TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / d6e4454de8bfafc0dfa6992a0b9fb6d148207269 / . / tests / ssl-opt.sh
blob: 1434156ec66c563237ae9b1d4c28fd92fa774e7c [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
Simon Butcher58eddef2016-05-19 23:43:11 +0100[diff] [blame]3# ssl-opt.sh
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]4#
Simon Butcher58eddef2016-05-19 23:43:11 +0100[diff] [blame]5# This file is part of mbed TLS (https://tls.mbed.org)
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]6#
Simon Butcher58eddef2016-05-19 23:43:11 +0100[diff] [blame]7# Copyright (c) 2016, ARM Limited, All Rights Reserved
8#
9# Purpose
10#
11# Executes tests to prove various TLS/SSL options and extensions.
12#
13# The goal is not to cover every ciphersuite/version, but instead to cover
14# specific options (max fragment length, truncated hmac, etc) or procedures
15# (session resumption from cache or ticket, renego, etc).
16#
17# The tests assume a build with default options, with exceptions expressed
18# with a dependency. The tests focus on functionality and do not consider
19# performance.
20#
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]21
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]22set -u
23
Jaeden Amero34730912019-07-03 13:51:04 +0100[diff] [blame]24# Limit the size of each log to 10 GiB, in case of failures with this script
25# where it may output seemingly unlimited length error logs.
26ulimit -f 20971520
27
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]28# default values, can be overridden by the environment
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]29: ${P_SRV:=../programs/ssl/ssl_server2}
30: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]31: ${P_PXY:=../programs/test/udp_proxy}
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]32: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]33: ${GNUTLS_CLI:=gnutls-cli}
34: ${GNUTLS_SERV:=gnutls-serv}
Gilles Peskined50177f2017-05-16 17:53:03 +0200[diff] [blame]35: ${PERL:=perl}
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]36
Manuel Pégourié-Gonnardfa60f122014-09-26 16:07:29 +0200[diff] [blame]37O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]38O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]39G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
Manuel Pégourié-Gonnard179c2272020-02-03 15:37:47 +0100[diff] [blame]40G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12u.crt"
Gilles Peskined50177f2017-05-16 17:53:03 +0200[diff] [blame]41TCP_CLIENT="$PERL scripts/tcp_client.pl"
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]42
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]43TESTS=0
44FAILS=0
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]45SKIPS=0
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]46
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]47CONFIG_H='../include/mbedtls/config.h'
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]48
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]49MEMCHECK=0
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]50FILTER='.*'
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]51EXCLUDE='^$'
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]52
Paul Bakkere20310a2016-05-10 11:18:17 +0100[diff] [blame]53SHOW_TEST_NUMBER=0
Paul Bakkerb7584a52016-05-10 10:50:43 +0100[diff] [blame]54RUN_TEST_NUMBER=''
55
Paul Bakkeracaac852016-05-10 11:47:13 +0100[diff] [blame]56PRESERVE_LOGS=0
57
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200[diff] [blame]58# Pick a "unique" server port in the range 10000-19999, and a proxy
59# port which is this plus 10000. Each port number may be independently
60# overridden by a command line option.
61SRV_PORT=$(($$ % 10000 + 10000))
62PXY_PORT=$((SRV_PORT + 10000))
63
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]64print_usage() {
65 echo "Usage: $0 [options]"
Manuel Pégourié-Gonnardf46f1282014-12-11 11:51:28 +0100[diff] [blame]66 printf " -h|--help\tPrint this help.\n"
67 printf " -m|--memcheck\tCheck memory leaks and errors.\n"
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200[diff] [blame]68 printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
69 printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
Paul Bakkerb7584a52016-05-10 10:50:43 +0100[diff] [blame]70 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
Paul Bakkere20310a2016-05-10 11:18:17 +0100[diff] [blame]71 printf " -s|--show-numbers\tShow test numbers in front of test names\n"
Paul Bakkeracaac852016-05-10 11:47:13 +0100[diff] [blame]72 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200[diff] [blame]73 printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n"
74 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
Andres AGf04f54d2016-10-10 15:46:20 +0100[diff] [blame]75 printf " --seed\tInteger seed value to use for this test run\n"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]76}
77
78get_options() {
79 while [ $# -gt 0 ]; do
80 case "$1" in
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]81 -f|--filter)
82 shift; FILTER=$1
83 ;;
84 -e|--exclude)
85 shift; EXCLUDE=$1
86 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]87 -m|--memcheck)
88 MEMCHECK=1
89 ;;
Paul Bakkerb7584a52016-05-10 10:50:43 +0100[diff] [blame]90 -n|--number)
91 shift; RUN_TEST_NUMBER=$1
92 ;;
Paul Bakkere20310a2016-05-10 11:18:17 +0100[diff] [blame]93 -s|--show-numbers)
94 SHOW_TEST_NUMBER=1
95 ;;
Paul Bakkeracaac852016-05-10 11:47:13 +0100[diff] [blame]96 -p|--preserve-logs)
97 PRESERVE_LOGS=1
98 ;;
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200[diff] [blame]99 --port)
100 shift; SRV_PORT=$1
101 ;;
102 --proxy-port)
103 shift; PXY_PORT=$1
104 ;;
Andres AGf04f54d2016-10-10 15:46:20 +0100[diff] [blame]105 --seed)
106 shift; SEED="$1"
107 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]108 -h|--help)
109 print_usage
110 exit 0
111 ;;
112 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]113 echo "Unknown argument: '$1'"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]114 print_usage
115 exit 1
116 ;;
117 esac
118 shift
119 done
120}
121
Manuel Pégourié-Gonnard988209f2015-03-24 10:43:55 +0100[diff] [blame]122# skip next test if the flag is not enabled in config.h
123requires_config_enabled() {
124 if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
125 SKIP_NEXT="YES"
126 fi
127}
128
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200[diff] [blame]129# skip next test if the flag is enabled in config.h
130requires_config_disabled() {
131 if grep "^#define $1" $CONFIG_H > /dev/null; then
132 SKIP_NEXT="YES"
133 fi
134}
135
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]136# skip next test if OpenSSL doesn't support FALLBACK_SCSV
137requires_openssl_with_fallback_scsv() {
138 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
139 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
140 then
141 OPENSSL_HAS_FBSCSV="YES"
142 else
143 OPENSSL_HAS_FBSCSV="NO"
144 fi
145 fi
146 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
147 SKIP_NEXT="YES"
148 fi
149}
150
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]151# skip next test if GnuTLS isn't available
152requires_gnutls() {
153 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
Manuel Pégourié-Gonnard03db6b02015-06-26 15:45:30 +0200[diff] [blame]154 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]155 GNUTLS_AVAILABLE="YES"
156 else
157 GNUTLS_AVAILABLE="NO"
158 fi
159 fi
160 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
161 SKIP_NEXT="YES"
162 fi
163}
164
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]165# skip next test if IPv6 isn't available on this host
166requires_ipv6() {
167 if [ -z "${HAS_IPV6:-}" ]; then
168 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
169 SRV_PID=$!
170 sleep 1
171 kill $SRV_PID >/dev/null 2>&1
172 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
173 HAS_IPV6="NO"
174 else
175 HAS_IPV6="YES"
176 fi
177 rm -r $SRV_OUT
178 fi
179
180 if [ "$HAS_IPV6" = "NO" ]; then
181 SKIP_NEXT="YES"
182 fi
183}
184
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]185# skip the next test if valgrind is in use
186not_with_valgrind() {
187 if [ "$MEMCHECK" -gt 0 ]; then
188 SKIP_NEXT="YES"
189 fi
190}
191
Paul Bakker362689d2016-05-13 10:33:25 +0100[diff] [blame]192# skip the next test if valgrind is NOT in use
193only_with_valgrind() {
194 if [ "$MEMCHECK" -eq 0 ]; then
195 SKIP_NEXT="YES"
196 fi
197}
198
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200[diff] [blame]199# multiply the client timeout delay by the given factor for the next test
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]200client_needs_more_time() {
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200[diff] [blame]201 CLI_DELAY_FACTOR=$1
202}
203
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]204# wait for the given seconds after the client finished in the next test
205server_needs_more_time() {
206 SRV_DELAY_SECONDS=$1
207}
208
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]209# print_name <name>
210print_name() {
Paul Bakkere20310a2016-05-10 11:18:17 +0100[diff] [blame]211 TESTS=$(( $TESTS + 1 ))
212 LINE=""
213
214 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
215 LINE="$TESTS "
216 fi
217
218 LINE="$LINE$1"
219 printf "$LINE "
220 LEN=$(( 72 - `echo "$LINE" | wc -c` ))
Manuel Pégourié-Gonnardf46f1282014-12-11 11:51:28 +0100[diff] [blame]221 for i in `seq 1 $LEN`; do printf '.'; done
222 printf ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]223
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]224}
225
226# fail <message>
227fail() {
228 echo "FAIL"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]229 echo " ! $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]230
Manuel Pégourié-Gonnardc2b00922014-08-31 16:46:04 +0200[diff] [blame]231 mv $SRV_OUT o-srv-${TESTS}.log
232 mv $CLI_OUT o-cli-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]233 if [ -n "$PXY_CMD" ]; then
234 mv $PXY_OUT o-pxy-${TESTS}.log
235 fi
236 echo " ! outputs saved to o-XXX-${TESTS}.log"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]237
Azim Khan03da1212018-03-29 11:04:20 +0100[diff] [blame]238 if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +0200[diff] [blame]239 echo " ! server output:"
240 cat o-srv-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]241 echo " ! ========================================================"
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +0200[diff] [blame]242 echo " ! client output:"
243 cat o-cli-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]244 if [ -n "$PXY_CMD" ]; then
245 echo " ! ========================================================"
246 echo " ! proxy output:"
247 cat o-pxy-${TESTS}.log
248 fi
249 echo ""
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +0200[diff] [blame]250 fi
251
Manuel Pégourié-Gonnard72e51ee2014-08-31 10:22:11 +0200[diff] [blame]252 FAILS=$(( $FAILS + 1 ))
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]253}
254
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]255# is_polar <cmd_line>
256is_polar() {
257 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
258}
259
Manuel Pégourié-Gonnardfa60f122014-09-26 16:07:29 +0200[diff] [blame]260# openssl s_server doesn't have -www with DTLS
261check_osrv_dtls() {
262 if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
263 NEEDS_INPUT=1
264 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
265 else
266 NEEDS_INPUT=0
267 fi
268}
269
270# provide input to commands that need it
271provide_input() {
272 if [ $NEEDS_INPUT -eq 0 ]; then
273 return
274 fi
275
276 while true; do
277 echo "HTTP/1.0 200 OK"
278 sleep 1
279 done
280}
281
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]282# has_mem_err <log_file_name>
283has_mem_err() {
284 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
285 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
286 then
287 return 1 # false: does not have errors
288 else
289 return 0 # true: has errors
290 fi
291}
292
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]293# Wait for process $2 named $3 to be listening on port $1. Print error to $4.
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]294if type lsof >/dev/null 2>/dev/null; then
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]295 wait_app_start() {
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]296 START_TIME=$(date +%s)
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]297 if [ "$DTLS" -eq 1 ]; then
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]298 proto=UDP
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]299 else
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]300 proto=TCP
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]301 fi
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]302 # Make a tight loop, server normally takes less than 1s to start.
303 while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
304 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]305 echo "$3 START TIMEOUT"
306 echo "$3 START TIMEOUT" >> $4
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]307 break
308 fi
309 # Linux and *BSD support decimal arguments to sleep. On other
310 # OSes this may be a tight loop.
311 sleep 0.1 2>/dev/null || true
312 done
313 }
314else
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]315 echo "Warning: lsof not available, wait_app_start = sleep"
316 wait_app_start() {
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]317 sleep "$START_DELAY"
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]318 }
319fi
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]320
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]321# Wait for server process $2 to be listening on port $1.
322wait_server_start() {
323 wait_app_start $1 $2 "SERVER" $SRV_OUT
324}
325
326# Wait for proxy process $2 to be listening on port $1.
327wait_proxy_start() {
328 wait_app_start $1 $2 "PROXY" $PXY_OUT
329}
330
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +0100[diff] [blame]331# Given the client or server debug output, parse the unix timestamp that is
Andres Amaya Garcia3b1bdff2017-09-14 12:41:29 +0100[diff] [blame]332# included in the first 4 bytes of the random bytes and check that it's within
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +0100[diff] [blame]333# acceptable bounds
334check_server_hello_time() {
335 # Extract the time from the debug (lvl 3) output of the client
Andres Amaya Garcia67d8da52017-09-15 15:49:24 +0100[diff] [blame]336 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +0100[diff] [blame]337 # Get the Unix timestamp for now
338 CUR_TIME=$(date +'%s')
339 THRESHOLD_IN_SECS=300
340
341 # Check if the ServerHello time was printed
342 if [ -z "$SERVER_HELLO_TIME" ]; then
343 return 1
344 fi
345
346 # Check the time in ServerHello is within acceptable bounds
347 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
348 # The time in ServerHello is at least 5 minutes before now
349 return 1
350 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
Andres Amaya Garcia3b1bdff2017-09-14 12:41:29 +0100[diff] [blame]351 # The time in ServerHello is at least 5 minutes later than now
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +0100[diff] [blame]352 return 1
353 else
354 return 0
355 fi
356}
357
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +0200[diff] [blame]358# wait for client to terminate and set CLI_EXIT
359# must be called right after starting the client
360wait_client_done() {
361 CLI_PID=$!
362
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200[diff] [blame]363 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
364 CLI_DELAY_FACTOR=1
365
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +0200[diff] [blame]366 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +0200[diff] [blame]367 DOG_PID=$!
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +0200[diff] [blame]368
369 wait $CLI_PID
370 CLI_EXIT=$?
371
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +0200[diff] [blame]372 kill $DOG_PID >/dev/null 2>&1
373 wait $DOG_PID
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +0200[diff] [blame]374
375 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]376
377 sleep $SRV_DELAY_SECONDS
378 SRV_DELAY_SECONDS=0
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +0200[diff] [blame]379}
380
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]381# check if the given command uses dtls and sets global variable DTLS
382detect_dtls() {
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]383 if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]384 DTLS=1
385 else
386 DTLS=0
387 fi
388}
389
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]390# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]391# Options: -s pattern pattern that must be present in server output
392# -c pattern pattern that must be present in client output
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]393# -u pattern lines after pattern must be unique in client output
Andres Amaya Garcia93993de2017-09-06 15:38:07 +0100[diff] [blame]394# -f call shell function on client output
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]395# -S pattern pattern that must be absent in server output
396# -C pattern pattern that must be absent in client output
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]397# -U pattern lines after pattern must be unique in server output
Andres Amaya Garcia93993de2017-09-06 15:38:07 +0100[diff] [blame]398# -F call shell function on server output
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]399run_test() {
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]400 NAME="$1"
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]401 shift 1
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]402
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]403 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
404 else
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +0200[diff] [blame]405 SKIP_NEXT="NO"
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]406 return
407 fi
408
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]409 print_name "$NAME"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]410
Paul Bakkerb7584a52016-05-10 10:50:43 +0100[diff] [blame]411 # Do we only run numbered tests?
412 if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
413 elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
414 else
415 SKIP_NEXT="YES"
416 fi
417
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]418 # should we skip?
419 if [ "X$SKIP_NEXT" = "XYES" ]; then
420 SKIP_NEXT="NO"
421 echo "SKIP"
Manuel Pégourié-Gonnard72e51ee2014-08-31 10:22:11 +0200[diff] [blame]422 SKIPS=$(( $SKIPS + 1 ))
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]423 return
424 fi
425
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]426 # does this test use a proxy?
427 if [ "X$1" = "X-p" ]; then
428 PXY_CMD="$2"
429 shift 2
430 else
431 PXY_CMD=""
432 fi
433
434 # get commands and client output
435 SRV_CMD="$1"
436 CLI_CMD="$2"
437 CLI_EXPECT="$3"
438 shift 3
439
440 # fix client port
441 if [ -n "$PXY_CMD" ]; then
442 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
443 else
444 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
445 fi
446
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]447 # update DTLS variable
448 detect_dtls "$SRV_CMD"
449
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]450 # prepend valgrind to our commands if active
451 if [ "$MEMCHECK" -gt 0 ]; then
452 if is_polar "$SRV_CMD"; then
453 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
454 fi
455 if is_polar "$CLI_CMD"; then
456 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
457 fi
458 fi
459
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +0200[diff] [blame]460 TIMES_LEFT=2
461 while [ $TIMES_LEFT -gt 0 ]; do
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]462 TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +0200[diff] [blame]463
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]464 # run the commands
465 if [ -n "$PXY_CMD" ]; then
466 echo "$PXY_CMD" > $PXY_OUT
467 $PXY_CMD >> $PXY_OUT 2>&1 &
468 PXY_PID=$!
Unknownb86bcb42019-09-02 10:42:57 -0400[diff] [blame]469 wait_proxy_start "$PXY_PORT" "$PXY_PID"
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]470 fi
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]471
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]472 check_osrv_dtls
473 echo "$SRV_CMD" > $SRV_OUT
474 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
475 SRV_PID=$!
Gilles Peskine418b5362017-12-14 18:58:42 +0100[diff] [blame]476 wait_server_start "$SRV_PORT" "$SRV_PID"
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +0200[diff] [blame]477
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]478 echo "$CLI_CMD" > $CLI_OUT
479 eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
480 wait_client_done
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100[diff] [blame]481
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]482 # terminate the server (and the proxy)
483 kill $SRV_PID
484 wait $SRV_PID
485 if [ -n "$PXY_CMD" ]; then
486 kill $PXY_PID >/dev/null 2>&1
487 wait $PXY_PID
488 fi
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]489
Manuel Pégourié-Gonnardab5f7b42015-08-04 21:01:37 +0200[diff] [blame]490 # retry only on timeouts
491 if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
492 printf "RETRY "
493 else
494 TIMES_LEFT=0
495 fi
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +0200[diff] [blame]496 done
497
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]498 # check if the client and server went at least to the handshake stage
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]499 # (useful to avoid tests with only negative assertions and non-zero
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]500 # expected client exit to incorrectly succeed in case of catastrophic
501 # failure)
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]502 if is_polar "$SRV_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]503 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]504 else
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]505 fail "server or client failed to reach handshake stage"
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]506 return
507 fi
508 fi
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]509 if is_polar "$CLI_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]510 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]511 else
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]512 fail "server or client failed to reach handshake stage"
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]513 return
514 fi
515 fi
516
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]517 # check server exit code
518 if [ $? != 0 ]; then
519 fail "server fail"
520 return
521 fi
522
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]523 # check client exit code
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]524 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
525 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]526 then
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]527 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]528 return
529 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]530
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]531 # check other assertions
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]532 # lines beginning with == are added by valgrind, ignore them
Paul Bakker1f650922016-05-13 10:16:46 +0100[diff] [blame]533 # lines with 'Serious error when reading debug info', are valgrind issues as well
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]534 while [ $# -gt 0 ]
535 do
536 case $1 in
537 "-s")
Paul Bakker1f650922016-05-13 10:16:46 +0100[diff] [blame]538 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]539 fail "pattern '$2' MUST be present in the Server output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]540 return
541 fi
542 ;;
543
544 "-c")
Paul Bakker1f650922016-05-13 10:16:46 +0100[diff] [blame]545 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]546 fail "pattern '$2' MUST be present in the Client output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]547 return
548 fi
549 ;;
550
551 "-S")
Paul Bakker1f650922016-05-13 10:16:46 +0100[diff] [blame]552 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]553 fail "pattern '$2' MUST NOT be present in the Server output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]554 return
555 fi
556 ;;
557
558 "-C")
Paul Bakker1f650922016-05-13 10:16:46 +0100[diff] [blame]559 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]560 fail "pattern '$2' MUST NOT be present in the Client output"
561 return
562 fi
563 ;;
564
565 # The filtering in the following two options (-u and -U) do the following
566 # - ignore valgrind output
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]567 # - filter out everything but lines right after the pattern occurrences
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]568 # - keep one of each non-unique line
569 # - count how many lines remain
570 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
571 # if there were no duplicates.
572 "-U")
573 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
574 fail "lines following pattern '$2' must be unique in Server output"
575 return
576 fi
577 ;;
578
579 "-u")
580 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
581 fail "lines following pattern '$2' must be unique in Client output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]582 return
583 fi
584 ;;
Andres Amaya Garcia93993de2017-09-06 15:38:07 +0100[diff] [blame]585 "-F")
586 if ! $2 "$SRV_OUT"; then
587 fail "function call to '$2' failed on Server output"
588 return
589 fi
590 ;;
591 "-f")
592 if ! $2 "$CLI_OUT"; then
593 fail "function call to '$2' failed on Client output"
594 return
595 fi
596 ;;
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]597
598 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]599 echo "Unknown test: $1" >&2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]600 exit 1
601 esac
602 shift 2
603 done
604
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]605 # check valgrind's results
606 if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]607 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]608 fail "Server has memory errors"
609 return
610 fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]611 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]612 fail "Client has memory errors"
613 return
614 fi
615 fi
616
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]617 # if we're here, everything is ok
618 echo "PASS"
Paul Bakkeracaac852016-05-10 11:47:13 +0100[diff] [blame]619 if [ "$PRESERVE_LOGS" -gt 0 ]; then
620 mv $SRV_OUT o-srv-${TESTS}.log
621 mv $CLI_OUT o-cli-${TESTS}.log
Hanno Beckerdc6c0e42018-08-20 12:21:35 +0100[diff] [blame]622 if [ -n "$PXY_CMD" ]; then
623 mv $PXY_OUT o-pxy-${TESTS}.log
624 fi
Paul Bakkeracaac852016-05-10 11:47:13 +0100[diff] [blame]625 fi
626
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]627 rm -f $SRV_OUT $CLI_OUT $PXY_OUT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]628}
629
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]630cleanup() {
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]631 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +0200[diff] [blame]632 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
633 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
634 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
635 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]636 exit 1
637}
638
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]639#
640# MAIN
641#
642
Manuel Pégourié-Gonnard19db8ea2015-03-10 13:41:04 +0000[diff] [blame]643if cd $( dirname $0 ); then :; else
644 echo "cd $( dirname $0 ) failed" >&2
645 exit 1
646fi
647
Manuel Pégourié-Gonnard913030c2014-03-28 10:12:38 +0100[diff] [blame]648get_options "$@"
649
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]650# sanity checks, avoid an avalanche of errors
651if [ ! -x "$P_SRV" ]; then
652 echo "Command '$P_SRV' is not an executable file"
653 exit 1
654fi
655if [ ! -x "$P_CLI" ]; then
656 echo "Command '$P_CLI' is not an executable file"
657 exit 1
658fi
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]659if [ ! -x "$P_PXY" ]; then
660 echo "Command '$P_PXY' is not an executable file"
661 exit 1
662fi
Simon Butcher3c0d7b82016-05-23 11:13:17 +0100[diff] [blame]663if [ "$MEMCHECK" -gt 0 ]; then
664 if which valgrind >/dev/null 2>&1; then :; else
665 echo "Memcheck not possible. Valgrind not found"
666 exit 1
667 fi
668fi
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]669if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
670 echo "Command '$OPENSSL_CMD' not found"
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]671 exit 1
672fi
673
Manuel Pégourié-Gonnard32f8f4d2014-05-29 11:31:20 +0200[diff] [blame]674# used by watchdog
675MAIN_PID="$$"
676
Manuel Pégourié-Gonnard0d225da2018-01-22 10:22:09 +0100[diff] [blame]677# We use somewhat arbitrary delays for tests:
678# - how long do we wait for the server to start (when lsof not available)?
679# - how long do we allow for the client to finish?
680# (not to check performance, just to avoid waiting indefinitely)
681# Things are slower with valgrind, so give extra time here.
682#
683# Note: without lsof, there is a trade-off between the running time of this
684# script and the risk of spurious errors because we didn't wait long enough.
685# The watchdog delay on the other hand doesn't affect normal running time of
686# the script, only the case where a client or server gets stuck.
