1#!/bin/sh 2 3# ssl-opt.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8# This file is provided under the Apache License 2.0, or the 9# GNU General Public License v2.0 or later. 10# 11# ********** 12# Apache License 2.0: 13# 14# Licensed under the Apache License, Version 2.0 (the "License"); you may 15# not use this file except in compliance with the License. 16# You may obtain a copy of the License at 17# 18# http://www.apache.org/licenses/LICENSE-2.0 19# 20# Unless required by applicable law or agreed to in writing, software 21# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 22# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 23# See the License for the specific language governing permissions and 24# limitations under the License. 25# 26# ********** 27# 28# ********** 29# GNU General Public License v2.0 or later: 30# 31# This program is free software; you can redistribute it and/or modify 32# it under the terms of the GNU General Public License as published by 33# the Free Software Foundation; either version 2 of the License, or 34# (at your option) any later version. 35# 36# This program is distributed in the hope that it will be useful, 37# but WITHOUT ANY WARRANTY; without even the implied warranty of 38# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 39# GNU General Public License for more details. 40# 41# You should have received a copy of the GNU General Public License along 42# with this program; if not, write to the Free Software Foundation, Inc., 43# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. 44# 45# ********** 46# 47# Purpose 48# 49# Executes tests to prove various TLS/SSL options and extensions. 50# 51# The goal is not to cover every ciphersuite/version, but instead to cover 52# specific options (max fragment length, truncated hmac, etc) or procedures 53# (session resumption from cache or ticket, renego, etc). 54# 55# The tests assume a build with default options, with exceptions expressed 56# with a dependency. The tests focus on functionality and do not consider 57# performance. 58# 59 60set -u 61 62# Limit the size of each log to 10 GiB, in case of failures with this script 63# where it may output seemingly unlimited length error logs. 64ulimit -f 20971520 65 66if cd $( dirname $0 ); then :; else 67 echo "cd $( dirname $0 ) failed" >&2 68 exit 1 69fi 70 71# default values, can be overridden by the environment 72: ${P_SRV:=../programs/ssl/ssl_server2} 73: ${P_CLI:=../programs/ssl/ssl_client2} 74: ${P_PXY:=../programs/test/udp_proxy} 75: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system 76: ${GNUTLS_CLI:=gnutls-cli} 77: ${GNUTLS_SERV:=gnutls-serv} 78: ${PERL:=perl} 79 80O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" 81O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" 82G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 83G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt" 84TCP_CLIENT="$PERL scripts/tcp_client.pl" 85 86# alternative versions of OpenSSL and GnuTLS (no default path) 87 88if [ -n "${OPENSSL_LEGACY:-}" ]; then 89 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" 90 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" 91else 92 O_LEGACY_SRV=false 93 O_LEGACY_CLI=false 94fi 95 96if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 97 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 98else 99 G_NEXT_SRV=false 100fi 101 102if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 103 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" 104else 105 G_NEXT_CLI=false 106fi 107 108TESTS=0 109FAILS=0 110SKIPS=0 111 112CONFIG_H='../include/mbedtls/config.h' 113 114MEMCHECK=0 115FILTER='.*' 116EXCLUDE='^$' 117 118SHOW_TEST_NUMBER=0 119RUN_TEST_NUMBER='' 120 121PRESERVE_LOGS=0 122 123# Pick a "unique" server port in the range 10000-19999, and a proxy 124# port which is this plus 10000. Each port number may be independently 125# overridden by a command line option. 126SRV_PORT=$(($$ % 10000 + 10000)) 127PXY_PORT=$((SRV_PORT + 10000)) 128 129print_usage() { 130 echo "Usage: $0 [options]" 131 printf " -h|--help\tPrint this help.\n" 132 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 133 printf " -f|--filter\tOnly matching tests are executed (BRE)\n" 134 printf " -e|--exclude\tMatching tests are excluded (BRE)\n" 135 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 136 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 137 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 138 printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n" 139 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 140 printf " --seed\tInteger seed value to use for this test run\n" 141} 142 143get_options() { 144 while [ $# -gt 0 ]; do 145 case "$1" in 146 -f|--filter) 147 shift; FILTER=$1 148 ;; 149 -e|--exclude) 150 shift; EXCLUDE=$1 151 ;; 152 -m|--memcheck) 153 MEMCHECK=1 154 ;; 155 -n|--number) 156 shift; RUN_TEST_NUMBER=$1 157 ;; 158 -s|--show-numbers) 159 SHOW_TEST_NUMBER=1 160 ;; 161 -p|--preserve-logs) 162 PRESERVE_LOGS=1 163 ;; 164 --port) 165 shift; SRV_PORT=$1 166 ;; 167 --proxy-port) 168 shift; PXY_PORT=$1 169 ;; 170 --seed) 171 shift; SEED="$1" 172 ;; 173 -h|--help) 174 print_usage 175 exit 0 176 ;; 177 *) 178 echo "Unknown argument: '$1'" 179 print_usage 180 exit 1 181 ;; 182 esac 183 shift 184 done 185} 186 187# Skip next test; use this macro to skip tests which are legitimate 188# in theory and expected to be re-introduced at some point, but 189# aren't expected to succeed at the moment due to problems outside 190# our control (such as bugs in other TLS implementations). 191skip_next_test() { 192 SKIP_NEXT="YES" 193} 194 195# skip next test if the flag is not enabled in config.h 196requires_config_enabled() { 197 if grep "^#define $1" $CONFIG_H > /dev/null; then :; else 198 SKIP_NEXT="YES" 199 fi 200} 201 202# skip next test if the flag is enabled in config.h 203requires_config_disabled() { 204 if grep "^#define $1" $CONFIG_H > /dev/null; then 205 SKIP_NEXT="YES" 206 fi 207} 208 209get_config_value_or_default() { 210 # This function uses the query_config command line option to query the 211 # required Mbed TLS compile time configuration from the ssl_server2 212 # program. The command will always return a success value if the 213 # configuration is defined and the value will be printed to stdout. 214 # 215 # Note that if the configuration is not defined or is defined to nothing, 216 # the output of this function will be an empty string. 217 ${P_SRV} "query_config=${1}" 218} 219 220requires_config_value_at_least() { 221 VAL="$( get_config_value_or_default "$1" )" 222 if [ -z "$VAL" ]; then 223 # Should never happen 224 echo "Mbed TLS configuration $1 is not defined" 225 exit 1 226 elif [ "$VAL" -lt "$2" ]; then 227 SKIP_NEXT="YES" 228 fi 229} 230 231requires_config_value_at_most() { 232 VAL=$( get_config_value_or_default "$1" ) 233 if [ -z "$VAL" ]; then 234 # Should never happen 235 echo "Mbed TLS configuration $1 is not defined" 236 exit 1 237 elif [ "$VAL" -gt "$2" ]; then 238 SKIP_NEXT="YES" 239 fi 240} 241 242# skip next test if OpenSSL doesn't support FALLBACK_SCSV 243requires_openssl_with_fallback_scsv() { 244 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 245 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null 246 then 247 OPENSSL_HAS_FBSCSV="YES" 248 else 249 OPENSSL_HAS_FBSCSV="NO" 250 fi 251 fi 252 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 253 SKIP_NEXT="YES" 254 fi 255} 256 257# skip next test if GnuTLS isn't available 258requires_gnutls() { 259 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 260 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 261 GNUTLS_AVAILABLE="YES" 262 else 263 GNUTLS_AVAILABLE="NO" 264 fi 265 fi 266 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 267 SKIP_NEXT="YES" 268 fi 269} 270 271# skip next test if GnuTLS-next isn't available 272requires_gnutls_next() { 273 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 274 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 275 GNUTLS_NEXT_AVAILABLE="YES" 276 else 277 GNUTLS_NEXT_AVAILABLE="NO" 278 fi 279 fi 280 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 281 SKIP_NEXT="YES" 282 fi 283} 284 285# skip next test if OpenSSL-legacy isn't available 286requires_openssl_legacy() { 287 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then 288 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then 289 OPENSSL_LEGACY_AVAILABLE="YES" 290 else 291 OPENSSL_LEGACY_AVAILABLE="NO" 292 fi 293 fi 294 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then 295 SKIP_NEXT="YES" 296 fi 297} 298 299# skip next test if IPv6 isn't available on this host 300requires_ipv6() { 301 if [ -z "${HAS_IPV6:-}" ]; then 302 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 303 SRV_PID=$! 304 sleep 1 305 kill $SRV_PID >/dev/null 2>&1 306 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 307 HAS_IPV6="NO" 308 else 309 HAS_IPV6="YES" 310 fi 311 rm -r $SRV_OUT 312 fi 313 314 if [ "$HAS_IPV6" = "NO" ]; then 315 SKIP_NEXT="YES" 316 fi 317} 318 319# skip next test if it's i686 or uname is not available 320requires_not_i686() { 321 if [ -z "${IS_I686:-}" ]; then 322 IS_I686="YES" 323 if which "uname" >/dev/null 2>&1; then 324 if [ -z "$(uname -a | grep i686)" ]; then 325 IS_I686="NO" 326 fi 327 fi 328 fi 329 if [ "$IS_I686" = "YES" ]; then 330 SKIP_NEXT="YES" 331 fi 332} 333 334# Calculate the input & output maximum content lengths set in the config 335MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384") 336MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN") 337MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN") 338 339if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 340 MAX_CONTENT_LEN="$MAX_IN_LEN" 341fi 342if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 343 MAX_CONTENT_LEN="$MAX_OUT_LEN" 344fi 345 346# skip the next test if the SSL output buffer is less than 16KB 347requires_full_size_output_buffer() { 348 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 349 SKIP_NEXT="YES" 350 fi 351} 352 353# skip the next test if valgrind is in use 354not_with_valgrind() { 355 if [ "$MEMCHECK" -gt 0 ]; then 356 SKIP_NEXT="YES" 357 fi 358} 359 360# skip the next test if valgrind is NOT in use 361only_with_valgrind() { 362 if [ "$MEMCHECK" -eq 0 ]; then 363 SKIP_NEXT="YES" 364 fi 365} 366 367# multiply the client timeout delay by the given factor for the next test 368client_needs_more_time() { 369 CLI_DELAY_FACTOR=$1 370} 371 372# wait for the given seconds after the client finished in the next test 373server_needs_more_time() { 374 SRV_DELAY_SECONDS=$1 375} 376 377# print_name <name> 378print_name() { 379 TESTS=$(( $TESTS + 1 )) 380 LINE="" 381 382 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 383 LINE="$TESTS " 384 fi 385 386 LINE="$LINE$1" 387 printf "%s " "$LINE" 388 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 389 for i in `seq 1 $LEN`; do printf '.'; done 390 printf ' ' 391 392} 393 394# fail <message> 395fail() { 396 echo "FAIL" 397 echo " ! $1" 398 399 mv $SRV_OUT o-srv-${TESTS}.log 400 mv $CLI_OUT o-cli-${TESTS}.log 401 if [ -n "$PXY_CMD" ]; then 402 mv $PXY_OUT o-pxy-${TESTS}.log 403 fi 404 echo " ! outputs saved to o-XXX-${TESTS}.log" 405 406 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 407 echo " ! server output:" 408 cat o-srv-${TESTS}.log 409 echo " ! ========================================================" 410 echo " ! client output:" 411 cat o-cli-${TESTS}.log 412 if [ -n "$PXY_CMD" ]; then 413 echo " ! ========================================================" 414 echo " ! proxy output:" 415 cat o-pxy-${TESTS}.log 416 fi 417 echo "" 418 fi 419 420 FAILS=$(( $FAILS + 1 )) 421} 422 423# is_polar <cmd_line> 424is_polar() { 425 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null 426} 427 428# openssl s_server doesn't have -www with DTLS 429check_osrv_dtls() { 430 if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then 431 NEEDS_INPUT=1 432 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )" 433 else 434 NEEDS_INPUT=0 435 fi 436} 437 438# provide input to commands that need it 439provide_input() { 440 if [ $NEEDS_INPUT -eq 0 ]; then 441 return 442 fi 443 444 while true; do 445 echo "HTTP/1.0 200 OK" 446 sleep 1 447 done 448} 449 450# has_mem_err <log_file_name> 451has_mem_err() { 452 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 453 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 454 then 455 return 1 # false: does not have errors 456 else 457 return 0 # true: has errors 458 fi 459} 460 461# Wait for process $2 named $3 to be listening on port $1. Print error to $4. 462if type lsof >/dev/null 2>/dev/null; then 463 wait_app_start() { 464 START_TIME=$(date +%s) 465 if [ "$DTLS" -eq 1 ]; then 466 proto=UDP 467 else 468 proto=TCP 469 fi 470 # Make a tight loop, server normally takes less than 1s to start. 471 while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do 472 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 473 echo "$3 START TIMEOUT" 474 echo "$3 START TIMEOUT" >> $4 475 break 476 fi 477 # Linux and *BSD support decimal arguments to sleep. On other 478 # OSes this may be a tight loop. 479 sleep 0.1 2>/dev/null || true 480 done 481 } 482else 483 echo "Warning: lsof not available, wait_app_start = sleep" 484 wait_app_start() { 485 sleep "$START_DELAY" 486 } 487fi 488 489# Wait for server process $2 to be listening on port $1. 490wait_server_start() { 491 wait_app_start $1 $2 "SERVER" $SRV_OUT 492} 493 494# Wait for proxy process $2 to be listening on port $1. 495wait_proxy_start() { 496 wait_app_start $1 $2 "PROXY" $PXY_OUT 497} 498 499# Given the client or server debug output, parse the unix timestamp that is 500# included in the first 4 bytes of the random bytes and check that it's within 501# acceptable bounds 502check_server_hello_time() { 503 # Extract the time from the debug (lvl 3) output of the client 504 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 505 # Get the Unix timestamp for now 506 CUR_TIME=$(date +'%s') 507 THRESHOLD_IN_SECS=300 508 509 # Check if the ServerHello time was printed 510 if [ -z "$SERVER_HELLO_TIME" ]; then 511 return 1 512 fi 513 514 # Check the time in ServerHello is within acceptable bounds 515 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 516 # The time in ServerHello is at least 5 minutes before now 517 return 1 518 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 519 # The time in ServerHello is at least 5 minutes later than now 520 return 1 521 else 522 return 0 523 fi 524} 525 526# wait for client to terminate and set CLI_EXIT 527# must be called right after starting the client 528wait_client_done() { 529 CLI_PID=$! 530 531 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 532 CLI_DELAY_FACTOR=1 533 534 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 535 DOG_PID=$! 536 537 wait $CLI_PID 538 CLI_EXIT=$? 539 540 kill $DOG_PID >/dev/null 2>&1 541 wait $DOG_PID 542 543 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 544 545 sleep $SRV_DELAY_SECONDS 546 SRV_DELAY_SECONDS=0 547} 548 549# check if the given command uses dtls and sets global variable DTLS 550detect_dtls() { 551 if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then 552 DTLS=1 553 else 554 DTLS=0 555 fi 556} 557 558# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 559# Options: -s pattern pattern that must be present in server output 560# -c pattern pattern that must be present in client output 561# -u pattern lines after pattern must be unique in client output 562# -f call shell function on client output 563# -S pattern pattern that must be absent in server output 564# -C pattern pattern that must be absent in client output 565# -U pattern lines after pattern must be unique in server output 566# -F call shell function on server output 567run_test() { 568 NAME="$1" 569 shift 1 570 571 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : 572 else 573 SKIP_NEXT="NO" 574 return 575 fi 576 577 print_name "$NAME" 578 579 # Do we only run numbered tests? 580 if [ "X$RUN_TEST_NUMBER" = "X" ]; then : 581 elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : 582 else 583 SKIP_NEXT="YES" 584 fi 585 586 # should we skip? 587 if [ "X$SKIP_NEXT" = "XYES" ]; then 588 SKIP_NEXT="NO" 589 echo "SKIP" 590 SKIPS=$(( $SKIPS + 1 )) 591 return 592 fi 593 594 # does this test use a proxy? 595 if [ "X$1" = "X-p" ]; then 596 PXY_CMD="$2" 597 shift 2 598 else 599 PXY_CMD="" 600 fi 601 602 # get commands and client output 603 SRV_CMD="$1" 604 CLI_CMD="$2" 605 CLI_EXPECT="$3" 606 shift 3 607 608 # Check if test uses files 609 TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" ) 610 if [ ! -z "$TEST_USES_FILES" ]; then 611 requires_config_enabled MBEDTLS_FS_IO 612 fi 613 614 # should we skip? 615 if [ "X$SKIP_NEXT" = "XYES" ]; then 616 SKIP_NEXT="NO" 617 echo "SKIP" 618 SKIPS=$(( $SKIPS + 1 )) 619 return 620 fi 621 622 # update DTLS variable 623 detect_dtls "$SRV_CMD" 624 625 # if the test uses DTLS but no custom proxy, add a simple proxy 626 # as it provides timing info that's useful to debug failures 627 if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then 628 PXY_CMD="$P_PXY" 629 case " $SRV_CMD " in 630 *' server_addr=::1 '*) 631 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; 632 esac 633 fi 634 635 # fix client port 636 if [ -n "$PXY_CMD" ]; then 637 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 638 else 639 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 640 fi 641 642 # prepend valgrind to our commands if active 643 if [ "$MEMCHECK" -gt 0 ]; then 644 if is_polar "$SRV_CMD"; then 645 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 646 fi 647 if is_polar "$CLI_CMD"; then 648 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 649 fi 650 fi 651 652 TIMES_LEFT=2 653 while [ $TIMES_LEFT -gt 0 ]; do 654 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 655 656 # run the commands 657 if [ -n "$PXY_CMD" ]; then 658 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT 659 $PXY_CMD >> $PXY_OUT 2>&1 & 660 PXY_PID=$! 661 wait_proxy_start "$PXY_PORT" "$PXY_PID" 662 fi 663 664 check_osrv_dtls 665 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT 666 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 667 SRV_PID=$! 668 wait_server_start "$SRV_PORT" "$SRV_PID" 669 670 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT 671 eval "$CLI_CMD" >> $CLI_OUT 2>&1 & 672 wait_client_done 673 674 sleep 0.05 675 676 # terminate the server (and the proxy) 677 kill $SRV_PID 678 wait $SRV_PID 679 SRV_RET=$? 680 681 if [ -n "$PXY_CMD" ]; then 682 kill $PXY_PID >/dev/null 2>&1 683 wait $PXY_PID 684 fi 685 686 # retry only on timeouts 687 if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then 688 printf "RETRY " 689 else 690 TIMES_LEFT=0 691 fi 692 done 693 694 # check if the client and server went at least to the handshake stage 695 # (useful to avoid tests with only negative assertions and non-zero 696 # expected client exit to incorrectly succeed in case of catastrophic 697 # failure) 698 if is_polar "$SRV_CMD"; then 699 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 700 else 701 fail "server or client failed to reach handshake stage" 702 return 703 fi 704 fi 705 if is_polar "$CLI_CMD"; then 706 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 707 else 708 fail "server or client failed to reach handshake stage" 709 return 710 fi 711 fi 712 713 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't 714 # exit with status 0 when interrupted by a signal, and we don't really 715 # care anyway), in case e.g. the server reports a memory leak. 716 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then 717 fail "Server exited with status $SRV_RET" 718 return 719 fi 720 721 # check client exit code 722 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 723 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 724 then 725 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 726 return 727 fi 728 729 # check other assertions 730 # lines beginning with == are added by valgrind, ignore them 731 # lines with 'Serious error when reading debug info', are valgrind issues as well 732 while [ $# -gt 0 ] 733 do 734 case $1 in 735 "-s") 736 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 737 fail "pattern '$2' MUST be present in the Server output" 738 return 739 fi 740 ;; 741 742 "-c") 743 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 744 fail "pattern '$2' MUST be present in the Client output" 745 return 746 fi 747 ;; 748 749 "-S") 750 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 751 fail "pattern '$2' MUST NOT be present in the Server output" 752 return 753 fi 754 ;; 755 756 "-C") 757 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 758 fail "pattern '$2' MUST NOT be present in the Client output" 759 return 760 fi 761 ;; 762 763 # The filtering in the following two options (-u and -U) do the following 764 # - ignore valgrind output 765 # - filter out everything but lines right after the pattern occurrences 766 # - keep one of each non-unique line 767 # - count how many lines remain 768 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 769 # if there were no duplicates. 770 "-U") 771 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 772 fail "lines following pattern '$2' must be unique in Server output" 773 return 774 fi 775 ;; 776 777 "-u") 778 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 779 fail "lines following pattern '$2' must be unique in Client output" 780 return 781 fi 782 ;; 783 "-F") 784 if ! $2 "$SRV_OUT"; then 785 fail "function call to '$2' failed on Server output" 786 return 787 fi 788 ;; 789 "-f") 790 if ! $2 "$CLI_OUT"; then 791 fail "function call to '$2' failed on Client output" 792 return 793 fi 794 ;; 795 796 *) 797 echo "Unknown test: $1" >&2 798 exit 1 799 esac 800 shift 2 801 done 802 803 # check valgrind's results 804 if [ "$MEMCHECK" -gt 0 ]; then 805 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 806 fail "Server has memory errors" 807 return 808 fi 809 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 810 fail "Client has memory errors" 811 return 812 fi 813 fi 814 815 # if we're here, everything is ok 816 echo "PASS" 817 if [ "$PRESERVE_LOGS" -gt 0 ]; then 818 mv $SRV_OUT o-srv-${TESTS}.log 819 mv $CLI_OUT o-cli-${TESTS}.log 820 if [ -n "$PXY_CMD" ]; then 821 mv $PXY_OUT o-pxy-${TESTS}.log 822 fi 823 fi 824 825 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 826} 827 828cleanup() { 829 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 830 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 831 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 832 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 833 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 834 exit 1 835} 836 837# 838# MAIN 839# 840 841get_options "$@" 842 843# sanity checks, avoid an avalanche of errors 844P_SRV_BIN="${P_SRV%%[ ]*}" 845P_CLI_BIN="${P_CLI%%[ ]*}" 846P_PXY_BIN="${P_PXY%%[ ]*}" 847if [ ! -x "$P_SRV_BIN" ]; then 848 echo "Command '$P_SRV_BIN' is not an executable file" 849 exit 1 850fi 851if [ ! -x "$P_CLI_BIN" ]; then 852 echo "Command '$P_CLI_BIN' is not an executable file" 853 exit 1 854fi 855if [ ! -x "$P_PXY_BIN" ]; then 856 echo "Command '$P_PXY_BIN' is not an executable file" 857 exit 1 858fi 859if [ "$MEMCHECK" -gt 0 ]; then 860 if which valgrind >/dev/null 2>&1; then :; else 861 echo "Memcheck not possible. Valgrind not found" 862 exit 1 863 fi 864fi 865if which $OPENSSL_CMD >/dev/null 2>&1; then :; else 866 echo "Command '$OPENSSL_CMD' not found" 867 exit 1 868fi 869 870# used by watchdog 871MAIN_PID="$$" 872 873# We use somewhat arbitrary delays for tests: 874# - how long do we wait for the server to start (when lsof not available)? 875# - how long do we allow for the client to finish? 876# (not to check performance, just to avoid waiting indefinitely) 877# Things are slower with valgrind, so give extra time here. 878# 879# Note: without lsof, there is a trade-off between the running time of this 880# script and the risk of spurious errors because we didn't wait long enough. 881# The watchdog delay on the other hand doesn't affect normal running time of 882# the script, only the case where a client or server gets stuck. 883if [ "$MEMCHECK" -gt 0 ]; then 884 START_DELAY=6 885 DOG_DELAY=60 886else 887 START_DELAY=2 888 DOG_DELAY=20 889fi 890 891# some particular tests need more time: 892# - for the client, we multiply the usual watchdog limit by a factor 893# - for the server, we sleep for a number of seconds after the client exits 894# see client_need_more_time() and server_needs_more_time() 895CLI_DELAY_FACTOR=1 896SRV_DELAY_SECONDS=0 897 898# fix commands to use this port, force IPv4 while at it 899# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 900P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 901P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 902P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 903O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 904O_CLI="$O_CLI -connect localhost:+SRV_PORT" 905G_SRV="$G_SRV -p $SRV_PORT" 906G_CLI="$G_CLI -p +SRV_PORT" 907 908if [ -n "${OPENSSL_LEGACY:-}" ]; then 909 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 910 O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT" 911fi 912 913if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 914 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 915fi 916 917if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 918 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 919fi 920 921# Allow SHA-1, because many of our test certificates use it 922P_SRV="$P_SRV allow_sha1=1" 923P_CLI="$P_CLI allow_sha1=1" 924 925# Also pick a unique name for intermediate files 926SRV_OUT="srv_out.$$" 927CLI_OUT="cli_out.$$" 928PXY_OUT="pxy_out.$$" 929SESSION="session.$$" 930 931SKIP_NEXT="NO" 932 933trap cleanup INT TERM HUP 934 935# Basic test 936 937# Checks that: 938# - things work with all ciphersuites active (used with config-full in all.sh) 939# - the expected (highest security) parameters are selected 940# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) 941run_test "Default" \ 942 "$P_SRV debug_level=3" \ 943 "$P_CLI" \ 944 0 \ 945 -s "Protocol is TLSv1.2" \ 946 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 947 -s "client hello v3, signature_algorithm ext: 6" \ 948 -s "ECDHE curve: secp521r1" \ 949 -S "error" \ 950 -C "error" 951 952run_test "Default, DTLS" \ 953 "$P_SRV dtls=1" \ 954 "$P_CLI dtls=1" \ 955 0 \ 956 -s "Protocol is DTLSv1.2" \ 957 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 958 959requires_config_enabled MBEDTLS_ZLIB_SUPPORT 960run_test "Default (compression enabled)" \ 961 "$P_SRV debug_level=3" \ 962 "$P_CLI debug_level=3" \ 963 0 \ 964 -s "Allocating compression buffer" \ 965 -c "Allocating compression buffer" \ 966 -s "Record expansion is unknown (compression)" \ 967 -c "Record expansion is unknown (compression)" \ 968 -S "error" \ 969 -C "error" 970 971# Test current time in ServerHello 972requires_config_enabled MBEDTLS_HAVE_TIME 973run_test "ServerHello contains gmt_unix_time" \ 974 "$P_SRV debug_level=3" \ 975 "$P_CLI debug_level=3" \ 976 0 \ 977 -f "check_server_hello_time" \ 978 -F "check_server_hello_time" 979 980# Test for uniqueness of IVs in AEAD ciphersuites 981run_test "Unique IV in GCM" \ 982 "$P_SRV exchanges=20 debug_level=4" \ 983 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 984 0 \ 985 -u "IV used" \ 986 -U "IV used" 987 988# Tests for rc4 option 989 990requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 991run_test "RC4: server disabled, client enabled" \ 992 "$P_SRV" \ 993 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 994 1 \ 995 -s "SSL - The server has no ciphersuites in common" 996 997requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES 998run_test "RC4: server half, client enabled" \ 999 "$P_SRV arc4=1" \ 1000 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1001 1 \ 1002 -s "SSL - The server has no ciphersuites in common" 1003 1004run_test "RC4: server enabled, client disabled" \ 1005 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1006 "$P_CLI" \ 1007 1 \ 1008 -s "SSL - The server has no ciphersuites in common" 1009 1010run_test "RC4: both enabled" \ 1011 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1012 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1013 0 \ 1014 -S "SSL - None of the common ciphersuites is usable" \ 1015 -S "SSL - The server has no ciphersuites in common" 1016 1017# Test empty CA list in CertificateRequest in TLS 1.1 and earlier 1018 1019requires_gnutls 1020requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 1021run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \ 1022 "$G_SRV"\ 1023 "$P_CLI force_version=tls1_1" \ 1024 0 1025 1026requires_gnutls 1027requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 1028run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \ 1029 "$G_SRV"\ 1030 "$P_CLI force_version=tls1" \ 1031 0 1032 1033# Tests for SHA-1 support 1034 1035requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1036run_test "SHA-1 forbidden by default in server certificate" \ 1037 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1038 "$P_CLI debug_level=2 allow_sha1=0" \ 1039 1 \ 1040 -c "The certificate is signed with an unacceptable hash" 1041 1042requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1043run_test "SHA-1 forbidden by default in server certificate" \ 1044 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1045 "$P_CLI debug_level=2 allow_sha1=0" \ 1046 0 1047 1048run_test "SHA-1 explicitly allowed in server certificate" \ 1049 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1050 "$P_CLI allow_sha1=1" \ 1051 0 1052 1053run_test "SHA-256 allowed by default in server certificate" \ 1054 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ 1055 "$P_CLI allow_sha1=0" \ 1056 0 1057 1058requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1059run_test "SHA-1 forbidden by default in client certificate" \ 1060 "$P_SRV auth_mode=required allow_sha1=0" \ 1061 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1062 1 \ 1063 -s "The certificate is signed with an unacceptable hash" 1064 1065requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES 1066run_test "SHA-1 forbidden by default in client certificate" \ 1067 "$P_SRV auth_mode=required allow_sha1=0" \ 1068 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1069 0 1070 1071run_test "SHA-1 explicitly allowed in client certificate" \ 1072 "$P_SRV auth_mode=required allow_sha1=1" \ 1073 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1074 0 1075 1076run_test "SHA-256 allowed by default in client certificate" \ 1077 "$P_SRV auth_mode=required allow_sha1=0" \ 1078 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 1079 0 1080 1081# Tests for datagram packing 1082run_test "DTLS: multiple records in same datagram, client and server" \ 1083 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1084 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1085 0 \ 1086 -c "next record in same datagram" \ 1087 -s "next record in same datagram" 1088 1089run_test "DTLS: multiple records in same datagram, client only" \ 1090 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1091 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1092 0 \ 1093 -s "next record in same datagram" \ 1094 -C "next record in same datagram" 1095 1096run_test "DTLS: multiple records in same datagram, server only" \ 1097 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1098 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1099 0 \ 1100 -S "next record in same datagram" \ 1101 -c "next record in same datagram" 1102 1103run_test "DTLS: multiple records in same datagram, neither client nor server" \ 1104 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1105 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1106 0 \ 1107 -S "next record in same datagram" \ 1108 -C "next record in same datagram" 1109 1110# Tests for Truncated HMAC extension 1111 1112run_test "Truncated HMAC: client default, server default" \ 1113 "$P_SRV debug_level=4" \ 1114 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1115 0 \ 1116 -s "dumping 'expected mac' (20 bytes)" \ 1117 -S "dumping 'expected mac' (10 bytes)" 1118 1119requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1120run_test "Truncated HMAC: client disabled, server default" \ 1121 "$P_SRV debug_level=4" \ 1122 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1123 0 \ 1124 -s "dumping 'expected mac' (20 bytes)" \ 1125 -S "dumping 'expected mac' (10 bytes)" 1126 1127requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1128run_test "Truncated HMAC: client enabled, server default" \ 1129 "$P_SRV debug_level=4" \ 1130 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1131 0 \ 1132 -s "dumping 'expected mac' (20 bytes)" \ 1133 -S "dumping 'expected mac' (10 bytes)" 1134 1135requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1136run_test "Truncated HMAC: client enabled, server disabled" \ 1137 "$P_SRV debug_level=4 trunc_hmac=0" \ 1138 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1139 0 \ 1140 -s "dumping 'expected mac' (20 bytes)" \ 1141 -S "dumping 'expected mac' (10 bytes)" 1142 1143requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1144run_test "Truncated HMAC: client disabled, server enabled" \ 1145 "$P_SRV debug_level=4 trunc_hmac=1" \ 1146 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1147 0 \ 1148 -s "dumping 'expected mac' (20 bytes)" \ 1149 -S "dumping 'expected mac' (10 bytes)" 1150 1151requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1152run_test "Truncated HMAC: client enabled, server enabled" \ 1153 "$P_SRV debug_level=4 trunc_hmac=1" \ 1154 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1155 0 \ 1156 -S "dumping 'expected mac' (20 bytes)" \ 1157 -s "dumping 'expected mac' (10 bytes)" 1158 1159run_test "Truncated HMAC, DTLS: client default, server default" \ 1160 "$P_SRV dtls=1 debug_level=4" \ 1161 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1162 0 \ 1163 -s "dumping 'expected mac' (20 bytes)" \ 1164 -S "dumping 'expected mac' (10 bytes)" 1165 1166requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1167run_test "Truncated HMAC, DTLS: client disabled, server default" \ 1168 "$P_SRV dtls=1 debug_level=4" \ 1169 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1170 0 \ 1171 -s "dumping 'expected mac' (20 bytes)" \ 1172 -S "dumping 'expected mac' (10 bytes)" 1173 1174requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1175run_test "Truncated HMAC, DTLS: client enabled, server default" \ 1176 "$P_SRV dtls=1 debug_level=4" \ 1177 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1178 0 \ 1179 -s "dumping 'expected mac' (20 bytes)" \ 1180 -S "dumping 'expected mac' (10 bytes)" 1181 1182requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1183run_test "Truncated HMAC, DTLS: client enabled, server disabled" \ 1184 "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \ 1185 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1186 0 \ 1187 -s "dumping 'expected mac' (20 bytes)" \ 1188 -S "dumping 'expected mac' (10 bytes)" 1189 1190requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1191run_test "Truncated HMAC, DTLS: client disabled, server enabled" \ 1192 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1193 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \ 1194 0 \ 1195 -s "dumping 'expected mac' (20 bytes)" \ 1196 -S "dumping 'expected mac' (10 bytes)" 1197 1198requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 1199run_test "Truncated HMAC, DTLS: client enabled, server enabled" \ 1200 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \ 1201 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \ 1202 0 \ 1203 -S "dumping 'expected mac' (20 bytes)" \ 1204 -s "dumping 'expected mac' (10 bytes)" 1205 1206# Tests for Encrypt-then-MAC extension 1207 1208run_test "Encrypt then MAC: default" \ 1209 "$P_SRV debug_level=3 \ 1210 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1211 "$P_CLI debug_level=3" \ 1212 0 \ 1213 -c "client hello, adding encrypt_then_mac extension" \ 1214 -s "found encrypt then mac extension" \ 1215 -s "server hello, adding encrypt then mac extension" \ 1216 -c "found encrypt_then_mac extension" \ 1217 -c "using encrypt then mac" \ 1218 -s "using encrypt then mac" 1219 1220run_test "Encrypt then MAC: client enabled, server disabled" \ 1221 "$P_SRV debug_level=3 etm=0 \ 1222 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1223 "$P_CLI debug_level=3 etm=1" \ 1224 0 \ 1225 -c "client hello, adding encrypt_then_mac extension" \ 1226 -s "found encrypt then mac extension" \ 1227 -S "server hello, adding encrypt then mac extension" \ 1228 -C "found encrypt_then_mac extension" \ 1229 -C "using encrypt then mac" \ 1230 -S "using encrypt then mac" 1231 1232run_test "Encrypt then MAC: client enabled, aead cipher" \ 1233 "$P_SRV debug_level=3 etm=1 \ 1234 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 1235 "$P_CLI debug_level=3 etm=1" \ 1236 0 \ 1237 -c "client hello, adding encrypt_then_mac extension" \ 1238 -s "found encrypt then mac extension" \ 1239 -S "server hello, adding encrypt then mac extension" \ 1240 -C "found encrypt_then_mac extension" \ 1241 -C "using encrypt then mac" \ 1242 -S "using encrypt then mac" 1243 1244run_test "Encrypt then MAC: client enabled, stream cipher" \ 1245 "$P_SRV debug_level=3 etm=1 \ 1246 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1247 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1248 0 \ 1249 -c "client hello, adding encrypt_then_mac extension" \ 1250 -s "found encrypt then mac extension" \ 1251 -S "server hello, adding encrypt then mac extension" \ 1252 -C "found encrypt_then_mac extension" \ 1253 -C "using encrypt then mac" \ 1254 -S "using encrypt then mac" 1255 1256run_test "Encrypt then MAC: client disabled, server enabled" \ 1257 "$P_SRV debug_level=3 etm=1 \ 1258 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1259 "$P_CLI debug_level=3 etm=0" \ 1260 0 \ 1261 -C "client hello, adding encrypt_then_mac extension" \ 1262 -S "found encrypt then mac extension" \ 1263 -S "server hello, adding encrypt then mac extension" \ 1264 -C "found encrypt_then_mac extension" \ 1265 -C "using encrypt then mac" \ 1266 -S "using encrypt then mac" 1267 1268requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1269run_test "Encrypt then MAC: client SSLv3, server enabled" \ 1270 "$P_SRV debug_level=3 min_version=ssl3 \ 1271 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1272 "$P_CLI debug_level=3 force_version=ssl3" \ 1273 0 \ 1274 -C "client hello, adding encrypt_then_mac extension" \ 1275 -S "found encrypt then mac extension" \ 1276 -S "server hello, adding encrypt then mac extension" \ 1277 -C "found encrypt_then_mac extension" \ 1278 -C "using encrypt then mac" \ 1279 -S "using encrypt then mac" 1280 1281requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1282run_test "Encrypt then MAC: client enabled, server SSLv3" \ 1283 "$P_SRV debug_level=3 force_version=ssl3 \ 1284 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 1285 "$P_CLI debug_level=3 min_version=ssl3" \ 1286 0 \ 1287 -c "client hello, adding encrypt_then_mac extension" \ 1288 -S "found encrypt then mac extension" \ 1289 -S "server hello, adding encrypt then mac extension" \ 1290 -C "found encrypt_then_mac extension" \ 1291 -C "using encrypt then mac" \ 1292 -S "using encrypt then mac" 1293 1294# Tests for Extended Master Secret extension 1295 1296run_test "Extended Master Secret: default" \ 1297 "$P_SRV debug_level=3" \ 1298 "$P_CLI debug_level=3" \ 1299 0 \ 1300 -c "client hello, adding extended_master_secret extension" \ 1301 -s "found extended master secret extension" \ 1302 -s "server hello, adding extended master secret extension" \ 1303 -c "found extended_master_secret extension" \ 1304 -c "using extended master secret" \ 1305 -s "using extended master secret" 1306 1307run_test "Extended Master Secret: client enabled, server disabled" \ 1308 "$P_SRV debug_level=3 extended_ms=0" \ 1309 "$P_CLI debug_level=3 extended_ms=1" \ 1310 0 \ 1311 -c "client hello, adding extended_master_secret extension" \ 1312 -s "found extended master secret extension" \ 1313 -S "server hello, adding extended master secret extension" \ 1314 -C "found extended_master_secret extension" \ 1315 -C "using extended master secret" \ 1316 -S "using extended master secret" 1317 1318run_test "Extended Master Secret: client disabled, server enabled" \ 1319 "$P_SRV debug_level=3 extended_ms=1" \ 1320 "$P_CLI debug_level=3 extended_ms=0" \ 1321 0 \ 1322 -C "client hello, adding extended_master_secret extension" \ 1323 -S "found extended master secret extension" \ 1324 -S "server hello, adding extended master secret extension" \ 1325 -C "found extended_master_secret extension" \ 1326 -C "using extended master secret" \ 1327 -S "using extended master secret" 1328 1329requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1330run_test "Extended Master Secret: client SSLv3, server enabled" \ 1331 "$P_SRV debug_level=3 min_version=ssl3" \ 1332 "$P_CLI debug_level=3 force_version=ssl3" \ 1333 0 \ 1334 -C "client hello, adding extended_master_secret extension" \ 1335 -S "found extended master secret extension" \ 1336 -S "server hello, adding extended master secret extension" \ 1337 -C "found extended_master_secret extension" \ 1338 -C "using extended master secret" \ 1339 -S "using extended master secret" 1340 1341requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1342run_test "Extended Master Secret: client enabled, server SSLv3" \ 1343 "$P_SRV debug_level=3 force_version=ssl3" \ 1344 "$P_CLI debug_level=3 min_version=ssl3" \ 1345 0 \ 1346 -c "client hello, adding extended_master_secret extension" \ 1347 -S "found extended master secret extension" \ 1348 -S "server hello, adding extended master secret extension" \ 1349 -C "found extended_master_secret extension" \ 1350 -C "using extended master secret" \ 1351 -S "using extended master secret" 1352 1353# Tests for FALLBACK_SCSV 1354 1355run_test "Fallback SCSV: default" \ 1356 "$P_SRV debug_level=2" \ 1357 "$P_CLI debug_level=3 force_version=tls1_1" \ 1358 0 \ 1359 -C "adding FALLBACK_SCSV" \ 1360 -S "received FALLBACK_SCSV" \ 1361 -S "inapropriate fallback" \ 1362 -C "is a fatal alert message (msg 86)" 1363 1364run_test "Fallback SCSV: explicitly disabled" \ 1365 "$P_SRV debug_level=2" \ 1366 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1367 0 \ 1368 -C "adding FALLBACK_SCSV" \ 1369 -S "received FALLBACK_SCSV" \ 1370 -S "inapropriate fallback" \ 1371 -C "is a fatal alert message (msg 86)" 1372 1373run_test "Fallback SCSV: enabled" \ 1374 "$P_SRV debug_level=2" \ 1375 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1376 1 \ 1377 -c "adding FALLBACK_SCSV" \ 1378 -s "received FALLBACK_SCSV" \ 1379 -s "inapropriate fallback" \ 1380 -c "is a fatal alert message (msg 86)" 1381 1382run_test "Fallback SCSV: enabled, max version" \ 1383 "$P_SRV debug_level=2" \ 1384 "$P_CLI debug_level=3 fallback=1" \ 1385 0 \ 1386 -c "adding FALLBACK_SCSV" \ 1387 -s "received FALLBACK_SCSV" \ 1388 -S "inapropriate fallback" \ 1389 -C "is a fatal alert message (msg 86)" 1390 1391requires_openssl_with_fallback_scsv 1392run_test "Fallback SCSV: default, openssl server" \ 1393 "$O_SRV" \ 1394 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \ 1395 0 \ 1396 -C "adding FALLBACK_SCSV" \ 1397 -C "is a fatal alert message (msg 86)" 1398 1399requires_openssl_with_fallback_scsv 1400run_test "Fallback SCSV: enabled, openssl server" \ 1401 "$O_SRV" \ 1402 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \ 1403 1 \ 1404 -c "adding FALLBACK_SCSV" \ 1405 -c "is a fatal alert message (msg 86)" 1406 1407requires_openssl_with_fallback_scsv 1408run_test "Fallback SCSV: disabled, openssl client" \ 1409 "$P_SRV debug_level=2" \ 1410 "$O_CLI -tls1_1" \ 1411 0 \ 1412 -S "received FALLBACK_SCSV" \ 1413 -S "inapropriate fallback" 1414 1415requires_openssl_with_fallback_scsv 1416run_test "Fallback SCSV: enabled, openssl client" \ 1417 "$P_SRV debug_level=2" \ 1418 "$O_CLI -tls1_1 -fallback_scsv" \ 1419 1 \ 1420 -s "received FALLBACK_SCSV" \ 1421 -s "inapropriate fallback" 1422 1423requires_openssl_with_fallback_scsv 1424run_test "Fallback SCSV: enabled, max version, openssl client" \ 1425 "$P_SRV debug_level=2" \ 1426 "$O_CLI -fallback_scsv" \ 1427 0 \ 1428 -s "received FALLBACK_SCSV" \ 1429 -S "inapropriate fallback" 1430 1431# Test sending and receiving empty application data records 1432 1433run_test "Encrypt then MAC: empty application data record" \ 1434 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 1435 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 1436 0 \ 1437 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1438 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1439 -c "0 bytes written in 1 fragments" 1440 1441run_test "Encrypt then MAC: disabled, empty application data record" \ 1442 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 1443 "$P_CLI auth_mode=none etm=0 request_size=0" \ 1444 0 \ 1445 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1446 -c "0 bytes written in 1 fragments" 1447 1448run_test "Encrypt then MAC, DTLS: empty application data record" \ 1449 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 1450 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 1451 0 \ 1452 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 1453 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1454 -c "0 bytes written in 1 fragments" 1455 1456run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ 1457 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 1458 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 1459 0 \ 1460 -s "dumping 'input payload after decrypt' (0 bytes)" \ 1461 -c "0 bytes written in 1 fragments" 1462 1463## ClientHello generated with 1464## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..." 1465## then manually twiddling the ciphersuite list. 1466## The ClientHello content is spelled out below as a hex string as 1467## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix". 1468## The expected response is an inappropriate_fallback alert. 1469requires_openssl_with_fallback_scsv 1470run_test "Fallback SCSV: beginning of list" \ 1471 "$P_SRV debug_level=2" \ 1472 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \ 1473 0 \ 1474 -s "received FALLBACK_SCSV" \ 1475 -s "inapropriate fallback" 1476 1477requires_openssl_with_fallback_scsv 1478run_test "Fallback SCSV: end of list" \ 1479 "$P_SRV debug_level=2" \ 1480 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \ 1481 0 \ 1482 -s "received FALLBACK_SCSV" \ 1483 -s "inapropriate fallback" 1484 1485## Here the expected response is a valid ServerHello prefix, up to the random. 1486requires_openssl_with_fallback_scsv 1487run_test "Fallback SCSV: not in list" \ 1488 "$P_SRV debug_level=2" \ 1489 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \ 1490 0 \ 1491 -S "received FALLBACK_SCSV" \ 1492 -S "inapropriate fallback" 1493 1494# Tests for CBC 1/n-1 record splitting 1495 1496run_test "CBC Record splitting: TLS 1.2, no splitting" \ 1497 "$P_SRV" \ 1498 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1499 request_size=123 force_version=tls1_2" \ 1500 0 \ 1501 -s "Read from client: 123 bytes read" \ 1502 -S "Read from client: 1 bytes read" \ 1503 -S "122 bytes read" 1504 1505run_test "CBC Record splitting: TLS 1.1, no splitting" \ 1506 "$P_SRV" \ 1507 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1508 request_size=123 force_version=tls1_1" \ 1509 0 \ 1510 -s "Read from client: 123 bytes read" \ 1511 -S "Read from client: 1 bytes read" \ 1512 -S "122 bytes read" 1513 1514run_test "CBC Record splitting: TLS 1.0, splitting" \ 1515 "$P_SRV" \ 1516 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1517 request_size=123 force_version=tls1" \ 1518 0 \ 1519 -S "Read from client: 123 bytes read" \ 1520 -s "Read from client: 1 bytes read" \ 1521 -s "122 bytes read" 1522 1523requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 1524run_test "CBC Record splitting: SSLv3, splitting" \ 1525 "$P_SRV min_version=ssl3" \ 1526 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1527 request_size=123 force_version=ssl3" \ 1528 0 \ 1529 -S "Read from client: 123 bytes read" \ 1530 -s "Read from client: 1 bytes read" \ 1531 -s "122 bytes read" 1532 1533run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \ 1534 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 1535 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 1536 request_size=123 force_version=tls1" \ 1537 0 \ 1538 -s "Read from client: 123 bytes read" \ 1539 -S "Read from client: 1 bytes read" \ 1540 -S "122 bytes read" 1541 1542run_test "CBC Record splitting: TLS 1.0, splitting disabled" \ 1543 "$P_SRV" \ 1544 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1545 request_size=123 force_version=tls1 recsplit=0" \ 1546 0 \ 1547 -s "Read from client: 123 bytes read" \ 1548 -S "Read from client: 1 bytes read" \ 1549 -S "122 bytes read" 1550 1551run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \ 1552 "$P_SRV nbio=2" \ 1553 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 1554 request_size=123 force_version=tls1" \ 1555 0 \ 1556 -S "Read from client: 123 bytes read" \ 1557 -s "Read from client: 1 bytes read" \ 1558 -s "122 bytes read" 1559 1560# Tests for Session Tickets 1561 1562run_test "Session resume using tickets: basic" \ 1563 "$P_SRV debug_level=3 tickets=1" \ 1564 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1565 0 \ 1566 -c "client hello, adding session ticket extension" \ 1567 -s "found session ticket extension" \ 1568 -s "server hello, adding session ticket extension" \ 1569 -c "found session_ticket extension" \ 1570 -c "parse new session ticket" \ 1571 -S "session successfully restored from cache" \ 1572 -s "session successfully restored from ticket" \ 1573 -s "a session has been resumed" \ 1574 -c "a session has been resumed" 1575 1576run_test "Session resume using tickets: cache disabled" \ 1577 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 1578 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1579 0 \ 1580 -c "client hello, adding session ticket extension" \ 1581 -s "found session ticket extension" \ 1582 -s "server hello, adding session ticket extension" \ 1583 -c "found session_ticket extension" \ 1584 -c "parse new session ticket" \ 1585 -S "session successfully restored from cache" \ 1586 -s "session successfully restored from ticket" \ 1587 -s "a session has been resumed" \ 1588 -c "a session has been resumed" 1589 1590run_test "Session resume using tickets: timeout" \ 1591 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 1592 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \ 1593 0 \ 1594 -c "client hello, adding session ticket extension" \ 1595 -s "found session ticket extension" \ 1596 -s "server hello, adding session ticket extension" \ 1597 -c "found session_ticket extension" \ 1598 -c "parse new session ticket" \ 1599 -S "session successfully restored from cache" \ 1600 -S "session successfully restored from ticket" \ 1601 -S "a session has been resumed" \ 1602 -C "a session has been resumed" 1603 1604run_test "Session resume using tickets: openssl server" \ 1605 "$O_SRV" \ 1606 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1607 0 \ 1608 -c "client hello, adding session ticket extension" \ 1609 -c "found session_ticket extension" \ 1610 -c "parse new session ticket" \ 1611 -c "a session has been resumed" 1612 1613run_test "Session resume using tickets: openssl client" \ 1614 "$P_SRV debug_level=3 tickets=1" \ 1615 "( $O_CLI -sess_out $SESSION; \ 1616 $O_CLI -sess_in $SESSION; \ 1617 rm -f $SESSION )" \ 1618 0 \ 1619 -s "found session ticket extension" \ 1620 -s "server hello, adding session ticket extension" \ 1621 -S "session successfully restored from cache" \ 1622 -s "session successfully restored from ticket" \ 1623 -s "a session has been resumed" 1624 1625# Tests for Session Tickets with DTLS 1626 1627run_test "Session resume using tickets, DTLS: basic" \ 1628 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 1629 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 1630 0 \ 1631 -c "client hello, adding session ticket extension" \ 1632 -s "found session ticket extension" \ 1633 -s "server hello, adding session ticket extension" \ 1634 -c "found session_ticket extension" \ 1635 -c "parse new session ticket" \ 1636 -S "session successfully restored from cache" \ 1637 -s "session successfully restored from ticket" \ 1638 -s "a session has been resumed" \ 1639 -c "a session has been resumed" 1640 1641run_test "Session resume using tickets, DTLS: cache disabled" \ 1642 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 1643 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 1644 0 \ 1645 -c "client hello, adding session ticket extension" \ 1646 -s "found session ticket extension" \ 1647 -s "server hello, adding session ticket extension" \ 1648 -c "found session_ticket extension" \ 1649 -c "parse new session ticket" \ 1650 -S "session successfully restored from cache" \ 1651 -s "session successfully restored from ticket" \ 1652 -s "a session has been resumed" \ 1653 -c "a session has been resumed" 1654 1655run_test "Session resume using tickets, DTLS: timeout" \ 1656 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 1657 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \ 1658 0 \ 1659 -c "client hello, adding session ticket extension" \ 1660 -s "found session ticket extension" \ 1661 -s "server hello, adding session ticket extension" \ 1662 -c "found session_ticket extension" \ 1663 -c "parse new session ticket" \ 1664 -S "session successfully restored from cache" \ 1665 -S "session successfully restored from ticket" \ 1666 -S "a session has been resumed" \ 1667 -C "a session has been resumed" 1668 1669run_test "Session resume using tickets, DTLS: openssl server" \ 1670 "$O_SRV -dtls1" \ 1671 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 1672 0 \ 1673 -c "client hello, adding session ticket extension" \ 1674 -c "found session_ticket extension" \ 1675 -c "parse new session ticket" \ 1676 -c "a session has been resumed" 1677 1678run_test "Session resume using tickets, DTLS: openssl client" \ 1679 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1680 "( $O_CLI -dtls1 -sess_out $SESSION; \ 1681 $O_CLI -dtls1 -sess_in $SESSION; \ 1682 rm -f $SESSION )" \ 1683 0 \ 1684 -s "found session ticket extension" \ 1685 -s "server hello, adding session ticket extension" \ 1686 -S "session successfully restored from cache" \ 1687 -s "session successfully restored from ticket" \ 1688 -s "a session has been resumed" 1689 1690# Tests for Session Resume based on session-ID and cache 1691 1692run_test "Session resume using cache: tickets enabled on client" \ 1693 "$P_SRV debug_level=3 tickets=0" \ 1694 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 1695 0 \ 1696 -c "client hello, adding session ticket extension" \ 1697 -s "found session ticket extension" \ 1698 -S "server hello, adding session ticket extension" \ 1699 -C "found session_ticket extension" \ 1700 -C "parse new session ticket" \ 1701 -s "session successfully restored from cache" \ 1702 -S "session successfully restored from ticket" \ 1703 -s "a session has been resumed" \ 1704 -c "a session has been resumed" 1705 1706run_test "Session resume using cache: tickets enabled on server" \ 1707 "$P_SRV debug_level=3 tickets=1" \ 1708 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1709 0 \ 1710 -C "client hello, adding session ticket extension" \ 1711 -S "found session ticket extension" \ 1712 -S "server hello, adding session ticket extension" \ 1713 -C "found session_ticket extension" \ 1714 -C "parse new session ticket" \ 1715 -s "session successfully restored from cache" \ 1716 -S "session successfully restored from ticket" \ 1717 -s "a session has been resumed" \ 1718 -c "a session has been resumed" 1719 1720run_test "Session resume using cache: cache_max=0" \ 1721 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 1722 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1723 0 \ 1724 -S "session successfully restored from cache" \ 1725 -S "session successfully restored from ticket" \ 1726 -S "a session has been resumed" \ 1727 -C "a session has been resumed" 1728 1729run_test "Session resume using cache: cache_max=1" \ 1730 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 1731 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1732 0 \ 1733 -s "session successfully restored from cache" \ 1734 -S "session successfully restored from ticket" \ 1735 -s "a session has been resumed" \ 1736 -c "a session has been resumed" 1737 1738run_test "Session resume using cache: timeout > delay" \ 1739 "$P_SRV debug_level=3 tickets=0" \ 1740 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 1741 0 \ 1742 -s "session successfully restored from cache" \ 1743 -S "session successfully restored from ticket" \ 1744 -s "a session has been resumed" \ 1745 -c "a session has been resumed" 1746 1747run_test "Session resume using cache: timeout < delay" \ 1748 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 1749 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1750 0 \ 1751 -S "session successfully restored from cache" \ 1752 -S "session successfully restored from ticket" \ 1753 -S "a session has been resumed" \ 1754 -C "a session has been resumed" 1755 1756run_test "Session resume using cache: no timeout" \ 1757 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 1758 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 1759 0 \ 1760 -s "session successfully restored from cache" \ 1761 -S "session successfully restored from ticket" \ 1762 -s "a session has been resumed" \ 1763 -c "a session has been resumed" 1764 1765run_test "Session resume using cache: openssl client" \ 1766 "$P_SRV debug_level=3 tickets=0" \ 1767 "( $O_CLI -sess_out $SESSION; \ 1768 $O_CLI -sess_in $SESSION; \ 1769 rm -f $SESSION )" \ 1770 0 \ 1771 -s "found session ticket extension" \ 1772 -S "server hello, adding session ticket extension" \ 1773 -s "session successfully restored from cache" \ 1774 -S "session successfully restored from ticket" \ 1775 -s "a session has been resumed" 1776 1777run_test "Session resume using cache: openssl server" \ 1778 "$O_SRV" \ 1779 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 1780 0 \ 1781 -C "found session_ticket extension" \ 1782 -C "parse new session ticket" \ 1783 -c "a session has been resumed" 1784 1785# Tests for Session Resume based on session-ID and cache, DTLS 1786 1787run_test "Session resume using cache, DTLS: tickets enabled on client" \ 1788 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1789 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ 1790 0 \ 1791 -c "client hello, adding session ticket extension" \ 1792 -s "found session ticket extension" \ 1793 -S "server hello, adding session ticket extension" \ 1794 -C "found session_ticket extension" \ 1795 -C "parse new session ticket" \ 1796 -s "session successfully restored from cache" \ 1797 -S "session successfully restored from ticket" \ 1798 -s "a session has been resumed" \ 1799 -c "a session has been resumed" 1800 1801run_test "Session resume using cache, DTLS: tickets enabled on server" \ 1802 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 1803 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 1804 0 \ 1805 -C "client hello, adding session ticket extension" \ 1806 -S "found session ticket extension" \ 1807 -S "server hello, adding session ticket extension" \ 1808 -C "found session_ticket extension" \ 1809 -C "parse new session ticket" \ 1810 -s "session successfully restored from cache" \ 1811 -S "session successfully restored from ticket" \ 1812 -s "a session has been resumed" \ 1813 -c "a session has been resumed" 1814 1815run_test "Session resume using cache, DTLS: cache_max=0" \ 1816 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 1817 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 1818 0 \ 1819 -S "session successfully restored from cache" \ 1820 -S "session successfully restored from ticket" \ 1821 -S "a session has been resumed" \ 1822 -C "a session has been resumed" 1823 1824run_test "Session resume using cache, DTLS: cache_max=1" \ 1825 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 1826 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 1827 0 \ 1828 -s "session successfully restored from cache" \ 1829 -S "session successfully restored from ticket" \ 1830 -s "a session has been resumed" \ 1831 -c "a session has been resumed" 1832 1833run_test "Session resume using cache, DTLS: timeout > delay" \ 1834 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1835 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ 1836 0 \ 1837 -s "session successfully restored from cache" \ 1838 -S "session successfully restored from ticket" \ 1839 -s "a session has been resumed" \ 1840 -c "a session has been resumed" 1841 1842run_test "Session resume using cache, DTLS: timeout < delay" \ 1843 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 1844 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 1845 0 \ 1846 -S "session successfully restored from cache" \ 1847 -S "session successfully restored from ticket" \ 1848 -S "a session has been resumed" \ 1849 -C "a session has been resumed" 1850 1851run_test "Session resume using cache, DTLS: no timeout" \ 1852 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 1853 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 1854 0 \ 1855 -s "session successfully restored from cache" \ 1856 -S "session successfully restored from ticket" \ 1857 -s "a session has been resumed" \ 1858 -c "a session has been resumed" 1859 1860run_test "Session resume using cache, DTLS: openssl client" \ 1861 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 1862 "( $O_CLI -dtls1 -sess_out $SESSION; \ 1863 $O_CLI -dtls1 -sess_in $SESSION; \ 1864 rm -f $SESSION )" \ 1865 0 \ 1866 -s "found session ticket extension" \ 1867 -S "server hello, adding session ticket extension" \ 1868 -s "session successfully restored from cache" \ 1869 -S "session successfully restored from ticket" \ 1870 -s "a session has been resumed" 1871 1872run_test "Session resume using cache, DTLS: openssl server" \ 1873 "$O_SRV -dtls1" \ 1874 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 1875 0 \ 1876 -C "found session_ticket extension" \ 1877 -C "parse new session ticket" \ 1878 -c "a session has been resumed" 1879 1880# Tests for Max Fragment Length extension 1881 1882if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then 1883 printf '%s defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n' "${CONFIG_H}" 1884 exit 1 1885fi 1886 1887if [ $MAX_CONTENT_LEN -ne 16384 ]; then 1888 echo "Using non-default maximum content length $MAX_CONTENT_LEN" 1889fi 1890 1891requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1892run_test "Max fragment length: enabled, default" \ 1893 "$P_SRV debug_level=3" \ 1894 "$P_CLI debug_level=3" \ 1895 0 \ 1896 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1897 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1898 -C "client hello, adding max_fragment_length extension" \ 1899 -S "found max fragment length extension" \ 1900 -S "server hello, max_fragment_length extension" \ 1901 -C "found max_fragment_length extension" 1902 1903requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1904run_test "Max fragment length: enabled, default, larger message" \ 1905 "$P_SRV debug_level=3" \ 1906 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1907 0 \ 1908 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1909 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1910 -C "client hello, adding max_fragment_length extension" \ 1911 -S "found max fragment length extension" \ 1912 -S "server hello, max_fragment_length extension" \ 1913 -C "found max_fragment_length extension" \ 1914 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 1915 -s "$MAX_CONTENT_LEN bytes read" \ 1916 -s "1 bytes read" 1917 1918requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1919run_test "Max fragment length, DTLS: enabled, default, larger message" \ 1920 "$P_SRV debug_level=3 dtls=1" \ 1921 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1922 1 \ 1923 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1924 -s "Maximum fragment length is $MAX_CONTENT_LEN" \ 1925 -C "client hello, adding max_fragment_length extension" \ 1926 -S "found max fragment length extension" \ 1927 -S "server hello, max_fragment_length extension" \ 1928 -C "found max_fragment_length extension" \ 1929 -c "fragment larger than.*maximum " 1930 1931# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 1932# (session fragment length will be 16384 regardless of mbedtls 1933# content length configuration.) 1934 1935requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1936run_test "Max fragment length: disabled, larger message" \ 1937 "$P_SRV debug_level=3" \ 1938 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1939 0 \ 1940 -C "Maximum fragment length is 16384" \ 1941 -S "Maximum fragment length is 16384" \ 1942 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 1943 -s "$MAX_CONTENT_LEN bytes read" \ 1944 -s "1 bytes read" 1945 1946requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1947run_test "Max fragment length DTLS: disabled, larger message" \ 1948 "$P_SRV debug_level=3 dtls=1" \ 1949 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 1950 1 \ 1951 -C "Maximum fragment length is 16384" \ 1952 -S "Maximum fragment length is 16384" \ 1953 -c "fragment larger than.*maximum " 1954 1955requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1956run_test "Max fragment length: used by client" \ 1957 "$P_SRV debug_level=3" \ 1958 "$P_CLI debug_level=3 max_frag_len=4096" \ 1959 0 \ 1960 -c "Maximum fragment length is 4096" \ 1961 -s "Maximum fragment length is 4096" \ 1962 -c "client hello, adding max_fragment_length extension" \ 1963 -s "found max fragment length extension" \ 1964 -s "server hello, max_fragment_length extension" \ 1965 -c "found max_fragment_length extension" 1966 1967requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1968run_test "Max fragment length: used by server" \ 1969 "$P_SRV debug_level=3 max_frag_len=4096" \ 1970 "$P_CLI debug_level=3" \ 1971 0 \ 1972 -c "Maximum fragment length is $MAX_CONTENT_LEN" \ 1973 -s "Maximum fragment length is 4096" \ 1974 -C "client hello, adding max_fragment_length extension" \ 1975 -S "found max fragment length extension" \ 1976 -S "server hello, max_fragment_length extension" \ 1977 -C "found max_fragment_length extension" 1978 1979requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1980requires_gnutls 1981run_test "Max fragment length: gnutls server" \ 1982 "$G_SRV" \ 1983 "$P_CLI debug_level=3 max_frag_len=4096" \ 1984 0 \ 1985 -c "Maximum fragment length is 4096" \ 1986 -c "client hello, adding max_fragment_length extension" \ 1987 -c "found max_fragment_length extension" 1988 1989requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 1990run_test "Max fragment length: client, message just fits" \ 1991 "$P_SRV debug_level=3" \ 1992 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 1993 0 \ 1994 -c "Maximum fragment length is 2048" \ 1995 -s "Maximum fragment length is 2048" \ 1996 -c "client hello, adding max_fragment_length extension" \ 1997 -s "found max fragment length extension" \ 1998 -s "server hello, max_fragment_length extension" \ 1999 -c "found max_fragment_length extension" \ 2000 -c "2048 bytes written in 1 fragments" \ 2001 -s "2048 bytes read" 2002 2003requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2004run_test "Max fragment length: client, larger message" \ 2005 "$P_SRV debug_level=3" \ 2006 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 2007 0 \ 2008 -c "Maximum fragment length is 2048" \ 2009 -s "Maximum fragment length is 2048" \ 2010 -c "client hello, adding max_fragment_length extension" \ 2011 -s "found max fragment length extension" \ 2012 -s "server hello, max_fragment_length extension" \ 2013 -c "found max_fragment_length extension" \ 2014 -c "2345 bytes written in 2 fragments" \ 2015 -s "2048 bytes read" \ 2016 -s "297 bytes read" 2017 2018requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 2019run_test "Max fragment length: DTLS client, larger message" \ 2020 "$P_SRV debug_level=3 dtls=1" \ 2021 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 2022 1 \ 2023 -c "Maximum fragment length is 2048" \ 2024 -s "Maximum fragment length is 2048" \ 2025 -c "client hello, adding max_fragment_length extension" \ 2026 -s "found max fragment length extension" \ 2027 -s "server hello, max_fragment_length extension" \ 2028 -c "found max_fragment_length extension" \ 2029 -c "fragment larger than.