1#!/bin/sh 2 3# ssl-opt.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 7# 8# Licensed under the Apache License, Version 2.0 (the "License"); you may 9# not use this file except in compliance with the License. 10# You may obtain a copy of the License at 11# 12# http://www.apache.org/licenses/LICENSE-2.0 13# 14# Unless required by applicable law or agreed to in writing, software 15# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 16# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 17# See the License for the specific language governing permissions and 18# limitations under the License. 19# 20# Purpose 21# 22# Executes tests to prove various TLS/SSL options and extensions. 23# 24# The goal is not to cover every ciphersuite/version, but instead to cover 25# specific options (max fragment length, truncated hmac, etc) or procedures 26# (session resumption from cache or ticket, renego, etc). 27# 28# The tests assume a build with default options, with exceptions expressed 29# with a dependency. The tests focus on functionality and do not consider 30# performance. 31# 32 33set -u 34 35# Limit the size of each log to 10 GiB, in case of failures with this script 36# where it may output seemingly unlimited length error logs. 37ulimit -f 20971520 38 39ORIGINAL_PWD=$PWD 40if ! cd "$(dirname "$0")"; then 41 exit 125 42fi 43 44# default values, can be overridden by the environment 45: ${P_SRV:=../programs/ssl/ssl_server2} 46: ${P_CLI:=../programs/ssl/ssl_client2} 47: ${P_PXY:=../programs/test/udp_proxy} 48: ${P_QUERY:=../programs/test/query_compile_time_config} 49: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system 50: ${GNUTLS_CLI:=gnutls-cli} 51: ${GNUTLS_SERV:=gnutls-serv} 52: ${PERL:=perl} 53 54guess_config_name() { 55 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then 56 echo "default" 57 else 58 echo "unknown" 59 fi 60} 61: ${MBEDTLS_TEST_OUTCOME_FILE=} 62: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} 63: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 64 65O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key" 66O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client" 67G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 68G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt" 69TCP_CLIENT="$PERL scripts/tcp_client.pl" 70 71# alternative versions of OpenSSL and GnuTLS (no default path) 72 73if [ -n "${OPENSSL_LEGACY:-}" ]; then 74 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" 75 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" 76else 77 O_LEGACY_SRV=false 78 O_LEGACY_CLI=false 79fi 80 81if [ -n "${OPENSSL_NEXT:-}" ]; then 82 O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" 83 O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " 84 O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" 85else 86 O_NEXT_SRV=false 87 O_NEXT_SRV_NO_CERT=false 88 O_NEXT_CLI=false 89fi 90 91if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 92 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 93 G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" 94else 95 G_NEXT_SRV=false 96 G_NEXT_SRV_NO_CERT=false 97fi 98 99if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 100 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" 101else 102 G_NEXT_CLI=false 103fi 104 105TESTS=0 106FAILS=0 107SKIPS=0 108 109CONFIG_H='../include/mbedtls/mbedtls_config.h' 110 111MEMCHECK=0 112FILTER='.*' 113EXCLUDE='^$' 114 115SHOW_TEST_NUMBER=0 116RUN_TEST_NUMBER='' 117 118PRESERVE_LOGS=0 119 120# Pick a "unique" server port in the range 10000-19999, and a proxy 121# port which is this plus 10000. Each port number may be independently 122# overridden by a command line option. 123SRV_PORT=$(($$ % 10000 + 10000)) 124PXY_PORT=$((SRV_PORT + 10000)) 125 126print_usage() { 127 echo "Usage: $0 [options]" 128 printf " -h|--help\tPrint this help.