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]687if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnard0d225da2018-01-22 10:22:09 +0100[diff] [blame]688 START_DELAY=6
689 DOG_DELAY=60
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]690else
Manuel Pégourié-Gonnard0d225da2018-01-22 10:22:09 +0100[diff] [blame]691 START_DELAY=2
692 DOG_DELAY=20
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]693fi
Manuel Pégourié-Gonnard0d225da2018-01-22 10:22:09 +0100[diff] [blame]694
695# some particular tests need more time:
696# - for the client, we multiply the usual watchdog limit by a factor
697# - for the server, we sleep for a number of seconds after the client exits
698# see client_need_more_time() and server_needs_more_time()
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200[diff] [blame]699CLI_DELAY_FACTOR=1
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]700SRV_DELAY_SECONDS=0
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]701
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]702# fix commands to use this port, force IPv4 while at it
Manuel Pégourié-Gonnard0af1ba32015-01-21 11:44:33 +0000[diff] [blame]703# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]704P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
705P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
Andres AGf04f54d2016-10-10 15:46:20 +0100[diff] [blame]706P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
Manuel Pégourié-Gonnard61957672015-06-18 17:54:58 +0200[diff] [blame]707O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]708O_CLI="$O_CLI -connect localhost:+SRV_PORT"
709G_SRV="$G_SRV -p $SRV_PORT"
Manuel Pégourié-Gonnard0af1ba32015-01-21 11:44:33 +0000[diff] [blame]710G_CLI="$G_CLI -p +SRV_PORT localhost"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]711
Gilles Peskine62469d92017-05-10 10:13:59 +0200[diff] [blame]712# Allow SHA-1, because many of our test certificates use it
713P_SRV="$P_SRV allow_sha1=1"
714P_CLI="$P_CLI allow_sha1=1"
715
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]716# Also pick a unique name for intermediate files
717SRV_OUT="srv_out.$$"
718CLI_OUT="cli_out.$$"
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]719PXY_OUT="pxy_out.$$"
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]720SESSION="session.$$"
721
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]722SKIP_NEXT="NO"
723
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]724trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]725
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]726# Basic test
727
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]728# Checks that:
729# - things work with all ciphersuites active (used with config-full in all.sh)
730# - the expected (highest security) parameters are selected
731# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]732run_test "Default" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]733 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]734 "$P_CLI" \
735 0 \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]736 -s "Protocol is TLSv1.2" \
737 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
738 -s "client hello v3, signature_algorithm ext: 6" \
739 -s "ECDHE curve: secp521r1" \
740 -S "error" \
741 -C "error"
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]742
Manuel Pégourié-Gonnard3bb08012015-01-22 13:34:21 +0000[diff] [blame]743run_test "Default, DTLS" \
744 "$P_SRV dtls=1" \
745 "$P_CLI dtls=1" \
746 0 \
747 -s "Protocol is DTLSv1.2" \
748 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384"
749
Manuel Pégourié-Gonnard45575512020-01-02 11:58:00 +0100[diff] [blame]750requires_config_enabled MBEDTLS_ZLIB_SUPPORT
751run_test "Default (compression enabled)" \
752 "$P_SRV debug_level=3" \
753 "$P_CLI debug_level=3" \
754 0 \
755 -s "Allocating compression buffer" \
756 -c "Allocating compression buffer" \
757 -s "Record expansion is unknown (compression)" \
758 -c "Record expansion is unknown (compression)" \
759 -S "error" \
760 -C "error"
761
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +0100[diff] [blame]762# Test current time in ServerHello
763requires_config_enabled MBEDTLS_HAVE_TIME
764run_test "Default, ServerHello contains gmt_unix_time" \
765 "$P_SRV debug_level=3" \
766 "$P_CLI debug_level=3" \
767 0 \
768 -s "Protocol is TLSv1.2" \
769 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
770 -s "client hello v3, signature_algorithm ext: 6" \
771 -s "ECDHE curve: secp521r1" \
772 -S "error" \
773 -C "error" \
774 -f "check_server_hello_time" \
775 -F "check_server_hello_time"
776
Simon Butcher8e004102016-10-14 00:48:33 +0100[diff] [blame]777# Test for uniqueness of IVs in AEAD ciphersuites
778run_test "Unique IV in GCM" \
779 "$P_SRV exchanges=20 debug_level=4" \
780 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
781 0 \
782 -u "IV used" \
783 -U "IV used"
784
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]785# Tests for rc4 option
786
Simon Butchera410af52016-05-19 22:12:18 +0100[diff] [blame]787requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]788run_test "RC4: server disabled, client enabled" \
789 "$P_SRV" \
790 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
791 1 \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]792 -s "SSL - The server has no ciphersuites in common"
793
Simon Butchera410af52016-05-19 22:12:18 +0100[diff] [blame]794requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]795run_test "RC4: server half, client enabled" \
796 "$P_SRV arc4=1" \
797 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
798 1 \
799 -s "SSL - The server has no ciphersuites in common"
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]800
801run_test "RC4: server enabled, client disabled" \
802 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
803 "$P_CLI" \
804 1 \
805 -s "SSL - The server has no ciphersuites in common"
806
807run_test "RC4: both enabled" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]808 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]809 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
810 0 \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]811 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]812 -S "SSL - The server has no ciphersuites in common"
813
Hanno Becker3a333a52018-08-17 09:54:10 +0100[diff] [blame]814# Test empty CA list in CertificateRequest in TLS 1.1 and earlier
815
816requires_gnutls
817requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
818run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
819 "$G_SRV"\
820 "$P_CLI force_version=tls1_1" \
821 0
822
823requires_gnutls
824requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
825run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
826 "$G_SRV"\
827 "$P_CLI force_version=tls1" \
828 0
829
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]830# Tests for SHA-1 support
831
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200[diff] [blame]832requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]833run_test "SHA-1 forbidden by default in server certificate" \
834 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
835 "$P_CLI debug_level=2 allow_sha1=0" \
836 1 \
837 -c "The certificate is signed with an unacceptable hash"
838
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200[diff] [blame]839requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
840run_test "SHA-1 forbidden by default in server certificate" \
841 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
842 "$P_CLI debug_level=2 allow_sha1=0" \
843 0
844
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]845run_test "SHA-1 explicitly allowed in server certificate" \
846 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
847 "$P_CLI allow_sha1=1" \
848 0
849
850run_test "SHA-256 allowed by default in server certificate" \
851 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
852 "$P_CLI allow_sha1=0" \
853 0
854
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200[diff] [blame]855requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]856run_test "SHA-1 forbidden by default in client certificate" \
857 "$P_SRV auth_mode=required allow_sha1=0" \
858 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
859 1 \
860 -s "The certificate is signed with an unacceptable hash"
861
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200[diff] [blame]862requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
863run_test "SHA-1 forbidden by default in client certificate" \
864 "$P_SRV auth_mode=required allow_sha1=0" \
865 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
866 0
867
Gilles Peskinebc70a182017-05-09 15:59:24 +0200[diff] [blame]868run_test "SHA-1 explicitly allowed in client certificate" \
869 "$P_SRV auth_mode=required allow_sha1=1" \
870 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
871 0
872
873run_test "SHA-256 allowed by default in client certificate" \
874 "$P_SRV auth_mode=required allow_sha1=0" \
875 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
876 0
877
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]878# Tests for Truncated HMAC extension
879
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]880run_test "Truncated HMAC: client default, server default" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]881 "$P_SRV debug_level=4" \
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]882 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]883 0 \
Hanno Becker992b6872017-11-09 18:57:39 +0000[diff] [blame]884 -s "dumping 'expected mac' (20 bytes)" \
885 -S "dumping 'expected mac' (10 bytes)"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]886
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]887requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]888run_test "Truncated HMAC: client disabled, server default" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]889 "$P_SRV debug_level=4" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]890 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]891 0 \
Hanno Becker992b6872017-11-09 18:57:39 +0000[diff] [blame]892 -s "dumping 'expected mac' (20 bytes)" \
893 -S "dumping 'expected mac' (10 bytes)"
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]894
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]895requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]896run_test "Truncated HMAC: client enabled, server default" \
897 "$P_SRV debug_level=4" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]898 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]899 0 \
Hanno Becker992b6872017-11-09 18:57:39 +0000[diff] [blame]900 -s "dumping 'expected mac' (20 bytes)" \
901 -S "dumping 'expected mac' (10 bytes)"
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]902
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]903requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]904run_test "Truncated HMAC: client enabled, server disabled" \
905 "$P_SRV debug_level=4 trunc_hmac=0" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]906 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]907 0 \
Hanno Becker992b6872017-11-09 18:57:39 +0000[diff] [blame]908 -s "dumping 'expected mac' (20 bytes)" \
909 -S "dumping 'expected mac' (10 bytes)"
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]910
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]911requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Hanno Becker34d0c3f2017-11-17 15:46:24 +0000[diff] [blame]912run_test "Truncated HMAC: client disabled, server enabled" \
913 "$P_SRV debug_level=4 trunc_hmac=1" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]914 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
Hanno Becker34d0c3f2017-11-17 15:46:24 +0000[diff] [blame]915 0 \
916 -s "dumping 'expected mac' (20 bytes)" \
917 -S "dumping 'expected mac' (10 bytes)"
918
919requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]920run_test "Truncated HMAC: client enabled, server enabled" \
921 "$P_SRV debug_level=4 trunc_hmac=1" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]922 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnarde117a8f2015-01-09 12:39:35 +0100[diff] [blame]923 0 \
Hanno Becker992b6872017-11-09 18:57:39 +0000[diff] [blame]924 -S "dumping 'expected mac' (20 bytes)" \
925 -s "dumping 'expected mac' (10 bytes)"
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]926
Hanno Becker4c4f4102017-11-10 09:16:05 +0000[diff] [blame]927run_test "Truncated HMAC, DTLS: client default, server default" \
928 "$P_SRV dtls=1 debug_level=4" \
929 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
930 0 \
931 -s "dumping 'expected mac' (20 bytes)" \
932 -S "dumping 'expected mac' (10 bytes)"
933
934requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
935run_test "Truncated HMAC, DTLS: client disabled, server default" \
936 "$P_SRV dtls=1 debug_level=4" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]937 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
Hanno Becker4c4f4102017-11-10 09:16:05 +0000[diff] [blame]938 0 \
939 -s "dumping 'expected mac' (20 bytes)" \
940 -S "dumping 'expected mac' (10 bytes)"
941
942requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
943run_test "Truncated HMAC, DTLS: client enabled, server default" \
944 "$P_SRV dtls=1 debug_level=4" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]945 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Hanno Becker4c4f4102017-11-10 09:16:05 +0000[diff] [blame]946 0 \
947 -s "dumping 'expected mac' (20 bytes)" \
948 -S "dumping 'expected mac' (10 bytes)"
949
950requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
951run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
952 "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]953 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Hanno Becker4c4f4102017-11-10 09:16:05 +0000[diff] [blame]954 0 \
955 -s "dumping 'expected mac' (20 bytes)" \
956 -S "dumping 'expected mac' (10 bytes)"
957
958requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
959run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
960 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]961 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
Hanno Becker4c4f4102017-11-10 09:16:05 +0000[diff] [blame]962 0 \
963 -s "dumping 'expected mac' (20 bytes)" \
964 -S "dumping 'expected mac' (10 bytes)"
965
966requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
967run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
968 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]969 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]970 0 \
971 -S "dumping 'expected mac' (20 bytes)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]972 -s "dumping 'expected mac' (10 bytes)"
973
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]974# Tests for Encrypt-then-MAC extension
975
976run_test "Encrypt then MAC: default" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +0100[diff] [blame]977 "$P_SRV debug_level=3 \
978 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]979 "$P_CLI debug_level=3" \
980 0 \
981 -c "client hello, adding encrypt_then_mac extension" \
982 -s "found encrypt then mac extension" \
983 -s "server hello, adding encrypt then mac extension" \
984 -c "found encrypt_then_mac extension" \
985 -c "using encrypt then mac" \
986 -s "using encrypt then mac"
987
988run_test "Encrypt then MAC: client enabled, server disabled" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +0100[diff] [blame]989 "$P_SRV debug_level=3 etm=0 \
990 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]991 "$P_CLI debug_level=3 etm=1" \
992 0 \
993 -c "client hello, adding encrypt_then_mac extension" \
994 -s "found encrypt then mac extension" \
995 -S "server hello, adding encrypt then mac extension" \
996 -C "found encrypt_then_mac extension" \
997 -C "using encrypt then mac" \
998 -S "using encrypt then mac"
999
Manuel Pégourié-Gonnard78e745f2014-11-04 15:44:06 +0100[diff] [blame]1000run_test "Encrypt then MAC: client enabled, aead cipher" \
1001 "$P_SRV debug_level=3 etm=1 \
1002 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
1003 "$P_CLI debug_level=3 etm=1" \
1004 0 \
1005 -c "client hello, adding encrypt_then_mac extension" \
1006 -s "found encrypt then mac extension" \
1007 -S "server hello, adding encrypt then mac extension" \
1008 -C "found encrypt_then_mac extension" \
1009 -C "using encrypt then mac" \
1010 -S "using encrypt then mac"
1011
1012run_test "Encrypt then MAC: client enabled, stream cipher" \
1013 "$P_SRV debug_level=3 etm=1 \
1014 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]1015 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard78e745f2014-11-04 15:44:06 +0100[diff] [blame]1016 0 \
1017 -c "client hello, adding encrypt_then_mac extension" \
1018 -s "found encrypt then mac extension" \
1019 -S "server hello, adding encrypt then mac extension" \
1020 -C "found encrypt_then_mac extension" \
1021 -C "using encrypt then mac" \
1022 -S "using encrypt then mac"
1023
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1024run_test "Encrypt then MAC: client disabled, server enabled" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +0100[diff] [blame]1025 "$P_SRV debug_level=3 etm=1 \
1026 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1027 "$P_CLI debug_level=3 etm=0" \
1028 0 \
1029 -C "client hello, adding encrypt_then_mac extension" \
1030 -S "found encrypt then mac extension" \
1031 -S "server hello, adding encrypt then mac extension" \
1032 -C "found encrypt_then_mac extension" \
1033 -C "using encrypt then mac" \
1034 -S "using encrypt then mac"
1035
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]1036requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1037run_test "Encrypt then MAC: client SSLv3, server enabled" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]1038 "$P_SRV debug_level=3 min_version=ssl3 \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +0100[diff] [blame]1039 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1040 "$P_CLI debug_level=3 force_version=ssl3" \
1041 0 \
1042 -C "client hello, adding encrypt_then_mac extension" \
1043 -S "found encrypt then mac extension" \
1044 -S "server hello, adding encrypt then mac extension" \
1045 -C "found encrypt_then_mac extension" \
1046 -C "using encrypt then mac" \
1047 -S "using encrypt then mac"
1048
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]1049requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1050run_test "Encrypt then MAC: client enabled, server SSLv3" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +0100[diff] [blame]1051 "$P_SRV debug_level=3 force_version=ssl3 \
1052 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]1053 "$P_CLI debug_level=3 min_version=ssl3" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1054 0 \
1055 -c "client hello, adding encrypt_then_mac extension" \
Janos Follath00efff72016-05-06 13:48:23 +0100[diff] [blame]1056 -S "found encrypt then mac extension" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +0100[diff] [blame]1057 -S "server hello, adding encrypt then mac extension" \
1058 -C "found encrypt_then_mac extension" \
1059 -C "using encrypt then mac" \
1060 -S "using encrypt then mac"
1061
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +0200[diff] [blame]1062# Tests for Extended Master Secret extension
1063
1064run_test "Extended Master Secret: default" \
1065 "$P_SRV debug_level=3" \
1066 "$P_CLI debug_level=3" \
1067 0 \
1068 -c "client hello, adding extended_master_secret extension" \
1069 -s "found extended master secret extension" \
1070 -s "server hello, adding extended master secret extension" \
1071 -c "found extended_master_secret extension" \
1072 -c "using extended master secret" \
1073 -s "using extended master secret"
1074
1075run_test "Extended Master Secret: client enabled, server disabled" \
1076 "$P_SRV debug_level=3 extended_ms=0" \
1077 "$P_CLI debug_level=3 extended_ms=1" \
1078 0 \
1079 -c "client hello, adding extended_master_secret extension" \
1080 -s "found extended master secret extension" \
1081 -S "server hello, adding extended master secret extension" \
1082 -C "found extended_master_secret extension" \
1083 -C "using extended master secret" \
1084 -S "using extended master secret"
1085
1086run_test "Extended Master Secret: client disabled, server enabled" \
1087 "$P_SRV debug_level=3 extended_ms=1" \
1088 "$P_CLI debug_level=3 extended_ms=0" \
1089 0 \
1090 -C "client hello, adding extended_master_secret extension" \
1091 -S "found extended master secret extension" \
1092 -S "server hello, adding extended master secret extension" \
1093 -C "found extended_master_secret extension" \
1094 -C "using extended master secret" \
1095 -S "using extended master secret"
1096
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]1097requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnardb575b542014-10-24 15:12:31 +0200[diff] [blame]1098run_test "Extended Master Secret: client SSLv3, server enabled" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]1099 "$P_SRV debug_level=3 min_version=ssl3" \
Manuel Pégourié-Gonnardb575b542014-10-24 15:12:31 +0200[diff] [blame]1100 "$P_CLI debug_level=3 force_version=ssl3" \
1101 0 \
1102 -C "client hello, adding extended_master_secret extension" \
1103 -S "found extended master secret extension" \
1104 -S "server hello, adding extended master secret extension" \
1105 -C "found extended_master_secret extension" \
1106 -C "using extended master secret" \
1107 -S "using extended master secret"
1108
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]1109requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnardb575b542014-10-24 15:12:31 +0200[diff] [blame]1110run_test "Extended Master Secret: client enabled, server SSLv3" \
1111 "$P_SRV debug_level=3 force_version=ssl3" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]1112 "$P_CLI debug_level=3 min_version=ssl3" \
Manuel Pégourié-Gonnardb575b542014-10-24 15:12:31 +0200[diff] [blame]1113 0 \
1114 -c "client hello, adding extended_master_secret extension" \
Janos Follath00efff72016-05-06 13:48:23 +0100[diff] [blame]1115 -S "found extended master secret extension" \
Manuel Pégourié-Gonnardb575b542014-10-24 15:12:31 +0200[diff] [blame]1116 -S "server hello, adding extended master secret extension" \
1117 -C "found extended_master_secret extension" \
1118 -C "using extended master secret" \
1119 -S "using extended master secret"
1120
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1121# Tests for FALLBACK_SCSV
1122
1123run_test "Fallback SCSV: default" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1124 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1125 "$P_CLI debug_level=3 force_version=tls1_1" \
1126 0 \
1127 -C "adding FALLBACK_SCSV" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1128 -S "received FALLBACK_SCSV" \
1129 -S "inapropriate fallback" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1130 -C "is a fatal alert message (msg 86)"
1131
1132run_test "Fallback SCSV: explicitly disabled" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1133 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1134 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
1135 0 \
1136 -C "adding FALLBACK_SCSV" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1137 -S "received FALLBACK_SCSV" \
1138 -S "inapropriate fallback" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1139 -C "is a fatal alert message (msg 86)"
1140
1141run_test "Fallback SCSV: enabled" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1142 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1143 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1144 1 \
1145 -c "adding FALLBACK_SCSV" \
1146 -s "received FALLBACK_SCSV" \
1147 -s "inapropriate fallback" \
1148 -c "is a fatal alert message (msg 86)"
1149
1150run_test "Fallback SCSV: enabled, max version" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1151 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1152 "$P_CLI debug_level=3 fallback=1" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1153 0 \
1154 -c "adding FALLBACK_SCSV" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1155 -s "received FALLBACK_SCSV" \
1156 -S "inapropriate fallback" \
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200[diff] [blame]1157 -C "is a fatal alert message (msg 86)"
1158
1159requires_openssl_with_fallback_scsv
1160run_test "Fallback SCSV: default, openssl server" \
1161 "$O_SRV" \
1162 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
1163 0 \
1164 -C "adding FALLBACK_SCSV" \
1165 -C "is a fatal alert message (msg 86)"
1166
1167requires_openssl_with_fallback_scsv
1168run_test "Fallback SCSV: enabled, openssl server" \
1169 "$O_SRV" \
1170 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
1171 1 \
1172 -c "adding FALLBACK_SCSV" \
1173 -c "is a fatal alert message (msg 86)"
1174
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1175requires_openssl_with_fallback_scsv
1176run_test "Fallback SCSV: disabled, openssl client" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1177 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1178 "$O_CLI -tls1_1" \
1179 0 \
1180 -S "received FALLBACK_SCSV" \
1181 -S "inapropriate fallback"
1182
1183requires_openssl_with_fallback_scsv
1184run_test "Fallback SCSV: enabled, openssl client" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1185 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1186 "$O_CLI -tls1_1 -fallback_scsv" \
1187 1 \
1188 -s "received FALLBACK_SCSV" \
1189 -s "inapropriate fallback"
1190
1191requires_openssl_with_fallback_scsv
1192run_test "Fallback SCSV: enabled, max version, openssl client" \
Manuel Pégourié-Gonnard4268ae02015-08-04 12:44:10 +0200[diff] [blame]1193 "$P_SRV debug_level=2" \
Manuel Pégourié-Gonnard01b26992014-10-20 14:05:28 +0200[diff] [blame]1194 "$O_CLI -fallback_scsv" \
1195 0 \
1196 -s "received FALLBACK_SCSV" \
1197 -S "inapropriate fallback"
1198
Andres Amaya Garcia14783c42018-07-10 20:08:04 +0100[diff] [blame]1199# Test sending and receiving empty application data records
1200
1201run_test "Encrypt then MAC: empty application data record" \
1202 "$P_SRV auth_mode=none debug_level=4 etm=1" \
1203 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
1204 0 \
1205 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
1206 -s "dumping 'input payload after decrypt' (0 bytes)" \
1207 -c "0 bytes written in 1 fragments"
1208
Manuel Pégourié-Gonnardd6e44542020-03-24 10:53:39 +0100[diff] [blame^]1209run_test "Encrypt then MAC: disabled, empty application data record" \
Andres Amaya Garcia14783c42018-07-10 20:08:04 +0100[diff] [blame]1210 "$P_SRV auth_mode=none debug_level=4 etm=0" \
1211 "$P_CLI auth_mode=none etm=0 request_size=0" \
1212 0 \
1213 -s "dumping 'input payload after decrypt' (0 bytes)" \
1214 -c "0 bytes written in 1 fragments"
1215
1216run_test "Encrypt then MAC, DTLS: empty application data record" \
1217 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
1218 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
1219 0 \
1220 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
1221 -s "dumping 'input payload after decrypt' (0 bytes)" \
1222 -c "0 bytes written in 1 fragments"
1223
Manuel Pégourié-Gonnardd6e44542020-03-24 10:53:39 +0100[diff] [blame^]1224run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
Andres Amaya Garcia14783c42018-07-10 20:08:04 +0100[diff] [blame]1225 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
1226 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
1227 0 \
1228 -s "dumping 'input payload after decrypt' (0 bytes)" \
1229 -c "0 bytes written in 1 fragments"
1230
Gilles Peskined50177f2017-05-16 17:53:03 +0200[diff] [blame]1231## ClientHello generated with
1232## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
1233## then manually twiddling the ciphersuite list.
1234## The ClientHello content is spelled out below as a hex string as
1235## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
1236## The expected response is an inappropriate_fallback alert.
1237requires_openssl_with_fallback_scsv
1238run_test "Fallback SCSV: beginning of list" \
1239 "$P_SRV debug_level=2" \
1240 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
1241 0 \
1242 -s "received FALLBACK_SCSV" \
1243 -s "inapropriate fallback"
1244
1245requires_openssl_with_fallback_scsv
1246run_test "Fallback SCSV: end of list" \
1247 "$P_SRV debug_level=2" \
1248 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
1249 0 \
1250 -s "received FALLBACK_SCSV" \
1251 -s "inapropriate fallback"
1252
1253## Here the expected response is a valid ServerHello prefix, up to the random.