*maximum" 2030 2031# Tests for renegotiation 2032 2033# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 2034run_test "Renegotiation: none, for reference" \ 2035 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 2036 "$P_CLI debug_level=3 exchanges=2" \ 2037 0 \ 2038 -C "client hello, adding renegotiation extension" \ 2039 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2040 -S "found renegotiation extension" \ 2041 -s "server hello, secure renegotiation extension" \ 2042 -c "found renegotiation extension" \ 2043 -C "=> renegotiate" \ 2044 -S "=> renegotiate" \ 2045 -S "write hello request" 2046 2047requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2048run_test "Renegotiation: client-initiated" \ 2049 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 2050 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2051 0 \ 2052 -c "client hello, adding renegotiation extension" \ 2053 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2054 -s "found renegotiation extension" \ 2055 -s "server hello, secure renegotiation extension" \ 2056 -c "found renegotiation extension" \ 2057 -c "=> renegotiate" \ 2058 -s "=> renegotiate" \ 2059 -S "write hello request" 2060 2061requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2062run_test "Renegotiation: server-initiated" \ 2063 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2064 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2065 0 \ 2066 -c "client hello, adding renegotiation extension" \ 2067 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2068 -s "found renegotiation extension" \ 2069 -s "server hello, secure renegotiation extension" \ 2070 -c "found renegotiation extension" \ 2071 -c "=> renegotiate" \ 2072 -s "=> renegotiate" \ 2073 -s "write hello request" 2074 2075# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 2076# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2077# algorithm stronger than SHA-1 is enabled in config.h 2078requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2079run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 2080 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 2081 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2082 0 \ 2083 -c "client hello, adding renegotiation extension" \ 2084 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2085 -s "found renegotiation extension" \ 2086 -s "server hello, secure renegotiation extension" \ 2087 -c "found renegotiation extension" \ 2088 -c "=> renegotiate" \ 2089 -s "=> renegotiate" \ 2090 -S "write hello request" \ 2091 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2092 2093# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 2094# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 2095# algorithm stronger than SHA-1 is enabled in config.h 2096requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2097run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 2098 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2099 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2100 0 \ 2101 -c "client hello, adding renegotiation extension" \ 2102 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2103 -s "found renegotiation extension" \ 2104 -s "server hello, secure renegotiation extension" \ 2105 -c "found renegotiation extension" \ 2106 -c "=> renegotiate" \ 2107 -s "=> renegotiate" \ 2108 -s "write hello request" \ 2109 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 2110 2111requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2112run_test "Renegotiation: double" \ 2113 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 2114 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2115 0 \ 2116 -c "client hello, adding renegotiation extension" \ 2117 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2118 -s "found renegotiation extension" \ 2119 -s "server hello, secure renegotiation extension" \ 2120 -c "found renegotiation extension" \ 2121 -c "=> renegotiate" \ 2122 -s "=> renegotiate" \ 2123 -s "write hello request" 2124 2125requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2126run_test "Renegotiation: client-initiated, server-rejected" \ 2127 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 2128 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 2129 1 \ 2130 -c "client hello, adding renegotiation extension" \ 2131 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2132 -S "found renegotiation extension" \ 2133 -s "server hello, secure renegotiation extension" \ 2134 -c "found renegotiation extension" \ 2135 -c "=> renegotiate" \ 2136 -S "=> renegotiate" \ 2137 -S "write hello request" \ 2138 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 2139 -c "failed" 2140 2141requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2142run_test "Renegotiation: server-initiated, client-rejected, default" \ 2143 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2144 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2145 0 \ 2146 -C "client hello, adding renegotiation extension" \ 2147 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2148 -S "found renegotiation extension" \ 2149 -s "server hello, secure renegotiation extension" \ 2150 -c "found renegotiation extension" \ 2151 -C "=> renegotiate" \ 2152 -S "=> renegotiate" \ 2153 -s "write hello request" \ 2154 -S "SSL - An unexpected message was received from our peer" \ 2155 -S "failed" 2156 2157requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2158run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 2159 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2160 renego_delay=-1 auth_mode=optional" \ 2161 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2162 0 \ 2163 -C "client hello, adding renegotiation extension" \ 2164 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2165 -S "found renegotiation extension" \ 2166 -s "server hello, secure renegotiation extension" \ 2167 -c "found renegotiation extension" \ 2168 -C "=> renegotiate" \ 2169 -S "=> renegotiate" \ 2170 -s "write hello request" \ 2171 -S "SSL - An unexpected message was received from our peer" \ 2172 -S "failed" 2173 2174# delay 2 for 1 alert record + 1 application data record 2175requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2176run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 2177 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2178 renego_delay=2 auth_mode=optional" \ 2179 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2180 0 \ 2181 -C "client hello, adding renegotiation extension" \ 2182 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2183 -S "found renegotiation extension" \ 2184 -s "server hello, secure renegotiation extension" \ 2185 -c "found renegotiation extension" \ 2186 -C "=> renegotiate" \ 2187 -S "=> renegotiate" \ 2188 -s "write hello request" \ 2189 -S "SSL - An unexpected message was received from our peer" \ 2190 -S "failed" 2191 2192requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2193run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 2194 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2195 renego_delay=0 auth_mode=optional" \ 2196 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 2197 0 \ 2198 -C "client hello, adding renegotiation extension" \ 2199 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2200 -S "found renegotiation extension" \ 2201 -s "server hello, secure renegotiation extension" \ 2202 -c "found renegotiation extension" \ 2203 -C "=> renegotiate" \ 2204 -S "=> renegotiate" \ 2205 -s "write hello request" \ 2206 -s "SSL - An unexpected message was received from our peer" 2207 2208requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2209run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 2210 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 2211 renego_delay=0 auth_mode=optional" \ 2212 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2213 0 \ 2214 -c "client hello, adding renegotiation extension" \ 2215 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2216 -s "found renegotiation extension" \ 2217 -s "server hello, secure renegotiation extension" \ 2218 -c "found renegotiation extension" \ 2219 -c "=> renegotiate" \ 2220 -s "=> renegotiate" \ 2221 -s "write hello request" \ 2222 -S "SSL - An unexpected message was received from our peer" \ 2223 -S "failed" 2224 2225requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2226run_test "Renegotiation: periodic, just below period" \ 2227 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2228 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 2229 0 \ 2230 -C "client hello, adding renegotiation extension" \ 2231 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2232 -S "found renegotiation extension" \ 2233 -s "server hello, secure renegotiation extension" \ 2234 -c "found renegotiation extension" \ 2235 -S "record counter limit reached: renegotiate" \ 2236 -C "=> renegotiate" \ 2237 -S "=> renegotiate" \ 2238 -S "write hello request" \ 2239 -S "SSL - An unexpected message was received from our peer" \ 2240 -S "failed" 2241 2242# one extra exchange to be able to complete renego 2243requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2244run_test "Renegotiation: periodic, just above period" \ 2245 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2246 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2247 0 \ 2248 -c "client hello, adding renegotiation extension" \ 2249 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2250 -s "found renegotiation extension" \ 2251 -s "server hello, secure renegotiation extension" \ 2252 -c "found renegotiation extension" \ 2253 -s "record counter limit reached: renegotiate" \ 2254 -c "=> renegotiate" \ 2255 -s "=> renegotiate" \ 2256 -s "write hello request" \ 2257 -S "SSL - An unexpected message was received from our peer" \ 2258 -S "failed" 2259 2260requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2261run_test "Renegotiation: periodic, two times period" \ 2262 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 2263 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ 2264 0 \ 2265 -c "client hello, adding renegotiation extension" \ 2266 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2267 -s "found renegotiation extension" \ 2268 -s "server hello, secure renegotiation extension" \ 2269 -c "found renegotiation extension" \ 2270 -s "record counter limit reached: renegotiate" \ 2271 -c "=> renegotiate" \ 2272 -s "=> renegotiate" \ 2273 -s "write hello request" \ 2274 -S "SSL - An unexpected message was received from our peer" \ 2275 -S "failed" 2276 2277requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2278run_test "Renegotiation: periodic, above period, disabled" \ 2279 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 2280 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 2281 0 \ 2282 -C "client hello, adding renegotiation extension" \ 2283 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2284 -S "found renegotiation extension" \ 2285 -s "server hello, secure renegotiation extension" \ 2286 -c "found renegotiation extension" \ 2287 -S "record counter limit reached: renegotiate" \ 2288 -C "=> renegotiate" \ 2289 -S "=> renegotiate" \ 2290 -S "write hello request" \ 2291 -S "SSL - An unexpected message was received from our peer" \ 2292 -S "failed" 2293 2294requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2295run_test "Renegotiation: nbio, client-initiated" \ 2296 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 2297 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 2298 0 \ 2299 -c "client hello, adding renegotiation extension" \ 2300 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2301 -s "found renegotiation extension" \ 2302 -s "server hello, secure renegotiation extension" \ 2303 -c "found renegotiation extension" \ 2304 -c "=> renegotiate" \ 2305 -s "=> renegotiate" \ 2306 -S "write hello request" 2307 2308requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2309run_test "Renegotiation: nbio, server-initiated" \ 2310 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 2311 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 2312 0 \ 2313 -c "client hello, adding renegotiation extension" \ 2314 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2315 -s "found renegotiation extension" \ 2316 -s "server hello, secure renegotiation extension" \ 2317 -c "found renegotiation extension" \ 2318 -c "=> renegotiate" \ 2319 -s "=> renegotiate" \ 2320 -s "write hello request" 2321 2322requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2323run_test "Renegotiation: openssl server, client-initiated" \ 2324 "$O_SRV -www" \ 2325 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2326 0 \ 2327 -c "client hello, adding renegotiation extension" \ 2328 -c "found renegotiation extension" \ 2329 -c "=> renegotiate" \ 2330 -C "ssl_hanshake() returned" \ 2331 -C "error" \ 2332 -c "HTTP/1.0 200 [Oo][Kk]" 2333 2334requires_gnutls 2335requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2336run_test "Renegotiation: gnutls server strict, client-initiated" \ 2337 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2338 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2339 0 \ 2340 -c "client hello, adding renegotiation extension" \ 2341 -c "found renegotiation extension" \ 2342 -c "=> renegotiate" \ 2343 -C "ssl_hanshake() returned" \ 2344 -C "error" \ 2345 -c "HTTP/1.0 200 [Oo][Kk]" 2346 2347requires_gnutls 2348requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2349run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 2350 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2351 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 2352 1 \ 2353 -c "client hello, adding renegotiation extension" \ 2354 -C "found renegotiation extension" \ 2355 -c "=> renegotiate" \ 2356 -c "mbedtls_ssl_handshake() returned" \ 2357 -c "error" \ 2358 -C "HTTP/1.0 200 [Oo][Kk]" 2359 2360requires_gnutls 2361requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2362run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 2363 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2364 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2365 allow_legacy=0" \ 2366 1 \ 2367 -c "client hello, adding renegotiation extension" \ 2368 -C "found renegotiation extension" \ 2369 -c "=> renegotiate" \ 2370 -c "mbedtls_ssl_handshake() returned" \ 2371 -c "error" \ 2372 -C "HTTP/1.0 200 [Oo][Kk]" 2373 2374requires_gnutls 2375requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2376run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 2377 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2378 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 2379 allow_legacy=1" \ 2380 0 \ 2381 -c "client hello, adding renegotiation extension" \ 2382 -C "found renegotiation extension" \ 2383 -c "=> renegotiate" \ 2384 -C "ssl_hanshake() returned" \ 2385 -C "error" \ 2386 -c "HTTP/1.0 200 [Oo][Kk]" 2387 2388requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2389run_test "Renegotiation: DTLS, client-initiated" \ 2390 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 2391 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2392 0 \ 2393 -c "client hello, adding renegotiation extension" \ 2394 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2395 -s "found renegotiation extension" \ 2396 -s "server hello, secure renegotiation extension" \ 2397 -c "found renegotiation extension" \ 2398 -c "=> renegotiate" \ 2399 -s "=> renegotiate" \ 2400 -S "write hello request" 2401 2402requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2403run_test "Renegotiation: DTLS, server-initiated" \ 2404 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 2405 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 2406 read_timeout=1000 max_resend=2" \ 2407 0 \ 2408 -c "client hello, adding renegotiation extension" \ 2409 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2410 -s "found renegotiation extension" \ 2411 -s "server hello, secure renegotiation extension" \ 2412 -c "found renegotiation extension" \ 2413 -c "=> renegotiate" \ 2414 -s "=> renegotiate" \ 2415 -s "write hello request" 2416 2417requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2418run_test "Renegotiation: DTLS, renego_period overflow" \ 2419 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 2420 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 2421 0 \ 2422 -c "client hello, adding renegotiation extension" \ 2423 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 2424 -s "found renegotiation extension" \ 2425 -s "server hello, secure renegotiation extension" \ 2426 -s "record counter limit reached: renegotiate" \ 2427 -c "=> renegotiate" \ 2428 -s "=> renegotiate" \ 2429 -s "write hello request" 2430 2431requires_gnutls 2432requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2433run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 2434 "$G_SRV -u --mtu 4096" \ 2435 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 2436 0 \ 2437 -c "client hello, adding renegotiation extension" \ 2438 -c "found renegotiation extension" \ 2439 -c "=> renegotiate" \ 2440 -C "mbedtls_ssl_handshake returned" \ 2441 -C "error" \ 2442 -s "Extra-header:" 2443 2444# Test for the "secure renegotation" extension only (no actual renegotiation) 2445 2446requires_gnutls 2447run_test "Renego ext: gnutls server strict, client default" \ 2448 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 2449 "$P_CLI debug_level=3" \ 2450 0 \ 2451 -c "found renegotiation extension" \ 2452 -C "error" \ 2453 -c "HTTP/1.0 200 [Oo][Kk]" 2454 2455requires_gnutls 2456run_test "Renego ext: gnutls server unsafe, client default" \ 2457 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2458 "$P_CLI debug_level=3" \ 2459 0 \ 2460 -C "found renegotiation extension" \ 2461 -C "error" \ 2462 -c "HTTP/1.0 200 [Oo][Kk]" 2463 2464requires_gnutls 2465run_test "Renego ext: gnutls server unsafe, client break legacy" \ 2466 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 2467 "$P_CLI debug_level=3 allow_legacy=-1" \ 2468 1 \ 2469 -C "found renegotiation extension" \ 2470 -c "error" \ 2471 -C "HTTP/1.0 200 [Oo][Kk]" 2472 2473requires_gnutls 2474run_test "Renego ext: gnutls client strict, server default" \ 2475 "$P_SRV debug_level=3" \ 2476 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ 2477 0 \ 2478 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2479 -s "server hello, secure renegotiation extension" 2480 2481requires_gnutls 2482run_test "Renego ext: gnutls client unsafe, server default" \ 2483 "$P_SRV debug_level=3" \ 2484 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2485 0 \ 2486 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2487 -S "server hello, secure renegotiation extension" 2488 2489requires_gnutls 2490run_test "Renego ext: gnutls client unsafe, server break legacy" \ 2491 "$P_SRV debug_level=3 allow_legacy=-1" \ 2492 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 2493 1 \ 2494 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 2495 -S "server hello, secure renegotiation extension" 2496 2497# Tests for silently dropping trailing extra bytes in .der certificates 2498 2499requires_gnutls 2500run_test "DER format: no trailing bytes" \ 2501 "$P_SRV crt_file=data_files/server5-der0.crt \ 2502 key_file=data_files/server5.key" \ 2503 "$G_CLI localhost" \ 2504 0 \ 2505 -c "Handshake was completed" \ 2506 2507requires_gnutls 2508run_test "DER format: with a trailing zero byte" \ 2509 "$P_SRV crt_file=data_files/server5-der1a.crt \ 2510 key_file=data_files/server5.key" \ 2511 "$G_CLI localhost" \ 2512 0 \ 2513 -c "Handshake was completed" \ 2514 2515requires_gnutls 2516run_test "DER format: with a trailing random byte" \ 2517 "$P_SRV crt_file=data_files/server5-der1b.crt \ 2518 key_file=data_files/server5.key" \ 2519 "$G_CLI localhost" \ 2520 0 \ 2521 -c "Handshake was completed" \ 2522 2523requires_gnutls 2524run_test "DER format: with 2 trailing random bytes" \ 2525 "$P_SRV crt_file=data_files/server5-der2.crt \ 2526 key_file=data_files/server5.key" \ 2527 "$G_CLI localhost" \ 2528 0 \ 2529 -c "Handshake was completed" \ 2530 2531requires_gnutls 2532run_test "DER format: with 4 trailing random bytes" \ 2533 "$P_SRV crt_file=data_files/server5-der4.crt \ 2534 key_file=data_files/server5.key" \ 2535 "$G_CLI localhost" \ 2536 0 \ 2537 -c "Handshake was completed" \ 2538 2539requires_gnutls 2540run_test "DER format: with 8 trailing random bytes" \ 2541 "$P_SRV crt_file=data_files/server5-der8.crt \ 2542 key_file=data_files/server5.key" \ 2543 "$G_CLI localhost" \ 2544 0 \ 2545 -c "Handshake was completed" \ 2546 2547requires_gnutls 2548run_test "DER format: with 9 trailing random bytes" \ 2549 "$P_SRV crt_file=data_files/server5-der9.crt \ 2550 key_file=data_files/server5.key" \ 2551 "$G_CLI localhost" \ 2552 0 \ 2553 -c "Handshake was completed" \ 2554 2555# Tests for auth_mode 2556 2557run_test "Authentication: server badcert, client required" \ 2558 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2559 key_file=data_files/server5.key" \ 2560 "$P_CLI debug_level=1 auth_mode=required" \ 2561 1 \ 2562 -c "x509_verify_cert() returned" \ 2563 -c "! The certificate is not correctly signed by the trusted CA" \ 2564 -c "! mbedtls_ssl_handshake returned" \ 2565 -c "X509 - Certificate verification failed" 2566 2567run_test "Authentication: server badcert, client optional" \ 2568 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2569 key_file=data_files/server5.key" \ 2570 "$P_CLI debug_level=1 auth_mode=optional" \ 2571 0 \ 2572 -c "x509_verify_cert() returned" \ 2573 -c "! The certificate is not correctly signed by the trusted CA" \ 2574 -C "! mbedtls_ssl_handshake returned" \ 2575 -C "X509 - Certificate verification failed" 2576 2577run_test "Authentication: server goodcert, client optional, no trusted CA" \ 2578 "$P_SRV" \ 2579 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 2580 0 \ 2581 -c "x509_verify_cert() returned" \ 2582 -c "! The certificate is not correctly signed by the trusted CA" \ 2583 -c "! Certificate verification flags"\ 2584 -C "! mbedtls_ssl_handshake returned" \ 2585 -C "X509 - Certificate verification failed" \ 2586 -C "SSL - No CA Chain is set, but required to operate" 2587 2588run_test "Authentication: server goodcert, client required, no trusted CA" \ 2589 "$P_SRV" \ 2590 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 2591 1 \ 2592 -c "x509_verify_cert() returned" \ 2593 -c "! The certificate is not correctly signed by the trusted CA" \ 2594 -c "! Certificate verification flags"\ 2595 -c "! mbedtls_ssl_handshake returned" \ 2596 -c "SSL - No CA Chain is set, but required to operate" 2597 2598# The purpose of the next two tests is to test the client's behaviour when receiving a server 2599# certificate with an unsupported elliptic curve. This should usually not happen because 2600# the client informs the server about the supported curves - it does, though, in the 2601# corner case of a static ECDH suite, because the server doesn't check the curve on that 2602# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 2603# different means to have the server ignoring the client's supported curve list. 2604 2605requires_config_enabled MBEDTLS_ECP_C 2606run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 2607 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2608 crt_file=data_files/server5.ku-ka.crt" \ 2609 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \ 2610 1 \ 2611 -c "bad certificate (EC key curve)"\ 2612 -c "! Certificate verification flags"\ 2613 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 2614 2615requires_config_enabled MBEDTLS_ECP_C 2616run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 2617 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 2618 crt_file=data_files/server5.ku-ka.crt" \ 2619 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \ 2620 1 \ 2621 -c "bad certificate (EC key curve)"\ 2622 -c "! Certificate verification flags"\ 2623 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 2624 2625run_test "Authentication: server badcert, client none" \ 2626 "$P_SRV crt_file=data_files/server5-badsign.crt \ 2627 key_file=data_files/server5.key" \ 2628 "$P_CLI debug_level=1 auth_mode=none" \ 2629 0 \ 2630 -C "x509_verify_cert() returned" \ 2631 -C "! The certificate is not correctly signed by the trusted CA" \ 2632 -C "! mbedtls_ssl_handshake returned" \ 2633 -C "X509 - Certificate verification failed" 2634 2635run_test "Authentication: client SHA256, server required" \ 2636 "$P_SRV auth_mode=required" \ 2637 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2638 key_file=data_files/server6.key \ 2639 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 2640 0 \ 2641 -c "Supported Signature Algorithm found: 4," \ 2642 -c "Supported Signature Algorithm found: 5," 2643 2644run_test "Authentication: client SHA384, server required" \ 2645 "$P_SRV auth_mode=required" \ 2646 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 2647 key_file=data_files/server6.key \ 2648 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2649 0 \ 2650 -c "Supported Signature Algorithm found: 4," \ 2651 -c "Supported Signature Algorithm found: 5," 2652 2653requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2654run_test "Authentication: client has no cert, server required (SSLv3)" \ 2655 "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \ 2656 "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \ 2657 key_file=data_files/server5.key" \ 2658 1 \ 2659 -S "skip write certificate request" \ 2660 -C "skip parse certificate request" \ 2661 -c "got a certificate request" \ 2662 -c "got no certificate to send" \ 2663 -S "x509_verify_cert() returned" \ 2664 -s "client has no certificate" \ 2665 -s "! mbedtls_ssl_handshake returned" \ 2666 -c "! mbedtls_ssl_handshake returned" \ 2667 -s "No client certification received from the client, but required by the authentication mode" 2668 2669run_test "Authentication: client has no cert, server required (TLS)" \ 2670 "$P_SRV debug_level=3 auth_mode=required" \ 2671 "$P_CLI debug_level=3 crt_file=none \ 2672 key_file=data_files/server5.key" \ 2673 1 \ 2674 -S "skip write certificate request" \ 2675 -C "skip parse certificate request" \ 2676 -c "got a certificate request" \ 2677 -c "= write certificate$" \ 2678 -C "skip write certificate$" \ 2679 -S "x509_verify_cert() returned" \ 2680 -s "client has no certificate" \ 2681 -s "! mbedtls_ssl_handshake returned" \ 2682 -c "! mbedtls_ssl_handshake returned" \ 2683 -s "No client certification received from the client, but required by the authentication mode" 2684 2685run_test "Authentication: client badcert, server required" \ 2686 "$P_SRV debug_level=3 auth_mode=required" \ 2687 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2688 key_file=data_files/server5.key" \ 2689 1 \ 2690 -S "skip write certificate request" \ 2691 -C "skip parse certificate request" \ 2692 -c "got a certificate request" \ 2693 -C "skip write certificate" \ 2694 -C "skip write certificate verify" \ 2695 -S "skip parse certificate verify" \ 2696 -s "x509_verify_cert() returned" \ 2697 -s "! The certificate is not correctly signed by the trusted CA" \ 2698 -s "! mbedtls_ssl_handshake returned" \ 2699 -s "send alert level=2 message=48" \ 2700 -c "! mbedtls_ssl_handshake returned" \ 2701 -s "X509 - Certificate verification failed" 2702# We don't check that the client receives the alert because it might 2703# detect that its write end of the connection is closed and abort 2704# before reading the alert message. 2705 2706run_test "Authentication: client cert not trusted, server required" \ 2707 "$P_SRV debug_level=3 auth_mode=required" \ 2708 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 2709 key_file=data_files/server5.key" \ 2710 1 \ 2711 -S "skip write certificate request" \ 2712 -C "skip parse certificate request" \ 2713 -c "got a certificate request" \ 2714 -C "skip write certificate" \ 2715 -C "skip write certificate verify" \ 2716 -S "skip parse certificate verify" \ 2717 -s "x509_verify_cert() returned" \ 2718 -s "! The certificate is not correctly signed by the trusted CA" \ 2719 -s "! mbedtls_ssl_handshake returned" \ 2720 -c "! mbedtls_ssl_handshake returned" \ 2721 -s "X509 - Certificate verification failed" 2722 2723run_test "Authentication: client badcert, server optional" \ 2724 "$P_SRV debug_level=3 auth_mode=optional" \ 2725 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2726 key_file=data_files/server5.key" \ 2727 0 \ 2728 -S "skip write certificate request" \ 2729 -C "skip parse certificate request" \ 2730 -c "got a certificate request" \ 2731 -C "skip write certificate" \ 2732 -C "skip write certificate verify" \ 2733 -S "skip parse certificate verify" \ 2734 -s "x509_verify_cert() returned" \ 2735 -s "! The certificate is not correctly signed by the trusted CA" \ 2736 -S "! mbedtls_ssl_handshake returned" \ 2737 -C "! mbedtls_ssl_handshake returned" \ 2738 -S "X509 - Certificate verification failed" 2739 2740run_test "Authentication: client badcert, server none" \ 2741 "$P_SRV debug_level=3 auth_mode=none" \ 2742 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 2743 key_file=data_files/server5.key" \ 2744 0 \ 2745 -s "skip write certificate request" \ 2746 -C "skip parse certificate request" \ 2747 -c "got no certificate request" \ 2748 -c "skip write certificate" \ 2749 -c "skip write certificate verify" \ 2750 -s "skip parse certificate verify" \ 2751 -S "x509_verify_cert() returned" \ 2752 -S "! The certificate is not correctly signed by the trusted CA" \ 2753 -S "! mbedtls_ssl_handshake returned" \ 2754 -C "! mbedtls_ssl_handshake returned" \ 2755 -S "X509 - Certificate verification failed" 2756 2757run_test "Authentication: client no cert, server optional" \ 2758 "$P_SRV debug_level=3 auth_mode=optional" \ 2759 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2760 0 \ 2761 -S "skip write certificate request" \ 2762 -C "skip parse certificate request" \ 2763 -c "got a certificate request" \ 2764 -C "skip write certificate$" \ 2765 -C "got no certificate to send" \ 2766 -S "SSLv3 client has no certificate" \ 2767 -c "skip write certificate verify" \ 2768 -s "skip parse certificate verify" \ 2769 -s "! Certificate was missing" \ 2770 -S "! mbedtls_ssl_handshake returned" \ 2771 -C "! mbedtls_ssl_handshake returned" \ 2772 -S "X509 - Certificate verification failed" 2773 2774run_test "Authentication: openssl client no cert, server optional" \ 2775 "$P_SRV debug_level=3 auth_mode=optional" \ 2776 "$O_CLI" \ 2777 0 \ 2778 -S "skip write certificate request" \ 2779 -s "skip parse certificate verify" \ 2780 -s "! Certificate was missing" \ 2781 -S "! mbedtls_ssl_handshake returned" \ 2782 -S "X509 - Certificate verification failed" 2783 2784run_test "Authentication: client no cert, openssl server optional" \ 2785 "$O_SRV -verify 10" \ 2786 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2787 0 \ 2788 -C "skip parse certificate request" \ 2789 -c "got a certificate request" \ 2790 -C "skip write certificate$" \ 2791 -c "skip write certificate verify" \ 2792 -C "! mbedtls_ssl_handshake returned" 2793 2794run_test "Authentication: client no cert, openssl server required" \ 2795 "$O_SRV -Verify 10" \ 2796 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 2797 1 \ 2798 -C "skip parse certificate request" \ 2799 -c "got a certificate request" \ 2800 -C "skip write certificate$" \ 2801 -c "skip write certificate verify" \ 2802 -c "! mbedtls_ssl_handshake returned" 2803 2804requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 2805run_test "Authentication: client no cert, ssl3" \ 2806 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \ 2807 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \ 2808 0 \ 2809 -S "skip write certificate request" \ 2810 -C "skip parse certificate request" \ 2811 -c "got a certificate request" \ 2812 -C "skip write certificate$" \ 2813 -c "skip write certificate verify" \ 2814 -c "got no certificate to send" \ 2815 -s "SSLv3 client has no certificate" \ 2816 -s "skip parse certificate verify" \ 2817 -s "! Certificate was missing" \ 2818 -S "! mbedtls_ssl_handshake returned" \ 2819 -C "! mbedtls_ssl_handshake returned" \ 2820 -S "X509 - Certificate verification failed" 2821 2822# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its 2823# default value (8) 2824 2825MAX_IM_CA='8' 2826MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) 2827 2828if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then 2829 cat <<EOF 2830${CONFIG_H} contains a value for the configuration of 2831MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script's 2832test value of ${MAX_IM_CA}. 2833 2834The tests assume this value and if it changes, the tests in this 2835script should also be adjusted. 2836EOF 2837 exit 1 2838fi 2839 2840requires_full_size_output_buffer 2841run_test "Authentication: server max_int chain, client default" \ 2842 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 2843 key_file=data_files/dir-maxpath/09.key" \ 2844 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 2845 0 \ 2846 -C "X509 - A fatal error occurred" 2847 2848requires_full_size_output_buffer 2849run_test "Authentication: server max_int+1 chain, client default" \ 2850 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2851 key_file=data_files/dir-maxpath/10.key" \ 2852 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 2853 1 \ 2854 -c "X509 - A fatal error occurred" 2855 2856requires_full_size_output_buffer 2857run_test "Authentication: server max_int+1 chain, client optional" \ 2858 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2859 key_file=data_files/dir-maxpath/10.key" \ 2860 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 2861 auth_mode=optional" \ 2862 1 \ 2863 -c "X509 - A fatal error occurred" 2864 2865requires_full_size_output_buffer 2866run_test "Authentication: server max_int+1 chain, client none" \ 2867 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 2868 key_file=data_files/dir-maxpath/10.key" \ 2869 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 2870 auth_mode=none" \ 2871 0 \ 2872 -C "X509 - A fatal error occurred" 2873 2874requires_full_size_output_buffer 2875run_test "Authentication: client max_int+1 chain, server default" \ 2876 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ 2877 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2878 key_file=data_files/dir-maxpath/10.key" \ 2879 0 \ 2880 -S "X509 - A fatal error occurred" 2881 2882requires_full_size_output_buffer 2883run_test "Authentication: client max_int+1 chain, server optional" \ 2884 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 2885 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2886 key_file=data_files/dir-maxpath/10.key" \ 2887 1 \ 2888 -s "X509 - A fatal error occurred" 2889 2890requires_full_size_output_buffer 2891run_test "Authentication: client max_int+1 chain, server required" \ 2892 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 2893 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 2894 key_file=data_files/dir-maxpath/10.key" \ 2895 1 \ 2896 -s "X509 - A fatal error occurred" 2897 2898requires_full_size_output_buffer 2899run_test "Authentication: client max_int chain, server required" \ 2900 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 2901 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 2902 key_file=data_files/dir-maxpath/09.key" \ 2903 0 \ 2904 -S "X509 - A fatal error occurred" 2905 2906# Tests for CA list in CertificateRequest messages 2907 2908run_test "Authentication: send CA list in CertificateRequest (default)" \ 2909 "$P_SRV debug_level=3 auth_mode=required" \ 2910 "$P_CLI crt_file=data_files/server6.crt \ 2911 key_file=data_files/server6.key" \ 2912 0 \ 2913 -s "requested DN" 2914 2915run_test "Authentication: do not send CA list in CertificateRequest" \ 2916 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 2917 "$P_CLI crt_file=data_files/server6.crt \ 2918 key_file=data_files/server6.key" \ 2919 0 \ 2920 -S "requested DN" 2921 2922run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 2923 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 2924 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 2925 key_file=data_files/server5.key" \ 2926 1 \ 2927 -S "requested DN" \ 2928 -s "x509_verify_cert() returned" \ 2929 -s "! The certificate is not correctly signed by the trusted CA" \ 2930 -s "! mbedtls_ssl_handshake returned" \ 2931 -c "! mbedtls_ssl_handshake returned" \ 2932 -s "X509 - Certificate verification failed" 2933 2934# Tests for certificate selection based on SHA verson 2935 2936run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 2937 "$P_SRV crt_file=data_files/server5.crt \ 2938 key_file=data_files/server5.key \ 2939 crt_file2=data_files/server5-sha1.crt \ 2940 key_file2=data_files/server5.key" \ 2941 "$P_CLI force_version=tls1_2" \ 2942 0 \ 2943 -c "signed using.*ECDSA with SHA256" \ 2944 -C "signed using.*ECDSA with SHA1" 2945 2946run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ 2947 "$P_SRV crt_file=data_files/server5.crt \ 2948 key_file=data_files/server5.key \ 2949 crt_file2=data_files/server5-sha1.crt \ 2950 key_file2=data_files/server5.key" \ 2951 "$P_CLI force_version=tls1_1" \ 2952 0 \ 2953 -C "signed using.*ECDSA with SHA256" \ 2954 -c "signed using.