\n" 129 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 130 printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" 131 printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" 132 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 133 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 134 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 135 printf " --outcome-file\tFile where test outcomes are written\n" 136 printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" 137 printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" 138 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 139 printf " --seed \tInteger seed value to use for this test run\n" 140} 141 142get_options() { 143 while [ $# -gt 0 ]; do 144 case "$1" in 145 -f|--filter) 146 shift; FILTER=$1 147 ;; 148 -e|--exclude) 149 shift; EXCLUDE=$1 150 ;; 151 -m|--memcheck) 152 MEMCHECK=1 153 ;; 154 -n|--number) 155 shift; RUN_TEST_NUMBER=$1 156 ;; 157 -s|--show-numbers) 158 SHOW_TEST_NUMBER=1 159 ;; 160 -p|--preserve-logs) 161 PRESERVE_LOGS=1 162 ;; 163 --port) 164 shift; SRV_PORT=$1 165 ;; 166 --proxy-port) 167 shift; PXY_PORT=$1 168 ;; 169 --seed) 170 shift; SEED="$1" 171 ;; 172 -h|--help) 173 print_usage 174 exit 0 175 ;; 176 *) 177 echo "Unknown argument: '$1'" 178 print_usage 179 exit 1 180 ;; 181 esac 182 shift 183 done 184} 185 186# Make the outcome file path relative to the original directory, not 187# to .../tests 188case "$MBEDTLS_TEST_OUTCOME_FILE" in 189 [!/]*) 190 MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" 191 ;; 192esac 193 194# Read boolean configuration options from mbedtls_config.h for easy and quick 195# testing. Skip non-boolean options (with something other than spaces 196# and a comment after "#define SYMBOL"). The variable contains a 197# space-separated list of symbols. 198CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" 199# Skip next test; use this macro to skip tests which are legitimate 200# in theory and expected to be re-introduced at some point, but 201# aren't expected to succeed at the moment due to problems outside 202# our control (such as bugs in other TLS implementations). 203skip_next_test() { 204 SKIP_NEXT="YES" 205} 206 207# skip next test if the flag is not enabled in mbedtls_config.h 208requires_config_enabled() { 209 case $CONFIGS_ENABLED in 210 *" $1"[\ =]*) :;; 211 *) SKIP_NEXT="YES";; 212 esac 213} 214 215# skip next test if the flag is enabled in mbedtls_config.h 216requires_config_disabled() { 217 case $CONFIGS_ENABLED in 218 *" $1"[\ =]*) SKIP_NEXT="YES";; 219 esac 220} 221 222get_config_value_or_default() { 223 # This function uses the query_config command line option to query the 224 # required Mbed TLS compile time configuration from the ssl_server2 225 # program. The command will always return a success value if the 226 # configuration is defined and the value will be printed to stdout. 227 # 228 # Note that if the configuration is not defined or is defined to nothing, 229 # the output of this function will be an empty string. 230 ${P_SRV} "query_config=${1}" 231} 232 233requires_config_value_at_least() { 234 VAL="$( get_config_value_or_default "$1" )" 235 if [ -z "$VAL" ]; then 236 # Should never happen 237 echo "Mbed TLS configuration $1 is not defined" 238 exit 1 239 elif [ "$VAL" -lt "$2" ]; then 240 SKIP_NEXT="YES" 241 fi 242} 243 244requires_config_value_at_most() { 245 VAL=$( get_config_value_or_default "$1" ) 246 if [ -z "$VAL" ]; then 247 # Should never happen 248 echo "Mbed TLS configuration $1 is not defined" 249 exit 1 250 elif [ "$VAL" -gt "$2" ]; then 251 SKIP_NEXT="YES" 252 fi 253} 254 255requires_config_value_equals() { 256 VAL=$( get_config_value_or_default "$1" ) 257 if [ -z "$VAL" ]; then 258 # Should never happen 259 echo "Mbed TLS configuration $1 is not defined" 260 exit 1 261 elif [ "$VAL" -ne "$2" ]; then 262 SKIP_NEXT="YES" 263 fi 264} 265 266# Space-separated list of ciphersuites supported by this build of 267# Mbed TLS. 268P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | 269 grep 'TLS-\|TLS1-3' | 270 tr -s ' \n' ' ')" 271requires_ciphersuite_enabled() { 272 case $P_CIPHERSUITES in 273 *" $1 "*) :;; 274 *) SKIP_NEXT="YES";; 275 esac 276} 277 278# maybe_requires_ciphersuite_enabled CMD [RUN_TEST_OPTION...] 279# If CMD (call to a TLS client or server program) requires a specific 280# ciphersuite, arrange to only run the test case if this ciphersuite is 281# enabled. 282maybe_requires_ciphersuite_enabled() { 283 case "$1" in 284 *\ force_ciphersuite=*) :;; 285 *) return;; # No specific required ciphersuite 286 esac 287 ciphersuite="${1##*\ force_ciphersuite=}" 288 ciphersuite="${ciphersuite%%[!