1254requires_openssl_with_fallback_scsv
1255run_test "Fallback SCSV: not in list" \
1256 "$P_SRV debug_level=2" \
1257 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
1258 0 \
1259 -S "received FALLBACK_SCSV" \
1260 -S "inapropriate fallback"
1261
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +0100[diff] [blame]1262# Tests for CBC 1/n-1 record splitting
1263
1264run_test "CBC Record splitting: TLS 1.2, no splitting" \
1265 "$P_SRV" \
1266 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1267 request_size=123 force_version=tls1_2" \
1268 0 \
1269 -s "Read from client: 123 bytes read" \
1270 -S "Read from client: 1 bytes read" \
1271 -S "122 bytes read"
1272
1273run_test "CBC Record splitting: TLS 1.1, no splitting" \
1274 "$P_SRV" \
1275 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1276 request_size=123 force_version=tls1_1" \
1277 0 \
1278 -s "Read from client: 123 bytes read" \
1279 -S "Read from client: 1 bytes read" \
1280 -S "122 bytes read"
1281
1282run_test "CBC Record splitting: TLS 1.0, splitting" \
1283 "$P_SRV" \
1284 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1285 request_size=123 force_version=tls1" \
1286 0 \
1287 -S "Read from client: 123 bytes read" \
1288 -s "Read from client: 1 bytes read" \
1289 -s "122 bytes read"
1290
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]1291requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +0100[diff] [blame]1292run_test "CBC Record splitting: SSLv3, splitting" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +0100[diff] [blame]1293 "$P_SRV min_version=ssl3" \
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +0100[diff] [blame]1294 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1295 request_size=123 force_version=ssl3" \
1296 0 \
1297 -S "Read from client: 123 bytes read" \
1298 -s "Read from client: 1 bytes read" \
1299 -s "122 bytes read"
1300
1301run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]1302 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +0100[diff] [blame]1303 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1304 request_size=123 force_version=tls1" \
1305 0 \
1306 -s "Read from client: 123 bytes read" \
1307 -S "Read from client: 1 bytes read" \
1308 -S "122 bytes read"
1309
1310run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
1311 "$P_SRV" \
1312 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1313 request_size=123 force_version=tls1 recsplit=0" \
1314 0 \
1315 -s "Read from client: 123 bytes read" \
1316 -S "Read from client: 1 bytes read" \
1317 -S "122 bytes read"
1318
Manuel Pégourié-Gonnarda852cf42015-01-13 20:56:15 +0100[diff] [blame]1319run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
1320 "$P_SRV nbio=2" \
1321 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
1322 request_size=123 force_version=tls1" \
1323 0 \
1324 -S "Read from client: 123 bytes read" \
1325 -s "Read from client: 1 bytes read" \
1326 -s "122 bytes read"
1327
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1328# Tests for Session Tickets
1329
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1330run_test "Session resume using tickets: basic" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1331 "$P_SRV debug_level=3 tickets=1" \
1332 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1333 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1334 -c "client hello, adding session ticket extension" \
1335 -s "found session ticket extension" \
1336 -s "server hello, adding session ticket extension" \
1337 -c "found session_ticket extension" \
1338 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1339 -S "session successfully restored from cache" \
1340 -s "session successfully restored from ticket" \
1341 -s "a session has been resumed" \
1342 -c "a session has been resumed"
1343
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1344run_test "Session resume using tickets: cache disabled" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1345 "$P_SRV debug_level=3 tickets=1 cache_max=0" \
1346 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]1347 0 \
1348 -c "client hello, adding session ticket extension" \
1349 -s "found session ticket extension" \
1350 -s "server hello, adding session ticket extension" \
1351 -c "found session_ticket extension" \
1352 -c "parse new session ticket" \
1353 -S "session successfully restored from cache" \
1354 -s "session successfully restored from ticket" \
1355 -s "a session has been resumed" \
1356 -c "a session has been resumed"
1357
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1358run_test "Session resume using tickets: timeout" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1359 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
1360 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]1361 0 \
1362 -c "client hello, adding session ticket extension" \
1363 -s "found session ticket extension" \
1364 -s "server hello, adding session ticket extension" \
1365 -c "found session_ticket extension" \
1366 -c "parse new session ticket" \
1367 -S "session successfully restored from cache" \
1368 -S "session successfully restored from ticket" \
1369 -S "a session has been resumed" \
1370 -C "a session has been resumed"
1371
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1372run_test "Session resume using tickets: openssl server" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]1373 "$O_SRV" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1374 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]1375 0 \
1376 -c "client hello, adding session ticket extension" \
1377 -c "found session_ticket extension" \
1378 -c "parse new session ticket" \
1379 -c "a session has been resumed"
1380
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1381run_test "Session resume using tickets: openssl client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1382 "$P_SRV debug_level=3 tickets=1" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]1383 "( $O_CLI -sess_out $SESSION; \
1384 $O_CLI -sess_in $SESSION; \
1385 rm -f $SESSION )" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]1386 0 \
1387 -s "found session ticket extension" \
1388 -s "server hello, adding session ticket extension" \
1389 -S "session successfully restored from cache" \
1390 -s "session successfully restored from ticket" \
1391 -s "a session has been resumed"
1392
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1393# Tests for Session Tickets with DTLS
1394
1395run_test "Session resume using tickets, DTLS: basic" \
1396 "$P_SRV debug_level=3 dtls=1 tickets=1" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1397 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1398 0 \
1399 -c "client hello, adding session ticket extension" \
1400 -s "found session ticket extension" \
1401 -s "server hello, adding session ticket extension" \
1402 -c "found session_ticket extension" \
1403 -c "parse new session ticket" \
1404 -S "session successfully restored from cache" \
1405 -s "session successfully restored from ticket" \
1406 -s "a session has been resumed" \
1407 -c "a session has been resumed"
1408
1409run_test "Session resume using tickets, DTLS: cache disabled" \
1410 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1411 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1412 0 \
1413 -c "client hello, adding session ticket extension" \
1414 -s "found session ticket extension" \
1415 -s "server hello, adding session ticket extension" \
1416 -c "found session_ticket extension" \
1417 -c "parse new session ticket" \
1418 -S "session successfully restored from cache" \
1419 -s "session successfully restored from ticket" \
1420 -s "a session has been resumed" \
1421 -c "a session has been resumed"
1422
1423run_test "Session resume using tickets, DTLS: timeout" \
1424 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1425 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1426 0 \
1427 -c "client hello, adding session ticket extension" \
1428 -s "found session ticket extension" \
1429 -s "server hello, adding session ticket extension" \
1430 -c "found session_ticket extension" \
1431 -c "parse new session ticket" \
1432 -S "session successfully restored from cache" \
1433 -S "session successfully restored from ticket" \
1434 -S "a session has been resumed" \
1435 -C "a session has been resumed"
1436
1437run_test "Session resume using tickets, DTLS: openssl server" \
1438 "$O_SRV -dtls1" \
1439 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
1440 0 \
1441 -c "client hello, adding session ticket extension" \
1442 -c "found session_ticket extension" \
1443 -c "parse new session ticket" \
1444 -c "a session has been resumed"
1445
1446run_test "Session resume using tickets, DTLS: openssl client" \
1447 "$P_SRV dtls=1 debug_level=3 tickets=1" \
1448 "( $O_CLI -dtls1 -sess_out $SESSION; \
1449 $O_CLI -dtls1 -sess_in $SESSION; \
1450 rm -f $SESSION )" \
1451 0 \
1452 -s "found session ticket extension" \
1453 -s "server hello, adding session ticket extension" \
1454 -S "session successfully restored from cache" \
1455 -s "session successfully restored from ticket" \
1456 -s "a session has been resumed"
1457
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1458# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1459
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1460run_test "Session resume using cache: tickets enabled on client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1461 "$P_SRV debug_level=3 tickets=0" \
1462 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1463 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1464 -c "client hello, adding session ticket extension" \
1465 -s "found session ticket extension" \
1466 -S "server hello, adding session ticket extension" \
1467 -C "found session_ticket extension" \
1468 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1469 -s "session successfully restored from cache" \
1470 -S "session successfully restored from ticket" \
1471 -s "a session has been resumed" \
1472 -c "a session has been resumed"
1473
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1474run_test "Session resume using cache: tickets enabled on server" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1475 "$P_SRV debug_level=3 tickets=1" \
1476 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1477 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1478 -C "client hello, adding session ticket extension" \
1479 -S "found session ticket extension" \
1480 -S "server hello, adding session ticket extension" \
1481 -C "found session_ticket extension" \
1482 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]1483 -s "session successfully restored from cache" \
1484 -S "session successfully restored from ticket" \
1485 -s "a session has been resumed" \
1486 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1487
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1488run_test "Session resume using cache: cache_max=0" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1489 "$P_SRV debug_level=3 tickets=0 cache_max=0" \
1490 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]1491 0 \
1492 -S "session successfully restored from cache" \
1493 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1494 -S "a session has been resumed" \
1495 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]1496
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1497run_test "Session resume using cache: cache_max=1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1498 "$P_SRV debug_level=3 tickets=0 cache_max=1" \
1499 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1500 0 \
1501 -s "session successfully restored from cache" \
1502 -S "session successfully restored from ticket" \
1503 -s "a session has been resumed" \
1504 -c "a session has been resumed"
1505
Manuel Pégourié-Gonnard6df31962015-05-04 10:55:47 +0200[diff] [blame]1506run_test "Session resume using cache: timeout > delay" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1507 "$P_SRV debug_level=3 tickets=0" \
1508 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1509 0 \
1510 -s "session successfully restored from cache" \
1511 -S "session successfully restored from ticket" \
1512 -s "a session has been resumed" \
1513 -c "a session has been resumed"
1514
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1515run_test "Session resume using cache: timeout < delay" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1516 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
1517 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]1518 0 \
1519 -S "session successfully restored from cache" \
1520 -S "session successfully restored from ticket" \
1521 -S "a session has been resumed" \
1522 -C "a session has been resumed"
1523
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1524run_test "Session resume using cache: no timeout" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1525 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
1526 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]1527 0 \
1528 -s "session successfully restored from cache" \
1529 -S "session successfully restored from ticket" \
1530 -s "a session has been resumed" \
1531 -c "a session has been resumed"
1532
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1533run_test "Session resume using cache: openssl client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1534 "$P_SRV debug_level=3 tickets=0" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]1535 "( $O_CLI -sess_out $SESSION; \
1536 $O_CLI -sess_in $SESSION; \
1537 rm -f $SESSION )" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]1538 0 \
1539 -s "found session ticket extension" \
1540 -S "server hello, adding session ticket extension" \
1541 -s "session successfully restored from cache" \
1542 -S "session successfully restored from ticket" \
1543 -s "a session has been resumed"
1544
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1545run_test "Session resume using cache: openssl server" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]1546 "$O_SRV" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1547 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]1548 0 \
1549 -C "found session_ticket extension" \
1550 -C "parse new session ticket" \
1551 -c "a session has been resumed"
1552
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1553# Tests for Session Resume based on session-ID and cache, DTLS
1554
1555run_test "Session resume using cache, DTLS: tickets enabled on client" \
1556 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1557 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1558 0 \
1559 -c "client hello, adding session ticket extension" \
1560 -s "found session ticket extension" \
1561 -S "server hello, adding session ticket extension" \
1562 -C "found session_ticket extension" \
1563 -C "parse new session ticket" \
1564 -s "session successfully restored from cache" \
1565 -S "session successfully restored from ticket" \
1566 -s "a session has been resumed" \
1567 -c "a session has been resumed"
1568
1569run_test "Session resume using cache, DTLS: tickets enabled on server" \
1570 "$P_SRV dtls=1 debug_level=3 tickets=1" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1571 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1572 0 \
1573 -C "client hello, adding session ticket extension" \
1574 -S "found session ticket extension" \
1575 -S "server hello, adding session ticket extension" \
1576 -C "found session_ticket extension" \
1577 -C "parse new session ticket" \
1578 -s "session successfully restored from cache" \
1579 -S "session successfully restored from ticket" \
1580 -s "a session has been resumed" \
1581 -c "a session has been resumed"
1582
1583run_test "Session resume using cache, DTLS: cache_max=0" \
1584 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1585 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1586 0 \
1587 -S "session successfully restored from cache" \
1588 -S "session successfully restored from ticket" \
1589 -S "a session has been resumed" \
1590 -C "a session has been resumed"
1591
1592run_test "Session resume using cache, DTLS: cache_max=1" \
1593 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1594 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1595 0 \
1596 -s "session successfully restored from cache" \
1597 -S "session successfully restored from ticket" \
1598 -s "a session has been resumed" \
1599 -c "a session has been resumed"
1600
1601run_test "Session resume using cache, DTLS: timeout > delay" \
1602 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1603 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1604 0 \
1605 -s "session successfully restored from cache" \
1606 -S "session successfully restored from ticket" \
1607 -s "a session has been resumed" \
1608 -c "a session has been resumed"
1609
1610run_test "Session resume using cache, DTLS: timeout < delay" \
1611 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1612 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1613 0 \
1614 -S "session successfully restored from cache" \
1615 -S "session successfully restored from ticket" \
1616 -S "a session has been resumed" \
1617 -C "a session has been resumed"
1618
1619run_test "Session resume using cache, DTLS: no timeout" \
1620 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]1621 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \
Hanno Beckerb5546362018-08-21 13:55:22 +0100[diff] [blame]1622 0 \
1623 -s "session successfully restored from cache" \
1624 -S "session successfully restored from ticket" \
1625 -s "a session has been resumed" \
1626 -c "a session has been resumed"
1627
1628run_test "Session resume using cache, DTLS: openssl client" \
1629 "$P_SRV dtls=1 debug_level=3 tickets=0" \
1630 "( $O_CLI -dtls1 -sess_out $SESSION; \
1631 $O_CLI -dtls1 -sess_in $SESSION; \
1632 rm -f $SESSION )" \
1633 0 \
1634 -s "found session ticket extension" \
1635 -S "server hello, adding session ticket extension" \
1636 -s "session successfully restored from cache" \
1637 -S "session successfully restored from ticket" \
1638 -s "a session has been resumed"
1639
1640run_test "Session resume using cache, DTLS: openssl server" \
1641 "$O_SRV -dtls1" \
1642 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
1643 0 \
1644 -C "found session_ticket extension" \
1645 -C "parse new session ticket" \
1646 -c "a session has been resumed"
1647
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1648# Tests for Max Fragment Length extension
1649
Hanno Becker6428f8d2017-09-22 16:58:50 +0100[diff] [blame]1650MAX_CONTENT_LEN_EXPECT='16384'
1651MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN)
1652
1653if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then
1654 printf "The ${CONFIG_H} file contains a value for the configuration of\n"
1655 printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n"
1656 printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n"
1657 printf "\n"
1658 printf "The tests assume this value and if it changes, the tests in this\n"
1659 printf "script should also be adjusted.\n"
1660 printf "\n"
1661
1662 exit 1
1663fi
1664
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1665requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1666run_test "Max fragment length: enabled, default" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1667 "$P_SRV debug_level=3" \
1668 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1669 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1670 -c "Maximum fragment length is 16384" \
1671 -s "Maximum fragment length is 16384" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1672 -C "client hello, adding max_fragment_length extension" \
1673 -S "found max fragment length extension" \
1674 -S "server hello, max_fragment_length extension" \
1675 -C "found max_fragment_length extension"
1676
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1677requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1678run_test "Max fragment length: enabled, default, larger message" \
1679 "$P_SRV debug_level=3" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1680 "$P_CLI debug_level=3 request_size=16385" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1681 0 \
1682 -c "Maximum fragment length is 16384" \
1683 -s "Maximum fragment length is 16384" \
1684 -C "client hello, adding max_fragment_length extension" \
1685 -S "found max fragment length extension" \
1686 -S "server hello, max_fragment_length extension" \
1687 -C "found max_fragment_length extension" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1688 -c "16385 bytes written in 2 fragments" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1689 -s "16384 bytes read" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1690 -s "1 bytes read"
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1691
1692requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1693run_test "Max fragment length, DTLS: enabled, default, larger message" \
1694 "$P_SRV debug_level=3 dtls=1" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1695 "$P_CLI debug_level=3 dtls=1 request_size=16385" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1696 1 \
1697 -c "Maximum fragment length is 16384" \
1698 -s "Maximum fragment length is 16384" \
1699 -C "client hello, adding max_fragment_length extension" \
1700 -S "found max fragment length extension" \
1701 -S "server hello, max_fragment_length extension" \
1702 -C "found max_fragment_length extension" \
1703 -c "fragment larger than.*maximum "
1704
1705requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1706run_test "Max fragment length: disabled, larger message" \
1707 "$P_SRV debug_level=3" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1708 "$P_CLI debug_level=3 request_size=16385" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1709 0 \
1710 -C "Maximum fragment length is 16384" \
1711 -S "Maximum fragment length is 16384" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1712 -c "16385 bytes written in 2 fragments" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1713 -s "16384 bytes read" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1714 -s "1 bytes read"
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1715
1716requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
1717run_test "Max fragment length DTLS: disabled, larger message" \
1718 "$P_SRV debug_level=3 dtls=1" \
Hanno Becker9cfabe32017-10-18 14:42:01 +0100[diff] [blame]1719 "$P_CLI debug_level=3 dtls=1 request_size=16385" \
Hanno Beckerc5266962017-09-18 15:01:50 +0100[diff] [blame]1720 1 \
1721 -C "Maximum fragment length is 16384" \
1722 -S "Maximum fragment length is 16384" \
1723 -c "fragment larger than.*maximum "
1724
1725requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1726run_test "Max fragment length: used by client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1727 "$P_SRV debug_level=3" \
1728 "$P_CLI debug_level=3 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1729 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1730 -c "Maximum fragment length is 4096" \
1731 -s "Maximum fragment length is 4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1732 -c "client hello, adding max_fragment_length extension" \
1733 -s "found max fragment length extension" \
1734 -s "server hello, max_fragment_length extension" \
1735 -c "found max_fragment_length extension"
1736
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1737requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1738run_test "Max fragment length: used by server" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1739 "$P_SRV debug_level=3 max_frag_len=4096" \
1740 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1741 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1742 -c "Maximum fragment length is 16384" \
1743 -s "Maximum fragment length is 4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]1744 -C "client hello, adding max_fragment_length extension" \
1745 -S "found max fragment length extension" \
1746 -S "server hello, max_fragment_length extension" \
1747 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1748
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1749requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1750requires_gnutls
1751run_test "Max fragment length: gnutls server" \
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]1752 "$G_SRV" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1753 "$P_CLI debug_level=3 max_frag_len=4096" \
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]1754 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1755 -c "Maximum fragment length is 4096" \
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]1756 -c "client hello, adding max_fragment_length extension" \
1757 -c "found max_fragment_length extension"
1758
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1759requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1760run_test "Max fragment length: client, message just fits" \
1761 "$P_SRV debug_level=3" \
1762 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
1763 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1764 -c "Maximum fragment length is 2048" \
1765 -s "Maximum fragment length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1766 -c "client hello, adding max_fragment_length extension" \
1767 -s "found max fragment length extension" \
1768 -s "server hello, max_fragment_length extension" \
1769 -c "found max_fragment_length extension" \
1770 -c "2048 bytes written in 1 fragments" \
1771 -s "2048 bytes read"
1772
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1773requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1774run_test "Max fragment length: client, larger message" \
1775 "$P_SRV debug_level=3" \
1776 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
1777 0 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1778 -c "Maximum fragment length is 2048" \
1779 -s "Maximum fragment length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1780 -c "client hello, adding max_fragment_length extension" \
1781 -s "found max fragment length extension" \
1782 -s "server hello, max_fragment_length extension" \
1783 -c "found max_fragment_length extension" \
1784 -c "2345 bytes written in 2 fragments" \
1785 -s "2048 bytes read" \
1786 -s "297 bytes read"
1787
Hanno Becker4aed27e2017-09-18 15:00:34 +0100[diff] [blame]1788requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard23eb74d2015-01-21 14:37:13 +0000[diff] [blame]1789run_test "Max fragment length: DTLS client, larger message" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1790 "$P_SRV debug_level=3 dtls=1" \
1791 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
1792 1 \
Manuel Pégourié-Gonnarda2cda6b2015-08-31 18:30:52 +0200[diff] [blame]1793 -c "Maximum fragment length is 2048" \
1794 -s "Maximum fragment length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +0200[diff] [blame]1795 -c "client hello, adding max_fragment_length extension" \
1796 -s "found max fragment length extension" \
1797 -s "server hello, max_fragment_length extension" \
1798 -c "found max_fragment_length extension" \
1799 -c "fragment larger than.*maximum"
1800
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1801# Tests for renegotiation
1802
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1803# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1804run_test "Renegotiation: none, for reference" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1805 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1806 "$P_CLI debug_level=3 exchanges=2" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1807 0 \
1808 -C "client hello, adding renegotiation extension" \
1809 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1810 -S "found renegotiation extension" \
1811 -s "server hello, secure renegotiation extension" \
1812 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1813 -C "=> renegotiate" \
1814 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1815 -S "write hello request"
1816
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1817requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1818run_test "Renegotiation: client-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1819 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1820 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1821 0 \
1822 -c "client hello, adding renegotiation extension" \
1823 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1824 -s "found renegotiation extension" \
1825 -s "server hello, secure renegotiation extension" \
1826 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1827 -c "=> renegotiate" \
1828 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1829 -S "write hello request"
1830
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1831requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1832run_test "Renegotiation: server-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1833 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1834 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1835 0 \
1836 -c "client hello, adding renegotiation extension" \
1837 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1838 -s "found renegotiation extension" \
1839 -s "server hello, secure renegotiation extension" \
1840 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1841 -c "=> renegotiate" \
1842 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1843 -s "write hello request"
1844
Janos Follathb0f148c2017-10-05 12:29:42 +0100[diff] [blame]1845# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
1846# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
1847# algorithm stronger than SHA-1 is enabled in config.h
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1848requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Janos Follathb0f148c2017-10-05 12:29:42 +0100[diff] [blame]1849run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
1850 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
1851 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
1852 0 \
1853 -c "client hello, adding renegotiation extension" \
1854 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1855 -s "found renegotiation extension" \
1856 -s "server hello, secure renegotiation extension" \
1857 -c "found renegotiation extension" \
1858 -c "=> renegotiate" \
1859 -s "=> renegotiate" \
1860 -S "write hello request" \
1861 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
1862
1863# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
