TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / f8bdbb5d621b4c5be38077d51b2ea2af4b3ccca9 / . / tests / ssl-opt.sh
blob: 2b9f6126615c9899449661493e87b8398b077e34 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
12SRV_CMD="$PROGS_DIR/ssl_server2"
13CLI_CMD="$PROGS_DIR/ssl_client2"
14
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]15# print_name <name>
16print_name() {
17 echo -n "$1 "
18 LEN=`echo "$1" | wc -c`
19 LEN=`echo 72 - $LEN | bc`
20 for i in `seq 1 $LEN`; do echo -n '.'; done
21 echo -n ' '
22}
23
24# fail <message>
25fail() {
26 echo "FAIL"
27 echo " $1"
28}
29
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]30# Usage: run_test name srv_args cli_args cli_exit [option [...]]
31# Options: -s pattern pattern that must be present in server output
32# -c pattern pattern that must be present in client output
33# -S pattern pattern that must be absent in server output
34# -C pattern pattern that must be absent in client output
35run_test() {
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]36 print_name "$1"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]37 shift
38
39 # run the commands
40 $SRV_CMD $1 > srv_out &
41 SRV_PID=$!
42 sleep 1
43 $CLI_CMD $2 > cli_out
44 CLI_EXIT=$?
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]45 echo SERVERQUIT | openssl s_client -no_ticket >/dev/null 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]46 wait $SRV_PID
47 shift 2
48
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]49 # check server exit code
50 if [ $? != 0 ]; then
51 fail "server fail"
52 return
53 fi
54
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]55 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]56 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
57 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
58 then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]59 fail "client exit"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]60 return
61 fi
62 shift
63
64 # check options
65 while [ $# -gt 0 ]
66 do
67 case $1 in
68 "-s")
69 if grep "$2" srv_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]70 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]71 return
72 fi
73 ;;
74
75 "-c")
76 if grep "$2" cli_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]77 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]78 return
79 fi
80 ;;
81
82 "-S")
83 if grep "$2" srv_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]84 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]85 return
86 fi
87 ;;
88
89 "-C")
90 if grep "$2" cli_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame^]91 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]92 return
93 fi
94 ;;
95
96 *)
97 echo "Unkown test: $1" >&2
98 exit 1
99 esac
100 shift 2
101 done
102
103 # if we're here, everything is ok
104 echo "PASS"
105 rm -r srv_out cli_out
106}
107
108killall -q openssl ssl_server ssl_server2
109
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]110# Tests for Truncated HMAC extension
111
112run_test "Truncated HMAC #0" \
113 "debug_level=5" \
114 "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
115 0 \
116 -s "dumping 'computed mac' (20 bytes)"
117
118run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]119 "debug_level=5" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]120 "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]121 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]122 -s "dumping 'computed mac' (10 bytes)"
123
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]124# Tests for Session Tickets
125
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]126run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]127 "debug_level=4 tickets=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]128 "debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]129 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]130 -c "client hello, adding session ticket extension" \
131 -s "found session ticket extension" \
132 -s "server hello, adding session ticket extension" \
133 -c "found session_ticket extension" \
134 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]135 -S "session successfully restored from cache" \
136 -s "session successfully restored from ticket" \
137 -s "a session has been resumed" \
138 -c "a session has been resumed"
139
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]140run_test "Session resume using tickets #2" \
141 "debug_level=4 tickets=1 cache_max=0" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]142 "debug_level=4 tickets=1 reconnect=1" \
143 0 \
144 -c "client hello, adding session ticket extension" \
145 -s "found session ticket extension" \
146 -s "server hello, adding session ticket extension" \
147 -c "found session_ticket extension" \
148 -c "parse new session ticket" \
149 -S "session successfully restored from cache" \
150 -s "session successfully restored from ticket" \
151 -s "a session has been resumed" \
152 -c "a session has been resumed"
153
154run_test "Session resume using tickets #3" \
155 "debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
156 "debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
157 0 \
158 -c "client hello, adding session ticket extension" \
159 -s "found session ticket extension" \
160 -s "server hello, adding session ticket extension" \
161 -c "found session_ticket extension" \
162 -c "parse new session ticket" \
163 -S "session successfully restored from cache" \
164 -S "session successfully restored from ticket" \
165 -S "a session has been resumed" \
166 -C "a session has been resumed"
167
168run_test "Session resume using tickets #4" \
169 "debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
170 "debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]171 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]172 -c "client hello, adding session ticket extension" \
173 -s "found session ticket extension" \
174 -s "server hello, adding session ticket extension" \
175 -c "found session_ticket extension" \
176 -c "parse new session ticket" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]177 -S "session successfully restored from cache" \
178 -s "session successfully restored from ticket" \
179 -s "a session has been resumed" \
180 -c "a session has been resumed"
181
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]182# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]183
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]184run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]185 "debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]186 "debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]187 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]188 -c "client hello, adding session ticket extension" \
189 -s "found session ticket extension" \
190 -S "server hello, adding session ticket extension" \
191 -C "found session_ticket extension" \