-0-9A-Z_a-z]*}" 289 shift 290 291 requires_ciphersuite_enabled "$ciphersuite" 292 293 unset ciphersuite 294} 295 296# skip next test if OpenSSL doesn't support FALLBACK_SCSV 297requires_openssl_with_fallback_scsv() { 298 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 299 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null 300 then 301 OPENSSL_HAS_FBSCSV="YES" 302 else 303 OPENSSL_HAS_FBSCSV="NO" 304 fi 305 fi 306 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 307 SKIP_NEXT="YES" 308 fi 309} 310 311# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value 312requires_max_content_len() { 313 requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 314 requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 315} 316 317# skip next test if GnuTLS isn't available 318requires_gnutls() { 319 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 320 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 321 GNUTLS_AVAILABLE="YES" 322 else 323 GNUTLS_AVAILABLE="NO" 324 fi 325 fi 326 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 327 SKIP_NEXT="YES" 328 fi 329} 330 331# skip next test if GnuTLS-next isn't available 332requires_gnutls_next() { 333 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 334 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 335 GNUTLS_NEXT_AVAILABLE="YES" 336 else 337 GNUTLS_NEXT_AVAILABLE="NO" 338 fi 339 fi 340 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 341 SKIP_NEXT="YES" 342 fi 343} 344 345# skip next test if OpenSSL-legacy isn't available 346requires_openssl_legacy() { 347 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then 348 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then 349 OPENSSL_LEGACY_AVAILABLE="YES" 350 else 351 OPENSSL_LEGACY_AVAILABLE="NO" 352 fi 353 fi 354 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then 355 SKIP_NEXT="YES" 356 fi 357} 358 359requires_openssl_next() { 360 if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then 361 if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then 362 OPENSSL_NEXT_AVAILABLE="YES" 363 else 364 OPENSSL_NEXT_AVAILABLE="NO" 365 fi 366 fi 367 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 368 SKIP_NEXT="YES" 369 fi 370} 371 372# skip next test if tls1_3 is not available 373requires_openssl_tls1_3() { 374 requires_openssl_next 375 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 376 OPENSSL_TLS1_3_AVAILABLE="NO" 377 fi 378 if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then 379 if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null 380 then 381 OPENSSL_TLS1_3_AVAILABLE="YES" 382 else 383 OPENSSL_TLS1_3_AVAILABLE="NO" 384 fi 385 fi 386 if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then 387 SKIP_NEXT="YES" 388 fi 389} 390 391# skip next test if tls1_3 is not available 392requires_gnutls_tls1_3() { 393 requires_gnutls_next 394 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 395 GNUTLS_TLS1_3_AVAILABLE="NO" 396 fi 397 if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then 398 if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null 399 then 400 GNUTLS_TLS1_3_AVAILABLE="YES" 401 else 402 GNUTLS_TLS1_3_AVAILABLE="NO" 403 fi 404 fi 405 if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then 406 SKIP_NEXT="YES" 407 fi 408} 409 410# Check %NO_TICKETS option 411requires_gnutls_next_no_ticket() { 412 requires_gnutls_next 413 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 414 GNUTLS_NO_TICKETS_AVAILABLE="NO" 415 fi 416 if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then 417 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null 418 then 419 GNUTLS_NO_TICKETS_AVAILABLE="YES" 420 else 421 GNUTLS_NO_TICKETS_AVAILABLE="NO" 422 fi 423 fi 424 if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then 425 SKIP_NEXT="YES" 426 fi 427} 428 429# Check %DISABLE_TLS13_COMPAT_MODE option 430requires_gnutls_next_disable_tls13_compat() { 431 requires_gnutls_next 432 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 433 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 434 fi 435 if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then 436 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null 437 then 438 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" 439 else 440 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 441 fi 442 fi 443 if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then 444 SKIP_NEXT="YES" 445 fi 446} 447 448# skip next test if IPv6 isn't available on this host 449requires_ipv6() { 450 if [ -z "${HAS_IPV6:-}" ]; then 451 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 452 SRV_PID=$! 