1864# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
1865# algorithm stronger than SHA-1 is enabled in config.h
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1866requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Janos Follathb0f148c2017-10-05 12:29:42 +0100[diff] [blame]1867run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
1868 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
1869 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
1870 0 \
1871 -c "client hello, adding renegotiation extension" \
1872 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1873 -s "found renegotiation extension" \
1874 -s "server hello, secure renegotiation extension" \
1875 -c "found renegotiation extension" \
1876 -c "=> renegotiate" \
1877 -s "=> renegotiate" \
1878 -s "write hello request" \
1879 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
1880
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1881requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1882run_test "Renegotiation: double" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1883 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1884 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1885 0 \
1886 -c "client hello, adding renegotiation extension" \
1887 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1888 -s "found renegotiation extension" \
1889 -s "server hello, secure renegotiation extension" \
1890 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1891 -c "=> renegotiate" \
1892 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1893 -s "write hello request"
1894
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1895requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1896run_test "Renegotiation: client-initiated, server-rejected" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1897 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1898 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1899 1 \
1900 -c "client hello, adding renegotiation extension" \
1901 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1902 -S "found renegotiation extension" \
1903 -s "server hello, secure renegotiation extension" \
1904 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1905 -c "=> renegotiate" \
1906 -S "=> renegotiate" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1907 -S "write hello request" \
Manuel Pégourié-Gonnard65919622014-08-19 12:50:30 +0200[diff] [blame]1908 -c "SSL - Unexpected message at ServerHello in renegotiation" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1909 -c "failed"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1910
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1911requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1912run_test "Renegotiation: server-initiated, client-rejected, default" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1913 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1914 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1915 0 \
1916 -C "client hello, adding renegotiation extension" \
1917 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1918 -S "found renegotiation extension" \
1919 -s "server hello, secure renegotiation extension" \
1920 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]1921 -C "=> renegotiate" \
1922 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]1923 -s "write hello request" \
Manuel Pégourié-Gonnarda9964db2014-07-03 19:29:16 +0200[diff] [blame]1924 -S "SSL - An unexpected message was received from our peer" \
1925 -S "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]1926
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1927requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1928run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1929 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1930 renego_delay=-1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1931 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1932 0 \
1933 -C "client hello, adding renegotiation extension" \
1934 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1935 -S "found renegotiation extension" \
1936 -s "server hello, secure renegotiation extension" \
1937 -c "found renegotiation extension" \
1938 -C "=> renegotiate" \
1939 -S "=> renegotiate" \
1940 -s "write hello request" \
1941 -S "SSL - An unexpected message was received from our peer" \
1942 -S "failed"
1943
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]1944# delay 2 for 1 alert record + 1 application data record
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1945requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1946run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1947 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1948 renego_delay=2 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1949 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1950 0 \
1951 -C "client hello, adding renegotiation extension" \
1952 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1953 -S "found renegotiation extension" \
1954 -s "server hello, secure renegotiation extension" \
1955 -c "found renegotiation extension" \
1956 -C "=> renegotiate" \
1957 -S "=> renegotiate" \
1958 -s "write hello request" \
1959 -S "SSL - An unexpected message was received from our peer" \
1960 -S "failed"
1961
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1962requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1963run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1964 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1965 renego_delay=0 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1966 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1967 0 \
1968 -C "client hello, adding renegotiation extension" \
1969 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1970 -S "found renegotiation extension" \
1971 -s "server hello, secure renegotiation extension" \
1972 -c "found renegotiation extension" \
1973 -C "=> renegotiate" \
1974 -S "=> renegotiate" \
1975 -s "write hello request" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]1976 -s "SSL - An unexpected message was received from our peer"
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1977
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1978requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]1979run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1980 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1981 renego_delay=0 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]1982 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]1983 0 \
1984 -c "client hello, adding renegotiation extension" \
1985 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
1986 -s "found renegotiation extension" \
1987 -s "server hello, secure renegotiation extension" \
1988 -c "found renegotiation extension" \
1989 -c "=> renegotiate" \
1990 -s "=> renegotiate" \
1991 -s "write hello request" \
1992 -S "SSL - An unexpected message was received from our peer" \
1993 -S "failed"
1994
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]1995requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]1996run_test "Renegotiation: periodic, just below period" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]1997 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]1998 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
1999 0 \
2000 -C "client hello, adding renegotiation extension" \
2001 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2002 -S "found renegotiation extension" \
2003 -s "server hello, secure renegotiation extension" \
2004 -c "found renegotiation extension" \
2005 -S "record counter limit reached: renegotiate" \
2006 -C "=> renegotiate" \
2007 -S "=> renegotiate" \
2008 -S "write hello request" \
2009 -S "SSL - An unexpected message was received from our peer" \
2010 -S "failed"
2011
Manuel Pégourié-Gonnard9835bc02015-01-14 14:41:58 +0100[diff] [blame]2012# one extra exchange to be able to complete renego
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2013requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2014run_test "Renegotiation: periodic, just above period" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]2015 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard9835bc02015-01-14 14:41:58 +0100[diff] [blame]2016 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2017 0 \
2018 -c "client hello, adding renegotiation extension" \
2019 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2020 -s "found renegotiation extension" \
2021 -s "server hello, secure renegotiation extension" \
2022 -c "found renegotiation extension" \
2023 -s "record counter limit reached: renegotiate" \
2024 -c "=> renegotiate" \
2025 -s "=> renegotiate" \
2026 -s "write hello request" \
2027 -S "SSL - An unexpected message was received from our peer" \
2028 -S "failed"
2029
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2030requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2031run_test "Renegotiation: periodic, two times period" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]2032 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard9835bc02015-01-14 14:41:58 +0100[diff] [blame]2033 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2034 0 \
2035 -c "client hello, adding renegotiation extension" \
2036 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2037 -s "found renegotiation extension" \
2038 -s "server hello, secure renegotiation extension" \
2039 -c "found renegotiation extension" \
2040 -s "record counter limit reached: renegotiate" \
2041 -c "=> renegotiate" \
2042 -s "=> renegotiate" \
2043 -s "write hello request" \
2044 -S "SSL - An unexpected message was received from our peer" \
2045 -S "failed"
2046
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2047requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2048run_test "Renegotiation: periodic, above period, disabled" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]2049 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +0100[diff] [blame]2050 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
2051 0 \
2052 -C "client hello, adding renegotiation extension" \
2053 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2054 -S "found renegotiation extension" \
2055 -s "server hello, secure renegotiation extension" \
2056 -c "found renegotiation extension" \
2057 -S "record counter limit reached: renegotiate" \
2058 -C "=> renegotiate" \
2059 -S "=> renegotiate" \
2060 -S "write hello request" \
2061 -S "SSL - An unexpected message was received from our peer" \
2062 -S "failed"
2063
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2064requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2065run_test "Renegotiation: nbio, client-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]2066 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2067 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +0200[diff] [blame]2068 0 \
2069 -c "client hello, adding renegotiation extension" \
2070 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2071 -s "found renegotiation extension" \
2072 -s "server hello, secure renegotiation extension" \
2073 -c "found renegotiation extension" \
2074 -c "=> renegotiate" \
2075 -s "=> renegotiate" \
2076 -S "write hello request"
2077
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2078requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2079run_test "Renegotiation: nbio, server-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +0100[diff] [blame]2080 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2081 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +0200[diff] [blame]2082 0 \
2083 -c "client hello, adding renegotiation extension" \
2084 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2085 -s "found renegotiation extension" \
2086 -s "server hello, secure renegotiation extension" \
2087 -c "found renegotiation extension" \
2088 -c "=> renegotiate" \
2089 -s "=> renegotiate" \
2090 -s "write hello request"
2091
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2092requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2093run_test "Renegotiation: openssl server, client-initiated" \
Manuel Pégourié-Gonnarda7756172014-08-31 18:37:01 +0200[diff] [blame]2094 "$O_SRV -www" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2095 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +0200[diff] [blame]2096 0 \
2097 -c "client hello, adding renegotiation extension" \
2098 -c "found renegotiation extension" \
2099 -c "=> renegotiate" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2100 -C "ssl_hanshake() returned" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +0200[diff] [blame]2101 -C "error" \
2102 -c "HTTP/1.0 200 [Oo][Kk]"
2103
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2104requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2105requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2106run_test "Renegotiation: gnutls server strict, client-initiated" \
2107 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2108 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +0200[diff] [blame]2109 0 \
2110 -c "client hello, adding renegotiation extension" \
2111 -c "found renegotiation extension" \
2112 -c "=> renegotiate" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2113 -C "ssl_hanshake() returned" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +0200[diff] [blame]2114 -C "error" \
2115 -c "HTTP/1.0 200 [Oo][Kk]"
2116
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2117requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2118requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2119run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
2120 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2121 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
2122 1 \
2123 -c "client hello, adding renegotiation extension" \
2124 -C "found renegotiation extension" \
2125 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2126 -c "mbedtls_ssl_handshake() returned" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2127 -c "error" \
2128 -C "HTTP/1.0 200 [Oo][Kk]"
2129
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2130requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2131requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2132run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
2133 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2134 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
2135 allow_legacy=0" \
2136 1 \
2137 -c "client hello, adding renegotiation extension" \
2138 -C "found renegotiation extension" \
2139 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2140 -c "mbedtls_ssl_handshake() returned" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2141 -c "error" \
2142 -C "HTTP/1.0 200 [Oo][Kk]"
2143
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2144requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2145requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2146run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
2147 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2148 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
2149 allow_legacy=1" \
2150 0 \
2151 -c "client hello, adding renegotiation extension" \
2152 -C "found renegotiation extension" \
2153 -c "=> renegotiate" \
2154 -C "ssl_hanshake() returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2155 -C "error" \
2156 -c "HTTP/1.0 200 [Oo][Kk]"
2157
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2158requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard30d16eb2014-08-19 17:43:50 +0200[diff] [blame]2159run_test "Renegotiation: DTLS, client-initiated" \
2160 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
2161 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
2162 0 \
2163 -c "client hello, adding renegotiation extension" \
2164 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2165 -s "found renegotiation extension" \
2166 -s "server hello, secure renegotiation extension" \
2167 -c "found renegotiation extension" \
2168 -c "=> renegotiate" \
2169 -s "=> renegotiate" \
2170 -S "write hello request"
2171
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2172requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardc392b242014-08-19 17:53:11 +0200[diff] [blame]2173run_test "Renegotiation: DTLS, server-initiated" \
2174 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnarddf9a0a82014-10-02 14:17:18 +0200[diff] [blame]2175 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
2176 read_timeout=1000 max_resend=2" \
Manuel Pégourié-Gonnardc392b242014-08-19 17:53:11 +0200[diff] [blame]2177 0 \
2178 -c "client hello, adding renegotiation extension" \
2179 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2180 -s "found renegotiation extension" \
2181 -s "server hello, secure renegotiation extension" \
2182 -c "found renegotiation extension" \
2183 -c "=> renegotiate" \
2184 -s "=> renegotiate" \
2185 -s "write hello request"
2186
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2187requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Andres AG692ad842017-01-19 16:30:57 +0000[diff] [blame]2188run_test "Renegotiation: DTLS, renego_period overflow" \
2189 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
2190 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
2191 0 \
2192 -c "client hello, adding renegotiation extension" \
2193 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2194 -s "found renegotiation extension" \
2195 -s "server hello, secure renegotiation extension" \
2196 -s "record counter limit reached: renegotiate" \
2197 -c "=> renegotiate" \
2198 -s "=> renegotiate" \
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2199 -s "write hello request"
Andres AG692ad842017-01-19 16:30:57 +0000[diff] [blame]2200
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +0000[diff] [blame]2201requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]2202requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardf1499f62014-08-31 17:13:13 +0200[diff] [blame]2203run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
2204 "$G_SRV -u --mtu 4096" \
2205 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
2206 0 \
2207 -c "client hello, adding renegotiation extension" \
2208 -c "found renegotiation extension" \
2209 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2210 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardf1499f62014-08-31 17:13:13 +0200[diff] [blame]2211 -C "error" \
2212 -s "Extra-header:"
2213
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2214# Test for the "secure renegotation" extension only (no actual renegotiation)
2215
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2216requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2217run_test "Renego ext: gnutls server strict, client default" \
2218 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
2219 "$P_CLI debug_level=3" \
2220 0 \
2221 -c "found renegotiation extension" \
2222 -C "error" \
2223 -c "HTTP/1.0 200 [Oo][Kk]"
2224
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2225requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2226run_test "Renego ext: gnutls server unsafe, client default" \
2227 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2228 "$P_CLI debug_level=3" \
2229 0 \
2230 -C "found renegotiation extension" \
2231 -C "error" \
2232 -c "HTTP/1.0 200 [Oo][Kk]"
2233
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2234requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2235run_test "Renego ext: gnutls server unsafe, client break legacy" \
2236 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2237 "$P_CLI debug_level=3 allow_legacy=-1" \
2238 1 \
2239 -C "found renegotiation extension" \
2240 -c "error" \
2241 -C "HTTP/1.0 200 [Oo][Kk]"
2242
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2243requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2244run_test "Renego ext: gnutls client strict, server default" \
2245 "$P_SRV debug_level=3" \
2246 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION" \
2247 0 \
2248 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
2249 -s "server hello, secure renegotiation extension"
2250
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2251requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2252run_test "Renego ext: gnutls client unsafe, server default" \
2253 "$P_SRV debug_level=3" \
2254 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2255 0 \
2256 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
2257 -S "server hello, secure renegotiation extension"
2258
Paul Bakker539d9722015-02-08 16:18:35 +0100[diff] [blame]2259requires_gnutls
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +0100[diff] [blame]2260run_test "Renego ext: gnutls client unsafe, server break legacy" \
2261 "$P_SRV debug_level=3 allow_legacy=-1" \
2262 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2263 1 \
2264 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
2265 -S "server hello, secure renegotiation extension"
2266
Janos Follath0b242342016-02-17 10:11:21 +0000[diff] [blame]2267# Tests for silently dropping trailing extra bytes in .der certificates
2268
2269requires_gnutls
2270run_test "DER format: no trailing bytes" \
2271 "$P_SRV crt_file=data_files/server5-der0.crt \
2272 key_file=data_files/server5.key" \
2273 "$G_CLI " \
2274 0 \
2275 -c "Handshake was completed" \
2276
2277requires_gnutls
2278run_test "DER format: with a trailing zero byte" \
2279 "$P_SRV crt_file=data_files/server5-der1a.crt \
2280 key_file=data_files/server5.key" \
2281 "$G_CLI " \
2282 0 \
2283 -c "Handshake was completed" \
2284
2285requires_gnutls
2286run_test "DER format: with a trailing random byte" \
2287 "$P_SRV crt_file=data_files/server5-der1b.crt \
2288 key_file=data_files/server5.key" \
2289 "$G_CLI " \
2290 0 \
2291 -c "Handshake was completed" \
2292
2293requires_gnutls
2294run_test "DER format: with 2 trailing random bytes" \
2295 "$P_SRV crt_file=data_files/server5-der2.crt \
2296 key_file=data_files/server5.key" \
2297 "$G_CLI " \
2298 0 \
2299 -c "Handshake was completed" \
2300
2301requires_gnutls
2302run_test "DER format: with 4 trailing random bytes" \
2303 "$P_SRV crt_file=data_files/server5-der4.crt \
2304 key_file=data_files/server5.key" \
2305 "$G_CLI " \
2306 0 \
2307 -c "Handshake was completed" \
2308
2309requires_gnutls
2310run_test "DER format: with 8 trailing random bytes" \
2311 "$P_SRV crt_file=data_files/server5-der8.crt \
2312 key_file=data_files/server5.key" \
2313 "$G_CLI " \
2314 0 \
2315 -c "Handshake was completed" \
2316
2317requires_gnutls
2318run_test "DER format: with 9 trailing random bytes" \
2319 "$P_SRV crt_file=data_files/server5-der9.crt \
2320 key_file=data_files/server5.key" \
2321 "$G_CLI " \
2322 0 \
2323 -c "Handshake was completed" \
2324
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2325# Tests for auth_mode
2326
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2327run_test "Authentication: server badcert, client required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2328 "$P_SRV crt_file=data_files/server5-badsign.crt \
2329 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2330 "$P_CLI debug_level=1 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2331 1 \
2332 -c "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2333 -c "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2334 -c "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2335 -c "X509 - Certificate verification failed"
2336
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2337run_test "Authentication: server badcert, client optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2338 "$P_SRV crt_file=data_files/server5-badsign.crt \
2339 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2340 "$P_CLI debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2341 0 \
2342 -c "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2343 -c "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2344 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2345 -C "X509 - Certificate verification failed"
2346
Hanno Beckere6706e62017-05-15 16:05:15 +0100[diff] [blame]2347run_test "Authentication: server goodcert, client optional, no trusted CA" \
2348 "$P_SRV" \
2349 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
2350 0 \
2351 -c "x509_verify_cert() returned" \
2352 -c "! The certificate is not correctly signed by the trusted CA" \
2353 -c "! Certificate verification flags"\
2354 -C "! mbedtls_ssl_handshake returned" \
2355 -C "X509 - Certificate verification failed" \
2356 -C "SSL - No CA Chain is set, but required to operate"
2357
2358run_test "Authentication: server goodcert, client required, no trusted CA" \
2359 "$P_SRV" \
2360 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
2361 1 \
2362 -c "x509_verify_cert() returned" \
2363 -c "! The certificate is not correctly signed by the trusted CA" \
2364 -c "! Certificate verification flags"\
2365 -c "! mbedtls_ssl_handshake returned" \
2366 -c "SSL - No CA Chain is set, but required to operate"
2367
2368# The purpose of the next two tests is to test the client's behaviour when receiving a server
2369# certificate with an unsupported elliptic curve. This should usually not happen because
2370# the client informs the server about the supported curves - it does, though, in the
2371# corner case of a static ECDH suite, because the server doesn't check the curve on that
2372# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
2373# different means to have the server ignoring the client's supported curve list.
2374
2375requires_config_enabled MBEDTLS_ECP_C
2376run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
2377 "$P_SRV debug_level=1 key_file=data_files/server5.key \
2378 crt_file=data_files/server5.ku-ka.crt" \
2379 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \
2380 1 \
2381 -c "bad certificate (EC key curve)"\
2382 -c "! Certificate verification flags"\
2383 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
2384
2385requires_config_enabled MBEDTLS_ECP_C
2386run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
2387 "$P_SRV debug_level=1 key_file=data_files/server5.key \
2388 crt_file=data_files/server5.ku-ka.crt" \
2389 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \
2390 1 \
2391 -c "bad certificate (EC key curve)"\
2392 -c "! Certificate verification flags"\
2393 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
2394
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2395run_test "Authentication: server badcert, client none" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]2396 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2397 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2398 "$P_CLI debug_level=1 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2399 0 \
2400 -C "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2401 -C "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2402 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2403 -C "X509 - Certificate verification failed"
2404
Simon Butcher99000142016-10-13 17:21:01 +0100[diff] [blame]2405run_test "Authentication: client SHA256, server required" \
2406 "$P_SRV auth_mode=required" \
2407 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
2408 key_file=data_files/server6.key \
2409 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
2410 0 \
2411 -c "Supported Signature Algorithm found: 4," \
2412 -c "Supported Signature Algorithm found: 5,"
2413
2414run_test "Authentication: client SHA384, server required" \
2415 "$P_SRV auth_mode=required" \
2416 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
2417 key_file=data_files/server6.key \
2418 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
2419 0 \
2420 -c "Supported Signature Algorithm found: 4," \
2421 -c "Supported Signature Algorithm found: 5,"
2422
Gilles Peskinefd8332e2017-05-03 16:25:07 +0200[diff] [blame]2423requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2424run_test "Authentication: client has no cert, server required (SSLv3)" \
2425 "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
2426 "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
2427 key_file=data_files/server5.key" \
2428 1 \
2429 -S "skip write certificate request" \
2430 -C "skip parse certificate request" \
2431 -c "got a certificate request" \
2432 -c "got no certificate to send" \
2433 -S "x509_verify_cert() returned" \
2434 -s "client has no certificate" \
2435 -s "! mbedtls_ssl_handshake returned" \
2436 -c "! mbedtls_ssl_handshake returned" \
2437 -s "No client certification received from the client, but required by the authentication mode"
2438
2439run_test "Authentication: client has no cert, server required (TLS)" \
2440 "$P_SRV debug_level=3 auth_mode=required" \
2441 "$P_CLI debug_level=3 crt_file=none \
2442 key_file=data_files/server5.key" \
2443 1 \
2444 -S "skip write certificate request" \
2445 -C "skip parse certificate request" \
2446 -c "got a certificate request" \
2447 -c "= write certificate$" \
2448 -C "skip write certificate$" \
2449 -S "x509_verify_cert() returned" \
2450 -s "client has no certificate" \
2451 -s "! mbedtls_ssl_handshake returned" \
2452 -c "! mbedtls_ssl_handshake returned" \
2453 -s "No client certification received from the client, but required by the authentication mode"
2454
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2455run_test "Authentication: client badcert, server required" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2456 "$P_SRV debug_level=3 auth_mode=required" \
2457 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2458 key_file=data_files/server5.key" \
2459 1 \
2460 -S "skip write certificate request" \
2461 -C "skip parse certificate request" \
2462 -c "got a certificate request" \
2463 -C "skip write certificate" \
2464 -C "skip write certificate verify" \
2465 -S "skip parse certificate verify" \
2466 -s "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2467 -s "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2468 -s "! mbedtls_ssl_handshake returned" \
Gilles Peskine1cc8e342017-05-03 16:28:34 +0200[diff] [blame]2469 -s "send alert level=2 message=48" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2470 -c "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2471 -s "X509 - Certificate verification failed"
Gilles Peskine1cc8e342017-05-03 16:28:34 +0200[diff] [blame]2472# We don't check that the client receives the alert because it might
2473# detect that its write end of the connection is closed and abort
2474# before reading the alert message.