*ECDSA with SHA1" 2955 2956run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ 2957 "$P_SRV crt_file=data_files/server5.crt \ 2958 key_file=data_files/server5.key \ 2959 crt_file2=data_files/server5-sha1.crt \ 2960 key_file2=data_files/server5.key" \ 2961 "$P_CLI force_version=tls1" \ 2962 0 \ 2963 -C "signed using.*ECDSA with SHA256" \ 2964 -c "signed using.*ECDSA with SHA1" 2965 2966run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ 2967 "$P_SRV crt_file=data_files/server5.crt \ 2968 key_file=data_files/server5.key \ 2969 crt_file2=data_files/server6.crt \ 2970 key_file2=data_files/server6.key" \ 2971 "$P_CLI force_version=tls1_1" \ 2972 0 \ 2973 -c "serial number.*09" \ 2974 -c "signed using.*ECDSA with SHA256" \ 2975 -C "signed using.*ECDSA with SHA1" 2976 2977run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ 2978 "$P_SRV crt_file=data_files/server6.crt \ 2979 key_file=data_files/server6.key \ 2980 crt_file2=data_files/server5.crt \ 2981 key_file2=data_files/server5.key" \ 2982 "$P_CLI force_version=tls1_1" \ 2983 0 \ 2984 -c "serial number.*0A" \ 2985 -c "signed using.*ECDSA with SHA256" \ 2986 -C "signed using.*ECDSA with SHA1" 2987 2988# tests for SNI 2989 2990run_test "SNI: no SNI callback" \ 2991 "$P_SRV debug_level=3 \ 2992 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2993 "$P_CLI server_name=localhost" \ 2994 0 \ 2995 -S "parse ServerName extension" \ 2996 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 2997 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 2998 2999run_test "SNI: matching cert 1" \ 3000 "$P_SRV debug_level=3 \ 3001 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3002 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3003 "$P_CLI server_name=localhost" \ 3004 0 \ 3005 -s "parse ServerName extension" \ 3006 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3007 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3008 3009run_test "SNI: matching cert 2" \ 3010 "$P_SRV debug_level=3 \ 3011 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3012 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3013 "$P_CLI server_name=polarssl.example" \ 3014 0 \ 3015 -s "parse ServerName extension" \ 3016 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3017 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 3018 3019run_test "SNI: no matching cert" \ 3020 "$P_SRV debug_level=3 \ 3021 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3022 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3023 "$P_CLI server_name=nonesuch.example" \ 3024 1 \ 3025 -s "parse ServerName extension" \ 3026 -s "ssl_sni_wrapper() returned" \ 3027 -s "mbedtls_ssl_handshake returned" \ 3028 -c "mbedtls_ssl_handshake returned" \ 3029 -c "SSL - A fatal alert message was received from our peer" 3030 3031run_test "SNI: client auth no override: optional" \ 3032 "$P_SRV debug_level=3 auth_mode=optional \ 3033 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3034 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 3035 "$P_CLI debug_level=3 server_name=localhost" \ 3036 0 \ 3037 -S "skip write certificate request" \ 3038 -C "skip parse certificate request" \ 3039 -c "got a certificate request" \ 3040 -C "skip write certificate" \ 3041 -C "skip write certificate verify" \ 3042 -S "skip parse certificate verify" 3043 3044run_test "SNI: client auth override: none -> optional" \ 3045 "$P_SRV debug_level=3 auth_mode=none \ 3046 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3047 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 3048 "$P_CLI debug_level=3 server_name=localhost" \ 3049 0 \ 3050 -S "skip write certificate request" \ 3051 -C "skip parse certificate request" \ 3052 -c "got a certificate request" \ 3053 -C "skip write certificate" \ 3054 -C "skip write certificate verify" \ 3055 -S "skip parse certificate verify" 3056 3057run_test "SNI: client auth override: optional -> none" \ 3058 "$P_SRV debug_level=3 auth_mode=optional \ 3059 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3060 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 3061 "$P_CLI debug_level=3 server_name=localhost" \ 3062 0 \ 3063 -s "skip write certificate request" \ 3064 -C "skip parse certificate request" \ 3065 -c "got no certificate request" \ 3066 -c "skip write certificate" \ 3067 -c "skip write certificate verify" \ 3068 -s "skip parse certificate verify" 3069 3070run_test "SNI: CA no override" \ 3071 "$P_SRV debug_level=3 auth_mode=optional \ 3072 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3073 ca_file=data_files/test-ca.crt \ 3074 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 3075 "$P_CLI debug_level=3 server_name=localhost \ 3076 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3077 1 \ 3078 -S "skip write certificate request" \ 3079 -C "skip parse certificate request" \ 3080 -c "got a certificate request" \ 3081 -C "skip write certificate" \ 3082 -C "skip write certificate verify" \ 3083 -S "skip parse certificate verify" \ 3084 -s "x509_verify_cert() returned" \ 3085 -s "! The certificate is not correctly signed by the trusted CA" \ 3086 -S "The certificate has been revoked (is on a CRL)" 3087 3088run_test "SNI: CA override" \ 3089 "$P_SRV debug_level=3 auth_mode=optional \ 3090 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3091 ca_file=data_files/test-ca.crt \ 3092 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3093 "$P_CLI debug_level=3 server_name=localhost \ 3094 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3095 0 \ 3096 -S "skip write certificate request" \ 3097 -C "skip parse certificate request" \ 3098 -c "got a certificate request" \ 3099 -C "skip write certificate" \ 3100 -C "skip write certificate verify" \ 3101 -S "skip parse certificate verify" \ 3102 -S "x509_verify_cert() returned" \ 3103 -S "! The certificate is not correctly signed by the trusted CA" \ 3104 -S "The certificate has been revoked (is on a CRL)" 3105 3106run_test "SNI: CA override with CRL" \ 3107 "$P_SRV debug_level=3 auth_mode=optional \ 3108 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3109 ca_file=data_files/test-ca.crt \ 3110 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3111 "$P_CLI debug_level=3 server_name=localhost \ 3112 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3113 1 \ 3114 -S "skip write certificate request" \ 3115 -C "skip parse certificate request" \ 3116 -c "got a certificate request" \ 3117 -C "skip write certificate" \ 3118 -C "skip write certificate verify" \ 3119 -S "skip parse certificate verify" \ 3120 -s "x509_verify_cert() returned" \ 3121 -S "! The certificate is not correctly signed by the trusted CA" \ 3122 -s "The certificate has been revoked (is on a CRL)" 3123 3124# Tests for SNI and DTLS 3125 3126run_test "SNI: DTLS, no SNI callback" \ 3127 "$P_SRV debug_level=3 dtls=1 \ 3128 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 3129 "$P_CLI server_name=localhost dtls=1" \ 3130 0 \ 3131 -S "parse ServerName extension" \ 3132 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 3133 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3134 3135run_test "SNI: DTLS, matching cert 1" \ 3136 "$P_SRV debug_level=3 dtls=1 \ 3137 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3138 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3139 "$P_CLI server_name=localhost dtls=1" \ 3140 0 \ 3141 -s "parse ServerName extension" \ 3142 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3143 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 3144 3145run_test "SNI: DTLS, matching cert 2" \ 3146 "$P_SRV debug_level=3 dtls=1 \ 3147 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3148 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3149 "$P_CLI server_name=polarssl.example dtls=1" \ 3150 0 \ 3151 -s "parse ServerName extension" \ 3152 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 3153 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 3154 3155run_test "SNI: DTLS, no matching cert" \ 3156 "$P_SRV debug_level=3 dtls=1 \ 3157 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3158 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 3159 "$P_CLI server_name=nonesuch.example dtls=1" \ 3160 1 \ 3161 -s "parse ServerName extension" \ 3162 -s "ssl_sni_wrapper() returned" \ 3163 -s "mbedtls_ssl_handshake returned" \ 3164 -c "mbedtls_ssl_handshake returned" \ 3165 -c "SSL - A fatal alert message was received from our peer" 3166 3167run_test "SNI: DTLS, client auth no override: optional" \ 3168 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3169 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3170 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 3171 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3172 0 \ 3173 -S "skip write certificate request" \ 3174 -C "skip parse certificate request" \ 3175 -c "got a certificate request" \ 3176 -C "skip write certificate" \ 3177 -C "skip write certificate verify" \ 3178 -S "skip parse certificate verify" 3179 3180run_test "SNI: DTLS, client auth override: none -> optional" \ 3181 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 3182 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3183 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 3184 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3185 0 \ 3186 -S "skip write certificate request" \ 3187 -C "skip parse certificate request" \ 3188 -c "got a certificate request" \ 3189 -C "skip write certificate" \ 3190 -C "skip write certificate verify" \ 3191 -S "skip parse certificate verify" 3192 3193run_test "SNI: DTLS, client auth override: optional -> none" \ 3194 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3195 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3196 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 3197 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 3198 0 \ 3199 -s "skip write certificate request" \ 3200 -C "skip parse certificate request" \ 3201 -c "got no certificate request" \ 3202 -c "skip write certificate" \ 3203 -c "skip write certificate verify" \ 3204 -s "skip parse certificate verify" 3205 3206run_test "SNI: DTLS, CA no override" \ 3207 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3208 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3209 ca_file=data_files/test-ca.crt \ 3210 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 3211 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3212 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3213 1 \ 3214 -S "skip write certificate request" \ 3215 -C "skip parse certificate request" \ 3216 -c "got a certificate request" \ 3217 -C "skip write certificate" \ 3218 -C "skip write certificate verify" \ 3219 -S "skip parse certificate verify" \ 3220 -s "x509_verify_cert() returned" \ 3221 -s "! The certificate is not correctly signed by the trusted CA" \ 3222 -S "The certificate has been revoked (is on a CRL)" 3223 3224run_test "SNI: DTLS, CA override" \ 3225 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 3226 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 3227 ca_file=data_files/test-ca.crt \ 3228 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 3229 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3230 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3231 0 \ 3232 -S "skip write certificate request" \ 3233 -C "skip parse certificate request" \ 3234 -c "got a certificate request" \ 3235 -C "skip write certificate" \ 3236 -C "skip write certificate verify" \ 3237 -S "skip parse certificate verify" \ 3238 -S "x509_verify_cert() returned" \ 3239 -S "! The certificate is not correctly signed by the trusted CA" \ 3240 -S "The certificate has been revoked (is on a CRL)" 3241 3242run_test "SNI: DTLS, CA override with CRL" \ 3243 "$P_SRV debug_level=3 auth_mode=optional \ 3244 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ 3245 ca_file=data_files/test-ca.crt \ 3246 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 3247 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 3248 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 3249 1 \ 3250 -S "skip write certificate request" \ 3251 -C "skip parse certificate request" \ 3252 -c "got a certificate request" \ 3253 -C "skip write certificate" \ 3254 -C "skip write certificate verify" \ 3255 -S "skip parse certificate verify" \ 3256 -s "x509_verify_cert() returned" \ 3257 -S "! The certificate is not correctly signed by the trusted CA" \ 3258 -s "The certificate has been revoked (is on a CRL)" 3259 3260# Tests for non-blocking I/O: exercise a variety of handshake flows 3261 3262run_test "Non-blocking I/O: basic handshake" \ 3263 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3264 "$P_CLI nbio=2 tickets=0" \ 3265 0 \ 3266 -S "mbedtls_ssl_handshake returned" \ 3267 -C "mbedtls_ssl_handshake returned" \ 3268 -c "Read from server: .* bytes read" 3269 3270run_test "Non-blocking I/O: client auth" \ 3271 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 3272 "$P_CLI nbio=2 tickets=0" \ 3273 0 \ 3274 -S "mbedtls_ssl_handshake returned" \ 3275 -C "mbedtls_ssl_handshake returned" \ 3276 -c "Read from server: .* bytes read" 3277 3278run_test "Non-blocking I/O: ticket" \ 3279 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3280 "$P_CLI nbio=2 tickets=1" \ 3281 0 \ 3282 -S "mbedtls_ssl_handshake returned" \ 3283 -C "mbedtls_ssl_handshake returned" \ 3284 -c "Read from server: .* bytes read" 3285 3286run_test "Non-blocking I/O: ticket + client auth" \ 3287 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3288 "$P_CLI nbio=2 tickets=1" \ 3289 0 \ 3290 -S "mbedtls_ssl_handshake returned" \ 3291 -C "mbedtls_ssl_handshake returned" \ 3292 -c "Read from server: .* bytes read" 3293 3294run_test "Non-blocking I/O: ticket + client auth + resume" \ 3295 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 3296 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3297 0 \ 3298 -S "mbedtls_ssl_handshake returned" \ 3299 -C "mbedtls_ssl_handshake returned" \ 3300 -c "Read from server: .* bytes read" 3301 3302run_test "Non-blocking I/O: ticket + resume" \ 3303 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 3304 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 3305 0 \ 3306 -S "mbedtls_ssl_handshake returned" \ 3307 -C "mbedtls_ssl_handshake returned" \ 3308 -c "Read from server: .* bytes read" 3309 3310run_test "Non-blocking I/O: session-id resume" \ 3311 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 3312 "$P_CLI nbio=2 tickets=0 reconnect=1" \ 3313 0 \ 3314 -S "mbedtls_ssl_handshake returned" \ 3315 -C "mbedtls_ssl_handshake returned" \ 3316 -c "Read from server: .* bytes read" 3317 3318# Tests for event-driven I/O: exercise a variety of handshake flows 3319 3320run_test "Event-driven I/O: basic handshake" \ 3321 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3322 "$P_CLI event=1 tickets=0" \ 3323 0 \ 3324 -S "mbedtls_ssl_handshake returned" \ 3325 -C "mbedtls_ssl_handshake returned" \ 3326 -c "Read from server: .* bytes read" 3327 3328run_test "Event-driven I/O: client auth" \ 3329 "$P_SRV event=1 tickets=0 auth_mode=required" \ 3330 "$P_CLI event=1 tickets=0" \ 3331 0 \ 3332 -S "mbedtls_ssl_handshake returned" \ 3333 -C "mbedtls_ssl_handshake returned" \ 3334 -c "Read from server: .* bytes read" 3335 3336run_test "Event-driven I/O: ticket" \ 3337 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3338 "$P_CLI event=1 tickets=1" \ 3339 0 \ 3340 -S "mbedtls_ssl_handshake returned" \ 3341 -C "mbedtls_ssl_handshake returned" \ 3342 -c "Read from server: .* bytes read" 3343 3344run_test "Event-driven I/O: ticket + client auth" \ 3345 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3346 "$P_CLI event=1 tickets=1" \ 3347 0 \ 3348 -S "mbedtls_ssl_handshake returned" \ 3349 -C "mbedtls_ssl_handshake returned" \ 3350 -c "Read from server: .* bytes read" 3351 3352run_test "Event-driven I/O: ticket + client auth + resume" \ 3353 "$P_SRV event=1 tickets=1 auth_mode=required" \ 3354 "$P_CLI event=1 tickets=1 reconnect=1" \ 3355 0 \ 3356 -S "mbedtls_ssl_handshake returned" \ 3357 -C "mbedtls_ssl_handshake returned" \ 3358 -c "Read from server: .* bytes read" 3359 3360run_test "Event-driven I/O: ticket + resume" \ 3361 "$P_SRV event=1 tickets=1 auth_mode=none" \ 3362 "$P_CLI event=1 tickets=1 reconnect=1" \ 3363 0 \ 3364 -S "mbedtls_ssl_handshake returned" \ 3365 -C "mbedtls_ssl_handshake returned" \ 3366 -c "Read from server: .* bytes read" 3367 3368run_test "Event-driven I/O: session-id resume" \ 3369 "$P_SRV event=1 tickets=0 auth_mode=none" \ 3370 "$P_CLI event=1 tickets=0 reconnect=1" \ 3371 0 \ 3372 -S "mbedtls_ssl_handshake returned" \ 3373 -C "mbedtls_ssl_handshake returned" \ 3374 -c "Read from server: .* bytes read" 3375 3376run_test "Event-driven I/O, DTLS: basic handshake" \ 3377 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3378 "$P_CLI dtls=1 event=1 tickets=0" \ 3379 0 \ 3380 -c "Read from server: .* bytes read" 3381 3382run_test "Event-driven I/O, DTLS: client auth" \ 3383 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3384 "$P_CLI dtls=1 event=1 tickets=0" \ 3385 0 \ 3386 -c "Read from server: .* bytes read" 3387 3388run_test "Event-driven I/O, DTLS: ticket" \ 3389 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3390 "$P_CLI dtls=1 event=1 tickets=1" \ 3391 0 \ 3392 -c "Read from server: .* bytes read" 3393 3394run_test "Event-driven I/O, DTLS: ticket + client auth" \ 3395 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3396 "$P_CLI dtls=1 event=1 tickets=1" \ 3397 0 \ 3398 -c "Read from server: .* bytes read" 3399 3400run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 3401 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 3402 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 3403 0 \ 3404 -c "Read from server: .* bytes read" 3405 3406run_test "Event-driven I/O, DTLS: ticket + resume" \ 3407 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 3408 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 3409 0 \ 3410 -c "Read from server: .* bytes read" 3411 3412run_test "Event-driven I/O, DTLS: session-id resume" \ 3413 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 3414 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 3415 0 \ 3416 -c "Read from server: .* bytes read" 3417 3418# This test demonstrates the need for the mbedtls_ssl_check_pending function. 3419# During session resumption, the client will send its ApplicationData record 3420# within the same datagram as the Finished messages. In this situation, the 3421# server MUST NOT idle on the underlying transport after handshake completion, 3422# because the ApplicationData request has already been queued internally. 3423run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 3424 -p "$P_PXY pack=50" \ 3425 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 3426 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 3427 0 \ 3428 -c "Read from server: .* bytes read" 3429 3430# Tests for version negotiation 3431 3432run_test "Version check: all -> 1.2" \ 3433 "$P_SRV" \ 3434 "$P_CLI" \ 3435 0 \ 3436 -S "mbedtls_ssl_handshake returned" \ 3437 -C "mbedtls_ssl_handshake returned" \ 3438 -s "Protocol is TLSv1.2" \ 3439 -c "Protocol is TLSv1.2" 3440 3441run_test "Version check: cli max 1.1 -> 1.1" \ 3442 "$P_SRV" \ 3443 "$P_CLI max_version=tls1_1" \ 3444 0 \ 3445 -S "mbedtls_ssl_handshake returned" \ 3446 -C "mbedtls_ssl_handshake returned" \ 3447 -s "Protocol is TLSv1.1" \ 3448 -c "Protocol is TLSv1.1" 3449 3450run_test "Version check: srv max 1.1 -> 1.1" \ 3451 "$P_SRV max_version=tls1_1" \ 3452 "$P_CLI" \ 3453 0 \ 3454 -S "mbedtls_ssl_handshake returned" \ 3455 -C "mbedtls_ssl_handshake returned" \ 3456 -s "Protocol is TLSv1.1" \ 3457 -c "Protocol is TLSv1.1" 3458 3459run_test "Version check: cli+srv max 1.1 -> 1.1" \ 3460 "$P_SRV max_version=tls1_1" \ 3461 "$P_CLI max_version=tls1_1" \ 3462 0 \ 3463 -S "mbedtls_ssl_handshake returned" \ 3464 -C "mbedtls_ssl_handshake returned" \ 3465 -s "Protocol is TLSv1.1" \ 3466 -c "Protocol is TLSv1.1" 3467 3468run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \ 3469 "$P_SRV min_version=tls1_1" \ 3470 "$P_CLI max_version=tls1_1" \ 3471 0 \ 3472 -S "mbedtls_ssl_handshake returned" \ 3473 -C "mbedtls_ssl_handshake returned" \ 3474 -s "Protocol is TLSv1.1" \ 3475 -c "Protocol is TLSv1.1" 3476 3477run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \ 3478 "$P_SRV max_version=tls1_1" \ 3479 "$P_CLI min_version=tls1_1" \ 3480 0 \ 3481 -S "mbedtls_ssl_handshake returned" \ 3482 -C "mbedtls_ssl_handshake returned" \ 3483 -s "Protocol is TLSv1.1" \ 3484 -c "Protocol is TLSv1.1" 3485 3486run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \ 3487 "$P_SRV max_version=tls1_1" \ 3488 "$P_CLI min_version=tls1_2" \ 3489 1 \ 3490 -s "mbedtls_ssl_handshake returned" \ 3491 -c "mbedtls_ssl_handshake returned" \ 3492 -c "SSL - Handshake protocol not within min/max boundaries" 3493 3494run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \ 3495 "$P_SRV min_version=tls1_2" \ 3496 "$P_CLI max_version=tls1_1" \ 3497 1 \ 3498 -s "mbedtls_ssl_handshake returned" \ 3499 -c "mbedtls_ssl_handshake returned" \ 3500 -s "SSL - Handshake protocol not within min/max boundaries" 3501 3502# Tests for ALPN extension 3503 3504run_test "ALPN: none" \ 3505 "$P_SRV debug_level=3" \ 3506 "$P_CLI debug_level=3" \ 3507 0 \ 3508 -C "client hello, adding alpn extension" \ 3509 -S "found alpn extension" \ 3510 -C "got an alert message, type: \\[2:120]" \ 3511 -S "server hello, adding alpn extension" \ 3512 -C "found alpn extension " \ 3513 -C "Application Layer Protocol is" \ 3514 -S "Application Layer Protocol is" 3515 3516run_test "ALPN: client only" \ 3517 "$P_SRV debug_level=3" \ 3518 "$P_CLI debug_level=3 alpn=abc,1234" \ 3519 0 \ 3520 -c "client hello, adding alpn extension" \ 3521 -s "found alpn extension" \ 3522 -C "got an alert message, type: \\[2:120]" \ 3523 -S "server hello, adding alpn extension" \ 3524 -C "found alpn extension " \ 3525 -c "Application Layer Protocol is (none)" \ 3526 -S "Application Layer Protocol is" 3527 3528run_test "ALPN: server only" \ 3529 "$P_SRV debug_level=3 alpn=abc,1234" \ 3530 "$P_CLI debug_level=3" \ 3531 0 \ 3532 -C "client hello, adding alpn extension" \ 3533 -S "found alpn extension" \ 3534 -C "got an alert message, type: \\[2:120]" \ 3535 -S "server hello, adding alpn extension" \ 3536 -C "found alpn extension " \ 3537 -C "Application Layer Protocol is" \ 3538 -s "Application Layer Protocol is (none)" 3539 3540run_test "ALPN: both, common cli1-srv1" \ 3541 "$P_SRV debug_level=3 alpn=abc,1234" \ 3542 "$P_CLI debug_level=3 alpn=abc,1234" \ 3543 0 \ 3544 -c "client hello, adding alpn extension" \ 3545 -s "found alpn extension" \ 3546 -C "got an alert message, type: \\[2:120]" \ 3547 -s "server hello, adding alpn extension" \ 3548 -c "found alpn extension" \ 3549 -c "Application Layer Protocol is abc" \ 3550 -s "Application Layer Protocol is abc" 3551 3552run_test "ALPN: both, common cli2-srv1" \ 3553 "$P_SRV debug_level=3 alpn=abc,1234" \ 3554 "$P_CLI debug_level=3 alpn=1234,abc" \ 3555 0 \ 3556 -c "client hello, adding alpn extension" \ 3557 -s "found alpn extension" \ 3558 -C "got an alert message, type: \\[2:120]" \ 3559 -s "server hello, adding alpn extension" \ 3560 -c "found alpn extension" \ 3561 -c "Application Layer Protocol is abc" \ 3562 -s "Application Layer Protocol is abc" 3563 3564run_test "ALPN: both, common cli1-srv2" \ 3565 "$P_SRV debug_level=3 alpn=abc,1234" \ 3566 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3567 0 \ 3568 -c "client hello, adding alpn extension" \ 3569 -s "found alpn extension" \ 3570 -C "got an alert message, type: \\[2:120]" \ 3571 -s "server hello, adding alpn extension" \ 3572 -c "found alpn extension" \ 3573 -c "Application Layer Protocol is 1234" \ 3574 -s "Application Layer Protocol is 1234" 3575 3576run_test "ALPN: both, no common" \ 3577 "$P_SRV debug_level=3 alpn=abc,123" \ 3578 "$P_CLI debug_level=3 alpn=1234,abcde" \ 3579 1 \ 3580 -c "client hello, adding alpn extension" \ 3581 -s "found alpn extension" \ 3582 -c "got an alert message, type: \\[2:120]" \ 3583 -S "server hello, adding alpn extension" \ 3584 -C "found alpn extension" \ 3585 -C "Application Layer Protocol is 1234" \ 3586 -S "Application Layer Protocol is 1234" 3587 3588 3589# Tests for keyUsage in leaf certificates, part 1: 3590# server-side certificate/suite selection 3591 3592run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ 3593 "$P_SRV key_file=data_files/server2.key \ 3594 crt_file=data_files/server2.ku-ds.crt" \ 3595 "$P_CLI" \ 3596 0 \ 3597 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 3598 3599 3600run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 3601 "$P_SRV key_file=data_files/server2.key \ 3602 crt_file=data_files/server2.ku-ke.crt" \ 3603 "$P_CLI" \ 3604 0 \ 3605 -c "Ciphersuite is TLS-RSA-WITH-" 3606 3607run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 3608 "$P_SRV key_file=data_files/server2.key \ 3609 crt_file=data_files/server2.ku-ka.crt" \ 3610 "$P_CLI" \ 3611 1 \ 3612 -C "Ciphersuite is " 3613 3614run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ 3615 "$P_SRV key_file=data_files/server5.key \ 3616 crt_file=data_files/server5.ku-ds.crt" \ 3617 "$P_CLI" \ 3618 0 \ 3619 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 3620 3621 3622run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 3623 "$P_SRV key_file=data_files/server5.key \ 3624 crt_file=data_files/server5.ku-ka.crt" \ 3625 "$P_CLI" \ 3626 0 \ 3627 -c "Ciphersuite is TLS-ECDH-" 3628 3629run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ 3630 "$P_SRV key_file=data_files/server5.key \ 3631 crt_file=data_files/server5.ku-ke.crt" \ 3632 "$P_CLI" \ 3633 1 \ 3634 -C "Ciphersuite is " 3635 3636# Tests for keyUsage in leaf certificates, part 2: 3637# client-side checking of server cert 3638 3639run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ 3640 "$O_SRV -key data_files/server2.key \ 3641 -cert data_files/server2.ku-ds_ke.crt" \ 3642 "$P_CLI debug_level=1 \ 3643 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3644 0 \ 3645 -C "bad certificate (usage extensions)" \ 3646 -C "Processing of the Certificate handshake message failed" \ 3647 -c "Ciphersuite is TLS-" 3648 3649run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 3650 "$O_SRV -key data_files/server2.key \ 3651 -cert data_files/server2.ku-ds_ke.crt" \ 3652 "$P_CLI debug_level=1 \ 3653 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3654 0 \ 3655 -C "bad certificate (usage extensions)" \ 3656 -C "Processing of the Certificate handshake message failed" \ 3657 -c "Ciphersuite is TLS-" 3658 3659run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ 3660 "$O_SRV -key data_files/server2.key \ 3661 -cert data_files/server2.ku-ke.crt" \ 3662 "$P_CLI debug_level=1 \ 3663 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3664 0 \ 3665 -C "bad certificate (usage extensions)" \ 3666 -C "Processing of the Certificate handshake message failed" \ 3667 -c "Ciphersuite is TLS-" 3668 3669run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ 3670 "$O_SRV -key data_files/server2.key \ 3671 -cert data_files/server2.ku-ke.crt" \ 3672 "$P_CLI debug_level=1 \ 3673 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3674 1 \ 3675 -c "bad certificate (usage extensions)" \ 3676 -c "Processing of the Certificate handshake message failed" \ 3677 -C "Ciphersuite is TLS-" 3678 3679run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ 3680 "$O_SRV -key data_files/server2.key \ 3681 -cert data_files/server2.ku-ke.crt" \ 3682 "$P_CLI debug_level=1 auth_mode=optional \ 3683 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3684 0 \ 3685 -c "bad certificate (usage extensions)" \ 3686 -C "Processing of the Certificate handshake message failed" \ 3687 -c "Ciphersuite is TLS-" \ 3688 -c "! Usage does not match the keyUsage extension" 3689 3690run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ 3691 "$O_SRV -key data_files/server2.key \ 3692 -cert data_files/server2.ku-ds.crt" \ 3693 "$P_CLI debug_level=1 \ 3694 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 3695 0 \ 3696 -C "bad certificate (usage extensions)" \ 3697 -C "Processing of the Certificate handshake message failed" \ 3698 -c "Ciphersuite is TLS-" 3699 3700run_test "keyUsage cli: DigitalSignature, RSA: fail" \ 3701 "$O_SRV -key data_files/server2.key \ 3702 -cert data_files/server2.ku-ds.crt" \ 3703 "$P_CLI debug_level=1 \ 3704 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3705 1 \ 3706 -c "bad certificate (usage extensions)" \ 3707 -c "Processing of the Certificate handshake message failed" \ 3708 -C "Ciphersuite is TLS-" 3709 3710run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ 3711 "$O_SRV -key data_files/server2.key \ 3712 -cert data_files/server2.ku-ds.crt" \ 3713 "$P_CLI debug_level=1 auth_mode=optional \ 3714 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3715 0 \ 3716 -c "bad certificate (usage extensions)" \ 3717 -C "Processing of the Certificate handshake message failed" \ 3718 -c "Ciphersuite is TLS-" \ 3719 -c "! Usage does not match the keyUsage extension" 3720 3721# Tests for keyUsage in leaf certificates, part 3: 3722# server-side checking of client cert 3723 3724run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ 3725 "$P_SRV debug_level=1 auth_mode=optional" \ 3726 "$O_CLI -key data_files/server2.key \ 3727 -cert data_files/server2.ku-ds.crt" \ 3728 0 \ 3729 -S "bad certificate (usage extensions)" \ 3730 -S "Processing of the Certificate handshake message failed" 3731 3732run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ 3733 "$P_SRV debug_level=1 auth_mode=optional" \ 3734 "$O_CLI -key data_files/server2.key \ 3735 -cert data_files/server2.ku-ke.crt" \ 3736 0 \ 3737 -s "bad certificate (usage extensions)" \ 3738 -S "Processing of the Certificate handshake message failed" 3739 3740run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ 3741 "$P_SRV debug_level=1 auth_mode=required" \ 3742 "$O_CLI -key data_files/server2.key \ 3743 -cert data_files/server2.ku-ke.crt" \ 3744 1 \ 3745 -s "bad certificate (usage extensions)" \ 3746 -s "Processing of the Certificate handshake message failed" 3747 3748run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ 3749 "$P_SRV debug_level=1 auth_mode=optional" \ 3750 "$O_CLI -key data_files/server5.key \ 3751 -cert data_files/server5.ku-ds.crt" \ 3752 0 \ 3753 -S "bad certificate (usage extensions)" \ 3754 -S "Processing of the Certificate handshake message failed" 3755 3756run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ 3757 "$P_SRV debug_level=1 auth_mode=optional" \ 3758 "$O_CLI -key data_files/server5.key \ 3759 -cert data_files/server5.ku-ka.crt" \ 3760 0 \ 3761 -s "bad certificate (usage extensions)" \ 3762 -S "Processing of the Certificate handshake message failed" 3763 3764# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 3765 3766run_test "extKeyUsage srv: serverAuth -> OK" \ 3767 "$P_SRV key_file=data_files/server5.key \ 3768 crt_file=data_files/server5.eku-srv.crt" \ 3769 "$P_CLI" \ 3770 0 3771 3772run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 3773 "$P_SRV key_file=data_files/server5.key \ 3774 crt_file=data_files/server5.eku-srv.crt" \ 3775 "$P_CLI" \ 3776 0 3777 3778run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 3779 "$P_SRV key_file=data_files/server5.key \ 3780 crt_file=data_files/server5.eku-cs_any.crt" \ 3781 "$P_CLI" \ 3782 0 3783 3784run_test "extKeyUsage srv: codeSign -> fail" \ 3785 "$P_SRV key_file=data_files/server5.key \ 3786 crt_file=data_files/server5.eku-cli.crt" \ 3787 "$P_CLI" \ 3788 1 3789 3790# Tests for extendedKeyUsage, part 2: client-side checking of server cert 3791 3792run_test "extKeyUsage cli: serverAuth -> OK" \ 3793 "$O_SRV -key data_files/server5.key \ 3794 -cert data_files/server5.eku-srv.crt" \ 3795 "$P_CLI debug_level=1" \ 3796 0 \ 3797 -C "bad certificate (usage extensions)" \ 3798 -C "Processing of the Certificate handshake message failed" \ 3799 -c "Ciphersuite is TLS-" 3800 3801run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ 3802 "$O_SRV -key data_files/server5.key \ 3803 -cert data_files/server5.eku-srv_cli.crt" \ 3804 "$P_CLI debug_level=1" \ 3805 0 \ 3806 -C "bad certificate (usage extensions)" \ 3807 -C "Processing of the Certificate handshake message failed" \ 3808 -c "Ciphersuite is TLS-" 3809 3810run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ 3811 "$O_SRV -key data_files/server5.key \ 3812 -cert data_files/server5.eku-cs_any.crt" \ 3813 "$P_CLI debug_level=1" \ 3814 0 \ 3815 -C "bad certificate (usage extensions)" \ 3816 -C "Processing of the Certificate handshake message failed" \ 3817 -c "Ciphersuite is TLS-" 3818 3819run_test "extKeyUsage cli: codeSign -> fail" \ 3820 "$O_SRV -key data_files/server5.key \ 3821 -cert data_files/server5.eku-cs.crt" \ 3822 "$P_CLI debug_level=1" \ 3823 1 \ 3824 -c "bad certificate (usage extensions)" \ 3825 -c "Processing of the Certificate handshake message failed" \ 3826 -C "Ciphersuite is TLS-" 3827 3828# Tests for extendedKeyUsage, part 3: server-side checking of client cert 3829 3830run_test "extKeyUsage cli-auth: clientAuth -> OK" \ 3831 "$P_SRV debug_level=1 auth_mode=optional" \ 3832 "$O_CLI -key data_files/server5.key \ 3833 -cert data_files/server5.eku-cli.crt" \ 3834 0 \ 3835 -S "bad certificate (usage extensions)" \ 3836 -S "Processing of the Certificate handshake message failed" 3837 3838run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ 3839 "$P_SRV debug_level=1 auth_mode=optional" \ 3840 "$O_CLI -key data_files/server5.key \ 3841 -cert data_files/server5.eku-srv_cli.crt" \ 3842 0 \ 3843 -S "bad certificate (usage extensions)" \ 3844 -S "Processing of the Certificate handshake message failed" 3845 3846run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ 3847 "$P_SRV debug_level=1 auth_mode=optional" \ 3848 "$O_CLI -key data_files/server5.key \ 3849 -cert data_files/server5.eku-cs_any.crt" \ 3850 0 \ 3851 -S "bad certificate (usage extensions)" \ 3852 -S "Processing of the Certificate handshake message failed" 3853 3854run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ 3855 "$P_SRV debug_level=1 auth_mode=optional" \ 3856 "$O_CLI -key data_files/server5.key \ 3857 -cert data_files/server5.eku-cs.crt" \ 3858 0 \ 3859 -s "bad certificate (usage extensions)" \ 3860 -S "Processing of the Certificate handshake message failed" 3861 3862run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ 3863 "$P_SRV debug_level=1 auth_mode=required" \ 3864 "$O_CLI -key data_files/server5.key \ 3865 -cert data_files/server5.eku-cs.crt" \ 3866 1 \ 3867 -s "bad certificate (usage extensions)" \ 3868 -s "Processing of the Certificate handshake message failed" 3869 3870# Tests for DHM parameters loading 3871 3872run_test "DHM parameters: reference" \ 3873 "$P_SRV" \ 3874 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3875 debug_level=3" \ 3876 0 \ 3877 -c "value of 'DHM: P ' (2048 bits)" \ 3878 -c "value of 'DHM: G ' (2 bits)" 3879 3880run_test "DHM parameters: other parameters" \ 3881 "$P_SRV dhm_file=data_files/dhparams.pem" \ 3882 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3883 debug_level=3" \ 3884 0 \ 3885 -c "value of 'DHM: P ' (1024 bits)" \ 3886 -c "value of 'DHM: G ' (2 bits)" 3887 3888# Tests for DHM client-side size checking 3889 3890run_test "DHM size: server default, client default, OK" \ 3891 "$P_SRV" \ 3892 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3893 debug_level=1" \ 3894 0 \ 3895 -C "DHM prime too short:" 3896 3897run_test "DHM size: server default, client 2048, OK" \ 