for server authentication: invalid key: decrypt with ECC key, no async',
             'Opaque key for server authentication: invalid key: ecdh with RSA key, no async',
-            # Temporary disable Handshake defragmentation tests until mbedtls
-            # pr #10011 has been merged.
-            'Handshake defragmentation on client: len=4, TLS 1.2',
-            'Handshake defragmentation on client: len=5, TLS 1.2',
-            'Handshake defragmentation on client: len=13, TLS 1.2'
         ],
         'test_suite_config.mbedtls_boolean': [
             # We never test with CBC/PKCS5/PKCS12 enabled but

diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index b61c5ac..088f16f 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh

@@ -135,6 +135,7 @@
     check scripts/generate_query_config.pl programs/test/query_config.c
     check scripts/generate_features.pl library/version_features.c
     check framework/scripts/generate_ssl_debug_helpers.py library/ssl_debug_helpers_generated.c
+    check framework/scripts/generate_tls_handshake_tests.py tests/opt-testcases/handshake-generated.sh
     check framework/scripts/generate_tls13_compat_tests.py tests/opt-testcases/tls13-compat.sh
     check framework/scripts/generate_test_cert_macros.py tests/src/test_certs.h
     # generate_visualc_files enumerates source files (library/*.c). It doesn't

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 2645122..fdbe0a9 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh

@@ -14459,516 +14459,7 @@
 
 # Handshake defragmentation testing
 
-# To guarantee that the handhake messages are large enough and need to be split
-# into fragments, the tests require certificate authentication. The party in control
-# of the fragmentation operations is OpenSSL and will always use server5.crt (548 Bytes).
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client (no fragmentation, for reference)" \
-            "$O_NEXT_SRV" \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -C "reassembled record" \
-            -C "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=512, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 512 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -c "waiting for more fragments (512 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=513, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 513 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -c "waiting for more fragments (513 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=256, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 256 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -c "waiting for more fragments (256 of [0-9]\\+"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=128, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 128 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -c "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=64, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 64 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -c "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=36, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 36 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -c "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=32, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 32 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -c "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=16, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 16 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -c "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=13, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=13, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 13 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -c "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=5, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=5, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 5 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -c "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=4, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
-
-skip_next_test
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=4, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 4 " \
-            "$P_CLI debug_level=4 " \
-            0 \
-            -c "reassembled record" \
-            -c "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -c "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on client: len=3, TLS 1.3" \
-            "$O_NEXT_SRV -tls1_3 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
-            1 \
-            -c "=> ssl_tls13_process_server_hello" \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-run_test    "Handshake defragmentation on client: len=3, TLS 1.2" \
-            "$O_NEXT_SRV -tls1_2 -split_send_frag 3 " \
-            "$P_CLI debug_level=4 " \
-            1 \
-            -c "handshake message too short: 3" \
-            -c "SSL - An invalid SSL record was received"
-
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server (no fragmentation, for reference)." \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -S "reassembled record" \
-            -S "waiting for more fragments"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=512, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 512 of [0-9]\\+ msglen 512" \
-            -s "waiting for more fragments (512"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=513, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 513 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 513 of [0-9]\\+ msglen 513" \
-            -s "waiting for more fragments (513"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=256, TLS 1.2" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 256 of [0-9]\\+ msglen 256" \
-            -s "waiting for more fragments (256"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
-
-# Server-side ClientHello defragmentationis only supported for MBEDTLS_SSL_PROTO_TLS1_3. For TLS 1.2 testing
-# the server should suport both protocols and downgrade to client-requested TL1.2 after proccessing the ClientHello.
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=128, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 128 of [0-9]\\+ msglen 128" \
-            -s "waiting for more fragments (128"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=64, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 64 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 64 of [0-9]\\+ msglen 64" \
-            -s "waiting for more fragments (64"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=36, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 36 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 36 of [0-9]\\+ msglen 36" \
-            -s "waiting for more fragments (36"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=32, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 32 of [0-9]\\+ msglen 32" \
-            -s "waiting for more fragments (32"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=16, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 16 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 16 of [0-9]\\+ msglen 16" \
-            -s "waiting for more fragments (16"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=13, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 13 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 13 of [0-9]\\+ msglen 13" \
-            -s "waiting for more fragments (13"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=5, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 5 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 5 of [0-9]\\+ msglen 5" \
-            -s "waiting for more fragments (5"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=4, TLS 1.2  TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            0 \
-            -s "reassembled record" \
-            -s "handshake fragment: 0 \\.\\. 4 of [0-9]\\+ msglen 4" \
-            -s "waiting for more fragments (4"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_3 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"
-
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
-requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
-requires_certificate_authentication
-run_test    "Handshake defragmentation on server: len=3, TLS 1.3 ClientHello -> 1.2 Handshake" \
-            "$P_SRV debug_level=4 auth_mode=required" \
-            "$O_NEXT_CLI -tls1_2 -split_send_frag 3 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
-            1 \
-            -s "<= parse client hello" \
-            -s "handshake message too short: 3" \
-            -s "SSL - An invalid SSL record was received"
+# Most test cases are in opt-testcases/handshake-generated.sh
 
 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
 requires_certificate_authentication
commit	134677d44c4e93ca81d07bd39bfd060d5b657193	[log] [tgz]
author	Gilles Peskine <gilles.peskine@arm.com>	Wed Mar 05 16:49:21 2025 +0100
committer	GitHub <noreply@github.com>	Wed Mar 05 16:49:21 2025 +0100
tree	e30ef37a18591435a5813532ac8a9bb80eeff50c
parent	abb08f10882b762a6e099f14aeaf7aad4bc1be97 [diff]
parent	2e7def5748299c60896e2db15708b93175692b35 [diff]