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2475
Janos Follath89baba22017-04-10 14:34:35 +0100[diff] [blame]2476run_test "Authentication: client cert not trusted, server required" \
2477 "$P_SRV debug_level=3 auth_mode=required" \
2478 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
2479 key_file=data_files/server5.key" \
2480 1 \
2481 -S "skip write certificate request" \
2482 -C "skip parse certificate request" \
2483 -c "got a certificate request" \
2484 -C "skip write certificate" \
2485 -C "skip write certificate verify" \
2486 -S "skip parse certificate verify" \
2487 -s "x509_verify_cert() returned" \
2488 -s "! The certificate is not correctly signed by the trusted CA" \
2489 -s "! mbedtls_ssl_handshake returned" \
2490 -c "! mbedtls_ssl_handshake returned" \
2491 -s "X509 - Certificate verification failed"
2492
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2493run_test "Authentication: client badcert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2494 "$P_SRV debug_level=3 auth_mode=optional" \
2495 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2496 key_file=data_files/server5.key" \
2497 0 \
2498 -S "skip write certificate request" \
2499 -C "skip parse certificate request" \
2500 -c "got a certificate request" \
2501 -C "skip write certificate" \
2502 -C "skip write certificate verify" \
2503 -S "skip parse certificate verify" \
2504 -s "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2505 -s "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2506 -S "! mbedtls_ssl_handshake returned" \
2507 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2508 -S "X509 - Certificate verification failed"
2509
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2510run_test "Authentication: client badcert, server none" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2511 "$P_SRV debug_level=3 auth_mode=none" \
2512 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2513 key_file=data_files/server5.key" \
2514 0 \
2515 -s "skip write certificate request" \
2516 -C "skip parse certificate request" \
2517 -c "got no certificate request" \
2518 -c "skip write certificate" \
2519 -c "skip write certificate verify" \
2520 -s "skip parse certificate verify" \
2521 -S "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2522 -S "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2523 -S "! mbedtls_ssl_handshake returned" \
2524 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]2525 -S "X509 - Certificate verification failed"
2526
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2527run_test "Authentication: client no cert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2528 "$P_SRV debug_level=3 auth_mode=optional" \
2529 "$P_CLI debug_level=3 crt_file=none key_file=none" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2530 0 \
2531 -S "skip write certificate request" \
2532 -C "skip parse certificate request" \
2533 -c "got a certificate request" \
2534 -C "skip write certificate$" \
2535 -C "got no certificate to send" \
2536 -S "SSLv3 client has no certificate" \
2537 -c "skip write certificate verify" \
2538 -s "skip parse certificate verify" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2539 -s "! Certificate was missing" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2540 -S "! mbedtls_ssl_handshake returned" \
2541 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2542 -S "X509 - Certificate verification failed"
2543
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2544run_test "Authentication: openssl client no cert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2545 "$P_SRV debug_level=3 auth_mode=optional" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2546 "$O_CLI" \
2547 0 \
2548 -S "skip write certificate request" \
2549 -s "skip parse certificate verify" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2550 -s "! Certificate was missing" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2551 -S "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2552 -S "X509 - Certificate verification failed"
2553
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2554run_test "Authentication: client no cert, openssl server optional" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2555 "$O_SRV -verify 10" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2556 "$P_CLI debug_level=3 crt_file=none key_file=none" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2557 0 \
2558 -C "skip parse certificate request" \
2559 -c "got a certificate request" \
2560 -C "skip write certificate$" \
2561 -c "skip write certificate verify" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2562 -C "! mbedtls_ssl_handshake returned"
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2563
Gilles Peskinefd8332e2017-05-03 16:25:07 +0200[diff] [blame]2564run_test "Authentication: client no cert, openssl server required" \
2565 "$O_SRV -Verify 10" \
2566 "$P_CLI debug_level=3 crt_file=none key_file=none" \
2567 1 \
2568 -C "skip parse certificate request" \
2569 -c "got a certificate request" \
2570 -C "skip write certificate$" \
2571 -c "skip write certificate verify" \
2572 -c "! mbedtls_ssl_handshake returned"
2573
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]2574requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2575run_test "Authentication: client no cert, ssl3" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]2576 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
Manuel Pégourié-Gonnard448ea502015-01-12 11:40:14 +0100[diff] [blame]2577 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2578 0 \
2579 -S "skip write certificate request" \
2580 -C "skip parse certificate request" \
2581 -c "got a certificate request" \
2582 -C "skip write certificate$" \
2583 -c "skip write certificate verify" \
2584 -c "got no certificate to send" \
2585 -s "SSLv3 client has no certificate" \
2586 -s "skip parse certificate verify" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]2587 -s "! Certificate was missing" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]2588 -S "! mbedtls_ssl_handshake returned" \
2589 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]2590 -S "X509 - Certificate verification failed"
2591
Manuel Pégourié-Gonnard9107b5f2017-07-06 12:16:25 +0200[diff] [blame]2592# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
2593# default value (8)
Hanno Beckera6bca9f2017-07-26 13:35:11 +0100[diff] [blame]2594
Simon Butcherbcfa6f42017-07-28 15:59:35 +0100[diff] [blame]2595MAX_IM_CA='8'
Simon Butcher06b78632017-07-28 01:00:17 +0100[diff] [blame]2596MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
Hanno Beckera6bca9f2017-07-26 13:35:11 +0100[diff] [blame]2597
Simon Butcherbcfa6f42017-07-28 15:59:35 +0100[diff] [blame]2598if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
Simon Butcher06b78632017-07-28 01:00:17 +0100[diff] [blame]2599 printf "The ${CONFIG_H} file contains a value for the configuration of\n"
Simon Butcherbcfa6f42017-07-28 15:59:35 +0100[diff] [blame]2600 printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
Simon Butcher06b78632017-07-28 01:00:17 +0100[diff] [blame]2601 printf "test value of ${MAX_IM_CA}. \n"
2602 printf "\n"
Simon Butcherbcfa6f42017-07-28 15:59:35 +0100[diff] [blame]2603 printf "The tests assume this value and if it changes, the tests in this\n"
2604 printf "script should also be adjusted.\n"
Simon Butcher06b78632017-07-28 01:00:17 +0100[diff] [blame]2605 printf "\n"
Simon Butcher06b78632017-07-28 01:00:17 +0100[diff] [blame]2606
2607 exit 1
Hanno Beckera6bca9f2017-07-26 13:35:11 +0100[diff] [blame]2608fi
2609
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2610run_test "Authentication: server max_int chain, client default" \
2611 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
2612 key_file=data_files/dir-maxpath/09.key" \
2613 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
2614 0 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2615 -C "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2616
2617run_test "Authentication: server max_int+1 chain, client default" \
2618 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
2619 key_file=data_files/dir-maxpath/10.key" \
2620 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
2621 1 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2622 -c "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2623
2624run_test "Authentication: server max_int+1 chain, client optional" \
2625 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
2626 key_file=data_files/dir-maxpath/10.key" \
2627 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
2628 auth_mode=optional" \
2629 1 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2630 -c "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2631
2632run_test "Authentication: server max_int+1 chain, client none" \
2633 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
2634 key_file=data_files/dir-maxpath/10.key" \
2635 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
2636 auth_mode=none" \
2637 0 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2638 -C "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2639
2640run_test "Authentication: client max_int+1 chain, server default" \
2641 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
2642 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
2643 key_file=data_files/dir-maxpath/10.key" \
2644 0 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2645 -S "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2646
2647run_test "Authentication: client max_int+1 chain, server optional" \
2648 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
2649 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
2650 key_file=data_files/dir-maxpath/10.key" \
2651 1 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2652 -s "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2653
2654run_test "Authentication: client max_int+1 chain, server required" \
2655 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
2656 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
2657 key_file=data_files/dir-maxpath/10.key" \
2658 1 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2659 -s "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2660
2661run_test "Authentication: client max_int chain, server required" \
2662 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
2663 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
2664 key_file=data_files/dir-maxpath/09.key" \
2665 0 \
Antonin Décimo8fd91562019-01-23 15:24:37 +0100[diff] [blame]2666 -S "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +0200[diff] [blame]2667
Janos Follath89baba22017-04-10 14:34:35 +0100[diff] [blame]2668# Tests for CA list in CertificateRequest messages
2669
2670run_test "Authentication: send CA list in CertificateRequest (default)" \
2671 "$P_SRV debug_level=3 auth_mode=required" \
2672 "$P_CLI crt_file=data_files/server6.crt \
2673 key_file=data_files/server6.key" \
2674 0 \
2675 -s "requested DN"
2676
2677run_test "Authentication: do not send CA list in CertificateRequest" \
2678 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
2679 "$P_CLI crt_file=data_files/server6.crt \
2680 key_file=data_files/server6.key" \
2681 0 \
2682 -S "requested DN"
2683
2684run_test "Authentication: send CA list in CertificateRequest, client self signed" \
2685 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
2686 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
2687 key_file=data_files/server5.key" \
2688 1 \
2689 -S "requested DN" \
2690 -s "x509_verify_cert() returned" \
2691 -s "! The certificate is not correctly signed by the trusted CA" \
2692 -s "! mbedtls_ssl_handshake returned" \
2693 -c "! mbedtls_ssl_handshake returned" \
2694 -s "X509 - Certificate verification failed"
2695
Manuel Pégourié-Gonnarddf331a52015-01-08 16:43:07 +0100[diff] [blame]2696# Tests for certificate selection based on SHA verson
2697
2698run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
2699 "$P_SRV crt_file=data_files/server5.crt \
2700 key_file=data_files/server5.key \
2701 crt_file2=data_files/server5-sha1.crt \
2702 key_file2=data_files/server5.key" \
2703 "$P_CLI force_version=tls1_2" \
2704 0 \
2705 -c "signed using.*ECDSA with SHA256" \
2706 -C "signed using.*ECDSA with SHA1"
2707
2708run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
2709 "$P_SRV crt_file=data_files/server5.crt \
2710 key_file=data_files/server5.key \
2711 crt_file2=data_files/server5-sha1.crt \
2712 key_file2=data_files/server5.key" \
2713 "$P_CLI force_version=tls1_1" \
2714 0 \
2715 -C "signed using.*ECDSA with SHA256" \
2716 -c "signed using.*ECDSA with SHA1"
2717
2718run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
2719 "$P_SRV crt_file=data_files/server5.crt \
2720 key_file=data_files/server5.key \
2721 crt_file2=data_files/server5-sha1.crt \
2722 key_file2=data_files/server5.key" \
2723 "$P_CLI force_version=tls1" \
2724 0 \
2725 -C "signed using.*ECDSA with SHA256" \
2726 -c "signed using.*ECDSA with SHA1"
2727
2728run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
2729 "$P_SRV crt_file=data_files/server5.crt \
2730 key_file=data_files/server5.key \
2731 crt_file2=data_files/server6.crt \
2732 key_file2=data_files/server6.key" \
2733 "$P_CLI force_version=tls1_1" \
2734 0 \
2735 -c "serial number.*09" \
2736 -c "signed using.*ECDSA with SHA256" \
2737 -C "signed using.*ECDSA with SHA1"
2738
2739run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
2740 "$P_SRV crt_file=data_files/server6.crt \
2741 key_file=data_files/server6.key \
2742 crt_file2=data_files/server5.crt \
2743 key_file2=data_files/server5.key" \
2744 "$P_CLI force_version=tls1_1" \
2745 0 \
2746 -c "serial number.*0A" \
2747 -c "signed using.*ECDSA with SHA256" \
2748 -C "signed using.*ECDSA with SHA1"
2749
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2750# tests for SNI
2751
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2752run_test "SNI: no SNI callback" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2753 "$P_SRV debug_level=3 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2754 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2755 "$P_CLI server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2756 0 \
2757 -S "parse ServerName extension" \
2758 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
2759 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2760
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2761run_test "SNI: matching cert 1" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2762 "$P_SRV debug_level=3 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2763 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard4d6f1782015-06-19 14:40:39 +0200[diff] [blame]2764 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2765 "$P_CLI server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2766 0 \
2767 -s "parse ServerName extension" \
2768 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
2769 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2770
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2771run_test "SNI: matching cert 2" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2772 "$P_SRV debug_level=3 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2773 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard4d6f1782015-06-19 14:40:39 +0200[diff] [blame]2774 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2775 "$P_CLI server_name=polarssl.example" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2776 0 \
2777 -s "parse ServerName extension" \
2778 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
2779 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2780
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]2781run_test "SNI: no matching cert" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2782 "$P_SRV debug_level=3 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2783 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard4d6f1782015-06-19 14:40:39 +0200[diff] [blame]2784 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]2785 "$P_CLI server_name=nonesuch.example" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2786 1 \
2787 -s "parse ServerName extension" \
2788 -s "ssl_sni_wrapper() returned" \
2789 -s "mbedtls_ssl_handshake returned" \
2790 -c "mbedtls_ssl_handshake returned" \
2791 -c "SSL - A fatal alert message was received from our peer"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]2792
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +0200[diff] [blame]2793run_test "SNI: client auth no override: optional" \
2794 "$P_SRV debug_level=3 auth_mode=optional \
2795 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2796 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
2797 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2798 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +0200[diff] [blame]2799 -S "skip write certificate request" \
2800 -C "skip parse certificate request" \
2801 -c "got a certificate request" \
2802 -C "skip write certificate" \
2803 -C "skip write certificate verify" \
2804 -S "skip parse certificate verify"
2805
2806run_test "SNI: client auth override: none -> optional" \
2807 "$P_SRV debug_level=3 auth_mode=none \
2808 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2809 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
2810 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2811 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +0200[diff] [blame]2812 -S "skip write certificate request" \
2813 -C "skip parse certificate request" \
2814 -c "got a certificate request" \
2815 -C "skip write certificate" \
2816 -C "skip write certificate verify" \
2817 -S "skip parse certificate verify"
2818
2819run_test "SNI: client auth override: optional -> none" \
2820 "$P_SRV debug_level=3 auth_mode=optional \
2821 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2822 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
2823 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2824 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +0200[diff] [blame]2825 -s "skip write certificate request" \
2826 -C "skip parse certificate request" \
2827 -c "got no certificate request" \
2828 -c "skip write certificate" \
2829 -c "skip write certificate verify" \
2830 -s "skip parse certificate verify"
2831
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +0200[diff] [blame]2832run_test "SNI: CA no override" \
2833 "$P_SRV debug_level=3 auth_mode=optional \
2834 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2835 ca_file=data_files/test-ca.crt \
2836 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
2837 "$P_CLI debug_level=3 server_name=localhost \
2838 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2839 1 \
2840 -S "skip write certificate request" \
2841 -C "skip parse certificate request" \
2842 -c "got a certificate request" \
2843 -C "skip write certificate" \
2844 -C "skip write certificate verify" \
2845 -S "skip parse certificate verify" \
2846 -s "x509_verify_cert() returned" \
2847 -s "! The certificate is not correctly signed by the trusted CA" \
2848 -S "The certificate has been revoked (is on a CRL)"
2849
2850run_test "SNI: CA override" \
2851 "$P_SRV debug_level=3 auth_mode=optional \
2852 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2853 ca_file=data_files/test-ca.crt \
2854 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
2855 "$P_CLI debug_level=3 server_name=localhost \
2856 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2857 0 \
2858 -S "skip write certificate request" \
2859 -C "skip parse certificate request" \
2860 -c "got a certificate request" \
2861 -C "skip write certificate" \
2862 -C "skip write certificate verify" \
2863 -S "skip parse certificate verify" \
2864 -S "x509_verify_cert() returned" \
2865 -S "! The certificate is not correctly signed by the trusted CA" \
2866 -S "The certificate has been revoked (is on a CRL)"
2867
2868run_test "SNI: CA override with CRL" \
2869 "$P_SRV debug_level=3 auth_mode=optional \
2870 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2871 ca_file=data_files/test-ca.crt \
2872 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
2873 "$P_CLI debug_level=3 server_name=localhost \
2874 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2875 1 \
2876 -S "skip write certificate request" \
2877 -C "skip parse certificate request" \
2878 -c "got a certificate request" \
2879 -C "skip write certificate" \
2880 -C "skip write certificate verify" \
2881 -S "skip parse certificate verify" \
2882 -s "x509_verify_cert() returned" \
2883 -S "! The certificate is not correctly signed by the trusted CA" \
2884 -s "The certificate has been revoked (is on a CRL)"
2885
Andres AGe8b07742016-12-07 10:01:30 +0000[diff] [blame]2886# Tests for SNI and DTLS
2887
Andres Amaya Garciaf9519bf2018-05-01 20:27:37 +0100[diff] [blame]2888run_test "SNI: DTLS, no SNI callback" \
2889 "$P_SRV debug_level=3 dtls=1 \
2890 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
2891 "$P_CLI server_name=localhost dtls=1" \
2892 0 \
2893 -S "parse ServerName extension" \
2894 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
2895 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
2896
Andres Amaya Garcia914eea42018-05-01 20:26:47 +0100[diff] [blame]2897run_test "SNI: DTLS, matching cert 1" \
Andres AGe8b07742016-12-07 10:01:30 +0000[diff] [blame]2898 "$P_SRV debug_level=3 dtls=1 \
2899 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2900 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
2901 "$P_CLI server_name=localhost dtls=1" \
2902 0 \
2903 -s "parse ServerName extension" \
2904 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
2905 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
2906
Andres Amaya Garciaf9519bf2018-05-01 20:27:37 +0100[diff] [blame]2907run_test "SNI: DTLS, matching cert 2" \
2908 "$P_SRV debug_level=3 dtls=1 \
2909 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2910 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
2911 "$P_CLI server_name=polarssl.example dtls=1" \
2912 0 \
2913 -s "parse ServerName extension" \
2914 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
2915 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
2916
2917run_test "SNI: DTLS, no matching cert" \
2918 "$P_SRV debug_level=3 dtls=1 \
2919 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2920 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
2921 "$P_CLI server_name=nonesuch.example dtls=1" \
2922 1 \
2923 -s "parse ServerName extension" \
2924 -s "ssl_sni_wrapper() returned" \
2925 -s "mbedtls_ssl_handshake returned" \
2926 -c "mbedtls_ssl_handshake returned" \
2927 -c "SSL - A fatal alert message was received from our peer"
2928
2929run_test "SNI: DTLS, client auth no override: optional" \
2930 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
2931 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2932 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
2933 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
2934 0 \
2935 -S "skip write certificate request" \
2936 -C "skip parse certificate request" \
2937 -c "got a certificate request" \
2938 -C "skip write certificate" \
2939 -C "skip write certificate verify" \
2940 -S "skip parse certificate verify"
2941
2942run_test "SNI: DTLS, client auth override: none -> optional" \
2943 "$P_SRV debug_level=3 auth_mode=none dtls=1 \
2944 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2945 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
2946 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
2947 0 \
2948 -S "skip write certificate request" \
2949 -C "skip parse certificate request" \
2950 -c "got a certificate request" \
2951 -C "skip write certificate" \
2952 -C "skip write certificate verify" \
2953 -S "skip parse certificate verify"
2954
2955run_test "SNI: DTLS, client auth override: optional -> none" \
2956 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
2957 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2958 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
2959 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
2960 0 \
2961 -s "skip write certificate request" \
2962 -C "skip parse certificate request" \
2963 -c "got no certificate request" \
2964 -c "skip write certificate" \
2965 -c "skip write certificate verify" \
2966 -s "skip parse certificate verify"
2967
2968run_test "SNI: DTLS, CA no override" \
2969 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
2970 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2971 ca_file=data_files/test-ca.crt \
2972 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
2973 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
2974 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2975 1 \
2976 -S "skip write certificate request" \
2977 -C "skip parse certificate request" \
2978 -c "got a certificate request" \
2979 -C "skip write certificate" \
2980 -C "skip write certificate verify" \
2981 -S "skip parse certificate verify" \
2982 -s "x509_verify_cert() returned" \
2983 -s "! The certificate is not correctly signed by the trusted CA" \
2984 -S "The certificate has been revoked (is on a CRL)"
2985
Andres Amaya Garcia914eea42018-05-01 20:26:47 +0100[diff] [blame]2986run_test "SNI: DTLS, CA override" \
Andres AGe8b07742016-12-07 10:01:30 +0000[diff] [blame]2987 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
2988 crt_file=data_files/server5.crt key_file=data_files/server5.key \
2989 ca_file=data_files/test-ca.crt \
2990 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
2991 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
2992 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
2993 0 \
2994 -S "skip write certificate request" \
2995 -C "skip parse certificate request" \
2996 -c "got a certificate request" \
2997 -C "skip write certificate" \
2998 -C "skip write certificate verify" \
2999 -S "skip parse certificate verify" \
3000 -S "x509_verify_cert() returned" \
3001 -S "! The certificate is not correctly signed by the trusted CA" \
3002 -S "The certificate has been revoked (is on a CRL)"
3003
Andres Amaya Garcia914eea42018-05-01 20:26:47 +0100[diff] [blame]3004run_test "SNI: DTLS, CA override with CRL" \
Andres AGe8b07742016-12-07 10:01:30 +0000[diff] [blame]3005 "$P_SRV debug_level=3 auth_mode=optional \
3006 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
3007 ca_file=data_files/test-ca.crt \
3008 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
3009 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
3010 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
3011 1 \
3012 -S "skip write certificate request" \
3013 -C "skip parse certificate request" \
3014 -c "got a certificate request" \
3015 -C "skip write certificate" \
3016 -C "skip write certificate verify" \
3017 -S "skip parse certificate verify" \
3018 -s "x509_verify_cert() returned" \
3019 -S "! The certificate is not correctly signed by the trusted CA" \
3020 -s "The certificate has been revoked (is on a CRL)"
3021
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3022# Tests for non-blocking I/O: exercise a variety of handshake flows
3023
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3024run_test "Non-blocking I/O: basic handshake" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3025 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
3026 "$P_CLI nbio=2 tickets=0" \
3027 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3028 -S "mbedtls_ssl_handshake returned" \
3029 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3030 -c "Read from server: .* bytes read"
3031
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3032run_test "Non-blocking I/O: client auth" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3033 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
3034 "$P_CLI nbio=2 tickets=0" \
3035 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3036 -S "mbedtls_ssl_handshake returned" \
3037 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3038 -c "Read from server: .* bytes read"
3039
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3040run_test "Non-blocking I/O: ticket" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3041 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
3042 "$P_CLI nbio=2 tickets=1" \
3043 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3044 -S "mbedtls_ssl_handshake returned" \
3045 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3046 -c "Read from server: .* bytes read"
3047
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3048run_test "Non-blocking I/O: ticket + client auth" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3049 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
3050 "$P_CLI nbio=2 tickets=1" \
3051 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3052 -S "mbedtls_ssl_handshake returned" \
3053 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3054 -c "Read from server: .* bytes read"
3055
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3056run_test "Non-blocking I/O: ticket + client auth + resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3057 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
3058 "$P_CLI nbio=2 tickets=1 reconnect=1" \
3059 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3060 -S "mbedtls_ssl_handshake returned" \
3061 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3062 -c "Read from server: .* bytes read"
3063
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3064run_test "Non-blocking I/O: ticket + resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3065 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
3066 "$P_CLI nbio=2 tickets=1 reconnect=1" \
3067 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3068 -S "mbedtls_ssl_handshake returned" \
3069 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3070 -c "Read from server: .* bytes read"
3071
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3072run_test "Non-blocking I/O: session-id resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3073 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
3074 "$P_CLI nbio=2 tickets=0 reconnect=1" \
3075 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3076 -S "mbedtls_ssl_handshake returned" \
3077 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]3078 -c "Read from server: .* bytes read"
3079
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3080# Tests for version negotiation
3081
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3082run_test "Version check: all -> 1.2" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3083 "$P_SRV" \
3084 "$P_CLI" \
3085 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3086 -S "mbedtls_ssl_handshake returned" \
3087 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3088 -s "Protocol is TLSv1.2" \
3089 -c "Protocol is TLSv1.2"
3090
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3091run_test "Version check: cli max 1.1 -> 1.1" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3092 "$P_SRV" \
3093 "$P_CLI max_version=tls1_1" \
3094 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3095 -S "mbedtls_ssl_handshake returned" \
3096 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3097 -s "Protocol is TLSv1.1" \
3098 -c "Protocol is TLSv1.1"
3099
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3100run_test "Version check: srv max 1.1 -> 1.1" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3101 "$P_SRV max_version=tls1_1" \
3102 "$P_CLI" \
3103 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3104 -S "mbedtls_ssl_handshake returned" \
3105 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3106 -s "Protocol is TLSv1.1" \
3107 -c "Protocol is TLSv1.1"
3108
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3109run_test "Version check: cli+srv max 1.1 -> 1.1" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3110 "$P_SRV max_version=tls1_1" \
3111 "$P_CLI max_version=tls1_1" \
3112 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3113 -S "mbedtls_ssl_handshake returned" \
3114 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3115 -s "Protocol is TLSv1.1" \
3116 -c "Protocol is TLSv1.1"
3117
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3118run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3119 "$P_SRV min_version=tls1_1" \
3120 "$P_CLI max_version=tls1_1" \
3121 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3122 -S "mbedtls_ssl_handshake returned" \
3123 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3124 -s "Protocol is TLSv1.1" \
3125 -c "Protocol is TLSv1.1"
3126
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3127run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3128 "$P_SRV max_version=tls1_1" \
3129 "$P_CLI min_version=tls1_1" \
3130 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3131 -S "mbedtls_ssl_handshake returned" \
3132 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3133 -s "Protocol is TLSv1.1" \
3134 -c "Protocol is TLSv1.1"
3135
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3136run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3137 "$P_SRV max_version=tls1_1" \
3138 "$P_CLI min_version=tls1_2" \
3139 1 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3140 -s "mbedtls_ssl_handshake returned" \
3141 -c "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3142 -c "SSL - Handshake protocol not within min/max boundaries"
3143
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3144run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3145 "$P_SRV min_version=tls1_2" \
3146 "$P_CLI max_version=tls1_1" \
3147 1 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3148 -s "mbedtls_ssl_handshake returned" \
3149 -c "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]3150 -s "SSL - Handshake protocol not within min/max boundaries"
3151
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3152# Tests for ALPN extension
3153
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3154run_test "ALPN: none" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3155 "$P_SRV debug_level=3" \
3156 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3157 0 \
3158 -C "client hello, adding alpn extension" \
3159 -S "found alpn extension" \
3160 -C "got an alert message, type: \\[2:120]" \
3161 -S "server hello, adding alpn extension" \
3162 -C "found alpn extension " \
3163 -C "Application Layer Protocol is" \
3164 -S "Application Layer Protocol is"
3165
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3166run_test "ALPN: client only" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3167 "$P_SRV debug_level=3" \
3168 "$P_CLI debug_level=3 alpn=abc,1234" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3169 0 \
3170 -c "client hello, adding alpn extension" \
3171 -s "found alpn extension" \
3172 -C "got an alert message, type: \\[2:120]" \
3173 -S "server hello, adding alpn extension" \
3174 -C "found alpn extension " \
3175 -c "Application Layer Protocol is (none)" \
3176 -S "Application Layer Protocol is"
3177
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3178run_test "ALPN: server only" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3179 "$P_SRV debug_level=3 alpn=abc,1234" \
3180 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3181 0 \
3182 -C "client hello, adding alpn extension" \
3183 -S "found alpn extension" \
3184 -C "got an alert message, type: \\[2:120]" \
3185 -S "server hello, adding alpn extension" \
3186 -C "found alpn extension " \
3187 -C "Application Layer Protocol is" \
3188 -s "Application Layer Protocol is (none)"
3189
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3190run_test "ALPN: both, common cli1-srv1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3191 "$P_SRV debug_level=3 alpn=abc,1234" \
3192 "$P_CLI debug_level=3 alpn=abc,1234" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3193 0 \
3194 -c "client hello, adding alpn extension" \
3195 -s "found alpn extension" \
3196 -C "got an alert message, type: \\[2:120]" \
3197 -s "server hello, adding alpn extension" \
3198 -c "found alpn extension" \
3199 -c "Application Layer Protocol is abc" \
3200 -s "Application Layer Protocol is abc"
3201
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3202run_test "ALPN: both, common cli2-srv1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3203 "$P_SRV debug_level=3 alpn=abc,1234" \
3204 "$P_CLI debug_level=3 alpn=1234,abc" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3205 0 \
3206 -c "client hello, adding alpn extension" \
3207 -s "found alpn extension" \
3208 -C "got an alert message, type: \\[2:120]" \
3209 -s "server hello, adding alpn extension" \
3210 -c "found alpn extension" \
3211 -c "Application Layer Protocol is abc" \
3212 -s "Application Layer Protocol is abc"
3213
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3214run_test "ALPN: both, common cli1-srv2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3215 "$P_SRV debug_level=3 alpn=abc,1234" \
3216 "$P_CLI debug_level=3 alpn=1234,abcde" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3217 0 \
3218 -c "client hello, adding alpn extension" \
3219 -s "found alpn extension" \
3220 -C "got an alert message, type: \\[2:120]" \
3221 -s "server hello, adding alpn extension" \
3222 -c "found alpn extension" \
3223 -c "Application Layer Protocol is 1234" \
3224 -s "Application Layer Protocol is 1234"
3225
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3226run_test "ALPN: both, no common" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3227 "$P_SRV debug_level=3 alpn=abc,123" \
3228 "$P_CLI debug_level=3 alpn=1234,abcde" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]3229 1 \
3230 -c "client hello, adding alpn extension" \
3231 -s "found alpn extension" \
3232 -c "got an alert message, type: \\[2:120]" \