3898 "$P_SRV" \ 3899 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3900 debug_level=1 dhmlen=2048" \ 3901 0 \ 3902 -C "DHM prime too short:" 3903 3904run_test "DHM size: server 1024, client default, OK" \ 3905 "$P_SRV dhm_file=data_files/dhparams.pem" \ 3906 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3907 debug_level=1" \ 3908 0 \ 3909 -C "DHM prime too short:" 3910 3911run_test "DHM size: server 1000, client default, rejected" \ 3912 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 3913 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3914 debug_level=1" \ 3915 1 \ 3916 -c "DHM prime too short:" 3917 3918run_test "DHM size: server default, client 2049, rejected" \ 3919 "$P_SRV" \ 3920 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 3921 debug_level=1 dhmlen=2049" \ 3922 1 \ 3923 -c "DHM prime too short:" 3924 3925# Tests for PSK callback 3926 3927run_test "PSK callback: psk, no callback" \ 3928 "$P_SRV psk=abc123 psk_identity=foo" \ 3929 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3930 psk_identity=foo psk=abc123" \ 3931 0 \ 3932 -S "SSL - None of the common ciphersuites is usable" \ 3933 -S "SSL - Unknown identity received" \ 3934 -S "SSL - Verification of the message MAC failed" 3935 3936run_test "PSK callback: no psk, no callback" \ 3937 "$P_SRV" \ 3938 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3939 psk_identity=foo psk=abc123" \ 3940 1 \ 3941 -s "SSL - None of the common ciphersuites is usable" \ 3942 -S "SSL - Unknown identity received" \ 3943 -S "SSL - Verification of the message MAC failed" 3944 3945run_test "PSK callback: callback overrides other settings" \ 3946 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ 3947 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3948 psk_identity=foo psk=abc123" \ 3949 1 \ 3950 -S "SSL - None of the common ciphersuites is usable" \ 3951 -s "SSL - Unknown identity received" \ 3952 -S "SSL - Verification of the message MAC failed" 3953 3954run_test "PSK callback: first id matches" \ 3955 "$P_SRV psk_list=abc,dead,def,beef" \ 3956 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3957 psk_identity=abc psk=dead" \ 3958 0 \ 3959 -S "SSL - None of the common ciphersuites is usable" \ 3960 -S "SSL - Unknown identity received" \ 3961 -S "SSL - Verification of the message MAC failed" 3962 3963run_test "PSK callback: second id matches" \ 3964 "$P_SRV psk_list=abc,dead,def,beef" \ 3965 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3966 psk_identity=def psk=beef" \ 3967 0 \ 3968 -S "SSL - None of the common ciphersuites is usable" \ 3969 -S "SSL - Unknown identity received" \ 3970 -S "SSL - Verification of the message MAC failed" 3971 3972run_test "PSK callback: no match" \ 3973 "$P_SRV psk_list=abc,dead,def,beef" \ 3974 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3975 psk_identity=ghi psk=beef" \ 3976 1 \ 3977 -S "SSL - None of the common ciphersuites is usable" \ 3978 -s "SSL - Unknown identity received" \ 3979 -S "SSL - Verification of the message MAC failed" 3980 3981run_test "PSK callback: wrong key" \ 3982 "$P_SRV psk_list=abc,dead,def,beef" \ 3983 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 3984 psk_identity=abc psk=beef" \ 3985 1 \ 3986 -S "SSL - None of the common ciphersuites is usable" \ 3987 -S "SSL - Unknown identity received" \ 3988 -s "SSL - Verification of the message MAC failed" 3989 3990# Tests for EC J-PAKE 3991 3992requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 3993run_test "ECJPAKE: client not configured" \ 3994 "$P_SRV debug_level=3" \ 3995 "$P_CLI debug_level=3" \ 3996 0 \ 3997 -C "add ciphersuite: c0ff" \ 3998 -C "adding ecjpake_kkpp extension" \ 3999 -S "found ecjpake kkpp extension" \ 4000 -S "skip ecjpake kkpp extension" \ 4001 -S "ciphersuite mismatch: ecjpake not configured" \ 4002 -S "server hello, ecjpake kkpp extension" \ 4003 -C "found ecjpake_kkpp extension" \ 4004 -S "None of the common ciphersuites is usable" 4005 4006requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4007run_test "ECJPAKE: server not configured" \ 4008 "$P_SRV debug_level=3" \ 4009 "$P_CLI debug_level=3 ecjpake_pw=bla \ 4010 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4011 1 \ 4012 -c "add ciphersuite: c0ff" \ 4013 -c "adding ecjpake_kkpp extension" \ 4014 -s "found ecjpake kkpp extension" \ 4015 -s "skip ecjpake kkpp extension" \ 4016 -s "ciphersuite mismatch: ecjpake not configured" \ 4017 -S "server hello, ecjpake kkpp extension" \ 4018 -C "found ecjpake_kkpp extension" \ 4019 -s "None of the common ciphersuites is usable" 4020 4021requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4022run_test "ECJPAKE: working, TLS" \ 4023 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 4024 "$P_CLI debug_level=3 ecjpake_pw=bla \ 4025 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4026 0 \ 4027 -c "add ciphersuite: c0ff" \ 4028 -c "adding ecjpake_kkpp extension" \ 4029 -C "re-using cached ecjpake parameters" \ 4030 -s "found ecjpake kkpp extension" \ 4031 -S "skip ecjpake kkpp extension" \ 4032 -S "ciphersuite mismatch: ecjpake not configured" \ 4033 -s "server hello, ecjpake kkpp extension" \ 4034 -c "found ecjpake_kkpp extension" \ 4035 -S "None of the common ciphersuites is usable" \ 4036 -S "SSL - Verification of the message MAC failed" 4037 4038server_needs_more_time 1 4039requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4040run_test "ECJPAKE: password mismatch, TLS" \ 4041 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 4042 "$P_CLI debug_level=3 ecjpake_pw=bad \ 4043 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4044 1 \ 4045 -C "re-using cached ecjpake parameters" \ 4046 -s "SSL - Verification of the message MAC failed" 4047 4048requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4049run_test "ECJPAKE: working, DTLS" \ 4050 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 4051 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 4052 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4053 0 \ 4054 -c "re-using cached ecjpake parameters" \ 4055 -S "SSL - Verification of the message MAC failed" 4056 4057requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4058run_test "ECJPAKE: working, DTLS, no cookie" \ 4059 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 4060 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 4061 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4062 0 \ 4063 -C "re-using cached ecjpake parameters" \ 4064 -S "SSL - Verification of the message MAC failed" 4065 4066server_needs_more_time 1 4067requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4068run_test "ECJPAKE: password mismatch, DTLS" \ 4069 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 4070 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 4071 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4072 1 \ 4073 -c "re-using cached ecjpake parameters" \ 4074 -s "SSL - Verification of the message MAC failed" 4075 4076# for tests with configs/config-thread.h 4077requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE 4078run_test "ECJPAKE: working, DTLS, nolog" \ 4079 "$P_SRV dtls=1 ecjpake_pw=bla" \ 4080 "$P_CLI dtls=1 ecjpake_pw=bla \ 4081 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 4082 0 4083 4084# Tests for ciphersuites per version 4085 4086requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4087requires_config_enabled MBEDTLS_CAMELLIA_C 4088requires_config_enabled MBEDTLS_AES_C 4089run_test "Per-version suites: SSL3" \ 4090 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4091 "$P_CLI force_version=ssl3" \ 4092 0 \ 4093 -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" 4094 4095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 4096requires_config_enabled MBEDTLS_CAMELLIA_C 4097requires_config_enabled MBEDTLS_AES_C 4098run_test "Per-version suites: TLS 1.0" \ 4099 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4100 "$P_CLI force_version=tls1 arc4=1" \ 4101 0 \ 4102 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" 4103 4104requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 4105requires_config_enabled MBEDTLS_CAMELLIA_C 4106requires_config_enabled MBEDTLS_AES_C 4107run_test "Per-version suites: TLS 1.1" \ 4108 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4109 "$P_CLI force_version=tls1_1" \ 4110 0 \ 4111 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" 4112 4113requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4114requires_config_enabled MBEDTLS_CAMELLIA_C 4115requires_config_enabled MBEDTLS_AES_C 4116run_test "Per-version suites: TLS 1.2" \ 4117 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ 4118 "$P_CLI force_version=tls1_2" \ 4119 0 \ 4120 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" 4121 4122# Test for ClientHello without extensions 4123 4124requires_gnutls 4125run_test "ClientHello without extensions" \ 4126 "$P_SRV debug_level=3" \ 4127 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 4128 0 \ 4129 -s "dumping 'client hello extensions' (0 bytes)" 4130 4131# Tests for mbedtls_ssl_get_bytes_avail() 4132 4133run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 4134 "$P_SRV" \ 4135 "$P_CLI request_size=100" \ 4136 0 \ 4137 -s "Read from client: 100 bytes read$" 4138 4139run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 4140 "$P_SRV" \ 4141 "$P_CLI request_size=500" \ 4142 0 \ 4143 -s "Read from client: 500 bytes read (.*+.*)" 4144 4145# Tests for small client packets 4146 4147requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4148run_test "Small client packet SSLv3 BlockCipher" \ 4149 "$P_SRV min_version=ssl3" \ 4150 "$P_CLI request_size=1 force_version=ssl3 \ 4151 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4152 0 \ 4153 -s "Read from client: 1 bytes read" 4154 4155requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4156run_test "Small client packet SSLv3 StreamCipher" \ 4157 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4158 "$P_CLI request_size=1 force_version=ssl3 \ 4159 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4160 0 \ 4161 -s "Read from client: 1 bytes read" 4162 4163run_test "Small client packet TLS 1.0 BlockCipher" \ 4164 "$P_SRV" \ 4165 "$P_CLI request_size=1 force_version=tls1 \ 4166 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4167 0 \ 4168 -s "Read from client: 1 bytes read" 4169 4170run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \ 4171 "$P_SRV" \ 4172 "$P_CLI request_size=1 force_version=tls1 etm=0 \ 4173 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4174 0 \ 4175 -s "Read from client: 1 bytes read" 4176 4177requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4178run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \ 4179 "$P_SRV trunc_hmac=1" \ 4180 "$P_CLI request_size=1 force_version=tls1 \ 4181 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4182 0 \ 4183 -s "Read from client: 1 bytes read" 4184 4185requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4186run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4187 "$P_SRV trunc_hmac=1" \ 4188 "$P_CLI request_size=1 force_version=tls1 \ 4189 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4190 0 \ 4191 -s "Read from client: 1 bytes read" 4192 4193run_test "Small client packet TLS 1.0 StreamCipher" \ 4194 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4195 "$P_CLI request_size=1 force_version=tls1 \ 4196 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4197 0 \ 4198 -s "Read from client: 1 bytes read" 4199 4200run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \ 4201 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4202 "$P_CLI request_size=1 force_version=tls1 \ 4203 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4204 0 \ 4205 -s "Read from client: 1 bytes read" 4206 4207requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4208run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \ 4209 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4210 "$P_CLI request_size=1 force_version=tls1 \ 4211 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4212 0 \ 4213 -s "Read from client: 1 bytes read" 4214 4215requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4216run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4217 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4218 "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4219 trunc_hmac=1 etm=0" \ 4220 0 \ 4221 -s "Read from client: 1 bytes read" 4222 4223run_test "Small client packet TLS 1.1 BlockCipher" \ 4224 "$P_SRV" \ 4225 "$P_CLI request_size=1 force_version=tls1_1 \ 4226 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4227 0 \ 4228 -s "Read from client: 1 bytes read" 4229 4230run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \ 4231 "$P_SRV" \ 4232 "$P_CLI request_size=1 force_version=tls1_1 \ 4233 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4234 0 \ 4235 -s "Read from client: 1 bytes read" 4236 4237requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4238run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \ 4239 "$P_SRV trunc_hmac=1" \ 4240 "$P_CLI request_size=1 force_version=tls1_1 \ 4241 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4242 0 \ 4243 -s "Read from client: 1 bytes read" 4244 4245requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4246run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4247 "$P_SRV trunc_hmac=1" \ 4248 "$P_CLI request_size=1 force_version=tls1_1 \ 4249 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4250 0 \ 4251 -s "Read from client: 1 bytes read" 4252 4253run_test "Small client packet TLS 1.1 StreamCipher" \ 4254 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4255 "$P_CLI request_size=1 force_version=tls1_1 \ 4256 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4257 0 \ 4258 -s "Read from client: 1 bytes read" 4259 4260run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \ 4261 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4262 "$P_CLI request_size=1 force_version=tls1_1 \ 4263 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4264 0 \ 4265 -s "Read from client: 1 bytes read" 4266 4267requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4268run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \ 4269 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4270 "$P_CLI request_size=1 force_version=tls1_1 \ 4271 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4272 0 \ 4273 -s "Read from client: 1 bytes read" 4274 4275requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4276run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4277 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4278 "$P_CLI request_size=1 force_version=tls1_1 \ 4279 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4280 0 \ 4281 -s "Read from client: 1 bytes read" 4282 4283run_test "Small client packet TLS 1.2 BlockCipher" \ 4284 "$P_SRV" \ 4285 "$P_CLI request_size=1 force_version=tls1_2 \ 4286 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4287 0 \ 4288 -s "Read from client: 1 bytes read" 4289 4290run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 4291 "$P_SRV" \ 4292 "$P_CLI request_size=1 force_version=tls1_2 \ 4293 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4294 0 \ 4295 -s "Read from client: 1 bytes read" 4296 4297run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 4298 "$P_SRV" \ 4299 "$P_CLI request_size=1 force_version=tls1_2 \ 4300 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4301 0 \ 4302 -s "Read from client: 1 bytes read" 4303 4304requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4305run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \ 4306 "$P_SRV trunc_hmac=1" \ 4307 "$P_CLI request_size=1 force_version=tls1_2 \ 4308 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4309 0 \ 4310 -s "Read from client: 1 bytes read" 4311 4312requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4313run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4314 "$P_SRV trunc_hmac=1" \ 4315 "$P_CLI request_size=1 force_version=tls1_2 \ 4316 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4317 0 \ 4318 -s "Read from client: 1 bytes read" 4319 4320run_test "Small client packet TLS 1.2 StreamCipher" \ 4321 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4322 "$P_CLI request_size=1 force_version=tls1_2 \ 4323 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4324 0 \ 4325 -s "Read from client: 1 bytes read" 4326 4327run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \ 4328 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4329 "$P_CLI request_size=1 force_version=tls1_2 \ 4330 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4331 0 \ 4332 -s "Read from client: 1 bytes read" 4333 4334requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4335run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \ 4336 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4337 "$P_CLI request_size=1 force_version=tls1_2 \ 4338 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4339 0 \ 4340 -s "Read from client: 1 bytes read" 4341 4342requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4343run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4344 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4345 "$P_CLI request_size=1 force_version=tls1_2 \ 4346 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4347 0 \ 4348 -s "Read from client: 1 bytes read" 4349 4350run_test "Small client packet TLS 1.2 AEAD" \ 4351 "$P_SRV" \ 4352 "$P_CLI request_size=1 force_version=tls1_2 \ 4353 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4354 0 \ 4355 -s "Read from client: 1 bytes read" 4356 4357run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 4358 "$P_SRV" \ 4359 "$P_CLI request_size=1 force_version=tls1_2 \ 4360 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4361 0 \ 4362 -s "Read from client: 1 bytes read" 4363 4364# Tests for small client packets in DTLS 4365 4366requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4367run_test "Small client packet DTLS 1.0" \ 4368 "$P_SRV dtls=1 force_version=dtls1" \ 4369 "$P_CLI dtls=1 request_size=1 \ 4370 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4371 0 \ 4372 -s "Read from client: 1 bytes read" 4373 4374requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4375run_test "Small client packet DTLS 1.0, without EtM" \ 4376 "$P_SRV dtls=1 force_version=dtls1 etm=0" \ 4377 "$P_CLI dtls=1 request_size=1 \ 4378 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4379 0 \ 4380 -s "Read from client: 1 bytes read" 4381 4382requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4383requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4384run_test "Small client packet DTLS 1.0, truncated hmac" \ 4385 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \ 4386 "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \ 4387 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4388 0 \ 4389 -s "Read from client: 1 bytes read" 4390 4391requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4392requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4393run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \ 4394 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4395 "$P_CLI dtls=1 request_size=1 \ 4396 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4397 0 \ 4398 -s "Read from client: 1 bytes read" 4399 4400requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4401run_test "Small client packet DTLS 1.2" \ 4402 "$P_SRV dtls=1 force_version=dtls1_2" \ 4403 "$P_CLI dtls=1 request_size=1 \ 4404 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4405 0 \ 4406 -s "Read from client: 1 bytes read" 4407 4408requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4409run_test "Small client packet DTLS 1.2, without EtM" \ 4410 "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \ 4411 "$P_CLI dtls=1 request_size=1 \ 4412 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4413 0 \ 4414 -s "Read from client: 1 bytes read" 4415 4416requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4417requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4418run_test "Small client packet DTLS 1.2, truncated hmac" \ 4419 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \ 4420 "$P_CLI dtls=1 request_size=1 \ 4421 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4422 0 \ 4423 -s "Read from client: 1 bytes read" 4424 4425requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4426requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4427run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \ 4428 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4429 "$P_CLI dtls=1 request_size=1 \ 4430 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4431 0 \ 4432 -s "Read from client: 1 bytes read" 4433 4434# Tests for small server packets 4435 4436requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4437run_test "Small server packet SSLv3 BlockCipher" \ 4438 "$P_SRV response_size=1 min_version=ssl3" \ 4439 "$P_CLI force_version=ssl3 \ 4440 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4441 0 \ 4442 -c "Read from server: 1 bytes read" 4443 4444requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4445run_test "Small server packet SSLv3 StreamCipher" \ 4446 "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4447 "$P_CLI force_version=ssl3 \ 4448 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4449 0 \ 4450 -c "Read from server: 1 bytes read" 4451 4452run_test "Small server packet TLS 1.0 BlockCipher" \ 4453 "$P_SRV response_size=1" \ 4454 "$P_CLI force_version=tls1 \ 4455 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4456 0 \ 4457 -c "Read from server: 1 bytes read" 4458 4459run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \ 4460 "$P_SRV response_size=1" \ 4461 "$P_CLI force_version=tls1 etm=0 \ 4462 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4463 0 \ 4464 -c "Read from server: 1 bytes read" 4465 4466requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4467run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \ 4468 "$P_SRV response_size=1 trunc_hmac=1" \ 4469 "$P_CLI force_version=tls1 \ 4470 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4471 0 \ 4472 -c "Read from server: 1 bytes read" 4473 4474requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4475run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4476 "$P_SRV response_size=1 trunc_hmac=1" \ 4477 "$P_CLI force_version=tls1 \ 4478 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4479 0 \ 4480 -c "Read from server: 1 bytes read" 4481 4482run_test "Small server packet TLS 1.0 StreamCipher" \ 4483 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4484 "$P_CLI force_version=tls1 \ 4485 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4486 0 \ 4487 -c "Read from server: 1 bytes read" 4488 4489run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \ 4490 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4491 "$P_CLI force_version=tls1 \ 4492 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4493 0 \ 4494 -c "Read from server: 1 bytes read" 4495 4496requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4497run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \ 4498 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4499 "$P_CLI force_version=tls1 \ 4500 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4501 0 \ 4502 -c "Read from server: 1 bytes read" 4503 4504requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4505run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4506 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4507 "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 4508 trunc_hmac=1 etm=0" \ 4509 0 \ 4510 -c "Read from server: 1 bytes read" 4511 4512run_test "Small server packet TLS 1.1 BlockCipher" \ 4513 "$P_SRV response_size=1" \ 4514 "$P_CLI force_version=tls1_1 \ 4515 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4516 0 \ 4517 -c "Read from server: 1 bytes read" 4518 4519run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \ 4520 "$P_SRV response_size=1" \ 4521 "$P_CLI force_version=tls1_1 \ 4522 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4523 0 \ 4524 -c "Read from server: 1 bytes read" 4525 4526requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4527run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \ 4528 "$P_SRV response_size=1 trunc_hmac=1" \ 4529 "$P_CLI force_version=tls1_1 \ 4530 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4531 0 \ 4532 -c "Read from server: 1 bytes read" 4533 4534requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4535run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4536 "$P_SRV response_size=1 trunc_hmac=1" \ 4537 "$P_CLI force_version=tls1_1 \ 4538 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4539 0 \ 4540 -c "Read from server: 1 bytes read" 4541 4542run_test "Small server packet TLS 1.1 StreamCipher" \ 4543 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4544 "$P_CLI force_version=tls1_1 \ 4545 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4546 0 \ 4547 -c "Read from server: 1 bytes read" 4548 4549run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \ 4550 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4551 "$P_CLI force_version=tls1_1 \ 4552 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4553 0 \ 4554 -c "Read from server: 1 bytes read" 4555 4556requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4557run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \ 4558 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4559 "$P_CLI force_version=tls1_1 \ 4560 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4561 0 \ 4562 -c "Read from server: 1 bytes read" 4563 4564requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4565run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4566 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4567 "$P_CLI force_version=tls1_1 \ 4568 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4569 0 \ 4570 -c "Read from server: 1 bytes read" 4571 4572run_test "Small server packet TLS 1.2 BlockCipher" \ 4573 "$P_SRV response_size=1" \ 4574 "$P_CLI force_version=tls1_2 \ 4575 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4576 0 \ 4577 -c "Read from server: 1 bytes read" 4578 4579run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 4580 "$P_SRV response_size=1" \ 4581 "$P_CLI force_version=tls1_2 \ 4582 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 4583 0 \ 4584 -c "Read from server: 1 bytes read" 4585 4586run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 4587 "$P_SRV response_size=1" \ 4588 "$P_CLI force_version=tls1_2 \ 4589 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4590 0 \ 4591 -c "Read from server: 1 bytes read" 4592 4593requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4594run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \ 4595 "$P_SRV response_size=1 trunc_hmac=1" \ 4596 "$P_CLI force_version=tls1_2 \ 4597 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4598 0 \ 4599 -c "Read from server: 1 bytes read" 4600 4601requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4602run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4603 "$P_SRV response_size=1 trunc_hmac=1" \ 4604 "$P_CLI force_version=tls1_2 \ 4605 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4606 0 \ 4607 -c "Read from server: 1 bytes read" 4608 4609run_test "Small server packet TLS 1.2 StreamCipher" \ 4610 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4611 "$P_CLI force_version=tls1_2 \ 4612 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4613 0 \ 4614 -c "Read from server: 1 bytes read" 4615 4616run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \ 4617 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4618 "$P_CLI force_version=tls1_2 \ 4619 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4620 0 \ 4621 -c "Read from server: 1 bytes read" 4622 4623requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4624run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \ 4625 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4626 "$P_CLI force_version=tls1_2 \ 4627 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4628 0 \ 4629 -c "Read from server: 1 bytes read" 4630 4631requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4632run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4633 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4634 "$P_CLI force_version=tls1_2 \ 4635 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4636 0 \ 4637 -c "Read from server: 1 bytes read" 4638 4639run_test "Small server packet TLS 1.2 AEAD" \ 4640 "$P_SRV response_size=1" \ 4641 "$P_CLI force_version=tls1_2 \ 4642 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4643 0 \ 4644 -c "Read from server: 1 bytes read" 4645 4646run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 4647 "$P_SRV response_size=1" \ 4648 "$P_CLI force_version=tls1_2 \ 4649 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4650 0 \ 4651 -c "Read from server: 1 bytes read" 4652 4653# Tests for small server packets in DTLS 4654 4655requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4656run_test "Small server packet DTLS 1.0" \ 4657 "$P_SRV dtls=1 response_size=1 force_version=dtls1" \ 4658 "$P_CLI dtls=1 \ 4659 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4660 0 \ 4661 -c "Read from server: 1 bytes read" 4662 4663requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4664run_test "Small server packet DTLS 1.0, without EtM" \ 4665 "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \ 4666 "$P_CLI dtls=1 \ 4667 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4668 0 \ 4669 -c "Read from server: 1 bytes read" 4670 4671requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4672requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4673run_test "Small server packet DTLS 1.0, truncated hmac" \ 4674 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \ 4675 "$P_CLI dtls=1 trunc_hmac=1 \ 4676 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4677 0 \ 4678 -c "Read from server: 1 bytes read" 4679 4680requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4681requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4682run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \ 4683 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \ 4684 "$P_CLI dtls=1 \ 4685 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4686 0 \ 4687 -c "Read from server: 1 bytes read" 4688 4689requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4690run_test "Small server packet DTLS 1.2" \ 4691 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \ 4692 "$P_CLI dtls=1 \ 4693 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4694 0 \ 4695 -c "Read from server: 1 bytes read" 4696 4697requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4698run_test "Small server packet DTLS 1.2, without EtM" \ 4699 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \ 4700 "$P_CLI dtls=1 \ 4701 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4702 0 \ 4703 -c "Read from server: 1 bytes read" 4704 4705requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4706requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4707run_test "Small server packet DTLS 1.2, truncated hmac" \ 4708 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \ 4709 "$P_CLI dtls=1 \ 4710 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4711 0 \ 4712 -c "Read from server: 1 bytes read" 4713 4714requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 4715requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4716run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \ 4717 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \ 4718 "$P_CLI dtls=1 \ 4719 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\ 4720 0 \ 4721 -c "Read from server: 1 bytes read" 4722 4723# A test for extensions in SSLv3 4724 4725requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4726run_test "SSLv3 with extensions, server side" \ 4727 "$P_SRV min_version=ssl3 debug_level=3" \ 4728 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \ 4729 0 \ 4730 -S "dumping 'client hello extensions'" \ 4731 -S "server hello, total extension length:" 4732 4733# Test for large client packets 4734 4735# How many fragments do we expect to write $1 bytes? 