453 sleep 1 454 kill $SRV_PID >/dev/null 2>&1 455 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 456 HAS_IPV6="NO" 457 else 458 HAS_IPV6="YES" 459 fi 460 rm -r $SRV_OUT 461 fi 462 463 if [ "$HAS_IPV6" = "NO" ]; then 464 SKIP_NEXT="YES" 465 fi 466} 467 468# skip next test if it's i686 or uname is not available 469requires_not_i686() { 470 if [ -z "${IS_I686:-}" ]; then 471 IS_I686="YES" 472 if which "uname" >/dev/null 2>&1; then 473 if [ -z "$(uname -a | grep i686)" ]; then 474 IS_I686="NO" 475 fi 476 fi 477 fi 478 if [ "$IS_I686" = "YES" ]; then 479 SKIP_NEXT="YES" 480 fi 481} 482 483# Calculate the input & output maximum content lengths set in the config 484MAX_CONTENT_LEN=16384 485MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) 486MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) 487 488# Calculate the maximum content length that fits both 489if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 490 MAX_CONTENT_LEN="$MAX_IN_LEN" 491fi 492if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 493 MAX_CONTENT_LEN="$MAX_OUT_LEN" 494fi 495 496# skip the next test if the SSL output buffer is less than 16KB 497requires_full_size_output_buffer() { 498 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 499 SKIP_NEXT="YES" 500 fi 501} 502 503# skip the next test if valgrind is in use 504not_with_valgrind() { 505 if [ "$MEMCHECK" -gt 0 ]; then 506 SKIP_NEXT="YES" 507 fi 508} 509 510# skip the next test if valgrind is NOT in use 511only_with_valgrind() { 512 if [ "$MEMCHECK" -eq 0 ]; then 513 SKIP_NEXT="YES" 514 fi 515} 516 517# multiply the client timeout delay by the given factor for the next test 518client_needs_more_time() { 519 CLI_DELAY_FACTOR=$1 520} 521 522# wait for the given seconds after the client finished in the next test 523server_needs_more_time() { 524 SRV_DELAY_SECONDS=$1 525} 526 527# print_name <name> 528print_name() { 529 TESTS=$(( $TESTS + 1 )) 530 LINE="" 531 532 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 533 LINE="$TESTS " 534 fi 535 536 LINE="$LINE$1" 537 printf "%s " "$LINE" 538 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 539 for i in `seq 1 $LEN`; do printf '.'; done 540 printf ' ' 541 542} 543 544# record_outcome <outcome> [<failure-reason>] 545# The test name must be in $NAME. 546record_outcome() { 547 echo "$1" 548 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then 549 printf '%s;%s;%s;%s;%s;%s\n' \ 550 "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ 551 "ssl-opt" "$NAME" \ 552 "$1" "${2-}" \ 553 >>"$MBEDTLS_TEST_OUTCOME_FILE" 554 fi 555} 556 557# True if the presence of the given pattern in a log definitely indicates 558# that the test has failed. False if the presence is inconclusive. 559# 560# Inputs: 561# * $1: pattern found in the logs 562# * $TIMES_LEFT: >0 if retrying is an option 563# 564# Outputs: 565# * $outcome: set to a retry reason if the pattern is inconclusive, 566# unchanged otherwise. 567# * Return value: 1 if the pattern is inconclusive, 568# 0 if the failure is definitive. 569log_pattern_presence_is_conclusive() { 570 # If we've run out of attempts, then don't retry no matter what. 571 if [ $TIMES_LEFT -eq 0 ]; then 572 return 0 573 fi 574 case $1 in 575 "resend") 576 # An undesired resend may have been caused by the OS dropping or 577 # delaying a packet at an inopportune time. 578 outcome="RETRY(resend)" 579 return 1;; 580 esac 581} 582 583# fail <message> 584fail() { 585 record_outcome "FAIL" "$1" 586 echo " ! $1" 587 588 mv $SRV_OUT o-srv-${TESTS}.log 589 mv $CLI_OUT o-cli-${TESTS}.log 590 if [ -n "$PXY_CMD" ]; then 591 mv $PXY_OUT o-pxy-${TESTS}.log 592 fi 593 echo " ! outputs saved to o-XXX-${TESTS}.log" 594 595 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 596 echo " ! server output:" 597 cat o-srv-${TESTS}.log 598 echo " ! ========================================================" 599 echo " ! client output:" 600 cat o-cli-${TESTS}.log 601 if [ -n "$PXY_CMD" ]; then 