3233 -S "server hello, adding alpn extension" \
3234 -C "found alpn extension" \
3235 -C "Application Layer Protocol is 1234" \
3236 -S "Application Layer Protocol is 1234"
3237
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]3238
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3239# Tests for keyUsage in leaf certificates, part 1:
3240# server-side certificate/suite selection
3241
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3242run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3243 "$P_SRV key_file=data_files/server2.key \
3244 crt_file=data_files/server2.ku-ds.crt" \
3245 "$P_CLI" \
3246 0 \
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +0200[diff] [blame]3247 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3248
3249
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3250run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3251 "$P_SRV key_file=data_files/server2.key \
3252 crt_file=data_files/server2.ku-ke.crt" \
3253 "$P_CLI" \
3254 0 \
3255 -c "Ciphersuite is TLS-RSA-WITH-"
3256
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3257run_test "keyUsage srv: RSA, keyAgreement -> fail" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]3258 "$P_SRV key_file=data_files/server2.key \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3259 crt_file=data_files/server2.ku-ka.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]3260 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3261 1 \
3262 -C "Ciphersuite is "
3263
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3264run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3265 "$P_SRV key_file=data_files/server5.key \
3266 crt_file=data_files/server5.ku-ds.crt" \
3267 "$P_CLI" \
3268 0 \
3269 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
3270
3271
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3272run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3273 "$P_SRV key_file=data_files/server5.key \
3274 crt_file=data_files/server5.ku-ka.crt" \
3275 "$P_CLI" \
3276 0 \
3277 -c "Ciphersuite is TLS-ECDH-"
3278
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3279run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]3280 "$P_SRV key_file=data_files/server5.key \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3281 crt_file=data_files/server5.ku-ke.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]3282 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3283 1 \
3284 -C "Ciphersuite is "
3285
3286# Tests for keyUsage in leaf certificates, part 2:
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3287# client-side checking of server cert
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3288
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3289run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3290 "$O_SRV -key data_files/server2.key \
3291 -cert data_files/server2.ku-ds_ke.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3292 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3293 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
3294 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3295 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3296 -C "Processing of the Certificate handshake message failed" \
3297 -c "Ciphersuite is TLS-"
3298
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3299run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3300 "$O_SRV -key data_files/server2.key \
3301 -cert data_files/server2.ku-ds_ke.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3302 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3303 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
3304 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3305 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3306 -C "Processing of the Certificate handshake message failed" \
3307 -c "Ciphersuite is TLS-"
3308
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3309run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3310 "$O_SRV -key data_files/server2.key \
3311 -cert data_files/server2.ku-ke.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3312 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3313 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
3314 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3315 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3316 -C "Processing of the Certificate handshake message failed" \
3317 -c "Ciphersuite is TLS-"
3318
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3319run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3320 "$O_SRV -key data_files/server2.key \
3321 -cert data_files/server2.ku-ke.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3322 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3323 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
3324 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3325 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3326 -c "Processing of the Certificate handshake message failed" \
3327 -C "Ciphersuite is TLS-"
3328
Manuel Pégourié-Gonnarde6efa6f2015-04-20 11:01:48 +0100[diff] [blame]3329run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
3330 "$O_SRV -key data_files/server2.key \
3331 -cert data_files/server2.ku-ke.crt" \
3332 "$P_CLI debug_level=1 auth_mode=optional \
3333 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
3334 0 \
3335 -c "bad certificate (usage extensions)" \
3336 -C "Processing of the Certificate handshake message failed" \
3337 -c "Ciphersuite is TLS-" \
3338 -c "! Usage does not match the keyUsage extension"
3339
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3340run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3341 "$O_SRV -key data_files/server2.key \
3342 -cert data_files/server2.ku-ds.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3343 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3344 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
3345 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3346 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3347 -C "Processing of the Certificate handshake message failed" \
3348 -c "Ciphersuite is TLS-"
3349
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3350run_test "keyUsage cli: DigitalSignature, RSA: fail" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3351 "$O_SRV -key data_files/server2.key \
3352 -cert data_files/server2.ku-ds.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3353 "$P_CLI debug_level=1 \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3354 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
3355 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3356 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]3357 -c "Processing of the Certificate handshake message failed" \
3358 -C "Ciphersuite is TLS-"
3359
Manuel Pégourié-Gonnarde6efa6f2015-04-20 11:01:48 +0100[diff] [blame]3360run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
3361 "$O_SRV -key data_files/server2.key \
3362 -cert data_files/server2.ku-ds.crt" \
3363 "$P_CLI debug_level=1 auth_mode=optional \
3364 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
3365 0 \
3366 -c "bad certificate (usage extensions)" \
3367 -C "Processing of the Certificate handshake message failed" \
3368 -c "Ciphersuite is TLS-" \
3369 -c "! Usage does not match the keyUsage extension"
3370
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3371# Tests for keyUsage in leaf certificates, part 3:
3372# server-side checking of client cert
3373
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3374run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3375 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3376 "$O_CLI -key data_files/server2.key \
3377 -cert data_files/server2.ku-ds.crt" \
3378 0 \
3379 -S "bad certificate (usage extensions)" \
3380 -S "Processing of the Certificate handshake message failed"
3381
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3382run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3383 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3384 "$O_CLI -key data_files/server2.key \
3385 -cert data_files/server2.ku-ke.crt" \
3386 0 \
3387 -s "bad certificate (usage extensions)" \
3388 -S "Processing of the Certificate handshake message failed"
3389
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3390run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3391 "$P_SRV debug_level=1 auth_mode=required" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3392 "$O_CLI -key data_files/server2.key \
3393 -cert data_files/server2.ku-ke.crt" \
3394 1 \
3395 -s "bad certificate (usage extensions)" \
3396 -s "Processing of the Certificate handshake message failed"
3397
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3398run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3399 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3400 "$O_CLI -key data_files/server5.key \
3401 -cert data_files/server5.ku-ds.crt" \
3402 0 \
3403 -S "bad certificate (usage extensions)" \
3404 -S "Processing of the Certificate handshake message failed"
3405
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3406run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3407 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]3408 "$O_CLI -key data_files/server5.key \
3409 -cert data_files/server5.ku-ka.crt" \
3410 0 \
3411 -s "bad certificate (usage extensions)" \
3412 -S "Processing of the Certificate handshake message failed"
3413
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3414# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
3415
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3416run_test "extKeyUsage srv: serverAuth -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3417 "$P_SRV key_file=data_files/server5.key \
3418 crt_file=data_files/server5.eku-srv.crt" \
3419 "$P_CLI" \
3420 0
3421
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3422run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3423 "$P_SRV key_file=data_files/server5.key \
3424 crt_file=data_files/server5.eku-srv.crt" \
3425 "$P_CLI" \
3426 0
3427
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3428run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3429 "$P_SRV key_file=data_files/server5.key \
3430 crt_file=data_files/server5.eku-cs_any.crt" \
3431 "$P_CLI" \
3432 0
3433
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3434run_test "extKeyUsage srv: codeSign -> fail" \
Manuel Pégourié-Gonnard7eb58cb2015-07-07 11:54:14 +0200[diff] [blame]3435 "$P_SRV key_file=data_files/server5.key \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3436 crt_file=data_files/server5.eku-cli.crt" \
Manuel Pégourié-Gonnard7eb58cb2015-07-07 11:54:14 +0200[diff] [blame]3437 "$P_CLI" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3438 1
3439
3440# Tests for extendedKeyUsage, part 2: client-side checking of server cert
3441
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3442run_test "extKeyUsage cli: serverAuth -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3443 "$O_SRV -key data_files/server5.key \
3444 -cert data_files/server5.eku-srv.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3445 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3446 0 \
3447 -C "bad certificate (usage extensions)" \
3448 -C "Processing of the Certificate handshake message failed" \
3449 -c "Ciphersuite is TLS-"
3450
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3451run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3452 "$O_SRV -key data_files/server5.key \
3453 -cert data_files/server5.eku-srv_cli.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3454 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3455 0 \
3456 -C "bad certificate (usage extensions)" \
3457 -C "Processing of the Certificate handshake message failed" \
3458 -c "Ciphersuite is TLS-"
3459
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3460run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3461 "$O_SRV -key data_files/server5.key \
3462 -cert data_files/server5.eku-cs_any.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3463 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3464 0 \
3465 -C "bad certificate (usage extensions)" \
3466 -C "Processing of the Certificate handshake message failed" \
3467 -c "Ciphersuite is TLS-"
3468
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3469run_test "extKeyUsage cli: codeSign -> fail" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3470 "$O_SRV -key data_files/server5.key \
3471 -cert data_files/server5.eku-cs.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3472 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3473 1 \
3474 -c "bad certificate (usage extensions)" \
3475 -c "Processing of the Certificate handshake message failed" \
3476 -C "Ciphersuite is TLS-"
3477
3478# Tests for extendedKeyUsage, part 3: server-side checking of client cert
3479
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3480run_test "extKeyUsage cli-auth: clientAuth -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3481 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3482 "$O_CLI -key data_files/server5.key \
3483 -cert data_files/server5.eku-cli.crt" \
3484 0 \
3485 -S "bad certificate (usage extensions)" \
3486 -S "Processing of the Certificate handshake message failed"
3487
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3488run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3489 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3490 "$O_CLI -key data_files/server5.key \
3491 -cert data_files/server5.eku-srv_cli.crt" \
3492 0 \
3493 -S "bad certificate (usage extensions)" \
3494 -S "Processing of the Certificate handshake message failed"
3495
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3496run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3497 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3498 "$O_CLI -key data_files/server5.key \
3499 -cert data_files/server5.eku-cs_any.crt" \
3500 0 \
3501 -S "bad certificate (usage extensions)" \
3502 -S "Processing of the Certificate handshake message failed"
3503
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3504run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3505 "$P_SRV debug_level=1 auth_mode=optional" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3506 "$O_CLI -key data_files/server5.key \
3507 -cert data_files/server5.eku-cs.crt" \
3508 0 \
3509 -s "bad certificate (usage extensions)" \
3510 -S "Processing of the Certificate handshake message failed"
3511
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3512run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +0200[diff] [blame]3513 "$P_SRV debug_level=1 auth_mode=required" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]3514 "$O_CLI -key data_files/server5.key \
3515 -cert data_files/server5.eku-cs.crt" \
3516 1 \
3517 -s "bad certificate (usage extensions)" \
3518 -s "Processing of the Certificate handshake message failed"
3519
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]3520# Tests for DHM parameters loading
3521
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3522run_test "DHM parameters: reference" \
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]3523 "$P_SRV" \
3524 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3525 debug_level=3" \
3526 0 \
3527 -c "value of 'DHM: P ' (2048 bits)" \
Hanno Becker13be9902017-09-27 17:17:30 +0100[diff] [blame]3528 -c "value of 'DHM: G ' (2 bits)"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]3529
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3530run_test "DHM parameters: other parameters" \
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]3531 "$P_SRV dhm_file=data_files/dhparams.pem" \
3532 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3533 debug_level=3" \
3534 0 \
3535 -c "value of 'DHM: P ' (1024 bits)" \
3536 -c "value of 'DHM: G ' (2 bits)"
3537
Manuel Pégourié-Gonnard7a010aa2015-06-12 11:19:10 +0200[diff] [blame]3538# Tests for DHM client-side size checking
3539
3540run_test "DHM size: server default, client default, OK" \
3541 "$P_SRV" \
3542 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3543 debug_level=1" \
3544 0 \
3545 -C "DHM prime too short:"
3546
3547run_test "DHM size: server default, client 2048, OK" \
3548 "$P_SRV" \
3549 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3550 debug_level=1 dhmlen=2048" \
3551 0 \
3552 -C "DHM prime too short:"
3553
3554run_test "DHM size: server 1024, client default, OK" \
3555 "$P_SRV dhm_file=data_files/dhparams.pem" \
3556 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3557 debug_level=1" \
3558 0 \
3559 -C "DHM prime too short:"
3560
3561run_test "DHM size: server 1000, client default, rejected" \
3562 "$P_SRV dhm_file=data_files/dh.1000.pem" \
3563 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3564 debug_level=1" \
3565 1 \
3566 -c "DHM prime too short:"
3567
3568run_test "DHM size: server default, client 2049, rejected" \
3569 "$P_SRV" \
3570 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
3571 debug_level=1 dhmlen=2049" \
3572 1 \
3573 -c "DHM prime too short:"
3574
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3575# Tests for PSK callback
3576
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3577run_test "PSK callback: psk, no callback" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3578 "$P_SRV psk=abc123 psk_identity=foo" \
3579 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3580 psk_identity=foo psk=abc123" \
3581 0 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3582 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]3583 -S "SSL - Unknown identity received" \
3584 -S "SSL - Verification of the message MAC failed"
3585
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3586run_test "PSK callback: no psk, no callback" \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]3587 "$P_SRV" \
3588 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3589 psk_identity=foo psk=abc123" \
3590 1 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3591 -s "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3592 -S "SSL - Unknown identity received" \
3593 -S "SSL - Verification of the message MAC failed"
3594
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3595run_test "PSK callback: callback overrides other settings" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3596 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
3597 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3598 psk_identity=foo psk=abc123" \
3599 1 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3600 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3601 -s "SSL - Unknown identity received" \
3602 -S "SSL - Verification of the message MAC failed"
3603
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3604run_test "PSK callback: first id matches" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3605 "$P_SRV psk_list=abc,dead,def,beef" \
3606 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3607 psk_identity=abc psk=dead" \
3608 0 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3609 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3610 -S "SSL - Unknown identity received" \
3611 -S "SSL - Verification of the message MAC failed"
3612
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3613run_test "PSK callback: second id matches" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3614 "$P_SRV psk_list=abc,dead,def,beef" \
3615 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3616 psk_identity=def psk=beef" \
3617 0 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3618 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3619 -S "SSL - Unknown identity received" \
3620 -S "SSL - Verification of the message MAC failed"
3621
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3622run_test "PSK callback: no match" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3623 "$P_SRV psk_list=abc,dead,def,beef" \
3624 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3625 psk_identity=ghi psk=beef" \
3626 1 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3627 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3628 -s "SSL - Unknown identity received" \
3629 -S "SSL - Verification of the message MAC failed"
3630
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3631run_test "PSK callback: wrong key" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3632 "$P_SRV psk_list=abc,dead,def,beef" \
3633 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
3634 psk_identity=abc psk=beef" \
3635 1 \
Manuel Pégourié-Gonnardf01768c2015-01-08 17:06:16 +0100[diff] [blame]3636 -S "SSL - None of the common ciphersuites is usable" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]3637 -S "SSL - Unknown identity received" \
3638 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]3639
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3640# Tests for EC J-PAKE
3641
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3642requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3643run_test "ECJPAKE: client not configured" \
3644 "$P_SRV debug_level=3" \
3645 "$P_CLI debug_level=3" \
3646 0 \
3647 -C "add ciphersuite: c0ff" \
3648 -C "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3649 -S "found ecjpake kkpp extension" \
3650 -S "skip ecjpake kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3651 -S "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +0200[diff] [blame]3652 -S "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +0200[diff] [blame]3653 -C "found ecjpake_kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3654 -S "None of the common ciphersuites is usable"
3655
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3656requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3657run_test "ECJPAKE: server not configured" \
3658 "$P_SRV debug_level=3" \
3659 "$P_CLI debug_level=3 ecjpake_pw=bla \
3660 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3661 1 \
3662 -c "add ciphersuite: c0ff" \
3663 -c "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3664 -s "found ecjpake kkpp extension" \
3665 -s "skip ecjpake kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3666 -s "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +0200[diff] [blame]3667 -S "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +0200[diff] [blame]3668 -C "found ecjpake_kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +0200[diff] [blame]3669 -s "None of the common ciphersuites is usable"
3670
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3671requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3672run_test "ECJPAKE: working, TLS" \
3673 "$P_SRV debug_level=3 ecjpake_pw=bla" \
3674 "$P_CLI debug_level=3 ecjpake_pw=bla \
3675 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
Manuel Pégourié-Gonnard0f1660a2015-09-16 22:41:06 +0200[diff] [blame]3676 0 \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3677 -c "add ciphersuite: c0ff" \
3678 -c "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +0200[diff] [blame]3679 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3680 -s "found ecjpake kkpp extension" \
3681 -S "skip ecjpake kkpp extension" \
3682 -S "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +0200[diff] [blame]3683 -s "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +0200[diff] [blame]3684 -c "found ecjpake_kkpp extension" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3685 -S "None of the common ciphersuites is usable" \
3686 -S "SSL - Verification of the message MAC failed"
3687
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]3688server_needs_more_time 1
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3689requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3690run_test "ECJPAKE: password mismatch, TLS" \
3691 "$P_SRV debug_level=3 ecjpake_pw=bla" \
3692 "$P_CLI debug_level=3 ecjpake_pw=bad \
3693 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3694 1 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +0200[diff] [blame]3695 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3696 -s "SSL - Verification of the message MAC failed"
3697
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3698requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3699run_test "ECJPAKE: working, DTLS" \
3700 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
3701 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
3702 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3703 0 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +0200[diff] [blame]3704 -c "re-using cached ecjpake parameters" \
3705 -S "SSL - Verification of the message MAC failed"
3706
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3707requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +0200[diff] [blame]3708run_test "ECJPAKE: working, DTLS, no cookie" \
3709 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
3710 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
3711 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3712 0 \
3713 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3714 -S "SSL - Verification of the message MAC failed"
3715
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]3716server_needs_more_time 1
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3717requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3718run_test "ECJPAKE: password mismatch, DTLS" \
3719 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
3720 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
3721 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3722 1 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +0200[diff] [blame]3723 -c "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +0200[diff] [blame]3724 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +0200[diff] [blame]3725
Manuel Pégourié-Gonnardca700b22015-10-20 14:47:00 +0200[diff] [blame]3726# for tests with configs/config-thread.h
Manuel Pégourié-Gonnard12ca6f52015-10-20 15:24:51 +0200[diff] [blame]3727requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
Manuel Pégourié-Gonnardca700b22015-10-20 14:47:00 +0200[diff] [blame]3728run_test "ECJPAKE: working, DTLS, nolog" \
3729 "$P_SRV dtls=1 ecjpake_pw=bla" \
3730 "$P_CLI dtls=1 ecjpake_pw=bla \
3731 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
3732 0
3733
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3734# Tests for ciphersuites per version
3735
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]3736requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3737requires_config_enabled MBEDTLS_CAMELLIA_C
3738requires_config_enabled MBEDTLS_AES_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3739run_test "Per-version suites: SSL3" \
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3740 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3741 "$P_CLI force_version=ssl3" \
3742 0 \
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3743 -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3744
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3745requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
3746requires_config_enabled MBEDTLS_CAMELLIA_C
3747requires_config_enabled MBEDTLS_AES_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3748run_test "Per-version suites: TLS 1.0" \
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3749 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +0100[diff] [blame]3750 "$P_CLI force_version=tls1 arc4=1" \
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3751 0 \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3752 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3753
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3754requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
3755requires_config_enabled MBEDTLS_CAMELLIA_C
3756requires_config_enabled MBEDTLS_AES_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3757run_test "Per-version suites: TLS 1.1" \
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3758 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3759 "$P_CLI force_version=tls1_1" \
3760 0 \
3761 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
3762
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
3764requires_config_enabled MBEDTLS_CAMELLIA_C
3765requires_config_enabled MBEDTLS_AES_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +0200[diff] [blame]3766run_test "Per-version suites: TLS 1.2" \
Manuel Pégourié-Gonnarda82d38d2019-03-01 10:14:58 +0100[diff] [blame]3767 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3768 "$P_CLI force_version=tls1_2" \
3769 0 \
3770 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
3771
Manuel Pégourié-Gonnard4cc8c632015-07-23 12:24:03 +0200[diff] [blame]3772# Test for ClientHello without extensions
3773
Manuel Pégourié-Gonnardd55bc202015-08-04 16:22:30 +0200[diff] [blame]3774requires_gnutls
Manuel Pégourié-Gonnard37abf122020-01-30 12:45:14 +0100[diff] [blame]3775run_test "ClientHello without extensions" \
Manuel Pégourié-Gonnarda92990a2020-01-30 11:19:45 +0100[diff] [blame]3776 "$P_SRV debug_level=3" \
Gilles Peskine5d2511c2017-05-12 13:16:40 +0200[diff] [blame]3777 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
3778 0 \
3779 -s "dumping 'client hello extensions' (0 bytes)"
3780
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3781# Tests for mbedtls_ssl_get_bytes_avail()
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200[diff] [blame]3782
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3783run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200[diff] [blame]3784 "$P_SRV" \
3785 "$P_CLI request_size=100" \
3786 0 \
3787 -s "Read from client: 100 bytes read$"
3788
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]3789run_test "mbedtls_ssl_get_bytes_avail: extra data" \
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200[diff] [blame]3790 "$P_SRV" \
3791 "$P_CLI request_size=500" \
3792 0 \
3793 -s "Read from client: 500 bytes read (.*+.*)"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]3794
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3795# Tests for small client packets
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3796
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]3797requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3798run_test "Small client packet SSLv3 BlockCipher" \
Manuel Pégourié-Gonnard448ea502015-01-12 11:40:14 +0100[diff] [blame]3799 "$P_SRV min_version=ssl3" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3800 "$P_CLI request_size=1 force_version=ssl3 \
3801 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3802 0 \
3803 -s "Read from client: 1 bytes read"
3804
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]3805requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3806run_test "Small client packet SSLv3 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3807 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3808 "$P_CLI request_size=1 force_version=ssl3 \
3809 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3810 0 \
3811 -s "Read from client: 1 bytes read"
3812
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3813run_test "Small client packet TLS 1.0 BlockCipher" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3814 "$P_SRV" \
3815 "$P_CLI request_size=1 force_version=tls1 \
3816 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3817 0 \
3818 -s "Read from client: 1 bytes read"
3819
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3820run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +0100[diff] [blame]3821 "$P_SRV" \
3822 "$P_CLI request_size=1 force_version=tls1 etm=0 \
3823 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3824 0 \
3825 -s "Read from client: 1 bytes read"
3826
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]3827requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3828run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3829 "$P_SRV trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3830 "$P_CLI request_size=1 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3831 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3832 0 \
3833 -s "Read from client: 1 bytes read"
3834
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]3835requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3836run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3837 "$P_SRV trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3838 "$P_CLI request_size=1 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3839 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3840 0 \
3841 -s "Read from client: 1 bytes read"
3842
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3843run_test "Small client packet TLS 1.0 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3844 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3845 "$P_CLI request_size=1 force_version=tls1 \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3846 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3847 0 \
3848 -s "Read from client: 1 bytes read"
3849
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3850run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3851 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3852 "$P_CLI request_size=1 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3853 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3854 0 \
3855 -s "Read from client: 1 bytes read"
3856
3857requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3858run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3859 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3860 "$P_CLI request_size=1 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3861 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3862 0 \
3863 -s "Read from client: 1 bytes read"
3864
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3865requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3866run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3867 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
3868 "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
3869 trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3870 0 \
3871 -s "Read from client: 1 bytes read"
3872
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3873run_test "Small client packet TLS 1.1 BlockCipher" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3874 "$P_SRV" \
3875 "$P_CLI request_size=1 force_version=tls1_1 \
3876 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3877 0 \
3878 -s "Read from client: 1 bytes read"
3879
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3880run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +0100[diff] [blame]3881 "$P_SRV" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3882 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3883 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3884 0 \
3885 -s "Read from client: 1 bytes read"
3886
3887requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3888run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3889 "$P_SRV trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3890 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3891 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3892 0 \
3893 -s "Read from client: 1 bytes read"
3894
3895requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3896run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3897 "$P_SRV trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3898 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3899 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +0100[diff] [blame]3900 0 \
3901 -s "Read from client: 1 bytes read"
3902
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3903run_test "Small client packet TLS 1.1 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3904 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3905 "$P_CLI request_size=1 force_version=tls1_1 \
3906 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3907 0 \
3908 -s "Read from client: 1 bytes read"
3909
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3910run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3911 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3912 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3913 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3914 0 \
3915 -s "Read from client: 1 bytes read"
3916
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3917requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3918run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3919 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3920 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3921 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3922 0 \
3923 -s "Read from client: 1 bytes read"
3924
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]3925requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3926run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3927 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3928 "$P_CLI request_size=1 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3929 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3930 0 \
3931 -s "Read from client: 1 bytes read"
3932
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3933run_test "Small client packet TLS 1.2 BlockCipher" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3934 "$P_SRV" \
3935 "$P_CLI request_size=1 force_version=tls1_2 \
3936 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
3937 0 \
3938 -s "Read from client: 1 bytes read"
3939
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3940run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +0100[diff] [blame]3941 "$P_SRV" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3942 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3943 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +0100[diff] [blame]3944 0 \
3945 -s "Read from client: 1 bytes read"