4736fragments_for_write() { 4737 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 4738} 4739 4740requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4741run_test "Large client packet SSLv3 BlockCipher" \ 4742 "$P_SRV min_version=ssl3" \ 4743 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ 4744 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4745 0 \ 4746 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4747 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4748 4749requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4750run_test "Large client packet SSLv3 StreamCipher" \ 4751 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4752 "$P_CLI request_size=16384 force_version=ssl3 \ 4753 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4754 0 \ 4755 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4756 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4757 4758run_test "Large client packet TLS 1.0 BlockCipher" \ 4759 "$P_SRV" \ 4760 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 4761 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4762 0 \ 4763 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4764 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4765 4766run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \ 4767 "$P_SRV" \ 4768 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 4769 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4770 0 \ 4771 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4772 4773requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4774run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \ 4775 "$P_SRV trunc_hmac=1" \ 4776 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ 4777 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4778 0 \ 4779 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4780 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4781 4782requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4783run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \ 4784 "$P_SRV trunc_hmac=1" \ 4785 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \ 4786 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4787 0 \ 4788 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4789 4790run_test "Large client packet TLS 1.0 StreamCipher" \ 4791 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4792 "$P_CLI request_size=16384 force_version=tls1 \ 4793 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4794 0 \ 4795 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4796 4797run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \ 4798 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4799 "$P_CLI request_size=16384 force_version=tls1 \ 4800 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4801 0 \ 4802 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4803 4804requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4805run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \ 4806 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4807 "$P_CLI request_size=16384 force_version=tls1 \ 4808 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4809 0 \ 4810 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4811 4812requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4813run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 4814 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4815 "$P_CLI request_size=16384 force_version=tls1 \ 4816 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4817 0 \ 4818 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4819 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4820 4821run_test "Large client packet TLS 1.1 BlockCipher" \ 4822 "$P_SRV" \ 4823 "$P_CLI request_size=16384 force_version=tls1_1 \ 4824 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4825 0 \ 4826 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4827 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4828 4829run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \ 4830 "$P_SRV" \ 4831 "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \ 4832 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4833 0 \ 4834 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4835 4836requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4837run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \ 4838 "$P_SRV trunc_hmac=1" \ 4839 "$P_CLI request_size=16384 force_version=tls1_1 \ 4840 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4841 0 \ 4842 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4843 4844requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4845run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 4846 "$P_SRV trunc_hmac=1" \ 4847 "$P_CLI request_size=16384 force_version=tls1_1 \ 4848 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4849 0 \ 4850 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4851 4852run_test "Large client packet TLS 1.1 StreamCipher" \ 4853 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4854 "$P_CLI request_size=16384 force_version=tls1_1 \ 4855 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4856 0 \ 4857 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4858 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4859 4860run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \ 4861 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4862 "$P_CLI request_size=16384 force_version=tls1_1 \ 4863 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4864 0 \ 4865 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4866 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4867 4868requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4869run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \ 4870 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4871 "$P_CLI request_size=16384 force_version=tls1_1 \ 4872 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4873 0 \ 4874 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4875 4876requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4877run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 4878 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4879 "$P_CLI request_size=16384 force_version=tls1_1 \ 4880 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4881 0 \ 4882 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4883 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4884 4885run_test "Large client packet TLS 1.2 BlockCipher" \ 4886 "$P_SRV" \ 4887 "$P_CLI request_size=16384 force_version=tls1_2 \ 4888 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4889 0 \ 4890 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4891 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4892 4893run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 4894 "$P_SRV" \ 4895 "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \ 4896 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4897 0 \ 4898 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4899 4900run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 4901 "$P_SRV" \ 4902 "$P_CLI request_size=16384 force_version=tls1_2 \ 4903 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 4904 0 \ 4905 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4906 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4907 4908requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4909run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \ 4910 "$P_SRV trunc_hmac=1" \ 4911 "$P_CLI request_size=16384 force_version=tls1_2 \ 4912 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \ 4913 0 \ 4914 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4915 4916requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4917run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 4918 "$P_SRV trunc_hmac=1" \ 4919 "$P_CLI request_size=16384 force_version=tls1_2 \ 4920 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 4921 0 \ 4922 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4923 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4924 4925run_test "Large client packet TLS 1.2 StreamCipher" \ 4926 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4927 "$P_CLI request_size=16384 force_version=tls1_2 \ 4928 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4929 0 \ 4930 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4931 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4932 4933run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \ 4934 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4935 "$P_CLI request_size=16384 force_version=tls1_2 \ 4936 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 4937 0 \ 4938 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4939 4940requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4941run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \ 4942 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4943 "$P_CLI request_size=16384 force_version=tls1_2 \ 4944 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4945 0 \ 4946 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4947 4948requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 4949run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 4950 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 4951 "$P_CLI request_size=16384 force_version=tls1_2 \ 4952 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 4953 0 \ 4954 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4955 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4956 4957run_test "Large client packet TLS 1.2 AEAD" \ 4958 "$P_SRV" \ 4959 "$P_CLI request_size=16384 force_version=tls1_2 \ 4960 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 4961 0 \ 4962 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4963 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4964 4965run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 4966 "$P_SRV" \ 4967 "$P_CLI request_size=16384 force_version=tls1_2 \ 4968 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 4969 0 \ 4970 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 4971 -s "Read from client: $MAX_CONTENT_LEN bytes read" 4972 4973# Test for large server packets 4974requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4975run_test "Large server packet SSLv3 StreamCipher" \ 4976 "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4977 "$P_CLI force_version=ssl3 \ 4978 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 4979 0 \ 4980 -c "Read from server: 16384 bytes read" 4981 4982# Checking next 4 tests logs for 1n-1 split against BEAST too 4983requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 4984run_test "Large server packet SSLv3 BlockCipher" \ 4985 "$P_SRV response_size=16384 min_version=ssl3" \ 4986 "$P_CLI force_version=ssl3 recsplit=0 \ 4987 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4988 0 \ 4989 -c "Read from server: 1 bytes read"\ 4990 -c "16383 bytes read"\ 4991 -C "Read from server: 16384 bytes read" 4992 4993run_test "Large server packet TLS 1.0 BlockCipher" \ 4994 "$P_SRV response_size=16384" \ 4995 "$P_CLI force_version=tls1 recsplit=0 \ 4996 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 4997 0 \ 4998 -c "Read from server: 1 bytes read"\ 4999 -c "16383 bytes read"\ 5000 -C "Read from server: 16384 bytes read" 5001 5002run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \ 5003 "$P_SRV response_size=16384" \ 5004 "$P_CLI force_version=tls1 etm=0 recsplit=0 \ 5005 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5006 0 \ 5007 -c "Read from server: 1 bytes read"\ 5008 -c "16383 bytes read"\ 5009 -C "Read from server: 16384 bytes read" 5010 5011requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5012run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \ 5013 "$P_SRV response_size=16384" \ 5014 "$P_CLI force_version=tls1 recsplit=0 \ 5015 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5016 trunc_hmac=1" \ 5017 0 \ 5018 -c "Read from server: 1 bytes read"\ 5019 -c "16383 bytes read"\ 5020 -C "Read from server: 16384 bytes read" 5021 5022requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5023run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \ 5024 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5025 "$P_CLI force_version=tls1 \ 5026 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5027 trunc_hmac=1" \ 5028 0 \ 5029 -s "16384 bytes written in 1 fragments" \ 5030 -c "Read from server: 16384 bytes read" 5031 5032run_test "Large server packet TLS 1.0 StreamCipher" \ 5033 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5034 "$P_CLI force_version=tls1 \ 5035 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5036 0 \ 5037 -s "16384 bytes written in 1 fragments" \ 5038 -c "Read from server: 16384 bytes read" 5039 5040run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \ 5041 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5042 "$P_CLI force_version=tls1 \ 5043 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5044 0 \ 5045 -s "16384 bytes written in 1 fragments" \ 5046 -c "Read from server: 16384 bytes read" 5047 5048requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5049run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \ 5050 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5051 "$P_CLI force_version=tls1 \ 5052 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5053 0 \ 5054 -s "16384 bytes written in 1 fragments" \ 5055 -c "Read from server: 16384 bytes read" 5056 5057requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5058run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \ 5059 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5060 "$P_CLI force_version=tls1 \ 5061 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5062 0 \ 5063 -s "16384 bytes written in 1 fragments" \ 5064 -c "Read from server: 16384 bytes read" 5065 5066run_test "Large server packet TLS 1.1 BlockCipher" \ 5067 "$P_SRV response_size=16384" \ 5068 "$P_CLI force_version=tls1_1 \ 5069 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5070 0 \ 5071 -c "Read from server: 16384 bytes read" 5072 5073run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \ 5074 "$P_SRV response_size=16384" \ 5075 "$P_CLI force_version=tls1_1 etm=0 \ 5076 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5077 0 \ 5078 -s "16384 bytes written in 1 fragments" \ 5079 -c "Read from server: 16384 bytes read" 5080 5081requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5082run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \ 5083 "$P_SRV response_size=16384" \ 5084 "$P_CLI force_version=tls1_1 \ 5085 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5086 trunc_hmac=1" \ 5087 0 \ 5088 -c "Read from server: 16384 bytes read" 5089 5090requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5091run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \ 5092 "$P_SRV response_size=16384 trunc_hmac=1" \ 5093 "$P_CLI force_version=tls1_1 \ 5094 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5095 0 \ 5096 -s "16384 bytes written in 1 fragments" \ 5097 -c "Read from server: 16384 bytes read" 5098 5099run_test "Large server packet TLS 1.1 StreamCipher" \ 5100 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5101 "$P_CLI force_version=tls1_1 \ 5102 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5103 0 \ 5104 -c "Read from server: 16384 bytes read" 5105 5106run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \ 5107 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5108 "$P_CLI force_version=tls1_1 \ 5109 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5110 0 \ 5111 -s "16384 bytes written in 1 fragments" \ 5112 -c "Read from server: 16384 bytes read" 5113 5114requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5115run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \ 5116 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5117 "$P_CLI force_version=tls1_1 \ 5118 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5119 trunc_hmac=1" \ 5120 0 \ 5121 -c "Read from server: 16384 bytes read" 5122 5123run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \ 5124 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5125 "$P_CLI force_version=tls1_1 \ 5126 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5127 0 \ 5128 -s "16384 bytes written in 1 fragments" \ 5129 -c "Read from server: 16384 bytes read" 5130 5131run_test "Large server packet TLS 1.2 BlockCipher" \ 5132 "$P_SRV response_size=16384" \ 5133 "$P_CLI force_version=tls1_2 \ 5134 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5135 0 \ 5136 -c "Read from server: 16384 bytes read" 5137 5138run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 5139 "$P_SRV response_size=16384" \ 5140 "$P_CLI force_version=tls1_2 etm=0 \ 5141 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5142 0 \ 5143 -s "16384 bytes written in 1 fragments" \ 5144 -c "Read from server: 16384 bytes read" 5145 5146run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 5147 "$P_SRV response_size=16384" \ 5148 "$P_CLI force_version=tls1_2 \ 5149 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5150 0 \ 5151 -c "Read from server: 16384 bytes read" 5152 5153requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5154run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \ 5155 "$P_SRV response_size=16384" \ 5156 "$P_CLI force_version=tls1_2 \ 5157 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ 5158 trunc_hmac=1" \ 5159 0 \ 5160 -c "Read from server: 16384 bytes read" 5161 5162run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 5163 "$P_SRV response_size=16384 trunc_hmac=1" \ 5164 "$P_CLI force_version=tls1_2 \ 5165 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 5166 0 \ 5167 -s "16384 bytes written in 1 fragments" \ 5168 -c "Read from server: 16384 bytes read" 5169 5170run_test "Large server packet TLS 1.2 StreamCipher" \ 5171 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5172 "$P_CLI force_version=tls1_2 \ 5173 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5174 0 \ 5175 -s "16384 bytes written in 1 fragments" \ 5176 -c "Read from server: 16384 bytes read" 5177 5178run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \ 5179 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5180 "$P_CLI force_version=tls1_2 \ 5181 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \ 5182 0 \ 5183 -s "16384 bytes written in 1 fragments" \ 5184 -c "Read from server: 16384 bytes read" 5185 5186requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5187run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \ 5188 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 5189 "$P_CLI force_version=tls1_2 \ 5190 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ 5191 trunc_hmac=1" \ 5192 0 \ 5193 -c "Read from server: 16384 bytes read" 5194 5195requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC 5196run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \ 5197 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \ 5198 "$P_CLI force_version=tls1_2 \ 5199 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \ 5200 0 \ 5201 -s "16384 bytes written in 1 fragments" \ 5202 -c "Read from server: 16384 bytes read" 5203 5204run_test "Large server packet TLS 1.2 AEAD" \ 5205 "$P_SRV response_size=16384" \ 5206 "$P_CLI force_version=tls1_2 \ 5207 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5208 0 \ 5209 -c "Read from server: 16384 bytes read" 5210 5211run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 5212 "$P_SRV response_size=16384" \ 5213 "$P_CLI force_version=tls1_2 \ 5214 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5215 0 \ 5216 -c "Read from server: 16384 bytes read" 5217 5218# Tests for restartable ECC 5219 5220requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5221run_test "EC restart: TLS, default" \ 5222 "$P_SRV auth_mode=required" \ 5223 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5224 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5225 debug_level=1" \ 5226 0 \ 5227 -C "x509_verify_cert.*4b00" \ 5228 -C "mbedtls_pk_verify.*4b00" \ 5229 -C "mbedtls_ecdh_make_public.*4b00" \ 5230 -C "mbedtls_pk_sign.*4b00" 5231 5232requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5233run_test "EC restart: TLS, max_ops=0" \ 5234 "$P_SRV auth_mode=required" \ 5235 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5236 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5237 debug_level=1 ec_max_ops=0" \ 5238 0 \ 5239 -C "x509_verify_cert.*4b00" \ 5240 -C "mbedtls_pk_verify.*4b00" \ 5241 -C "mbedtls_ecdh_make_public.*4b00" \ 5242 -C "mbedtls_pk_sign.*4b00" 5243 5244requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5245run_test "EC restart: TLS, max_ops=65535" \ 5246 "$P_SRV auth_mode=required" \ 5247 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5248 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5249 debug_level=1 ec_max_ops=65535" \ 5250 0 \ 5251 -C "x509_verify_cert.*4b00" \ 5252 -C "mbedtls_pk_verify.*4b00" \ 5253 -C "mbedtls_ecdh_make_public.*4b00" \ 5254 -C "mbedtls_pk_sign.*4b00" 5255 5256requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5257run_test "EC restart: TLS, max_ops=1000" \ 5258 "$P_SRV auth_mode=required" \ 5259 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5260 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5261 debug_level=1 ec_max_ops=1000" \ 5262 0 \ 5263 -c "x509_verify_cert.*4b00" \ 5264 -c "mbedtls_pk_verify.*4b00" \ 5265 -c "mbedtls_ecdh_make_public.*4b00" \ 5266 -c "mbedtls_pk_sign.*4b00" 5267 5268requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5269run_test "EC restart: TLS, max_ops=1000, badsign" \ 5270 "$P_SRV auth_mode=required \ 5271 crt_file=data_files/server5-badsign.crt \ 5272 key_file=data_files/server5.key" \ 5273 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5274 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5275 debug_level=1 ec_max_ops=1000" \ 5276 1 \ 5277 -c "x509_verify_cert.*4b00" \ 5278 -C "mbedtls_pk_verify.*4b00" \ 5279 -C "mbedtls_ecdh_make_public.*4b00" \ 5280 -C "mbedtls_pk_sign.*4b00" \ 5281 -c "! The certificate is not correctly signed by the trusted CA" \ 5282 -c "! mbedtls_ssl_handshake returned" \ 5283 -c "X509 - Certificate verification failed" 5284 5285requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5286run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ 5287 "$P_SRV auth_mode=required \ 5288 crt_file=data_files/server5-badsign.crt \ 5289 key_file=data_files/server5.key" \ 5290 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5291 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5292 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 5293 0 \ 5294 -c "x509_verify_cert.*4b00" \ 5295 -c "mbedtls_pk_verify.*4b00" \ 5296 -c "mbedtls_ecdh_make_public.*4b00" \ 5297 -c "mbedtls_pk_sign.*4b00" \ 5298 -c "! The certificate is not correctly signed by the trusted CA" \ 5299 -C "! mbedtls_ssl_handshake returned" \ 5300 -C "X509 - Certificate verification failed" 5301 5302requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5303run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ 5304 "$P_SRV auth_mode=required \ 5305 crt_file=data_files/server5-badsign.crt \ 5306 key_file=data_files/server5.key" \ 5307 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5308 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5309 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 5310 0 \ 5311 -C "x509_verify_cert.*4b00" \ 5312 -c "mbedtls_pk_verify.*4b00" \ 5313 -c "mbedtls_ecdh_make_public.*4b00" \ 5314 -c "mbedtls_pk_sign.*4b00" \ 5315 -C "! The certificate is not correctly signed by the trusted CA" \ 5316 -C "! mbedtls_ssl_handshake returned" \ 5317 -C "X509 - Certificate verification failed" 5318 5319requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5320run_test "EC restart: DTLS, max_ops=1000" \ 5321 "$P_SRV auth_mode=required dtls=1" \ 5322 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5323 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5324 dtls=1 debug_level=1 ec_max_ops=1000" \ 5325 0 \ 5326 -c "x509_verify_cert.*4b00" \ 5327 -c "mbedtls_pk_verify.*4b00" \ 5328 -c "mbedtls_ecdh_make_public.*4b00" \ 5329 -c "mbedtls_pk_sign.*4b00" 5330 5331requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5332run_test "EC restart: TLS, max_ops=1000 no client auth" \ 5333 "$P_SRV" \ 5334 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 5335 debug_level=1 ec_max_ops=1000" \ 5336 0 \ 5337 -c "x509_verify_cert.*4b00" \ 5338 -c "mbedtls_pk_verify.*4b00" \ 5339 -c "mbedtls_ecdh_make_public.*4b00" \ 5340 -C "mbedtls_pk_sign.*4b00" 5341 5342requires_config_enabled MBEDTLS_ECP_RESTARTABLE 5343run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ 5344 "$P_SRV psk=abc123" \ 5345 "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 5346 psk=abc123 debug_level=1 ec_max_ops=1000" \ 5347 0 \ 5348 -C "x509_verify_cert.*4b00" \ 5349 -C "mbedtls_pk_verify.*4b00" \ 5350 -C "mbedtls_ecdh_make_public.*4b00" \ 5351 -C "mbedtls_pk_sign.*4b00" 5352 5353# Tests of asynchronous private key support in SSL 5354 5355requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5356run_test "SSL async private: sign, delay=0" \ 5357 "$P_SRV \ 5358 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5359 "$P_CLI" \ 5360 0 \ 5361 -s "Async sign callback: using key slot " \ 5362 -s "Async resume (slot [0-9]): sign done, status=0" 5363 5364requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5365run_test "SSL async private: sign, delay=1" \ 5366 "$P_SRV \ 5367 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5368 "$P_CLI" \ 5369 0 \ 5370 -s "Async sign callback: using key slot " \ 5371 -s "Async resume (slot [0-9]): call 0 more times." \ 5372 -s "Async resume (slot [0-9]): sign done, status=0" 5373 5374requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5375run_test "SSL async private: sign, delay=2" \ 5376 "$P_SRV \ 5377 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 5378 "$P_CLI" \ 5379 0 \ 5380 -s "Async sign callback: using key slot " \ 5381 -U "Async sign callback: using key slot " \ 5382 -s "Async resume (slot [0-9]): call 1 more times." \ 5383 -s "Async resume (slot [0-9]): call 0 more times." \ 5384 -s "Async resume (slot [0-9]): sign done, status=0" 5385 5386# Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1 5387# with RSA PKCS#1v1.5 as used in TLS 1.0/1.1. 5388requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5389requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 5390run_test "SSL async private: sign, RSA, TLS 1.1" \ 5391 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \ 5392 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 5393 "$P_CLI force_version=tls1_1" \ 5394 0 \ 5395 -s "Async sign callback: using key slot " \ 5396 -s "Async resume (slot [0-9]): sign done, status=0" 5397 5398requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5399run_test "SSL async private: sign, SNI" \ 5400 "$P_SRV debug_level=3 \ 5401 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 5402 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 5403 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 5404 "$P_CLI server_name=polarssl.example" \ 5405 0 \ 5406 -s "Async sign callback: using key slot " \ 5407 -s "Async resume (slot [0-9]): sign done, status=0" \ 5408 -s "parse ServerName extension" \ 5409 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 5410 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 5411 5412requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5413run_test "SSL async private: decrypt, delay=0" \ 5414 "$P_SRV \ 5415 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5416 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5417 0 \ 5418 -s "Async decrypt callback: using key slot " \ 5419 -s "Async resume (slot [0-9]): decrypt done, status=0" 5420 5421requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5422run_test "SSL async private: decrypt, delay=1" \ 5423 "$P_SRV \ 5424 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5425 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5426 0 \ 5427 -s "Async decrypt callback: using key slot " \ 5428 -s "Async resume (slot [0-9]): call 0 more times." \ 5429 -s "Async resume (slot [0-9]): decrypt done, status=0" 5430 5431requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5432run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 5433 "$P_SRV psk=abc123 \ 5434 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 5435 "$P_CLI psk=abc123 \ 5436 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5437 0 \ 5438 -s "Async decrypt callback: using key slot " \ 5439 -s "Async resume (slot [0-9]): decrypt done, status=0" 5440 5441requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5442run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 5443 "$P_SRV psk=abc123 \ 5444 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5445 "$P_CLI psk=abc123 \ 5446 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 5447 0 \ 5448 -s "Async decrypt callback: using key slot " \ 5449 -s "Async resume (slot [0-9]): call 0 more times." \ 5450 -s "Async resume (slot [0-9]): decrypt done, status=0" 5451 5452requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5453run_test "SSL async private: sign callback not present" \ 5454 "$P_SRV \ 5455 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 5456 "$P_CLI; [ \$? -eq 1 ] && 5457 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5458 0 \ 5459 -S "Async sign callback" \ 5460 -s "! mbedtls_ssl_handshake returned" \ 5461 -s "The own private key or pre-shared key is not set, but needed" \ 5462 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 5463 -s "Successful connection" 5464 5465requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5466run_test "SSL async private: decrypt callback not present" \ 5467 "$P_SRV debug_level=1 \ 5468 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 5469 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 5470 [ \$? -eq 1 ] && $P_CLI" \ 5471 0 \ 5472 -S "Async decrypt callback" \ 5473 -s "! mbedtls_ssl_handshake returned" \ 5474 -s "got no RSA private key" \ 5475 -s "Async resume (slot [0-9]): sign done, status=0" \ 5476 -s "Successful connection" 5477 5478# key1: ECDSA, key2: RSA; use key1 from slot 0 5479requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5480run_test "SSL async private: slot 0 used with key1" \ 5481 "$P_SRV \ 5482 async_operations=s async_private_delay1=1 \ 5483 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5484 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5485 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5486 0 \ 5487 -s "Async sign callback: using key slot 0," \ 5488 -s "Async resume (slot 0): call 0 more times." \ 5489 -s "Async resume (slot 0): sign done, status=0" 5490 5491# key1: ECDSA, key2: RSA; use key2 from slot 0 5492requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5493run_test "SSL async private: slot 0 used with key2" \ 5494 "$P_SRV \ 5495 async_operations=s async_private_delay2=1 \ 5496 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5497 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5498 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5499 0 \ 5500 -s "Async sign callback: using key slot 0," \ 5501 -s "Async resume (slot 0): call 0 more times." \ 5502 -s "Async resume (slot 0): sign done, status=0" 5503 5504# key1: ECDSA, key2: RSA; use key2 from slot 1 5505requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5506run_test "SSL async private: slot 1 used with key2" \ 5507 "$P_SRV \ 5508 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5509 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5510 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5511 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5512 0 \ 5513 -s "Async sign callback: using key slot 1," \ 5514 -s "Async resume (slot 1): call 0 more times." \ 5515 -s "Async resume (slot 1): sign done, status=0" 5516 5517# key1: ECDSA, key2: RSA; use key2 directly 5518requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5519run_test "SSL async private: fall back to transparent key" \ 5520 "$P_SRV \ 5521 async_operations=s async_private_delay1=1 \ 5522 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5523 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \ 5524 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5525 0 \ 5526 -s "Async sign callback: no key matches this certificate." 5527 5528requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5529run_test "SSL async private: sign, error in start" \ 5530 "$P_SRV \ 5531 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5532 async_private_error=1" \ 5533 "$P_CLI" \ 5534 1 \ 5535 -s "Async sign callback: injected error" \ 5536 -S "Async resume" \ 5537 -S "Async cancel" \ 5538 -s "! mbedtls_ssl_handshake returned" 5539 5540requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5541run_test "SSL async private: sign, cancel after start" \ 5542 "$P_SRV \ 5543 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5544 async_private_error=2" \ 5545 "$P_CLI" \ 5546 1 \ 5547 -s "Async sign callback: using key slot " \ 5548 -S "Async resume" \ 5549 -s "Async cancel" 5550 5551requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5552run_test "SSL async private: sign, error in resume" \ 5553 "$P_SRV \ 5554 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5555 async_private_error=3" \ 5556 "$P_CLI" \ 5557 1 \ 5558 -s "Async sign callback: using key slot " \ 5559 -s "Async resume callback: sign done but injected error" \ 5560 -S "Async cancel" \ 5561 -s "! mbedtls_ssl_handshake returned" 5562 5563requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5564run_test "SSL async private: decrypt, error in start" \ 5565 "$P_SRV \ 5566 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5567 async_private_error=1" \ 5568 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5569 1 \ 5570 -s "Async decrypt callback: injected error" \ 5571 -S "Async resume" \ 5572 -S "Async cancel" \ 5573 -s "! mbedtls_ssl_handshake returned" 5574 5575requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5576run_test "SSL async private: decrypt, cancel after start" \ 5577 "$P_SRV \ 5578 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5579 async_private_error=2" \ 5580 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5581 1 \ 5582 -s "Async decrypt callback: using key slot " \ 5583 -S "Async resume" \ 5584 -s "Async cancel" 5585 5586requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5587run_test "SSL async private: decrypt, error in resume" \ 5588 "$P_SRV \ 5589 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5590 async_private_error=3" \ 5591 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5592 1 \ 5593 -s "Async decrypt callback: using key slot " \ 5594 -s "Async resume callback: decrypt done but injected error" \ 5595 -S "Async cancel" \ 5596 -s "! mbedtls_ssl_handshake returned" 5597 5598requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5599run_test "SSL async private: cancel after start then operate correctly" \ 5600 "$P_SRV \ 5601 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5602 async_private_error=-2" \ 5603 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5604 0 \ 5605 -s "Async cancel" \ 5606 -s "! mbedtls_ssl_handshake returned" \ 5607 -s "Async resume" \ 5608 -s "Successful connection" 5609 5610requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5611run_test "SSL async private: error in resume then operate correctly" \ 5612 "$P_SRV \ 5613 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5614 async_private_error=-3" \ 5615 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 5616 0 \ 5617 -s "! mbedtls_ssl_handshake returned" \ 5618 -s "Async resume" \ 5619 -s "Successful connection" 5620 5621# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5622requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5623run_test "SSL async private: cancel after start then fall back to transparent key" \ 5624 "$P_SRV \ 5625 async_operations=s async_private_delay1=1 async_private_error=-2 \ 5626 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5627 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5628 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5629 [ \$? -eq 1 ] && 5630 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5631 0 \ 5632 -s "Async sign callback: using key slot 0" \ 5633 -S "Async resume" \ 5634 -s "Async cancel" \ 5635 -s "! mbedtls_ssl_handshake returned" \ 5636 -s "Async sign callback: no key matches this certificate." \ 5637 -s "Successful connection" 5638 5639# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 5640requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5641run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 5642 "$P_SRV \ 5643 async_operations=s async_private_delay1=1 async_private_error=-3 \ 5644 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 5645 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 5646 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 5647 [ \$? -eq 1 ] && 5648 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 5649 0 \ 5650 -s "Async resume" \ 5651 -s "! mbedtls_ssl_handshake returned" \ 5652 -s "Async sign callback: no key matches this certificate." \ 5653 -s "Successful connection" 5654 5655requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5656requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5657run_test "SSL async private: renegotiation: client-initiated; sign" \ 5658 "$P_SRV \ 5659 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5660 exchanges=2 renegotiation=1" \ 5661 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 5662 0 \ 5663 -s "Async sign callback: using key slot " \ 5664 -s "Async resume (slot [0-9]): sign done, status=0" 5665 5666requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5667requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5668run_test "SSL async private: renegotiation: server-initiated; sign" \ 5669 "$P_SRV \ 5670 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 5671 exchanges=2 renegotiation=1 renegotiate=1" \ 5672 "$P_CLI exchanges=2 renegotiation=1" \ 5673 0 \ 5674 -s "Async sign callback: using key slot " \ 5675 -s "Async resume (slot [0-9]): sign done, status=0" 5676 5677requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5678requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5679run_test "SSL async private: renegotiation: client-initiated; decrypt" \ 5680 "$P_SRV \ 5681 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5682 exchanges=2 renegotiation=1" \ 5683 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 5684 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5685 