602 echo " ! ========================================================" 603 echo " ! proxy output:" 604 cat o-pxy-${TESTS}.log 605 fi 606 echo "" 607 fi 608 609 FAILS=$(( $FAILS + 1 )) 610} 611 612# is_polar <cmd_line> 613is_polar() { 614 case "$1" in 615 *ssl_client2*) true;; 616 *ssl_server2*) true;; 617 *) false;; 618 esac 619} 620 621# openssl s_server doesn't have -www with DTLS 622check_osrv_dtls() { 623 case "$SRV_CMD" in 624 *s_server*-dtls*) 625 NEEDS_INPUT=1 626 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; 627 *) NEEDS_INPUT=0;; 628 esac 629} 630 631# provide input to commands that need it 632provide_input() { 633 if [ $NEEDS_INPUT -eq 0 ]; then 634 return 635 fi 636 637 while true; do 638 echo "HTTP/1.0 200 OK" 639 sleep 1 640 done 641} 642 643# has_mem_err <log_file_name> 644has_mem_err() { 645 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 646 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 647 then 648 return 1 # false: does not have errors 649 else 650 return 0 # true: has errors 651 fi 652} 653 654# Wait for process $2 named $3 to be listening on port $1. Print error to $4. 655if type lsof >/dev/null 2>/dev/null; then 656 wait_app_start() { 657 newline=' 658' 659 START_TIME=$(date +%s) 660 if [ "$DTLS" -eq 1 ]; then 661 proto=UDP 662 else 663 proto=TCP 664 fi 665 # Make a tight loop, server normally takes less than 1s to start. 666 while true; do 667 SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -F p) 668 # When we use a proxy, it will be listening on the same port we 669 # are checking for as well as the server and lsof will list both. 670 # If multiple PIDs are returned, each one will be on a separate 671 # line, each prepended with 'p'. 672 case ${newline}${SERVER_PIDS}${newline} in 673 *${newline}p${2}${newline}*) break;; 674 esac 675 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 676 echo "$3 START TIMEOUT" 677 echo "$3 START TIMEOUT" >> $4 678 break 679 fi 680 # Linux and *BSD support decimal arguments to sleep. On other 681 # OSes this may be a tight loop. 682 sleep 0.1 2>/dev/null || true 683 done 684 } 685else 686 echo "Warning: lsof not available, wait_app_start = sleep" 687 wait_app_start() { 688 sleep "$START_DELAY" 689 } 690fi 691 692# Wait for server process $2 to be listening on port $1. 693wait_server_start() { 694 wait_app_start $1 $2 "SERVER" $SRV_OUT 695} 696 697# Wait for proxy process $2 to be listening on port $1. 698wait_proxy_start() { 699 wait_app_start $1 $2 "PROXY" $PXY_OUT 700} 701 702# Given the client or server debug output, parse the unix timestamp that is 703# included in the first 4 bytes of the random bytes and check that it's within 704# acceptable bounds 705check_server_hello_time() { 706 # Extract the time from the debug (lvl 3) output of the client 707 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 708 # Get the Unix timestamp for now 709 CUR_TIME=$(date +'%s') 710 THRESHOLD_IN_SECS=300 711 712 # Check if the ServerHello time was printed 713 if [ -z "$SERVER_HELLO_TIME" ]; then 714 return 1 715 fi 716 717 # Check the time in ServerHello is within acceptable bounds 718 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 719 # The time in ServerHello is at least 5 minutes before now 720 return 1 721 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 722 # The time in ServerHello is at least 5 minutes later than now 723 return 1 724 else 725 return 0 726 fi 727} 728 729# Get handshake memory usage from server or client output and put it into the variable specified by the first argument 730handshake_memory_get() { 731 OUTPUT_VARIABLE="$1" 732 OUTPUT_FILE="$2" 733 734 # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112" 735 MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1) 736 737 # Check if memory usage was read 738 if [ -z "$MEM_USAGE" ]; then 739 echo "Error: Can not read the value of handshake memory usage" 740 return 1 741 else 742 eval "$OUTPUT_VARIABLE=$MEM_USAGE" 743 return 0 744 fi 745} 746 747# Get handshake memory usage from server or client output and check if this value 748# is not higher than the maximum given by the first argument 749handshake_memory_check() { 750 MAX_MEMORY="$1" 751 OUTPUT_FILE="$2" 752 753 # Get memory usage 754 if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then 755 return 1 756 fi 757 758 # Check if memory usage is below max value 759 if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then 760 echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \ 761 "but should be below $MAX_MEMORY bytes" 762 return 1 763 else 764 return 0 765 fi 766} 767 768# wait for client to terminate and set CLI_EXIT 769# must be called right after starting the client 770wait_client_done() { 771 CLI_PID=$! 