3946
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3947run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3948 "$P_SRV" \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +0100[diff] [blame]3949 "$P_CLI request_size=1 force_version=tls1_2 \
3950 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3951 0 \
3952 -s "Read from client: 1 bytes read"
3953
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]3954requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3955run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3956 "$P_SRV trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3957 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3958 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3959 0 \
3960 -s "Read from client: 1 bytes read"
3961
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3962requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3963run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3964 "$P_SRV trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3965 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3966 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3967 0 \
3968 -s "Read from client: 1 bytes read"
3969
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3970run_test "Small client packet TLS 1.2 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3971 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3972 "$P_CLI request_size=1 force_version=tls1_2 \
3973 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
3974 0 \
3975 -s "Read from client: 1 bytes read"
3976
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3977run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]3978 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3979 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3980 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3981 0 \
3982 -s "Read from client: 1 bytes read"
3983
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]3984requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3985run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3986 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3987 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3988 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3989 0 \
3990 -s "Read from client: 1 bytes read"
3991
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3992requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]3993run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3994 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Hanno Becker8501f982017-11-10 08:59:04 +0000[diff] [blame]3995 "$P_CLI request_size=1 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]3996 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]3997 0 \
3998 -s "Read from client: 1 bytes read"
3999
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4000run_test "Small client packet TLS 1.2 AEAD" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]4001 "$P_SRV" \
4002 "$P_CLI request_size=1 force_version=tls1_2 \
4003 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
4004 0 \
4005 -s "Read from client: 1 bytes read"
4006
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4007run_test "Small client packet TLS 1.2 AEAD shorter tag" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]4008 "$P_SRV" \
4009 "$P_CLI request_size=1 force_version=tls1_2 \
4010 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
4011 0 \
4012 -s "Read from client: 1 bytes read"
4013
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4014# Tests for small client packets in DTLS
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4015
4016requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4017run_test "Small client packet DTLS 1.0" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4018 "$P_SRV dtls=1 force_version=dtls1" \
4019 "$P_CLI dtls=1 request_size=1 \
4020 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4021 0 \
4022 -s "Read from client: 1 bytes read"
4023
4024requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4025run_test "Small client packet DTLS 1.0, without EtM" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4026 "$P_SRV dtls=1 force_version=dtls1 etm=0" \
4027 "$P_CLI dtls=1 request_size=1 \
4028 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4029 0 \
4030 -s "Read from client: 1 bytes read"
4031
4032requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4033requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4034run_test "Small client packet DTLS 1.0, truncated hmac" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4035 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
4036 "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4037 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4038 0 \
4039 -s "Read from client: 1 bytes read"
4040
4041requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4042requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4043run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4044 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4045 "$P_CLI dtls=1 request_size=1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4046 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4047 0 \
4048 -s "Read from client: 1 bytes read"
4049
4050requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4051run_test "Small client packet DTLS 1.2" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4052 "$P_SRV dtls=1 force_version=dtls1_2" \
4053 "$P_CLI dtls=1 request_size=1 \
4054 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4055 0 \
4056 -s "Read from client: 1 bytes read"
4057
4058requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4059run_test "Small client packet DTLS 1.2, without EtM" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4060 "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4061 "$P_CLI dtls=1 request_size=1 \
4062 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4063 0 \
4064 -s "Read from client: 1 bytes read"
4065
4066requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4067requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4068run_test "Small client packet DTLS 1.2, truncated hmac" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4069 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4070 "$P_CLI dtls=1 request_size=1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4071 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4072 0 \
4073 -s "Read from client: 1 bytes read"
4074
4075requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4076requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4077run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4078 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4079 "$P_CLI dtls=1 request_size=1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4080 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
Hanno Beckere2148042017-11-10 08:59:18 +0000[diff] [blame]4081 0 \
4082 -s "Read from client: 1 bytes read"
4083
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4084# Tests for small server packets
4085
4086requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
4087run_test "Small server packet SSLv3 BlockCipher" \
4088 "$P_SRV response_size=1 min_version=ssl3" \
4089 "$P_CLI force_version=ssl3 \
4090 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4091 0 \
4092 -c "Read from server: 1 bytes read"
4093
4094requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
4095run_test "Small server packet SSLv3 StreamCipher" \
4096 "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4097 "$P_CLI force_version=ssl3 \
4098 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4099 0 \
4100 -c "Read from server: 1 bytes read"
4101
4102run_test "Small server packet TLS 1.0 BlockCipher" \
4103 "$P_SRV response_size=1" \
4104 "$P_CLI force_version=tls1 \
4105 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4106 0 \
4107 -c "Read from server: 1 bytes read"
4108
4109run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
4110 "$P_SRV response_size=1" \
4111 "$P_CLI force_version=tls1 etm=0 \
4112 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4113 0 \
4114 -c "Read from server: 1 bytes read"
4115
4116requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4117run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
4118 "$P_SRV response_size=1 trunc_hmac=1" \
4119 "$P_CLI force_version=tls1 \
4120 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
4121 0 \
4122 -c "Read from server: 1 bytes read"
4123
4124requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4125run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
4126 "$P_SRV response_size=1 trunc_hmac=1" \
4127 "$P_CLI force_version=tls1 \
4128 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
4129 0 \
4130 -c "Read from server: 1 bytes read"
4131
4132run_test "Small server packet TLS 1.0 StreamCipher" \
4133 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4134 "$P_CLI force_version=tls1 \
4135 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4136 0 \
4137 -c "Read from server: 1 bytes read"
4138
4139run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \
4140 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4141 "$P_CLI force_version=tls1 \
4142 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4143 0 \
4144 -c "Read from server: 1 bytes read"
4145
4146requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4147run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
4148 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4149 "$P_CLI force_version=tls1 \
4150 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4151 0 \
4152 -c "Read from server: 1 bytes read"
4153
4154requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4155run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
4156 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4157 "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
4158 trunc_hmac=1 etm=0" \
4159 0 \
4160 -c "Read from server: 1 bytes read"
4161
4162run_test "Small server packet TLS 1.1 BlockCipher" \
4163 "$P_SRV response_size=1" \
4164 "$P_CLI force_version=tls1_1 \
4165 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4166 0 \
4167 -c "Read from server: 1 bytes read"
4168
4169run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
4170 "$P_SRV response_size=1" \
4171 "$P_CLI force_version=tls1_1 \
4172 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
4173 0 \
4174 -c "Read from server: 1 bytes read"
4175
4176requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4177run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
4178 "$P_SRV response_size=1 trunc_hmac=1" \
4179 "$P_CLI force_version=tls1_1 \
4180 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
4181 0 \
4182 -c "Read from server: 1 bytes read"
4183
4184requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4185run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
4186 "$P_SRV response_size=1 trunc_hmac=1" \
4187 "$P_CLI force_version=tls1_1 \
4188 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
4189 0 \
4190 -c "Read from server: 1 bytes read"
4191
4192run_test "Small server packet TLS 1.1 StreamCipher" \
4193 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4194 "$P_CLI force_version=tls1_1 \
4195 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4196 0 \
4197 -c "Read from server: 1 bytes read"
4198
4199run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \
4200 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4201 "$P_CLI force_version=tls1_1 \
4202 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4203 0 \
4204 -c "Read from server: 1 bytes read"
4205
4206requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4207run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
4208 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4209 "$P_CLI force_version=tls1_1 \
4210 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4211 0 \
4212 -c "Read from server: 1 bytes read"
4213
4214requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4215run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
4216 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4217 "$P_CLI force_version=tls1_1 \
4218 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
4219 0 \
4220 -c "Read from server: 1 bytes read"
4221
4222run_test "Small server packet TLS 1.2 BlockCipher" \
4223 "$P_SRV response_size=1" \
4224 "$P_CLI force_version=tls1_2 \
4225 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4226 0 \
4227 -c "Read from server: 1 bytes read"
4228
4229run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
4230 "$P_SRV response_size=1" \
4231 "$P_CLI force_version=tls1_2 \
4232 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
4233 0 \
4234 -c "Read from server: 1 bytes read"
4235
4236run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
4237 "$P_SRV response_size=1" \
4238 "$P_CLI force_version=tls1_2 \
4239 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
4240 0 \
4241 -c "Read from server: 1 bytes read"
4242
4243requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4244run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
4245 "$P_SRV response_size=1 trunc_hmac=1" \
4246 "$P_CLI force_version=tls1_2 \
4247 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
4248 0 \
4249 -c "Read from server: 1 bytes read"
4250
4251requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4252run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
4253 "$P_SRV response_size=1 trunc_hmac=1" \
4254 "$P_CLI force_version=tls1_2 \
4255 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
4256 0 \
4257 -c "Read from server: 1 bytes read"
4258
4259run_test "Small server packet TLS 1.2 StreamCipher" \
4260 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4261 "$P_CLI force_version=tls1_2 \
4262 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4263 0 \
4264 -c "Read from server: 1 bytes read"
4265
4266run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
4267 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4268 "$P_CLI force_version=tls1_2 \
4269 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4270 0 \
4271 -c "Read from server: 1 bytes read"
4272
4273requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4274run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
4275 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4276 "$P_CLI force_version=tls1_2 \
4277 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4278 0 \
4279 -c "Read from server: 1 bytes read"
4280
4281requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4282run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
4283 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4284 "$P_CLI force_version=tls1_2 \
4285 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
4286 0 \
4287 -c "Read from server: 1 bytes read"
4288
4289run_test "Small server packet TLS 1.2 AEAD" \
4290 "$P_SRV response_size=1" \
4291 "$P_CLI force_version=tls1_2 \
4292 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
4293 0 \
4294 -c "Read from server: 1 bytes read"
4295
4296run_test "Small server packet TLS 1.2 AEAD shorter tag" \
4297 "$P_SRV response_size=1" \
4298 "$P_CLI force_version=tls1_2 \
4299 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
4300 0 \
4301 -c "Read from server: 1 bytes read"
4302
4303# Tests for small server packets in DTLS
4304
4305requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4306run_test "Small server packet DTLS 1.0" \
4307 "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
4308 "$P_CLI dtls=1 \
4309 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4310 0 \
4311 -c "Read from server: 1 bytes read"
4312
4313requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4314run_test "Small server packet DTLS 1.0, without EtM" \
4315 "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
4316 "$P_CLI dtls=1 \
4317 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4318 0 \
4319 -c "Read from server: 1 bytes read"
4320
4321requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4322requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4323run_test "Small server packet DTLS 1.0, truncated hmac" \
4324 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
4325 "$P_CLI dtls=1 trunc_hmac=1 \
4326 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4327 0 \
4328 -c "Read from server: 1 bytes read"
4329
4330requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4331requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4332run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
4333 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
4334 "$P_CLI dtls=1 \
4335 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
4336 0 \
4337 -c "Read from server: 1 bytes read"
4338
4339requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4340run_test "Small server packet DTLS 1.2" \
4341 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
4342 "$P_CLI dtls=1 \
4343 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4344 0 \
4345 -c "Read from server: 1 bytes read"
4346
4347requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4348run_test "Small server packet DTLS 1.2, without EtM" \
4349 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
4350 "$P_CLI dtls=1 \
4351 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4352 0 \
4353 -c "Read from server: 1 bytes read"
4354
4355requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4356requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4357run_test "Small server packet DTLS 1.2, truncated hmac" \
4358 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
4359 "$P_CLI dtls=1 \
4360 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
4361 0 \
4362 -c "Read from server: 1 bytes read"
4363
4364requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
4365requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4366run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
4367 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
4368 "$P_CLI dtls=1 \
4369 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
4370 0 \
4371 -c "Read from server: 1 bytes read"
4372
Janos Follath00efff72016-05-06 13:48:23 +0100[diff] [blame]4373# A test for extensions in SSLv3
4374
4375requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
4376run_test "SSLv3 with extensions, server side" \
4377 "$P_SRV min_version=ssl3 debug_level=3" \
4378 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
4379 0 \
4380 -S "dumping 'client hello extensions'" \
4381 -S "server hello, total extension length:"
4382
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4383# Test for large client packets
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4384
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]4385requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4386run_test "Large client packet SSLv3 BlockCipher" \
Manuel Pégourié-Gonnard448ea502015-01-12 11:40:14 +0100[diff] [blame]4387 "$P_SRV min_version=ssl3" \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +0100[diff] [blame]4388 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4389 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4390 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4391 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4392 -s "Read from client: 16384 bytes read"
4393
Janos Follathe2681a42016-03-07 15:57:05 +0000[diff] [blame]4394requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4395run_test "Large client packet SSLv3 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]4396 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4397 "$P_CLI request_size=16384 force_version=ssl3 \
4398 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4399 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4400 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4401 -s "Read from client: 16384 bytes read"
4402
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4403run_test "Large client packet TLS 1.0 BlockCipher" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4404 "$P_SRV" \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +0100[diff] [blame]4405 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4406 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4407 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4408 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4409 -s "Read from client: 16384 bytes read"
4410
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4411run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4412 "$P_SRV" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4413 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
4414 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4415 0 \
4416 -s "Read from client: 16384 bytes read"
4417
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4418requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4419run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4420 "$P_SRV trunc_hmac=1" \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +0100[diff] [blame]4421 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4422 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4423 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4424 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4425 -s "Read from client: 16384 bytes read"
4426
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4427requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4428run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4429 "$P_SRV trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4430 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4431 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4432 0 \
4433 -s "Read from client: 16384 bytes read"
4434
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4435run_test "Large client packet TLS 1.0 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]4436 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4437 "$P_CLI request_size=16384 force_version=tls1 \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4438 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4439 0 \
4440 -s "Read from client: 16384 bytes read"
4441
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4442run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4443 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4444 "$P_CLI request_size=16384 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4445 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4446 0 \
4447 -s "Read from client: 16384 bytes read"
4448
4449requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4450run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4451 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4452 "$P_CLI request_size=16384 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4453 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4454 0 \
4455 -s "Read from client: 16384 bytes read"
4456
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4457requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4458run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4459 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4460 "$P_CLI request_size=16384 force_version=tls1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4461 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4462 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4463 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4464 -s "Read from client: 16384 bytes read"
4465
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4466run_test "Large client packet TLS 1.1 BlockCipher" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4467 "$P_SRV" \
4468 "$P_CLI request_size=16384 force_version=tls1_1 \
4469 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4470 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4471 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4472 -s "Read from client: 16384 bytes read"
4473
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4474run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4475 "$P_SRV" \
4476 "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
4477 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4478 0 \
4479 -s "Read from client: 16384 bytes read"
4480
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4481requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4482run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4483 "$P_SRV trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4484 "$P_CLI request_size=16384 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4485 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4486 0 \
4487 -s "Read from client: 16384 bytes read"
4488
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4489requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4490run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4491 "$P_SRV trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4492 "$P_CLI request_size=16384 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4493 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4494 0 \
4495 -s "Read from client: 16384 bytes read"
4496
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4497run_test "Large client packet TLS 1.1 StreamCipher" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4498 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4499 "$P_CLI request_size=16384 force_version=tls1_1 \
4500 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4501 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4502 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4503 -s "Read from client: 16384 bytes read"
4504
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4505run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4506 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4507 "$P_CLI request_size=16384 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4508 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4509 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4510 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4511 -s "Read from client: 16384 bytes read"
4512
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4513requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4514run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4515 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4516 "$P_CLI request_size=16384 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4517 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4518 0 \
4519 -s "Read from client: 16384 bytes read"
4520
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4521requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4522run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4523 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4524 "$P_CLI request_size=16384 force_version=tls1_1 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4525 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4526 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4527 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4528 -s "Read from client: 16384 bytes read"
4529
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4530run_test "Large client packet TLS 1.2 BlockCipher" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4531 "$P_SRV" \
4532 "$P_CLI request_size=16384 force_version=tls1_2 \
4533 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4534 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4535 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4536 -s "Read from client: 16384 bytes read"
4537
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4538run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4539 "$P_SRV" \
4540 "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
4541 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4542 0 \
4543 -s "Read from client: 16384 bytes read"
4544
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4545run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4546 "$P_SRV" \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +0100[diff] [blame]4547 "$P_CLI request_size=16384 force_version=tls1_2 \
4548 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4549 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4550 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4551 -s "Read from client: 16384 bytes read"
4552
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4553requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4554run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4555 "$P_SRV trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4556 "$P_CLI request_size=16384 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4557 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4558 0 \
4559 -s "Read from client: 16384 bytes read"
4560
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4561requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4562run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4563 "$P_SRV trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4564 "$P_CLI request_size=16384 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4565 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4566 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4567 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4568 -s "Read from client: 16384 bytes read"
4569
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4570run_test "Large client packet TLS 1.2 StreamCipher" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]4571 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4572 "$P_CLI request_size=16384 force_version=tls1_2 \
4573 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4574 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4575 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4576 -s "Read from client: 16384 bytes read"
4577
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4578run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
Manuel Pégourié-Gonnardea0920f2015-03-24 09:50:15 +0100[diff] [blame]4579 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4580 "$P_CLI request_size=16384 force_version=tls1_2 \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4581 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4582 0 \
4583 -s "Read from client: 16384 bytes read"
4584
Hanno Becker32c55012017-11-10 08:42:54 +0000[diff] [blame]4585requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4586run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4587 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4588 "$P_CLI request_size=16384 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4589 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4590 0 \
4591 -s "Read from client: 16384 bytes read"
4592
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4593requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4594run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4595 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
Hanno Becker278fc7a2017-11-10 09:16:28 +0000[diff] [blame]4596 "$P_CLI request_size=16384 force_version=tls1_2 \
Hanno Becker909f9a32017-11-21 17:10:12 +0000[diff] [blame]4597 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4598 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4599 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4600 -s "Read from client: 16384 bytes read"
4601
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4602run_test "Large client packet TLS 1.2 AEAD" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4603 "$P_SRV" \
4604 "$P_CLI request_size=16384 force_version=tls1_2 \
4605 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
4606 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4607 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4608 -s "Read from client: 16384 bytes read"
4609
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4610run_test "Large client packet TLS 1.2 AEAD shorter tag" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4611 "$P_SRV" \
4612 "$P_CLI request_size=16384 force_version=tls1_2 \
4613 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
4614 0 \
Hanno Becker09930d12017-09-18 15:04:19 +0100[diff] [blame]4615 -c "16384 bytes written in 1 fragments" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]4616 -s "Read from client: 16384 bytes read"
4617
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4618# Tests for ECC extensions (rfc 4492)
4619
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4620requires_config_enabled MBEDTLS_AES_C
4621requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
4622requires_config_enabled MBEDTLS_SHA256_C
4623requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4624run_test "Force a non ECC ciphersuite in the client side" \
4625 "$P_SRV debug_level=3" \
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4626 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4627 0 \
4628 -C "client hello, adding supported_elliptic_curves extension" \
4629 -C "client hello, adding supported_point_formats extension" \
4630 -S "found supported elliptic curves extension" \
4631 -S "found supported point formats extension"
4632
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4633requires_config_enabled MBEDTLS_AES_C
4634requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
4635requires_config_enabled MBEDTLS_SHA256_C
4636requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4637run_test "Force a non ECC ciphersuite in the server side" \
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4638 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4639 "$P_CLI debug_level=3" \
4640 0 \
4641 -C "found supported_point_formats extension" \
4642 -S "server hello, supported_point_formats extension"
4643
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4644requires_config_enabled MBEDTLS_AES_C
4645requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
4646requires_config_enabled MBEDTLS_SHA256_C
4647requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4648run_test "Force an ECC ciphersuite in the client side" \
4649 "$P_SRV debug_level=3" \
4650 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
4651 0 \
4652 -c "client hello, adding supported_elliptic_curves extension" \
4653 -c "client hello, adding supported_point_formats extension" \
4654 -s "found supported elliptic curves extension" \
4655 -s "found supported point formats extension"
4656
Ron Eldor94226d82018-06-28 16:17:00 +0300[diff] [blame]4657requires_config_enabled MBEDTLS_AES_C
4658requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
4659requires_config_enabled MBEDTLS_SHA256_C
4660requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Ron Eldorc7f15232018-06-28 13:22:05 +0300[diff] [blame]4661run_test "Force an ECC ciphersuite in the server side" \
4662 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
4663 "$P_CLI debug_level=3" \
4664 0 \
4665 -c "found supported_point_formats extension" \
4666 -s "server hello, supported_point_formats extension"
4667
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4668# Test for large server packets
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4669requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
4670run_test "Large server packet SSLv3 StreamCipher" \
4671 "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4672 "$P_CLI force_version=ssl3 \
4673 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4674 0 \
4675 -c "Read from server: 16384 bytes read"
4676
Andrzej Kurekc8958212018-08-27 08:00:13 -0400[diff] [blame]4677# Checking next 4 tests logs for 1n-1 split against BEAST too
4678requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
4679run_test "Large server packet SSLv3 BlockCipher" \
4680 "$P_SRV response_size=16384 min_version=ssl3" \
4681 "$P_CLI force_version=ssl3 recsplit=0 \
4682 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4683 0 \
4684 -c "Read from server: 1 bytes read"\
4685 -c "16383 bytes read"\
4686 -C "Read from server: 16384 bytes read"
4687
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4688run_test "Large server packet TLS 1.0 BlockCipher" \
4689 "$P_SRV response_size=16384" \
4690 "$P_CLI force_version=tls1 recsplit=0 \
4691 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4692 0 \
4693 -c "Read from server: 1 bytes read"\
4694 -c "16383 bytes read"\
4695 -C "Read from server: 16384 bytes read"
4696
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4697run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
4698 "$P_SRV response_size=16384" \
4699 "$P_CLI force_version=tls1 etm=0 recsplit=0 \
4700 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4701 0 \
4702 -c "Read from server: 1 bytes read"\
4703 -c "16383 bytes read"\
4704 -C "Read from server: 16384 bytes read"
4705
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4706requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4707run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
4708 "$P_SRV response_size=16384" \
4709 "$P_CLI force_version=tls1 recsplit=0 \
4710 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
4711 trunc_hmac=1" \
4712 0 \
4713 -c "Read from server: 1 bytes read"\
4714 -c "16383 bytes read"\
4715 -C "Read from server: 16384 bytes read"
4716
4717requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4718run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
4719 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4720 "$P_CLI force_version=tls1 \
4721 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
4722 trunc_hmac=1" \
4723 0 \
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4724 -s "16384 bytes written in 1 fragments" \
4725 -c "Read from server: 16384 bytes read"
4726
4727run_test "Large server packet TLS 1.0 StreamCipher" \
4728 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4729 "$P_CLI force_version=tls1 \