0 \ 5686 -s "Async decrypt callback: using key slot " \ 5687 -s "Async resume (slot [0-9]): decrypt done, status=0" 5688 5689requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 5690requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5691run_test "SSL async private: renegotiation: server-initiated; decrypt" \ 5692 "$P_SRV \ 5693 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 5694 exchanges=2 renegotiation=1 renegotiate=1" \ 5695 "$P_CLI exchanges=2 renegotiation=1 \ 5696 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5697 0 \ 5698 -s "Async decrypt callback: using key slot " \ 5699 -s "Async resume (slot [0-9]): decrypt done, status=0" 5700 5701# Tests for ECC extensions (rfc 4492) 5702 5703requires_config_enabled MBEDTLS_AES_C 5704requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5705requires_config_enabled MBEDTLS_SHA256_C 5706requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5707run_test "Force a non ECC ciphersuite in the client side" \ 5708 "$P_SRV debug_level=3" \ 5709 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5710 0 \ 5711 -C "client hello, adding supported_elliptic_curves extension" \ 5712 -C "client hello, adding supported_point_formats extension" \ 5713 -S "found supported elliptic curves extension" \ 5714 -S "found supported point formats extension" 5715 5716requires_config_enabled MBEDTLS_AES_C 5717requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5718requires_config_enabled MBEDTLS_SHA256_C 5719requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 5720run_test "Force a non ECC ciphersuite in the server side" \ 5721 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 5722 "$P_CLI debug_level=3" \ 5723 0 \ 5724 -C "found supported_point_formats extension" \ 5725 -S "server hello, supported_point_formats extension" 5726 5727requires_config_enabled MBEDTLS_AES_C 5728requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5729requires_config_enabled MBEDTLS_SHA256_C 5730requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5731run_test "Force an ECC ciphersuite in the client side" \ 5732 "$P_SRV debug_level=3" \ 5733 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5734 0 \ 5735 -c "client hello, adding supported_elliptic_curves extension" \ 5736 -c "client hello, adding supported_point_formats extension" \ 5737 -s "found supported elliptic curves extension" \ 5738 -s "found supported point formats extension" 5739 5740requires_config_enabled MBEDTLS_AES_C 5741requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 5742requires_config_enabled MBEDTLS_SHA256_C 5743requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 5744run_test "Force an ECC ciphersuite in the server side" \ 5745 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 5746 "$P_CLI debug_level=3" \ 5747 0 \ 5748 -c "found supported_point_formats extension" \ 5749 -s "server hello, supported_point_formats extension" 5750 5751# Tests for DTLS HelloVerifyRequest 5752 5753run_test "DTLS cookie: enabled" \ 5754 "$P_SRV dtls=1 debug_level=2" \ 5755 "$P_CLI dtls=1 debug_level=2" \ 5756 0 \ 5757 -s "cookie verification failed" \ 5758 -s "cookie verification passed" \ 5759 -S "cookie verification skipped" \ 5760 -c "received hello verify request" \ 5761 -s "hello verification requested" \ 5762 -S "SSL - The requested feature is not available" 5763 5764run_test "DTLS cookie: disabled" \ 5765 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 5766 "$P_CLI dtls=1 debug_level=2" \ 5767 0 \ 5768 -S "cookie verification failed" \ 5769 -S "cookie verification passed" \ 5770 -s "cookie verification skipped" \ 5771 -C "received hello verify request" \ 5772 -S "hello verification requested" \ 5773 -S "SSL - The requested feature is not available" 5774 5775run_test "DTLS cookie: default (failing)" \ 5776 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 5777 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 5778 1 \ 5779 -s "cookie verification failed" \ 5780 -S "cookie verification passed" \ 5781 -S "cookie verification skipped" \ 5782 -C "received hello verify request" \ 5783 -S "hello verification requested" \ 5784 -s "SSL - The requested feature is not available" 5785 5786requires_ipv6 5787run_test "DTLS cookie: enabled, IPv6" \ 5788 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 5789 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 5790 0 \ 5791 -s "cookie verification failed" \ 5792 -s "cookie verification passed" \ 5793 -S "cookie verification skipped" \ 5794 -c "received hello verify request" \ 5795 -s "hello verification requested" \ 5796 -S "SSL - The requested feature is not available" 5797 5798run_test "DTLS cookie: enabled, nbio" \ 5799 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 5800 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5801 0 \ 5802 -s "cookie verification failed" \ 5803 -s "cookie verification passed" \ 5804 -S "cookie verification skipped" \ 5805 -c "received hello verify request" \ 5806 -s "hello verification requested" \ 5807 -S "SSL - The requested feature is not available" 5808 5809# Tests for client reconnecting from the same port with DTLS 5810 5811not_with_valgrind # spurious resend 5812run_test "DTLS client reconnect from same port: reference" \ 5813 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 5814 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 5815 0 \ 5816 -C "resend" \ 5817 -S "The operation timed out" \ 5818 -S "Client initiated reconnection from same port" 5819 5820not_with_valgrind # spurious resend 5821run_test "DTLS client reconnect from same port: reconnect" \ 5822 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 5823 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 5824 0 \ 5825 -C "resend" \ 5826 -S "The operation timed out" \ 5827 -s "Client initiated reconnection from same port" 5828 5829not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 5830run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 5831 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 5832 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 5833 0 \ 5834 -S "The operation timed out" \ 5835 -s "Client initiated reconnection from same port" 5836 5837only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 5838run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 5839 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 5840 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 5841 0 \ 5842 -S "The operation timed out" \ 5843 -s "Client initiated reconnection from same port" 5844 5845run_test "DTLS client reconnect from same port: no cookies" \ 5846 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 5847 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 5848 0 \ 5849 -s "The operation timed out" \ 5850 -S "Client initiated reconnection from same port" 5851 5852run_test "DTLS client reconnect from same port: attacker-injected" \ 5853 -p "$P_PXY inject_clihlo=1" \ 5854 "$P_SRV dtls=1 exchanges=2 debug_level=1" \ 5855 "$P_CLI dtls=1 exchanges=2" \ 5856 0 \ 5857 -s "possible client reconnect from the same port" \ 5858 -S "Client initiated reconnection from same port" 5859 5860# Tests for various cases of client authentication with DTLS 5861# (focused on handshake flows and message parsing) 5862 5863run_test "DTLS client auth: required" \ 5864 "$P_SRV dtls=1 auth_mode=required" \ 5865 "$P_CLI dtls=1" \ 5866 0 \ 5867 -s "Verifying peer X.509 certificate... ok" 5868 5869run_test "DTLS client auth: optional, client has no cert" \ 5870 "$P_SRV dtls=1 auth_mode=optional" \ 5871 "$P_CLI dtls=1 crt_file=none key_file=none" \ 5872 0 \ 5873 -s "! Certificate was missing" 5874 5875run_test "DTLS client auth: none, client has no cert" \ 5876 "$P_SRV dtls=1 auth_mode=none" \ 5877 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 5878 0 \ 5879 -c "skip write certificate$" \ 5880 -s "! Certificate verification was skipped" 5881 5882run_test "DTLS wrong PSK: badmac alert" \ 5883 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 5884 "$P_CLI dtls=1 psk=abc124" \ 5885 1 \ 5886 -s "SSL - Verification of the message MAC failed" \ 5887 -c "SSL - A fatal alert message was received from our peer" 5888 5889# Tests for receiving fragmented handshake messages with DTLS 5890 5891requires_gnutls 5892run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 5893 "$G_SRV -u --mtu 2048 -a" \ 5894 "$P_CLI dtls=1 debug_level=2" \ 5895 0 \ 5896 -C "found fragmented DTLS handshake message" \ 5897 -C "error" 5898 5899requires_gnutls 5900run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 5901 "$G_SRV -u --mtu 512" \ 5902 "$P_CLI dtls=1 debug_level=2" \ 5903 0 \ 5904 -c "found fragmented DTLS handshake message" \ 5905 -C "error" 5906 5907requires_gnutls 5908run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 5909 "$G_SRV -u --mtu 128" \ 5910 "$P_CLI dtls=1 debug_level=2" \ 5911 0 \ 5912 -c "found fragmented DTLS handshake message" \ 5913 -C "error" 5914 5915requires_gnutls 5916run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 5917 "$G_SRV -u --mtu 128" \ 5918 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5919 0 \ 5920 -c "found fragmented DTLS handshake message" \ 5921 -C "error" 5922 5923requires_gnutls 5924requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5925run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 5926 "$G_SRV -u --mtu 256" \ 5927 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 5928 0 \ 5929 -c "found fragmented DTLS handshake message" \ 5930 -c "client hello, adding renegotiation extension" \ 5931 -c "found renegotiation extension" \ 5932 -c "=> renegotiate" \ 5933 -C "mbedtls_ssl_handshake returned" \ 5934 -C "error" \ 5935 -s "Extra-header:" 5936 5937requires_gnutls 5938requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5939run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 5940 "$G_SRV -u --mtu 256" \ 5941 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 5942 0 \ 5943 -c "found fragmented DTLS handshake message" \ 5944 -c "client hello, adding renegotiation extension" \ 5945 -c "found renegotiation extension" \ 5946 -c "=> renegotiate" \ 5947 -C "mbedtls_ssl_handshake returned" \ 5948 -C "error" \ 5949 -s "Extra-header:" 5950 5951run_test "DTLS reassembly: no fragmentation (openssl server)" \ 5952 "$O_SRV -dtls1 -mtu 2048" \ 5953 "$P_CLI dtls=1 debug_level=2" \ 5954 0 \ 5955 -C "found fragmented DTLS handshake message" \ 5956 -C "error" 5957 5958run_test "DTLS reassembly: some fragmentation (openssl server)" \ 5959 "$O_SRV -dtls1 -mtu 768" \ 5960 "$P_CLI dtls=1 debug_level=2" \ 5961 0 \ 5962 -c "found fragmented DTLS handshake message" \ 5963 -C "error" 5964 5965run_test "DTLS reassembly: more fragmentation (openssl server)" \ 5966 "$O_SRV -dtls1 -mtu 256" \ 5967 "$P_CLI dtls=1 debug_level=2" \ 5968 0 \ 5969 -c "found fragmented DTLS handshake message" \ 5970 -C "error" 5971 5972run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 5973 "$O_SRV -dtls1 -mtu 256" \ 5974 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 5975 0 \ 5976 -c "found fragmented DTLS handshake message" \ 5977 -C "error" 5978 5979# Tests for sending fragmented handshake messages with DTLS 5980# 5981# Use client auth when we need the client to send large messages, 5982# and use large cert chains on both sides too (the long chains we have all use 5983# both RSA and ECDSA, but ideally we should have long chains with either). 5984# Sizes reached (UDP payload): 5985# - 2037B for server certificate 5986# - 1542B for client certificate 5987# - 1013B for newsessionticket 5988# - all others below 512B 5989# All those tests assume MAX_CONTENT_LEN is at least 2048 5990 5991requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5992requires_config_enabled MBEDTLS_RSA_C 5993requires_config_enabled MBEDTLS_ECDSA_C 5994requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 5995run_test "DTLS fragmenting: none (for reference)" \ 5996 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 5997 crt_file=data_files/server7_int-ca.crt \ 5998 key_file=data_files/server7.key \ 5999 hs_timeout=2500-60000 \ 6000 max_frag_len=4096" \ 6001 "$P_CLI dtls=1 debug_level=2 \ 6002 crt_file=data_files/server8_int-ca2.crt \ 6003 key_file=data_files/server8.key \ 6004 hs_timeout=2500-60000 \ 6005 max_frag_len=4096" \ 6006 0 \ 6007 -S "found fragmented DTLS handshake message" \ 6008 -C "found fragmented DTLS handshake message" \ 6009 -C "error" 6010 6011requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6012requires_config_enabled MBEDTLS_RSA_C 6013requires_config_enabled MBEDTLS_ECDSA_C 6014requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6015run_test "DTLS fragmenting: server only (max_frag_len)" \ 6016 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6017 crt_file=data_files/server7_int-ca.crt \ 6018 key_file=data_files/server7.key \ 6019 hs_timeout=2500-60000 \ 6020 max_frag_len=1024" \ 6021 "$P_CLI dtls=1 debug_level=2 \ 6022 crt_file=data_files/server8_int-ca2.crt \ 6023 key_file=data_files/server8.key \ 6024 hs_timeout=2500-60000 \ 6025 max_frag_len=2048" \ 6026 0 \ 6027 -S "found fragmented DTLS handshake message" \ 6028 -c "found fragmented DTLS handshake message" \ 6029 -C "error" 6030 6031# With the MFL extension, the server has no way of forcing 6032# the client to not exceed a certain MTU; hence, the following 6033# test can't be replicated with an MTU proxy such as the one 6034# `client-initiated, server only (max_frag_len)` below. 6035requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6036requires_config_enabled MBEDTLS_RSA_C 6037requires_config_enabled MBEDTLS_ECDSA_C 6038requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6039run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 6040 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6041 crt_file=data_files/server7_int-ca.crt \ 6042 key_file=data_files/server7.key \ 6043 hs_timeout=2500-60000 \ 6044 max_frag_len=512" \ 6045 "$P_CLI dtls=1 debug_level=2 \ 6046 crt_file=data_files/server8_int-ca2.crt \ 6047 key_file=data_files/server8.key \ 6048 hs_timeout=2500-60000 \ 6049 max_frag_len=4096" \ 6050 0 \ 6051 -S "found fragmented DTLS handshake message" \ 6052 -c "found fragmented DTLS handshake message" \ 6053 -C "error" 6054 6055requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6056requires_config_enabled MBEDTLS_RSA_C 6057requires_config_enabled MBEDTLS_ECDSA_C 6058requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6059run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 6060 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6061 crt_file=data_files/server7_int-ca.crt \ 6062 key_file=data_files/server7.key \ 6063 hs_timeout=2500-60000 \ 6064 max_frag_len=2048" \ 6065 "$P_CLI dtls=1 debug_level=2 \ 6066 crt_file=data_files/server8_int-ca2.crt \ 6067 key_file=data_files/server8.key \ 6068 hs_timeout=2500-60000 \ 6069 max_frag_len=1024" \ 6070 0 \ 6071 -S "found fragmented DTLS handshake message" \ 6072 -c "found fragmented DTLS handshake message" \ 6073 -C "error" 6074 6075# While not required by the standard defining the MFL extension 6076# (according to which it only applies to records, not to datagrams), 6077# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6078# as otherwise there wouldn't be any means to communicate MTU restrictions 6079# to the peer. 6080# The next test checks that no datagrams significantly larger than the 6081# negotiated MFL are sent. 6082requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6083requires_config_enabled MBEDTLS_RSA_C 6084requires_config_enabled MBEDTLS_ECDSA_C 6085requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6086run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 6087 -p "$P_PXY mtu=1110" \ 6088 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6089 crt_file=data_files/server7_int-ca.crt \ 6090 key_file=data_files/server7.key \ 6091 hs_timeout=2500-60000 \ 6092 max_frag_len=2048" \ 6093 "$P_CLI dtls=1 debug_level=2 \ 6094 crt_file=data_files/server8_int-ca2.crt \ 6095 key_file=data_files/server8.key \ 6096 hs_timeout=2500-60000 \ 6097 max_frag_len=1024" \ 6098 0 \ 6099 -S "found fragmented DTLS handshake message" \ 6100 -c "found fragmented DTLS handshake message" \ 6101 -C "error" 6102 6103requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6104requires_config_enabled MBEDTLS_RSA_C 6105requires_config_enabled MBEDTLS_ECDSA_C 6106requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6107run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 6108 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6109 crt_file=data_files/server7_int-ca.crt \ 6110 key_file=data_files/server7.key \ 6111 hs_timeout=2500-60000 \ 6112 max_frag_len=2048" \ 6113 "$P_CLI dtls=1 debug_level=2 \ 6114 crt_file=data_files/server8_int-ca2.crt \ 6115 key_file=data_files/server8.key \ 6116 hs_timeout=2500-60000 \ 6117 max_frag_len=1024" \ 6118 0 \ 6119 -s "found fragmented DTLS handshake message" \ 6120 -c "found fragmented DTLS handshake message" \ 6121 -C "error" 6122 6123# While not required by the standard defining the MFL extension 6124# (according to which it only applies to records, not to datagrams), 6125# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6126# as otherwise there wouldn't be any means to communicate MTU restrictions 6127# to the peer. 6128# The next test checks that no datagrams significantly larger than the 6129# negotiated MFL are sent. 6130requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6131requires_config_enabled MBEDTLS_RSA_C 6132requires_config_enabled MBEDTLS_ECDSA_C 6133requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6134run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 6135 -p "$P_PXY mtu=1110" \ 6136 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6137 crt_file=data_files/server7_int-ca.crt \ 6138 key_file=data_files/server7.key \ 6139 hs_timeout=2500-60000 \ 6140 max_frag_len=2048" \ 6141 "$P_CLI dtls=1 debug_level=2 \ 6142 crt_file=data_files/server8_int-ca2.crt \ 6143 key_file=data_files/server8.key \ 6144 hs_timeout=2500-60000 \ 6145 max_frag_len=1024" \ 6146 0 \ 6147 -s "found fragmented DTLS handshake message" \ 6148 -c "found fragmented DTLS handshake message" \ 6149 -C "error" 6150 6151requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6152requires_config_enabled MBEDTLS_RSA_C 6153requires_config_enabled MBEDTLS_ECDSA_C 6154run_test "DTLS fragmenting: none (for reference) (MTU)" \ 6155 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6156 crt_file=data_files/server7_int-ca.crt \ 6157 key_file=data_files/server7.key \ 6158 hs_timeout=2500-60000 \ 6159 mtu=4096" \ 6160 "$P_CLI dtls=1 debug_level=2 \ 6161 crt_file=data_files/server8_int-ca2.crt \ 6162 key_file=data_files/server8.key \ 6163 hs_timeout=2500-60000 \ 6164 mtu=4096" \ 6165 0 \ 6166 -S "found fragmented DTLS handshake message" \ 6167 -C "found fragmented DTLS handshake message" \ 6168 -C "error" 6169 6170requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6171requires_config_enabled MBEDTLS_RSA_C 6172requires_config_enabled MBEDTLS_ECDSA_C 6173run_test "DTLS fragmenting: client (MTU)" \ 6174 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6175 crt_file=data_files/server7_int-ca.crt \ 6176 key_file=data_files/server7.key \ 6177 hs_timeout=3500-60000 \ 6178 mtu=4096" \ 6179 "$P_CLI dtls=1 debug_level=2 \ 6180 crt_file=data_files/server8_int-ca2.crt \ 6181 key_file=data_files/server8.key \ 6182 hs_timeout=3500-60000 \ 6183 mtu=1024" \ 6184 0 \ 6185 -s "found fragmented DTLS handshake message" \ 6186 -C "found fragmented DTLS handshake message" \ 6187 -C "error" 6188 6189requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6190requires_config_enabled MBEDTLS_RSA_C 6191requires_config_enabled MBEDTLS_ECDSA_C 6192run_test "DTLS fragmenting: server (MTU)" \ 6193 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6194 crt_file=data_files/server7_int-ca.crt \ 6195 key_file=data_files/server7.key \ 6196 hs_timeout=2500-60000 \ 6197 mtu=512" \ 6198 "$P_CLI dtls=1 debug_level=2 \ 6199 crt_file=data_files/server8_int-ca2.crt \ 6200 key_file=data_files/server8.key \ 6201 hs_timeout=2500-60000 \ 6202 mtu=2048" \ 6203 0 \ 6204 -S "found fragmented DTLS handshake message" \ 6205 -c "found fragmented DTLS handshake message" \ 6206 -C "error" 6207 6208requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6209requires_config_enabled MBEDTLS_RSA_C 6210requires_config_enabled MBEDTLS_ECDSA_C 6211run_test "DTLS fragmenting: both (MTU=1024)" \ 6212 -p "$P_PXY mtu=1024" \ 6213 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6214 crt_file=data_files/server7_int-ca.crt \ 6215 key_file=data_files/server7.key \ 6216 hs_timeout=2500-60000 \ 6217 mtu=1024" \ 6218 "$P_CLI dtls=1 debug_level=2 \ 6219 crt_file=data_files/server8_int-ca2.crt \ 6220 key_file=data_files/server8.key \ 6221 hs_timeout=2500-60000 \ 6222 mtu=1024" \ 6223 0 \ 6224 -s "found fragmented DTLS handshake message" \ 6225 -c "found fragmented DTLS handshake message" \ 6226 -C "error" 6227 6228# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6229requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6230requires_config_enabled MBEDTLS_RSA_C 6231requires_config_enabled MBEDTLS_ECDSA_C 6232requires_config_enabled MBEDTLS_SHA256_C 6233requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6234requires_config_enabled MBEDTLS_AES_C 6235requires_config_enabled MBEDTLS_GCM_C 6236run_test "DTLS fragmenting: both (MTU=512)" \ 6237 -p "$P_PXY mtu=512" \ 6238 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6239 crt_file=data_files/server7_int-ca.crt \ 6240 key_file=data_files/server7.key \ 6241 hs_timeout=2500-60000 \ 6242 mtu=512" \ 6243 "$P_CLI dtls=1 debug_level=2 \ 6244 crt_file=data_files/server8_int-ca2.crt \ 6245 key_file=data_files/server8.key \ 6246 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6247 hs_timeout=2500-60000 \ 6248 mtu=512" \ 6249 0 \ 6250 -s "found fragmented DTLS handshake message" \ 6251 -c "found fragmented DTLS handshake message" \ 6252 -C "error" 6253 6254# Test for automatic MTU reduction on repeated resend. 6255# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6256# The ratio of max/min timeout should ideally equal 4 to accept two 6257# retransmissions, but in some cases (like both the server and client using 6258# fragmentation and auto-reduction) an extra retransmission might occur, 6259# hence the ratio of 8. 6260not_with_valgrind 6261requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6262requires_config_enabled MBEDTLS_RSA_C 6263requires_config_enabled MBEDTLS_ECDSA_C 6264requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6265requires_config_enabled MBEDTLS_AES_C 6266requires_config_enabled MBEDTLS_GCM_C 6267run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6268 -p "$P_PXY mtu=508" \ 6269 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6270 crt_file=data_files/server7_int-ca.crt \ 6271 key_file=data_files/server7.key \ 6272 hs_timeout=400-3200" \ 6273 "$P_CLI dtls=1 debug_level=2 \ 6274 crt_file=data_files/server8_int-ca2.crt \ 6275 key_file=data_files/server8.key \ 6276 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6277 hs_timeout=400-3200" \ 6278 0 \ 6279 -s "found fragmented DTLS handshake message" \ 6280 -c "found fragmented DTLS handshake message" \ 6281 -C "error" 6282 6283# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 6284only_with_valgrind 6285requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6286requires_config_enabled MBEDTLS_RSA_C 6287requires_config_enabled MBEDTLS_ECDSA_C 6288requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6289requires_config_enabled MBEDTLS_AES_C 6290requires_config_enabled MBEDTLS_GCM_C 6291run_test "DTLS fragmenting: proxy MTU: auto-reduction" \ 6292 -p "$P_PXY mtu=508" \ 6293 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6294 crt_file=data_files/server7_int-ca.crt \ 6295 key_file=data_files/server7.key \ 6296 hs_timeout=250-10000" \ 6297 "$P_CLI dtls=1 debug_level=2 \ 6298 crt_file=data_files/server8_int-ca2.crt \ 6299 key_file=data_files/server8.key \ 6300 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6301 hs_timeout=250-10000" \ 6302 0 \ 6303 -s "found fragmented DTLS handshake message" \ 6304 -c "found fragmented DTLS handshake message" \ 6305 -C "error" 6306 6307# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6308# OTOH the client might resend if the server is to slow to reset after sending 6309# a HelloVerifyRequest, so only check for no retransmission server-side 6310not_with_valgrind # spurious autoreduction due to timeout 6311requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6312requires_config_enabled MBEDTLS_RSA_C 6313requires_config_enabled MBEDTLS_ECDSA_C 6314run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 6315 -p "$P_PXY mtu=1024" \ 6316 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6317 crt_file=data_files/server7_int-ca.crt \ 6318 key_file=data_files/server7.key \ 6319 hs_timeout=10000-60000 \ 6320 mtu=1024" \ 6321 "$P_CLI dtls=1 debug_level=2 \ 6322 crt_file=data_files/server8_int-ca2.crt \ 6323 key_file=data_files/server8.key \ 6324 hs_timeout=10000-60000 \ 6325 mtu=1024" \ 6326 0 \ 6327 -S "autoreduction" \ 6328 -s "found fragmented DTLS handshake message" \ 6329 -c "found fragmented DTLS handshake message" \ 6330 -C "error" 6331 6332# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6333# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 6334# OTOH the client might resend if the server is to slow to reset after sending 6335# a HelloVerifyRequest, so only check for no retransmission server-side 6336not_with_valgrind # spurious autoreduction due to timeout 6337requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6338requires_config_enabled MBEDTLS_RSA_C 6339requires_config_enabled MBEDTLS_ECDSA_C 6340requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6341requires_config_enabled MBEDTLS_AES_C 6342requires_config_enabled MBEDTLS_GCM_C 6343run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 6344 -p "$P_PXY mtu=512" \ 6345 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6346 crt_file=data_files/server7_int-ca.crt \ 6347 key_file=data_files/server7.key \ 6348 hs_timeout=10000-60000 \ 6349 mtu=512" \ 6350 "$P_CLI dtls=1 debug_level=2 \ 6351 crt_file=data_files/server8_int-ca2.crt \ 6352 key_file=data_files/server8.key \ 6353 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6354 hs_timeout=10000-60000 \ 6355 mtu=512" \ 6356 0 \ 6357 -S "autoreduction" \ 6358 -s "found fragmented DTLS handshake message" \ 6359 -c "found fragmented DTLS handshake message" \ 6360 -C "error" 6361 6362not_with_valgrind # spurious autoreduction due to timeout 6363requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6364requires_config_enabled MBEDTLS_RSA_C 6365requires_config_enabled MBEDTLS_ECDSA_C 6366run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 6367 -p "$P_PXY mtu=1024" \ 6368 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6369 crt_file=data_files/server7_int-ca.crt \ 6370 key_file=data_files/server7.key \ 6371 hs_timeout=10000-60000 \ 6372 mtu=1024 nbio=2" \ 6373 "$P_CLI dtls=1 debug_level=2 \ 6374 crt_file=data_files/server8_int-ca2.crt \ 6375 key_file=data_files/server8.key \ 6376 hs_timeout=10000-60000 \ 6377 mtu=1024 nbio=2" \ 6378 0 \ 6379 -S "autoreduction" \ 6380 -s "found fragmented DTLS handshake message" \ 6381 -c "found fragmented DTLS handshake message" \ 6382 -C "error" 6383 6384# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6385not_with_valgrind # spurious autoreduction due to timeout 6386requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6387requires_config_enabled MBEDTLS_RSA_C 6388requires_config_enabled MBEDTLS_ECDSA_C 6389requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6390requires_config_enabled MBEDTLS_AES_C 6391requires_config_enabled MBEDTLS_GCM_C 6392run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 6393 -p "$P_PXY mtu=512" \ 6394 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6395 crt_file=data_files/server7_int-ca.crt \ 6396 key_file=data_files/server7.key \ 6397 hs_timeout=10000-60000 \ 6398 mtu=512 nbio=2" \ 6399 "$P_CLI dtls=1 debug_level=2 \ 6400 crt_file=data_files/server8_int-ca2.crt \ 6401 key_file=data_files/server8.key \ 6402 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6403 hs_timeout=10000-60000 \ 6404 mtu=512 nbio=2" \ 6405 0 \ 6406 -S "autoreduction" \ 6407 -s "found fragmented DTLS handshake message" \ 6408 -c "found fragmented DTLS handshake message" \ 6409 -C "error" 6410 6411# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 6412# This ensures things still work after session_reset(). 6413# It also exercises the "resumed handshake" flow. 6414# Since we don't support reading fragmented ClientHello yet, 6415# up the MTU to 1450 (larger than ClientHello with session ticket, 6416# but still smaller than client's Certificate to ensure fragmentation). 6417# An autoreduction on the client-side might happen if the server is 6418# slow to reset, therefore omitting '-C "autoreduction"' below. 6419# reco_delay avoids races where the client reconnects before the server has 6420# resumed listening, which would result in a spurious autoreduction. 6421not_with_valgrind # spurious autoreduction due to timeout 6422requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6423requires_config_enabled MBEDTLS_RSA_C 6424requires_config_enabled MBEDTLS_ECDSA_C 6425requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6426requires_config_enabled MBEDTLS_AES_C 6427requires_config_enabled MBEDTLS_GCM_C 6428run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 6429 -p "$P_PXY mtu=1450" \ 6430 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6431 crt_file=data_files/server7_int-ca.crt \ 6432 key_file=data_files/server7.key \ 6433 hs_timeout=10000-60000 \ 6434 mtu=1450" \ 6435 "$P_CLI dtls=1 debug_level=2 \ 6436 crt_file=data_files/server8_int-ca2.crt \ 6437 key_file=data_files/server8.key \ 6438 hs_timeout=10000-60000 \ 6439 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6440 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1" \ 6441 0 \ 6442 -S "autoreduction" \ 6443 -s "found fragmented DTLS handshake message" \ 6444 -c "found fragmented DTLS handshake message" \ 6445 -C "error" 6446 6447# An autoreduction on the client-side might happen if the server is 6448# slow to reset, therefore omitting '-C "autoreduction"' below. 6449not_with_valgrind # spurious autoreduction due to timeout 6450requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6451requires_config_enabled MBEDTLS_RSA_C 6452requires_config_enabled MBEDTLS_ECDSA_C 6453requires_config_enabled MBEDTLS_SHA256_C 6454requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6455requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6456requires_config_enabled MBEDTLS_CHACHAPOLY_C 6457run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 6458 -p "$P_PXY mtu=512" \ 6459 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6460 crt_file=data_files/server7_int-ca.crt \ 6461 key_file=data_files/server7.key \ 6462 exchanges=2 renegotiation=1 \ 6463 hs_timeout=10000-60000 \ 6464 mtu=512" \ 6465 "$P_CLI dtls=1 debug_level=2 \ 6466 crt_file=data_files/server8_int-ca2.crt \ 6467 key_file=data_files/server8.key \ 6468 exchanges=2 renegotiation=1 renegotiate=1 \ 6469 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6470 hs_timeout=10000-60000 \ 6471 mtu=512" \ 6472 0 \ 6473 -S "autoreduction" \ 6474 -s "found fragmented DTLS handshake message" \ 6475 -c "found fragmented DTLS handshake message" \ 6476 -C "error" 6477 6478# An autoreduction on the client-side might happen if the server is 6479# slow to reset, therefore omitting '-C "autoreduction"' below. 6480not_with_valgrind # spurious autoreduction due to timeout 6481requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6482requires_config_enabled MBEDTLS_RSA_C 6483requires_config_enabled MBEDTLS_ECDSA_C 6484requires_config_enabled MBEDTLS_SHA256_C 6485requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6486requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6487requires_config_enabled MBEDTLS_AES_C 6488requires_config_enabled MBEDTLS_GCM_C 6489run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 6490 -p "$P_PXY mtu=512" \ 6491 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6492 crt_file=data_files/server7_int-ca.crt \ 6493 key_file=data_files/server7.key \ 6494 exchanges=2 renegotiation=1 \ 6495 hs_timeout=10000-60000 \ 6496 mtu=512" \ 6497 "$P_CLI dtls=1 debug_level=2 \ 6498 crt_file=data_files/server8_int-ca2.crt \ 6499 key_file=data_files/server8.key \ 6500 exchanges=2 renegotiation=1 renegotiate=1 \ 6501 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6502 hs_timeout=10000-60000 \ 6503 mtu=512" \ 6504 0 \ 6505 -S "autoreduction" \ 6506 -s "found fragmented DTLS handshake message" \ 6507 -c "found fragmented DTLS handshake message" \ 6508 -C "error" 6509 6510# An autoreduction on the client-side might happen if the server is 6511# slow to reset, therefore omitting '-C "autoreduction"' below. 6512not_with_valgrind # spurious autoreduction due to timeout 6513requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6514requires_config_enabled MBEDTLS_RSA_C 6515requires_config_enabled MBEDTLS_ECDSA_C 6516requires_config_enabled MBEDTLS_SHA256_C 6517requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6518requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6519requires_config_enabled MBEDTLS_AES_C 6520requires_config_enabled MBEDTLS_CCM_C 6521run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 6522 -p "$P_PXY mtu=1024" \ 6523 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6524 crt_file=data_files/server7_int-ca.crt \ 6525 key_file=data_files/server7.key \ 6526 exchanges=2 renegotiation=1 \ 6527 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 6528 hs_timeout=10000-60000 \ 6529 mtu=1024" \ 6530 "$P_CLI dtls=1 debug_level=2 \ 6531 crt_file=data_files/server8_int-ca2.crt \ 6532 key_file=data_files/server8.key \ 6533 exchanges=2 renegotiation=1 renegotiate=1 \ 6534 hs_timeout=10000-60000 \ 6535 mtu=1024" \ 6536 0 \ 6537 -S "autoreduction" \ 6538 -s "found fragmented DTLS handshake message" \ 6539 -c "found fragmented DTLS handshake message" \ 6540 -C "error" 6541 6542# An autoreduction on the client-side might happen if the server is 6543# slow to reset, therefore omitting '-C "autoreduction"' below. 6544not_with_valgrind # spurious autoreduction due to timeout 6545requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6546requires_config_enabled MBEDTLS_RSA_C 6547requires_config_enabled MBEDTLS_ECDSA_C 6548requires_config_enabled MBEDTLS_SHA256_C 6549requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6550requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6551requires_config_enabled MBEDTLS_AES_C 6552requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6553requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 6554run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 6555 -p "$P_PXY mtu=1024" \ 6556 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6557 crt_file=data_files/server7_int-ca.crt \ 6558 key_file=data_files/server7.key \ 6559 exchanges=2 renegotiation=1 \ 6560 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 6561 hs_timeout=10000-60000 \ 6562 mtu=1024" \ 6563 "$P_CLI dtls=1 debug_level=2 \ 6564 crt_file=data_files/server8_int-ca2.crt \ 6565 key_file=data_files/server8.key \ 6566 exchanges=2 renegotiation=1 renegotiate=1 \ 6567 hs_timeout=10000-60000 \ 6568 mtu=1024" \ 6569 0 \ 6570 -S "autoreduction" \ 6571 -s "found fragmented DTLS handshake message" \ 6572 -c "found fragmented DTLS handshake message" \ 6573 -C "error" 6574 6575# An autoreduction on the client-side might happen if the server is 6576# slow to reset, therefore omitting '-C "autoreduction"' below. 