192 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]193 -s "session successfully restored from cache" \
194 -S "session successfully restored from ticket" \
195 -s "a session has been resumed" \
196 -c "a session has been resumed"
197
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]198run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]199 "debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]200 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]201 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]202 -C "client hello, adding session ticket extension" \
203 -S "found session ticket extension" \
204 -S "server hello, adding session ticket extension" \
205 -C "found session_ticket extension" \
206 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]207 -s "session successfully restored from cache" \
208 -S "session successfully restored from ticket" \
209 -s "a session has been resumed" \
210 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]211
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]212run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]213 "debug_level=4 tickets=0 cache_max=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]214 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]215 0 \
216 -S "session successfully restored from cache" \
217 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]218 -S "a session has been resumed" \
219 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]220
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]221run_test "Session resume using cache #4 (cache_max=1)" \
222 "debug_level=4 tickets=0 cache_max=1" \
223 "debug_level=4 tickets=0 reconnect=1" \
224 0 \
225 -s "session successfully restored from cache" \
226 -S "session successfully restored from ticket" \
227 -s "a session has been resumed" \
228 -c "a session has been resumed"
229
230run_test "Session resume using cache #5 (timemout > delay)" \
231 "debug_level=4 tickets=0 cache_timeout=1" \
232 "debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
233 0 \
234 -s "session successfully restored from cache" \
235 -S "session successfully restored from ticket" \
236 -s "a session has been resumed" \
237 -c "a session has been resumed"
238
239run_test "Session resume using cache #6 (timeout < delay)" \
240 "debug_level=4 tickets=0 cache_timeout=1" \
241 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
242 0 \
243 -S "session successfully restored from cache" \
244 -S "session successfully restored from ticket" \
245 -S "a session has been resumed" \
246 -C "a session has been resumed"
247
248run_test "Session resume using cache #7 (no timeout)" \
249 "debug_level=4 tickets=0 cache_timeout=0" \
250 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]251 0 \
252 -s "session successfully restored from cache" \
253 -S "session successfully restored from ticket" \
254 -s "a session has been resumed" \
255 -c "a session has been resumed"
256
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]257# Tests for Max Fragment Length extension
258
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]259run_test "Max fragment length #1" \
260 "debug_level=4" \
261 "debug_level=4" \
262 0 \
263 -C "client hello, adding max_fragment_length extension" \
264 -S "found max fragment length extension" \
265 -S "server hello, max_fragment_length extension" \
266 -C "found max_fragment_length extension"
267
268run_test "Max fragment length #2" \
269 "debug_level=4" \
270 "debug_level=4 max_frag_len=4096" \
271 0 \
272 -c "client hello, adding max_fragment_length extension" \
273 -s "found max fragment length extension" \
274 -s "server hello, max_fragment_length extension" \
275 -c "found max_fragment_length extension"
276
277run_test "Max fragment length #3" \
278 "debug_level=4 max_frag_len=4096" \
279 "debug_level=4" \
280 0 \
281 -C "client hello, adding max_fragment_length extension" \
282 -S "found max fragment length extension" \
283 -S "server hello, max_fragment_length extension" \
284 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]285
286# Tests for renegotiation
287
288run_test "Renegotiation #0 (none)" \
289 "debug_level=4" \
290 "debug_level=4" \
291 0 \
292 -C "client hello, adding renegotiation extension" \
293 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
294 -S "found renegotiation extension" \
295 -s "server hello, secure renegotiation extension" \
296 -c "found renegotiation extension" \
297 -C "renegotiate" \
298 -S "renegotiate" \
299 -S "write hello request"
300
301run_test "Renegotiation #1 (enabled, client-initiated)" \
302 "debug_level=4" \
303 "debug_level=4 renegotiate=1" \
304 0 \
305 -c "client hello, adding renegotiation extension" \
306 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
307 -s "found renegotiation extension" \
308 -s "server hello, secure renegotiation extension" \
309 -c "found renegotiation extension" \
310 -c "renegotiate" \
311 -s "renegotiate" \
312 -S "write hello request"
313
314run_test "Renegotiation #2 (enabled, server-initiated)" \
315 "debug_level=4 renegotiate=1" \
316 "debug_level=4" \
317 0 \
318 -c "client hello, adding renegotiation extension" \
319 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
320 -s "found renegotiation extension" \
321 -s "server hello, secure renegotiation extension" \
322 -c "found renegotiation extension" \
323 -c "renegotiate" \
324 -s "renegotiate" \
325 -s "write hello request"
326
327run_test "Renegotiation #3 (enabled, double)" \
328 "debug_level=4 renegotiate=1" \
329 "debug_level=4 renegotiate=1" \
330 0 \
331 -c "client hello, adding renegotiation extension" \
332 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
333 -s "found renegotiation extension" \
334 -s "server hello, secure renegotiation extension" \
335 -c "found renegotiation extension" \
336 -c "renegotiate" \
337 -s "renegotiate" \
338 -s "write hello request"
339
340run_test "Renegotiation #4 (client-initiated, server-rejected)" \
341 "debug_level=4 renegotiation=0" \
342 "debug_level=4 renegotiate=1" \
343 1 \
344 -c "client hello, adding renegotiation extension" \
345 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
346 -S "found renegotiation extension" \
347 -s "server hello, secure renegotiation extension" \
348 -c "found renegotiation extension" \
349 -c "renegotiate" \
350 -S "renegotiate" \
351 -S "write hello request"
352
353run_test "Renegotiation #5 (server-initiated, client-rejected)" \
354 "debug_level=4 renegotiate=1" \
355 "debug_level=4 renegotiation=0" \
356 0 \
357 -C "client hello, adding renegotiation extension" \
358 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
359 -S "found renegotiation extension" \
360 -s "server hello, secure renegotiation extension" \
361 -c "found renegotiation extension" \
362 -C "renegotiate" \
363 -S "renegotiate" \
364 -s "write hello request" \
365 -s "SSL - An unexpected message was received from our peer" \
366 -s "failed"