4730 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4731 0 \
4732 -s "16384 bytes written in 1 fragments" \
4733 -c "Read from server: 16384 bytes read"
4734
4735run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \
4736 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4737 "$P_CLI force_version=tls1 \
4738 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4739 0 \
4740 -s "16384 bytes written in 1 fragments" \
4741 -c "Read from server: 16384 bytes read"
4742
4743requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4744run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
4745 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4746 "$P_CLI force_version=tls1 \
4747 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4748 0 \
4749 -s "16384 bytes written in 1 fragments" \
4750 -c "Read from server: 16384 bytes read"
4751
4752requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4753run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
4754 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4755 "$P_CLI force_version=tls1 \
4756 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
4757 0 \
4758 -s "16384 bytes written in 1 fragments" \
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4759 -c "Read from server: 16384 bytes read"
4760
4761run_test "Large server packet TLS 1.1 BlockCipher" \
4762 "$P_SRV response_size=16384" \
4763 "$P_CLI force_version=tls1_1 \
4764 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4765 0 \
4766 -c "Read from server: 16384 bytes read"
4767
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4768run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
4769 "$P_SRV response_size=16384" \
4770 "$P_CLI force_version=tls1_1 etm=0 \
4771 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4772 0 \
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4773 -s "16384 bytes written in 1 fragments" \
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4774 -c "Read from server: 16384 bytes read"
4775
4776requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4777run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
4778 "$P_SRV response_size=16384" \
4779 "$P_CLI force_version=tls1_1 \
4780 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
4781 trunc_hmac=1" \
4782 0 \
4783 -c "Read from server: 16384 bytes read"
4784
4785requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4786run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
4787 "$P_SRV response_size=16384 trunc_hmac=1" \
4788 "$P_CLI force_version=tls1_1 \
4789 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
4790 0 \
4791 -s "16384 bytes written in 1 fragments" \
4792 -c "Read from server: 16384 bytes read"
4793
4794run_test "Large server packet TLS 1.1 StreamCipher" \
4795 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4796 "$P_CLI force_version=tls1_1 \
4797 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4798 0 \
4799 -c "Read from server: 16384 bytes read"
4800
4801run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \
4802 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4803 "$P_CLI force_version=tls1_1 \
4804 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4805 0 \
4806 -s "16384 bytes written in 1 fragments" \
4807 -c "Read from server: 16384 bytes read"
4808
4809requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4810run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
4811 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4812 "$P_CLI force_version=tls1_1 \
4813 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
4814 trunc_hmac=1" \
4815 0 \
4816 -c "Read from server: 16384 bytes read"
4817
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4818run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
4819 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4820 "$P_CLI force_version=tls1_1 \
4821 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
4822 0 \
4823 -s "16384 bytes written in 1 fragments" \
4824 -c "Read from server: 16384 bytes read"
4825
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4826run_test "Large server packet TLS 1.2 BlockCipher" \
4827 "$P_SRV response_size=16384" \
4828 "$P_CLI force_version=tls1_2 \
4829 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4830 0 \
4831 -c "Read from server: 16384 bytes read"
4832
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4833run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
4834 "$P_SRV response_size=16384" \
4835 "$P_CLI force_version=tls1_2 etm=0 \
4836 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
4837 0 \
4838 -s "16384 bytes written in 1 fragments" \
4839 -c "Read from server: 16384 bytes read"
4840
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4841run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
4842 "$P_SRV response_size=16384" \
4843 "$P_CLI force_version=tls1_2 \
4844 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
4845 0 \
4846 -c "Read from server: 16384 bytes read"
4847
4848requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4849run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
4850 "$P_SRV response_size=16384" \
4851 "$P_CLI force_version=tls1_2 \
4852 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
4853 trunc_hmac=1" \
4854 0 \
4855 -c "Read from server: 16384 bytes read"
4856
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4857run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
4858 "$P_SRV response_size=16384 trunc_hmac=1" \
4859 "$P_CLI force_version=tls1_2 \
4860 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
4861 0 \
4862 -s "16384 bytes written in 1 fragments" \
4863 -c "Read from server: 16384 bytes read"
4864
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4865run_test "Large server packet TLS 1.2 StreamCipher" \
4866 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4867 "$P_CLI force_version=tls1_2 \
4868 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4869 0 \
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4870 -s "16384 bytes written in 1 fragments" \
4871 -c "Read from server: 16384 bytes read"
4872
4873run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
4874 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4875 "$P_CLI force_version=tls1_2 \
4876 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
4877 0 \
4878 -s "16384 bytes written in 1 fragments" \
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4879 -c "Read from server: 16384 bytes read"
4880
4881requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4882run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
4883 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
4884 "$P_CLI force_version=tls1_2 \
4885 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
4886 trunc_hmac=1" \
4887 0 \
4888 -c "Read from server: 16384 bytes read"
4889
Andrzej Kurekd731a632018-06-19 09:37:30 -0400[diff] [blame]4890requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
4891run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
4892 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
4893 "$P_CLI force_version=tls1_2 \
4894 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
4895 0 \
4896 -s "16384 bytes written in 1 fragments" \
4897 -c "Read from server: 16384 bytes read"
4898
Andrzej Kurek557335e2018-06-28 04:03:10 -0400[diff] [blame]4899run_test "Large server packet TLS 1.2 AEAD" \
4900 "$P_SRV response_size=16384" \
4901 "$P_CLI force_version=tls1_2 \
4902 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
4903 0 \
4904 -c "Read from server: 16384 bytes read"
4905
4906run_test "Large server packet TLS 1.2 AEAD shorter tag" \
4907 "$P_SRV response_size=16384" \
4908 "$P_CLI force_version=tls1_2 \
4909 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
4910 0 \
4911 -c "Read from server: 16384 bytes read"
4912
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]4913# Tests for DTLS HelloVerifyRequest
4914
4915run_test "DTLS cookie: enabled" \
4916 "$P_SRV dtls=1 debug_level=2" \
4917 "$P_CLI dtls=1 debug_level=2" \
4918 0 \
4919 -s "cookie verification failed" \
4920 -s "cookie verification passed" \
4921 -S "cookie verification skipped" \
4922 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +0200[diff] [blame]4923 -s "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]4924 -S "SSL - The requested feature is not available"
4925
4926run_test "DTLS cookie: disabled" \
4927 "$P_SRV dtls=1 debug_level=2 cookies=0" \
4928 "$P_CLI dtls=1 debug_level=2" \
4929 0 \
4930 -S "cookie verification failed" \
4931 -S "cookie verification passed" \
4932 -s "cookie verification skipped" \
4933 -C "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +0200[diff] [blame]4934 -S "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]4935 -S "SSL - The requested feature is not available"
4936
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +0200[diff] [blame]4937run_test "DTLS cookie: default (failing)" \
4938 "$P_SRV dtls=1 debug_level=2 cookies=-1" \
4939 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
4940 1 \
4941 -s "cookie verification failed" \
4942 -S "cookie verification passed" \
4943 -S "cookie verification skipped" \
4944 -C "received hello verify request" \
4945 -S "hello verification requested" \
4946 -s "SSL - The requested feature is not available"
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]4947
4948requires_ipv6
4949run_test "DTLS cookie: enabled, IPv6" \
4950 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
4951 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
4952 0 \
4953 -s "cookie verification failed" \
4954 -s "cookie verification passed" \
4955 -S "cookie verification skipped" \
4956 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +0200[diff] [blame]4957 -s "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200[diff] [blame]4958 -S "SSL - The requested feature is not available"
4959
Manuel Pégourié-Gonnard579950c2014-09-29 17:47:33 +0200[diff] [blame]4960run_test "DTLS cookie: enabled, nbio" \
4961 "$P_SRV dtls=1 nbio=2 debug_level=2" \
4962 "$P_CLI dtls=1 nbio=2 debug_level=2" \
4963 0 \
4964 -s "cookie verification failed" \
4965 -s "cookie verification passed" \
4966 -S "cookie verification skipped" \
4967 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +0200[diff] [blame]4968 -s "hello verification requested" \
Manuel Pégourié-Gonnard579950c2014-09-29 17:47:33 +0200[diff] [blame]4969 -S "SSL - The requested feature is not available"
4970
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4971# Tests for client reconnecting from the same port with DTLS
4972
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4973not_with_valgrind # spurious resend
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4974run_test "DTLS client reconnect from same port: reference" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4975 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
4976 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4977 0 \
4978 -C "resend" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4979 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4980 -S "Client initiated reconnection from same port"
4981
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4982not_with_valgrind # spurious resend
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4983run_test "DTLS client reconnect from same port: reconnect" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4984 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
4985 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4986 0 \
4987 -C "resend" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4988 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4989 -s "Client initiated reconnection from same port"
4990
Paul Bakker362689d2016-05-13 10:33:25 +0100[diff] [blame]4991not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
4992run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4993 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
4994 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4995 0 \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]4996 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +0200[diff] [blame]4997 -s "Client initiated reconnection from same port"
4998
Paul Bakker362689d2016-05-13 10:33:25 +0100[diff] [blame]4999only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
5000run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
5001 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
5002 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
5003 0 \
5004 -S "The operation timed out" \
5005 -s "Client initiated reconnection from same port"
5006
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]5007run_test "DTLS client reconnect from same port: no cookies" \
5008 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
Manuel Pégourié-Gonnard6ad23b92015-09-15 12:57:46 +0200[diff] [blame]5009 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
5010 0 \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +0200[diff] [blame]5011 -s "The operation timed out" \
5012 -S "Client initiated reconnection from same port"
5013
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +0200[diff] [blame]5014# Tests for various cases of client authentication with DTLS
5015# (focused on handshake flows and message parsing)
5016
5017run_test "DTLS client auth: required" \
5018 "$P_SRV dtls=1 auth_mode=required" \
5019 "$P_CLI dtls=1" \
5020 0 \
5021 -s "Verifying peer X.509 certificate... ok"
5022
5023run_test "DTLS client auth: optional, client has no cert" \
5024 "$P_SRV dtls=1 auth_mode=optional" \
5025 "$P_CLI dtls=1 crt_file=none key_file=none" \
5026 0 \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]5027 -s "! Certificate was missing"
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +0200[diff] [blame]5028
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]5029run_test "DTLS client auth: none, client has no cert" \
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +0200[diff] [blame]5030 "$P_SRV dtls=1 auth_mode=none" \
5031 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
5032 0 \
5033 -c "skip write certificate$" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +0100[diff] [blame]5034 -s "! Certificate verification was skipped"
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +0200[diff] [blame]5035
Manuel Pégourié-Gonnard0a885742015-08-04 12:08:35 +0200[diff] [blame]5036run_test "DTLS wrong PSK: badmac alert" \
5037 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
5038 "$P_CLI dtls=1 psk=abc124" \
5039 1 \
5040 -s "SSL - Verification of the message MAC failed" \
5041 -c "SSL - A fatal alert message was received from our peer"
5042
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +0200[diff] [blame]5043# Tests for receiving fragmented handshake messages with DTLS
5044
5045requires_gnutls
5046run_test "DTLS reassembly: no fragmentation (gnutls server)" \
5047 "$G_SRV -u --mtu 2048 -a" \
5048 "$P_CLI dtls=1 debug_level=2" \
5049 0 \
5050 -C "found fragmented DTLS handshake message" \
5051 -C "error"
5052
5053requires_gnutls
5054run_test "DTLS reassembly: some fragmentation (gnutls server)" \
5055 "$G_SRV -u --mtu 512" \
5056 "$P_CLI dtls=1 debug_level=2" \
5057 0 \
5058 -c "found fragmented DTLS handshake message" \
5059 -C "error"
5060
5061requires_gnutls
5062run_test "DTLS reassembly: more fragmentation (gnutls server)" \
5063 "$G_SRV -u --mtu 128" \
5064 "$P_CLI dtls=1 debug_level=2" \
5065 0 \
5066 -c "found fragmented DTLS handshake message" \
5067 -C "error"
5068
5069requires_gnutls
5070run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
5071 "$G_SRV -u --mtu 128" \
5072 "$P_CLI dtls=1 nbio=2 debug_level=2" \
5073 0 \
5074 -c "found fragmented DTLS handshake message" \
5075 -C "error"
5076
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +0200[diff] [blame]5077requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5078requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +0200[diff] [blame]5079run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
5080 "$G_SRV -u --mtu 256" \
5081 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
5082 0 \
5083 -c "found fragmented DTLS handshake message" \
5084 -c "client hello, adding renegotiation extension" \
5085 -c "found renegotiation extension" \
5086 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5087 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +0200[diff] [blame]5088 -C "error" \
5089 -s "Extra-header:"
5090
5091requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5092requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +0200[diff] [blame]5093run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
5094 "$G_SRV -u --mtu 256" \
5095 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
5096 0 \
5097 -c "found fragmented DTLS handshake message" \
5098 -c "client hello, adding renegotiation extension" \
5099 -c "found renegotiation extension" \
5100 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]5101 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +0200[diff] [blame]5102 -C "error" \
5103 -s "Extra-header:"
5104
Manuel Pégourié-Gonnarda7756172014-08-31 18:37:01 +0200[diff] [blame]5105run_test "DTLS reassembly: no fragmentation (openssl server)" \
5106 "$O_SRV -dtls1 -mtu 2048" \
5107 "$P_CLI dtls=1 debug_level=2" \
5108 0 \
5109 -C "found fragmented DTLS handshake message" \
5110 -C "error"
5111
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5112run_test "DTLS reassembly: some fragmentation (openssl server)" \
5113 "$O_SRV -dtls1 -mtu 768" \
Manuel Pégourié-Gonnard64dffc52014-09-02 13:39:16 +0200[diff] [blame]5114 "$P_CLI dtls=1 debug_level=2" \
5115 0 \
5116 -c "found fragmented DTLS handshake message" \
5117 -C "error"
5118
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5119run_test "DTLS reassembly: more fragmentation (openssl server)" \
Manuel Pégourié-Gonnard64dffc52014-09-02 13:39:16 +0200[diff] [blame]5120 "$O_SRV -dtls1 -mtu 256" \
5121 "$P_CLI dtls=1 debug_level=2" \
5122 0 \
5123 -c "found fragmented DTLS handshake message" \
5124 -C "error"
5125
5126run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
5127 "$O_SRV -dtls1 -mtu 256" \
5128 "$P_CLI dtls=1 nbio=2 debug_level=2" \
5129 0 \
5130 -c "found fragmented DTLS handshake message" \
5131 -C "error"
Manuel Pégourié-Gonnarda7756172014-08-31 18:37:01 +0200[diff] [blame]5132
Manuel Pégourié-Gonnard7a66cbc2014-09-26 16:31:46 +0200[diff] [blame]5133# Tests for specific things with "unreliable" UDP connection
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]5134
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5135not_with_valgrind # spurious resend due to timeout
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +0200[diff] [blame]5136run_test "DTLS proxy: reference" \
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +0200[diff] [blame]5137 -p "$P_PXY" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5138 "$P_SRV dtls=1 debug_level=2" \
5139 "$P_CLI dtls=1 debug_level=2" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +0200[diff] [blame]5140 0 \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +0200[diff] [blame]5141 -C "replayed record" \
5142 -S "replayed record" \
5143 -C "record from another epoch" \
5144 -S "record from another epoch" \
5145 -C "discarding invalid record" \
5146 -S "discarding invalid record" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5147 -S "resend" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +0200[diff] [blame]5148 -s "Extra-header:" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +0200[diff] [blame]5149 -c "HTTP/1.0 200 OK"
5150
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5151not_with_valgrind # spurious resend due to timeout
Manuel Pégourié-Gonnardb47368a2014-09-24 13:29:58 +0200[diff] [blame]5152run_test "DTLS proxy: duplicate every packet" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +0200[diff] [blame]5153 -p "$P_PXY duplicate=1" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5154 "$P_SRV dtls=1 debug_level=2" \
5155 "$P_CLI dtls=1 debug_level=2" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +0200[diff] [blame]5156 0 \
Manuel Pégourié-Gonnardb47368a2014-09-24 13:29:58 +0200[diff] [blame]5157 -c "replayed record" \
5158 -s "replayed record" \
Hanno Beckera34cc6b2017-05-26 16:07:36 +0100[diff] [blame]5159 -c "record from another epoch" \
5160 -s "record from another epoch" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5161 -S "resend" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +0200[diff] [blame]5162 -s "Extra-header:" \
5163 -c "HTTP/1.0 200 OK"
5164
Manuel Pégourié-Gonnard27393132014-09-24 14:41:11 +0200[diff] [blame]5165run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
5166 -p "$P_PXY duplicate=1" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5167 "$P_SRV dtls=1 debug_level=2 anti_replay=0" \
5168 "$P_CLI dtls=1 debug_level=2" \
Manuel Pégourié-Gonnard27393132014-09-24 14:41:11 +0200[diff] [blame]5169 0 \
5170 -c "replayed record" \
5171 -S "replayed record" \
Hanno Beckera34cc6b2017-05-26 16:07:36 +0100[diff] [blame]5172 -c "record from another epoch" \
5173 -s "record from another epoch" \
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200[diff] [blame]5174 -c "resend" \
5175 -s "resend" \
Manuel Pégourié-Gonnard27393132014-09-24 14:41:11 +0200[diff] [blame]5176 -s "Extra-header:" \
5177 -c "HTTP/1.0 200 OK"
5178
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5179run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +0200[diff] [blame]5180 -p "$P_PXY bad_ad=1" \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +0200[diff] [blame]5181 "$P_SRV dtls=1 debug_level=1" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5182 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5183 0 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +0200[diff] [blame]5184 -c "discarding invalid record (mac)" \
5185 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5186 -s "Extra-header:" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5187 -c "HTTP/1.0 200 OK" \
5188 -S "too many records with bad MAC" \
5189 -S "Verification of the message MAC failed"
5190
5191run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
5192 -p "$P_PXY bad_ad=1" \
5193 "$P_SRV dtls=1 debug_level=1 badmac_limit=1" \
5194 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
5195 1 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +0200[diff] [blame]5196 -C "discarding invalid record (mac)" \
5197 -S "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5198 -S "Extra-header:" \
5199 -C "HTTP/1.0 200 OK" \
5200 -s "too many records with bad MAC" \
5201 -s "Verification of the message MAC failed"
5202
5203run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
5204 -p "$P_PXY bad_ad=1" \
5205 "$P_SRV dtls=1 debug_level=1 badmac_limit=2" \
5206 "$P_CLI dtls=1 debug_level=1 read_timeout=100" \
5207 0 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +0200[diff] [blame]5208 -c "discarding invalid record (mac)" \
5209 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5210 -s "Extra-header:" \
5211 -c "HTTP/1.0 200 OK" \
5212 -S "too many records with bad MAC" \
5213 -S "Verification of the message MAC failed"
5214
5215run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
5216 -p "$P_PXY bad_ad=1" \
5217 "$P_SRV dtls=1 debug_level=1 badmac_limit=2 exchanges=2" \
5218 "$P_CLI dtls=1 debug_level=1 read_timeout=100 exchanges=2" \
5219 1 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +0200[diff] [blame]5220 -c "discarding invalid record (mac)" \
5221 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +0200[diff] [blame]5222 -s "Extra-header:" \
5223 -c "HTTP/1.0 200 OK" \
5224 -s "too many records with bad MAC" \
5225 -s "Verification of the message MAC failed"
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5226
5227run_test "DTLS proxy: delay ChangeCipherSpec" \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +0200[diff] [blame]5228 -p "$P_PXY delay_ccs=1" \
5229 "$P_SRV dtls=1 debug_level=1" \
5230 "$P_CLI dtls=1 debug_level=1" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5231 0 \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +0200[diff] [blame]5232 -c "record from another epoch" \
5233 -s "record from another epoch" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5234 -s "Extra-header:" \
5235 -c "HTTP/1.0 200 OK"
5236
Manuel Pégourié-Gonnard7a66cbc2014-09-26 16:31:46 +0200[diff] [blame]5237# Tests for "randomly unreliable connection": try a variety of flows and peers
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5238
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5239client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5240run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5241 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5242 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5243 psk=abc123" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5244 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5245 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5246 0 \
5247 -s "Extra-header:" \
5248 -c "HTTP/1.0 200 OK"
5249
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5250client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5251run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
5252 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5253 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none" \
5254 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5255 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
5256 0 \
5257 -s "Extra-header:" \
5258 -c "HTTP/1.0 200 OK"
5259
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5260client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5261run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
5262 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5263 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none" \
5264 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5265 0 \
5266 -s "Extra-header:" \
5267 -c "HTTP/1.0 200 OK"
5268
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5269client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5270run_test "DTLS proxy: 3d, FS, client auth" \
5271 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5272 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=required" \
5273 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5274 0 \
5275 -s "Extra-header:" \
5276 -c "HTTP/1.0 200 OK"
5277
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5278client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5279run_test "DTLS proxy: 3d, FS, ticket" \
5280 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5281 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=1 auth_mode=none" \
5282 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=1" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5283 0 \
5284 -s "Extra-header:" \
5285 -c "HTTP/1.0 200 OK"
5286
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5287client_needs_more_time 2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +0200[diff] [blame]5288run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
5289 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5290 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=1 auth_mode=required" \
5291 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=1" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +0200[diff] [blame]5292 0 \
5293 -s "Extra-header:" \
5294 -c "HTTP/1.0 200 OK"
5295
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5296client_needs_more_time 2
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5297run_test "DTLS proxy: 3d, max handshake, nbio" \
5298 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5299 "$P_SRV dtls=1 hs_timeout=500-10000 nbio=2 tickets=1 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5300 auth_mode=required" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5301 "$P_CLI dtls=1 hs_timeout=500-10000 nbio=2 tickets=1" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5302 0 \
5303 -s "Extra-header:" \
5304 -c "HTTP/1.0 200 OK"
5305
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5306client_needs_more_time 4
Manuel Pégourié-Gonnard7a26d732014-10-02 14:50:46 +0200[diff] [blame]5307run_test "DTLS proxy: 3d, min handshake, resumption" \
5308 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5309 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnard7a26d732014-10-02 14:50:46 +0200[diff] [blame]5310 psk=abc123 debug_level=3" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5311 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]5312 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
Manuel Pégourié-Gonnard7a26d732014-10-02 14:50:46 +0200[diff] [blame]5313 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5314 0 \
5315 -s "a session has been resumed" \
5316 -c "a session has been resumed" \
5317 -s "Extra-header:" \
5318 -c "HTTP/1.0 200 OK"
5319
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5320client_needs_more_time 4
Manuel Pégourié-Gonnard85beb302014-10-02 17:59:19 +0200[diff] [blame]5321run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
5322 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5323 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnard85beb302014-10-02 17:59:19 +0200[diff] [blame]5324 psk=abc123 debug_level=3 nbio=2" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5325 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnard5e261e92020-02-17 11:04:33 +0100[diff] [blame]5326 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
Manuel Pégourié-Gonnard85beb302014-10-02 17:59:19 +0200[diff] [blame]5327 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
5328 0 \
5329 -s "a session has been resumed" \
5330 -c "a session has been resumed" \
5331 -s "Extra-header:" \
5332 -c "HTTP/1.0 200 OK"
5333
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5334client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5335requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5336run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
Manuel Pégourié-Gonnard1b753f12014-09-25 16:09:36 +0200[diff] [blame]5337 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5338 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5339 psk=abc123 renegotiation=1 debug_level=2" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5340 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5341 renegotiate=1 debug_level=2 \
Manuel Pégourié-Gonnard1b753f12014-09-25 16:09:36 +0200[diff] [blame]5342 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5343 0 \
5344 -c "=> renegotiate" \
5345 -s "=> renegotiate" \
5346 -s "Extra-header:" \
5347 -c "HTTP/1.0 200 OK"
5348
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5349client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5350requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5351run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
5352 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5353 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5354 psk=abc123 renegotiation=1 debug_level=2" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5355 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +0200[diff] [blame]5356 renegotiate=1 debug_level=2 \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5357 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5358 0 \
5359 -c "=> renegotiate" \
5360 -s "=> renegotiate" \
5361 -s "Extra-header:" \
5362 -c "HTTP/1.0 200 OK"
5363
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5364client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5365requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5366run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5367 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5368 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5369 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5370 debug_level=2" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5371 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5372 renegotiation=1 exchanges=4 debug_level=2 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5373 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5374 0 \
5375 -c "=> renegotiate" \
5376 -s "=> renegotiate" \
5377 -s "Extra-header:" \
5378 -c "HTTP/1.0 200 OK"
5379
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5380client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +0100[diff] [blame]5381requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5382run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5383 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5384 "$P_SRV dtls=1 hs_timeout=500-10000 tickets=0 auth_mode=none \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5385 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5386 debug_level=2 nbio=2" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5387 "$P_CLI dtls=1 hs_timeout=500-10000 tickets=0 psk=abc123 \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +0200[diff] [blame]5388 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +0200[diff] [blame]5389 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
5390 0 \
5391 -c "=> renegotiate" \
5392 -s "=> renegotiate" \
5393 -s "Extra-header:" \
5394 -c "HTTP/1.0 200 OK"
5395
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5396client_needs_more_time 6
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5397not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5398run_test "DTLS proxy: 3d, openssl server" \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +0200[diff] [blame]5399 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
5400 "$O_SRV -dtls1 -mtu 2048" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5401 "$P_CLI dtls=1 hs_timeout=500-60000 tickets=0" \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +0200[diff] [blame]5402 0 \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +0200[diff] [blame]5403 -c "HTTP/1.0 200 OK"
5404
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5405client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5406not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5407run_test "DTLS proxy: 3d, openssl server, fragmentation" \
5408 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
5409 "$O_SRV -dtls1 -mtu 768" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5410 "$P_CLI dtls=1 hs_timeout=500-60000 tickets=0" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5411 0 \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5412 -c "HTTP/1.0 200 OK"
5413
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5414client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5415not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5416run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
5417 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
5418 "$O_SRV -dtls1 -mtu 768" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5419 "$P_CLI dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5420 0 \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5421 -c "HTTP/1.0 200 OK"
5422
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +0000[diff] [blame]5423requires_gnutls
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5424client_needs_more_time 6
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5425not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5426run_test "DTLS proxy: 3d, gnutls server" \
5427 -p "$P_PXY drop=5 delay=5 duplicate=5" \
5428 "$G_SRV -u --mtu 2048 -a" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5429 "$P_CLI dtls=1 hs_timeout=500-60000" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5430 0 \
5431 -s "Extra-header:" \
5432 -c "Extra-header:"
5433
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +0000[diff] [blame]5434requires_gnutls
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5435client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5436not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5437run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
5438 -p "$P_PXY drop=5 delay=5 duplicate=5" \
5439 "$G_SRV -u --mtu 512" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5440 "$P_CLI dtls=1 hs_timeout=500-60000" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +0200[diff] [blame]5441 0 \
5442 -s "Extra-header:" \
5443 -c "Extra-header:"
5444
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +0000[diff] [blame]5445requires_gnutls
Janos Follath74537a62016-09-02 13:45:28 +0100[diff] [blame]5446client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +0200[diff] [blame]5447not_with_valgrind # risk of non-mbedtls peer timing out
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5448run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
5449 -p "$P_PXY drop=5 delay=5 duplicate=5" \
5450 "$G_SRV -u --mtu 512" \
Manuel Pégourié-Gonnardaa719e72020-03-03 10:08:15 +0100[diff] [blame]5451 "$P_CLI dtls=1 hs_timeout=500-60000 nbio=2" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +0200[diff] [blame]5452 0 \
5453 -s "Extra-header:" \
5454 -c "Extra-header:"
5455
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]5456# Final report
5457
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]5458echo "------------------------------------------------------------------------"
5459
5460if [ $FAILS = 0 ]; then
Manuel Pégourié-Gonnardf46f1282014-12-11 11:51:28 +0100[diff] [blame]5461 printf "PASSED"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]5462else
Manuel Pégourié-Gonnardf46f1282014-12-11 11:51:28 +0100[diff] [blame]5463 printf "FAILED"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]5464fi
Manuel Pégourié-Gonnard72e51ee2014-08-31 10:22:11 +0200[diff] [blame]5465PASSES=$(( $TESTS - $FAILS ))
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]5466echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]5467
5468exit $FAILS