6577not_with_valgrind # spurious autoreduction due to timeout 6578requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6579requires_config_enabled MBEDTLS_RSA_C 6580requires_config_enabled MBEDTLS_ECDSA_C 6581requires_config_enabled MBEDTLS_SHA256_C 6582requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6583requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6584requires_config_enabled MBEDTLS_AES_C 6585requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6586run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 6587 -p "$P_PXY mtu=1024" \ 6588 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6589 crt_file=data_files/server7_int-ca.crt \ 6590 key_file=data_files/server7.key \ 6591 exchanges=2 renegotiation=1 \ 6592 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 6593 hs_timeout=10000-60000 \ 6594 mtu=1024" \ 6595 "$P_CLI dtls=1 debug_level=2 \ 6596 crt_file=data_files/server8_int-ca2.crt \ 6597 key_file=data_files/server8.key \ 6598 exchanges=2 renegotiation=1 renegotiate=1 \ 6599 hs_timeout=10000-60000 \ 6600 mtu=1024" \ 6601 0 \ 6602 -S "autoreduction" \ 6603 -s "found fragmented DTLS handshake message" \ 6604 -c "found fragmented DTLS handshake message" \ 6605 -C "error" 6606 6607# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6608requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6609requires_config_enabled MBEDTLS_RSA_C 6610requires_config_enabled MBEDTLS_ECDSA_C 6611requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6612requires_config_enabled MBEDTLS_AES_C 6613requires_config_enabled MBEDTLS_GCM_C 6614client_needs_more_time 2 6615run_test "DTLS fragmenting: proxy MTU + 3d" \ 6616 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6617 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 6618 crt_file=data_files/server7_int-ca.crt \ 6619 key_file=data_files/server7.key \ 6620 hs_timeout=250-10000 mtu=512" \ 6621 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6622 crt_file=data_files/server8_int-ca2.crt \ 6623 key_file=data_files/server8.key \ 6624 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6625 hs_timeout=250-10000 mtu=512" \ 6626 0 \ 6627 -s "found fragmented DTLS handshake message" \ 6628 -c "found fragmented DTLS handshake message" \ 6629 -C "error" 6630 6631# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 6632requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6633requires_config_enabled MBEDTLS_RSA_C 6634requires_config_enabled MBEDTLS_ECDSA_C 6635requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA 6636requires_config_enabled MBEDTLS_AES_C 6637requires_config_enabled MBEDTLS_GCM_C 6638client_needs_more_time 2 6639run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 6640 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 6641 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6642 crt_file=data_files/server7_int-ca.crt \ 6643 key_file=data_files/server7.key \ 6644 hs_timeout=250-10000 mtu=512 nbio=2" \ 6645 "$P_CLI dtls=1 debug_level=2 \ 6646 crt_file=data_files/server8_int-ca2.crt \ 6647 key_file=data_files/server8.key \ 6648 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6649 hs_timeout=250-10000 mtu=512 nbio=2" \ 6650 0 \ 6651 -s "found fragmented DTLS handshake message" \ 6652 -c "found fragmented DTLS handshake message" \ 6653 -C "error" 6654 6655# interop tests for DTLS fragmentating with reliable connection 6656# 6657# here and below we just want to test that the we fragment in a way that 6658# pleases other implementations, so we don't need the peer to fragment 6659requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6660requires_config_enabled MBEDTLS_RSA_C 6661requires_config_enabled MBEDTLS_ECDSA_C 6662requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6663requires_gnutls 6664run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 6665 "$G_SRV -u" \ 6666 "$P_CLI dtls=1 debug_level=2 \ 6667 crt_file=data_files/server8_int-ca2.crt \ 6668 key_file=data_files/server8.key \ 6669 mtu=512 force_version=dtls1_2" \ 6670 0 \ 6671 -c "fragmenting handshake message" \ 6672 -C "error" 6673 6674requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6675requires_config_enabled MBEDTLS_RSA_C 6676requires_config_enabled MBEDTLS_ECDSA_C 6677requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6678requires_gnutls 6679run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \ 6680 "$G_SRV -u" \ 6681 "$P_CLI dtls=1 debug_level=2 \ 6682 crt_file=data_files/server8_int-ca2.crt \ 6683 key_file=data_files/server8.key \ 6684 mtu=512 force_version=dtls1" \ 6685 0 \ 6686 -c "fragmenting handshake message" \ 6687 -C "error" 6688 6689# We use --insecure for the GnuTLS client because it expects 6690# the hostname / IP it connects to to be the name used in the 6691# certificate obtained from the server. Here, however, it 6692# connects to 127.0.0.1 while our test certificates use 'localhost' 6693# as the server name in the certificate. This will make the 6694# certifiate validation fail, but passing --insecure makes 6695# GnuTLS continue the connection nonetheless. 6696requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6697requires_config_enabled MBEDTLS_RSA_C 6698requires_config_enabled MBEDTLS_ECDSA_C 6699requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6700requires_gnutls 6701requires_not_i686 6702run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 6703 "$P_SRV dtls=1 debug_level=2 \ 6704 crt_file=data_files/server7_int-ca.crt \ 6705 key_file=data_files/server7.key \ 6706 mtu=512 force_version=dtls1_2" \ 6707 "$G_CLI -u --insecure 127.0.0.1" \ 6708 0 \ 6709 -s "fragmenting handshake message" 6710 6711# See previous test for the reason to use --insecure 6712requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6713requires_config_enabled MBEDTLS_RSA_C 6714requires_config_enabled MBEDTLS_ECDSA_C 6715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6716requires_gnutls 6717requires_not_i686 6718run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \ 6719 "$P_SRV dtls=1 debug_level=2 \ 6720 crt_file=data_files/server7_int-ca.crt \ 6721 key_file=data_files/server7.key \ 6722 mtu=512 force_version=dtls1" \ 6723 "$G_CLI -u --insecure 127.0.0.1" \ 6724 0 \ 6725 -s "fragmenting handshake message" 6726 6727requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6728requires_config_enabled MBEDTLS_RSA_C 6729requires_config_enabled MBEDTLS_ECDSA_C 6730requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6731run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 6732 "$O_SRV -dtls1_2 -verify 10" \ 6733 "$P_CLI dtls=1 debug_level=2 \ 6734 crt_file=data_files/server8_int-ca2.crt \ 6735 key_file=data_files/server8.key \ 6736 mtu=512 force_version=dtls1_2" \ 6737 0 \ 6738 -c "fragmenting handshake message" \ 6739 -C "error" 6740 6741requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6742requires_config_enabled MBEDTLS_RSA_C 6743requires_config_enabled MBEDTLS_ECDSA_C 6744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6745run_test "DTLS fragmenting: openssl server, DTLS 1.0" \ 6746 "$O_SRV -dtls1 -verify 10" \ 6747 "$P_CLI dtls=1 debug_level=2 \ 6748 crt_file=data_files/server8_int-ca2.crt \ 6749 key_file=data_files/server8.key \ 6750 mtu=512 force_version=dtls1" \ 6751 0 \ 6752 -c "fragmenting handshake message" \ 6753 -C "error" 6754 6755requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6756requires_config_enabled MBEDTLS_RSA_C 6757requires_config_enabled MBEDTLS_ECDSA_C 6758requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6759run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 6760 "$P_SRV dtls=1 debug_level=2 \ 6761 crt_file=data_files/server7_int-ca.crt \ 6762 key_file=data_files/server7.key \ 6763 mtu=512 force_version=dtls1_2" \ 6764 "$O_CLI -dtls1_2" \ 6765 0 \ 6766 -s "fragmenting handshake message" 6767 6768requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6769requires_config_enabled MBEDTLS_RSA_C 6770requires_config_enabled MBEDTLS_ECDSA_C 6771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6772run_test "DTLS fragmenting: openssl client, DTLS 1.0" \ 6773 "$P_SRV dtls=1 debug_level=2 \ 6774 crt_file=data_files/server7_int-ca.crt \ 6775 key_file=data_files/server7.key \ 6776 mtu=512 force_version=dtls1" \ 6777 "$O_CLI -dtls1" \ 6778 0 \ 6779 -s "fragmenting handshake message" 6780 6781# interop tests for DTLS fragmentating with unreliable connection 6782# 6783# again we just want to test that the we fragment in a way that 6784# pleases other implementations, so we don't need the peer to fragment 6785requires_gnutls_next 6786requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6787requires_config_enabled MBEDTLS_RSA_C 6788requires_config_enabled MBEDTLS_ECDSA_C 6789requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6790client_needs_more_time 4 6791run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 6792 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6793 "$G_NEXT_SRV -u" \ 6794 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6795 crt_file=data_files/server8_int-ca2.crt \ 6796 key_file=data_files/server8.key \ 6797 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6798 0 \ 6799 -c "fragmenting handshake message" \ 6800 -C "error" 6801 6802requires_gnutls_next 6803requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6804requires_config_enabled MBEDTLS_RSA_C 6805requires_config_enabled MBEDTLS_ECDSA_C 6806requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6807client_needs_more_time 4 6808run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ 6809 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6810 "$G_NEXT_SRV -u" \ 6811 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6812 crt_file=data_files/server8_int-ca2.crt \ 6813 key_file=data_files/server8.key \ 6814 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6815 0 \ 6816 -c "fragmenting handshake message" \ 6817 -C "error" 6818 6819requires_gnutls_next 6820requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6821requires_config_enabled MBEDTLS_RSA_C 6822requires_config_enabled MBEDTLS_ECDSA_C 6823requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6824client_needs_more_time 4 6825run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 6826 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6827 "$P_SRV dtls=1 debug_level=2 \ 6828 crt_file=data_files/server7_int-ca.crt \ 6829 key_file=data_files/server7.key \ 6830 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6831 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 6832 0 \ 6833 -s "fragmenting handshake message" 6834 6835requires_gnutls_next 6836requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6837requires_config_enabled MBEDTLS_RSA_C 6838requires_config_enabled MBEDTLS_ECDSA_C 6839requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6840client_needs_more_time 4 6841run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ 6842 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6843 "$P_SRV dtls=1 debug_level=2 \ 6844 crt_file=data_files/server7_int-ca.crt \ 6845 key_file=data_files/server7.key \ 6846 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6847 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 6848 0 \ 6849 -s "fragmenting handshake message" 6850 6851## Interop test with OpenSSL might trigger a bug in recent versions (including 6852## all versions installed on the CI machines), reported here: 6853## Bug report: https://github.com/openssl/openssl/issues/6902 6854## They should be re-enabled once a fixed version of OpenSSL is available 6855## (this should happen in some 1.1.1_ release according to the ticket). 6856skip_next_test 6857requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6858requires_config_enabled MBEDTLS_RSA_C 6859requires_config_enabled MBEDTLS_ECDSA_C 6860requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6861client_needs_more_time 4 6862run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 6863 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6864 "$O_SRV -dtls1_2 -verify 10" \ 6865 "$P_CLI dtls=1 debug_level=2 \ 6866 crt_file=data_files/server8_int-ca2.crt \ 6867 key_file=data_files/server8.key \ 6868 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6869 0 \ 6870 -c "fragmenting handshake message" \ 6871 -C "error" 6872 6873skip_next_test 6874requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6875requires_config_enabled MBEDTLS_RSA_C 6876requires_config_enabled MBEDTLS_ECDSA_C 6877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6878client_needs_more_time 4 6879run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \ 6880 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6881 "$O_SRV -dtls1 -verify 10" \ 6882 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 6883 crt_file=data_files/server8_int-ca2.crt \ 6884 key_file=data_files/server8.key \ 6885 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6886 0 \ 6887 -c "fragmenting handshake message" \ 6888 -C "error" 6889 6890skip_next_test 6891requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6892requires_config_enabled MBEDTLS_RSA_C 6893requires_config_enabled MBEDTLS_ECDSA_C 6894requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6895client_needs_more_time 4 6896run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 6897 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6898 "$P_SRV dtls=1 debug_level=2 \ 6899 crt_file=data_files/server7_int-ca.crt \ 6900 key_file=data_files/server7.key \ 6901 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ 6902 "$O_CLI -dtls1_2" \ 6903 0 \ 6904 -s "fragmenting handshake message" 6905 6906# -nbio is added to prevent s_client from blocking in case of duplicated 6907# messages at the end of the handshake 6908skip_next_test 6909requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6910requires_config_enabled MBEDTLS_RSA_C 6911requires_config_enabled MBEDTLS_ECDSA_C 6912requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 6913client_needs_more_time 4 6914run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \ 6915 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 6916 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \ 6917 crt_file=data_files/server7_int-ca.crt \ 6918 key_file=data_files/server7.key \ 6919 hs_timeout=250-60000 mtu=512 force_version=dtls1" \ 6920 "$O_CLI -nbio -dtls1" \ 6921 0 \ 6922 -s "fragmenting handshake message" 6923 6924# Tests for specific things with "unreliable" UDP connection 6925 6926not_with_valgrind # spurious resend due to timeout 6927run_test "DTLS proxy: reference" \ 6928 -p "$P_PXY" \ 6929 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ 6930 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 6931 0 \ 6932 -C "replayed record" \ 6933 -S "replayed record" \ 6934 -C "record from another epoch" \ 6935 -S "record from another epoch" \ 6936 -C "discarding invalid record" \ 6937 -S "discarding invalid record" \ 6938 -S "resend" \ 6939 -s "Extra-header:" \ 6940 -c "HTTP/1.0 200 OK" 6941 6942not_with_valgrind # spurious resend due to timeout 6943run_test "DTLS proxy: duplicate every packet" \ 6944 -p "$P_PXY duplicate=1" \ 6945 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 6946 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 6947 0 \ 6948 -c "replayed record" \ 6949 -s "replayed record" \ 6950 -c "record from another epoch" \ 6951 -s "record from another epoch" \ 6952 -S "resend" \ 6953 -s "Extra-header:" \ 6954 -c "HTTP/1.0 200 OK" 6955 6956run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 6957 -p "$P_PXY duplicate=1" \ 6958 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 6959 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6960 0 \ 6961 -c "replayed record" \ 6962 -S "replayed record" \ 6963 -c "record from another epoch" \ 6964 -s "record from another epoch" \ 6965 -c "resend" \ 6966 -s "resend" \ 6967 -s "Extra-header:" \ 6968 -c "HTTP/1.0 200 OK" 6969 6970run_test "DTLS proxy: multiple records in same datagram" \ 6971 -p "$P_PXY pack=50" \ 6972 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 6973 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6974 0 \ 6975 -c "next record in same datagram" \ 6976 -s "next record in same datagram" 6977 6978run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 6979 -p "$P_PXY pack=50 duplicate=1" \ 6980 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 6981 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 6982 0 \ 6983 -c "next record in same datagram" \ 6984 -s "next record in same datagram" 6985 6986run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 6987 -p "$P_PXY bad_ad=1" \ 6988 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 6989 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 6990 0 \ 6991 -c "discarding invalid record (mac)" \ 6992 -s "discarding invalid record (mac)" \ 6993 -s "Extra-header:" \ 6994 -c "HTTP/1.0 200 OK" \ 6995 -S "too many records with bad MAC" \ 6996 -S "Verification of the message MAC failed" 6997 6998run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 6999 -p "$P_PXY bad_ad=1" \ 7000 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 7001 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 7002 1 \ 7003 -C "discarding invalid record (mac)" \ 7004 -S "discarding invalid record (mac)" \ 7005 -S "Extra-header:" \ 7006 -C "HTTP/1.0 200 OK" \ 7007 -s "too many records with bad MAC" \ 7008 -s "Verification of the message MAC failed" 7009 7010run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 7011 -p "$P_PXY bad_ad=1" \ 7012 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 7013 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 7014 0 \ 7015 -c "discarding invalid record (mac)" \ 7016 -s "discarding invalid record (mac)" \ 7017 -s "Extra-header:" \ 7018 -c "HTTP/1.0 200 OK" \ 7019 -S "too many records with bad MAC" \ 7020 -S "Verification of the message MAC failed" 7021 7022run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 7023 -p "$P_PXY bad_ad=1" \ 7024 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 7025 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 7026 1 \ 7027 -c "discarding invalid record (mac)" \ 7028 -s "discarding invalid record (mac)" \ 7029 -s "Extra-header:" \ 7030 -c "HTTP/1.0 200 OK" \ 7031 -s "too many records with bad MAC" \ 7032 -s "Verification of the message MAC failed" 7033 7034run_test "DTLS proxy: delay ChangeCipherSpec" \ 7035 -p "$P_PXY delay_ccs=1" \ 7036 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 7037 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 7038 0 \ 7039 -c "record from another epoch" \ 7040 -s "record from another epoch" \ 7041 -s "Extra-header:" \ 7042 -c "HTTP/1.0 200 OK" 7043 7044# Tests for reordering support with DTLS 7045 7046run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 7047 -p "$P_PXY delay_srv=ServerHello" \ 7048 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7049 hs_timeout=2500-60000" \ 7050 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7051 hs_timeout=2500-60000" \ 7052 0 \ 7053 -c "Buffering HS message" \ 7054 -c "Next handshake message has been buffered - load"\ 7055 -S "Buffering HS message" \ 7056 -S "Next handshake message has been buffered - load"\ 7057 -C "Injecting buffered CCS message" \ 7058 -C "Remember CCS message" \ 7059 -S "Injecting buffered CCS message" \ 7060 -S "Remember CCS message" 7061 7062run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 7063 -p "$P_PXY delay_srv=ServerHello" \ 7064 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7065 hs_timeout=2500-60000" \ 7066 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7067 hs_timeout=2500-60000" \ 7068 0 \ 7069 -c "Buffering HS message" \ 7070 -c "found fragmented DTLS handshake message"\ 7071 -c "Next handshake message 1 not or only partially bufffered" \ 7072 -c "Next handshake message has been buffered - load"\ 7073 -S "Buffering HS message" \ 7074 -S "Next handshake message has been buffered - load"\ 7075 -C "Injecting buffered CCS message" \ 7076 -C "Remember CCS message" \ 7077 -S "Injecting buffered CCS message" \ 7078 -S "Remember CCS message" 7079 7080# The client buffers the ServerKeyExchange before receiving the fragmented 7081# Certificate message; at the time of writing, together these are aroudn 1200b 7082# in size, so that the bound below ensures that the certificate can be reassembled 7083# while keeping the ServerKeyExchange. 7084requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 7085run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 7086 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7087 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7088 hs_timeout=2500-60000" \ 7089 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7090 hs_timeout=2500-60000" \ 7091 0 \ 7092 -c "Buffering HS message" \ 7093 -c "Next handshake message has been buffered - load"\ 7094 -C "attempt to make space by freeing buffered messages" \ 7095 -S "Buffering HS message" \ 7096 -S "Next handshake message has been buffered - load"\ 7097 -C "Injecting buffered CCS message" \ 7098 -C "Remember CCS message" \ 7099 -S "Injecting buffered CCS message" \ 7100 -S "Remember CCS message" 7101 7102# The size constraints ensure that the delayed certificate message can't 7103# be reassembled while keeping the ServerKeyExchange message, but it can 7104# when dropping it first. 7105requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 7106requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 7107run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 7108 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 7109 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7110 hs_timeout=2500-60000" \ 7111 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7112 hs_timeout=2500-60000" \ 7113 0 \ 7114 -c "Buffering HS message" \ 7115 -c "attempt to make space by freeing buffered future messages" \ 7116 -c "Enough space available after freeing buffered HS messages" \ 7117 -S "Buffering HS message" \ 7118 -S "Next handshake message has been buffered - load"\ 7119 -C "Injecting buffered CCS message" \ 7120 -C "Remember CCS message" \ 7121 -S "Injecting buffered CCS message" \ 7122 -S "Remember CCS message" 7123 7124run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 7125 -p "$P_PXY delay_cli=Certificate" \ 7126 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 7127 hs_timeout=2500-60000" \ 7128 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7129 hs_timeout=2500-60000" \ 7130 0 \ 7131 -C "Buffering HS message" \ 7132 -C "Next handshake message has been buffered - load"\ 7133 -s "Buffering HS message" \ 7134 -s "Next handshake message has been buffered - load" \ 7135 -C "Injecting buffered CCS message" \ 7136 -C "Remember CCS message" \ 7137 -S "Injecting buffered CCS message" \ 7138 -S "Remember CCS message" 7139 7140run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 7141 -p "$P_PXY delay_srv=NewSessionTicket" \ 7142 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7143 hs_timeout=2500-60000" \ 7144 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7145 hs_timeout=2500-60000" \ 7146 0 \ 7147 -C "Buffering HS message" \ 7148 -C "Next handshake message has been buffered - load"\ 7149 -S "Buffering HS message" \ 7150 -S "Next handshake message has been buffered - load" \ 7151 -c "Injecting buffered CCS message" \ 7152 -c "Remember CCS message" \ 7153 -S "Injecting buffered CCS message" \ 7154 -S "Remember CCS message" 7155 7156run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 7157 -p "$P_PXY delay_cli=ClientKeyExchange" \ 7158 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7159 hs_timeout=2500-60000" \ 7160 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7161 hs_timeout=2500-60000" \ 7162 0 \ 7163 -C "Buffering HS message" \ 7164 -C "Next handshake message has been buffered - load"\ 7165 -S "Buffering HS message" \ 7166 -S "Next handshake message has been buffered - load" \ 7167 -C "Injecting buffered CCS message" \ 7168 -C "Remember CCS message" \ 7169 -s "Injecting buffered CCS message" \ 7170 -s "Remember CCS message" 7171 7172run_test "DTLS reordering: Buffer encrypted Finished message" \ 7173 -p "$P_PXY delay_ccs=1" \ 7174 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 7175 hs_timeout=2500-60000" \ 7176 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7177 hs_timeout=2500-60000" \ 7178 0 \ 7179 -s "Buffer record from epoch 1" \ 7180 -s "Found buffered record from current epoch - load" \ 7181 -c "Buffer record from epoch 1" \ 7182 -c "Found buffered record from current epoch - load" 7183 7184# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 7185# from the server are delayed, so that the encrypted Finished message 7186# is received and buffered. When the fragmented NewSessionTicket comes 7187# in afterwards, the encrypted Finished message must be freed in order 7188# to make space for the NewSessionTicket to be reassembled. 7189# This works only in very particular circumstances: 7190# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 7191# of the NewSessionTicket, but small enough to also allow buffering of 7192# the encrypted Finished message. 7193# - The MTU setting on the server must be so small that the NewSessionTicket 7194# needs to be fragmented. 7195# - All messages sent by the server must be small enough to be either sent 7196# without fragmentation or be reassembled within the bounds of 7197# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 7198# handshake, omitting CRTs. 7199requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240 7200requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280 7201run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 7202 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 7203 "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 7204 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ 7205 0 \ 7206 -s "Buffer record from epoch 1" \ 7207 -s "Found buffered record from current epoch - load" \ 7208 -c "Buffer record from epoch 1" \ 7209 -C "Found buffered record from current epoch - load" \ 7210 -c "Enough space available after freeing future epoch record" 7211 7212# Tests for "randomly unreliable connection": try a variety of flows and peers 7213 7214client_needs_more_time 2 7215run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 7216 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7217 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7218 psk=abc123" \ 7219 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7220 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7221 0 \ 7222 -s "Extra-header:" \ 7223 -c "HTTP/1.0 200 OK" 7224 7225client_needs_more_time 2 7226run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 7227 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7228 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7229 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 7230 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 7231 0 \ 7232 -s "Extra-header:" \ 7233 -c "HTTP/1.0 200 OK" 7234 7235client_needs_more_time 2 7236run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 7237 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7238 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 7239 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7240 0 \ 7241 -s "Extra-header:" \ 7242 -c "HTTP/1.0 200 OK" 7243 7244client_needs_more_time 2 7245run_test "DTLS proxy: 3d, FS, client auth" \ 7246 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7247 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 7248 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 7249 0 \ 7250 -s "Extra-header:" \ 7251 -c "HTTP/1.0 200 OK" 7252 7253client_needs_more_time 2 7254run_test "DTLS proxy: 3d, FS, ticket" \ 7255 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7256 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 7257 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7258 0 \ 7259 -s "Extra-header:" \ 7260 -c "HTTP/1.0 200 OK" 7261 7262client_needs_more_time 2 7263run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 7264 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7265 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 7266 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 7267 0 \ 7268 -s "Extra-header:" \ 7269 -c "HTTP/1.0 200 OK" 7270 7271client_needs_more_time 2 7272run_test "DTLS proxy: 3d, max handshake, nbio" \ 7273 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7274 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 7275 auth_mode=required" \ 7276 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 7277 0 \ 7278 -s "Extra-header:" \ 7279 -c "HTTP/1.0 200 OK" 7280 7281client_needs_more_time 4 7282run_test "DTLS proxy: 3d, min handshake, resumption" \ 7283 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7284 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7285 psk=abc123 debug_level=3" \ 7286 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7287 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 7288 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7289 0 \ 7290 -s "a session has been resumed" \ 7291 -c "a session has been resumed" \ 7292 -s "Extra-header:" \ 7293 -c "HTTP/1.0 200 OK" 7294 7295client_needs_more_time 4 7296run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 7297 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7298 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7299 psk=abc123 debug_level=3 nbio=2" \ 7300 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7301 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 7302 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 7303 0 \ 7304 -s "a session has been resumed" \ 7305 -c "a session has been resumed" \ 7306 -s "Extra-header:" \ 7307 -c "HTTP/1.0 200 OK" 7308 7309client_needs_more_time 4 7310requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7311run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 7312 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7313 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7314 psk=abc123 renegotiation=1 debug_level=2" \ 7315 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7316 renegotiate=1 debug_level=2 \ 7317 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7318 0 \ 7319 -c "=> renegotiate" \ 7320 -s "=> renegotiate" \ 7321 -s "Extra-header:" \ 7322 -c "HTTP/1.0 200 OK" 7323 7324client_needs_more_time 4 7325requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7326run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 7327 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7328 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7329 psk=abc123 renegotiation=1 debug_level=2" \ 7330 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7331 renegotiate=1 debug_level=2 \ 7332 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7333 0 \ 7334 -c "=> renegotiate" \ 7335 -s "=> renegotiate" \ 7336 -s "Extra-header:" \ 7337 -c "HTTP/1.0 200 OK" 7338 7339client_needs_more_time 4 7340requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7341run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 7342 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7343 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7344 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7345 debug_level=2" \ 7346 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7347 renegotiation=1 exchanges=4 debug_level=2 \ 7348 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7349 0 \ 7350 -c "=> renegotiate" \ 7351 -s "=> renegotiate" \ 7352 -s "Extra-header:" \ 7353 -c "HTTP/1.0 200 OK" 7354 7355client_needs_more_time 4 7356requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7357run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 7358 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7359 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 7360 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 7361 debug_level=2 nbio=2" \ 7362 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 7363 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 7364 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 7365 0 \ 7366 -c "=> renegotiate" \ 7367 -s "=> renegotiate" \ 7368 -s "Extra-header:" \ 7369 -c "HTTP/1.0 200 OK" 7370 7371## Interop tests with OpenSSL might trigger a bug in recent versions (including 7372## all versions installed on the CI machines), reported here: 7373## Bug report: https://github.com/openssl/openssl/issues/6902 7374## They should be re-enabled once a fixed version of OpenSSL is available 7375## (this should happen in some 1.1.1_ release according to the ticket). 7376skip_next_test 7377client_needs_more_time 6 7378not_with_valgrind # risk of non-mbedtls peer timing out 7379run_test "DTLS proxy: 3d, openssl server" \ 7380 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7381 "$O_SRV -dtls1 -mtu 2048" \ 7382 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7383 0 \ 7384 -c "HTTP/1.0 200 OK" 7385 7386skip_next_test # see above 7387client_needs_more_time 8 7388not_with_valgrind # risk of non-mbedtls peer timing out 7389run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 7390 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7391 "$O_SRV -dtls1 -mtu 768" \ 7392 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 7393 0 \ 7394 -c "HTTP/1.0 200 OK" 7395 7396skip_next_test # see above 7397client_needs_more_time 8 7398not_with_valgrind # risk of non-mbedtls peer timing out 7399run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 7400 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 7401 "$O_SRV -dtls1 -mtu 768" \ 7402 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 7403 0 \ 7404 -c "HTTP/1.0 200 OK" 7405 7406requires_gnutls 7407client_needs_more_time 6 7408not_with_valgrind # risk of non-mbedtls peer timing out 7409run_test "DTLS proxy: 3d, gnutls server" \ 7410 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7411 "$G_SRV -u --mtu 2048 -a" \ 7412 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7413 0 \ 7414 -s "Extra-header:" \ 7415 -c "Extra-header:" 7416 7417requires_gnutls_next 7418client_needs_more_time 8 7419not_with_valgrind # risk of non-mbedtls peer timing out 7420run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 7421 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7422 "$G_NEXT_SRV -u --mtu 512" \ 7423 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 7424 0 \ 7425 -s "Extra-header:" \ 7426 -c "Extra-header:" 7427 7428requires_gnutls_next 7429client_needs_more_time 8 7430not_with_valgrind # risk of non-mbedtls peer timing out 7431run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 7432 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 7433 "$G_NEXT_SRV -u --mtu 512" \ 7434 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 7435 0 \ 7436 -s "Extra-header:" \ 7437 -c "Extra-header:" 7438 7439# Final report 7440 7441echo "------------------------------------------------------------------------" 7442 7443if [ $FAILS = 0 ]; then 7444 printf "PASSED" 7445else 7446 printf "FAILED" 7447fi 7448PASSES=$(( $TESTS - $FAILS )) 7449echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 7450 7451exit $FAILS 7452