772 773 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 774 CLI_DELAY_FACTOR=1 775 776 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 777 DOG_PID=$! 778 779 wait $CLI_PID 780 CLI_EXIT=$? 781 782 kill $DOG_PID >/dev/null 2>&1 783 wait $DOG_PID 784 785 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 786 787 sleep $SRV_DELAY_SECONDS 788 SRV_DELAY_SECONDS=0 789} 790 791# check if the given command uses dtls and sets global variable DTLS 792detect_dtls() { 793 case "$1" in 794 *dtls=1*|*-dtls*|*-u*) DTLS=1;; 795 *) DTLS=0;; 796 esac 797} 798 799# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS 800is_gnutls() { 801 case "$1" in 802 *gnutls-cli*) 803 CMD_IS_GNUTLS=1 804 ;; 805 *gnutls-serv*) 806 CMD_IS_GNUTLS=1 807 ;; 808 *) 809 CMD_IS_GNUTLS=0 810 ;; 811 esac 812} 813 814# Compare file content 815# Usage: find_in_both pattern file1 file2 816# extract from file1 the first line matching the pattern 817# check in file2 that the same line can be found 818find_in_both() { 819 srv_pattern=$(grep -m 1 "$1" "$2"); 820 if [ -z "$srv_pattern" ]; then 821 return 1; 822 fi 823 824 if grep "$srv_pattern" $3 >/dev/null; then : 825 return 0; 826 else 827 return 1; 828 fi 829} 830 831SKIP_HANDSHAKE_CHECK="NO" 832skip_handshake_stage_check() { 833 SKIP_HANDSHAKE_CHECK="YES" 834} 835 836# Analyze the commands that will be used in a test. 837# 838# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass 839# extra arguments or go through wrappers. 840# Set $DTLS (0=TLS, 1=DTLS). 841analyze_test_commands() { 842 # update DTLS variable 843 detect_dtls "$SRV_CMD" 844 845 # if the test uses DTLS but no custom proxy, add a simple proxy 846 # as it provides timing info that's useful to debug failures 847 if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then 848 PXY_CMD="$P_PXY" 849 case " $SRV_CMD " in 850 *' server_addr=::1 '*) 851 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; 852 esac 853 fi 854 855 # update CMD_IS_GNUTLS variable 856 is_gnutls "$SRV_CMD" 857 858 # if the server uses gnutls but doesn't set priority, explicitly 859 # set the default priority 860 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 861 case "$SRV_CMD" in 862 *--priority*) :;; 863 *) SRV_CMD="$SRV_CMD --priority=NORMAL";; 864 esac 865 fi 866 867 # update CMD_IS_GNUTLS variable 868 is_gnutls "$CLI_CMD" 869 870 # if the client uses gnutls but doesn't set priority, explicitly 871 # set the default priority 872 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 873 case "$CLI_CMD" in 874 *--priority*) :;; 875 *) CLI_CMD="$CLI_CMD --priority=NORMAL";; 876 esac 877 fi 878 879 # fix client port 880 if [ -n "$PXY_CMD" ]; then 881 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 882 else 883 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 884 fi 885 886 # prepend valgrind to our commands if active 887 if [ "$MEMCHECK" -gt 0 ]; then 888 if is_polar "$SRV_CMD"; then 889 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 890 fi 891 if is_polar "$CLI_CMD"; then 892 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 893 fi 894 fi 895} 896 897# Check for failure conditions after a test case. 898# 899# Inputs from run_test: 900# * positional parameters: test options (see run_test documentation) 901# * $CLI_EXIT: client return code 902# * $CLI_EXPECT: expected client return code 903# * $SRV_RET: server return code 904# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs 905# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed 906# 907# Outputs: 908# * $outcome: one of PASS/RETRY*/FAIL 909check_test_failure() { 910 outcome=FAIL 911 912 if [ $TIMES_LEFT -gt 0 ] && 913 grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null 914 then 915 outcome="RETRY(client-timeout)" 916 return 917 fi 918 919 # check if the client and server went at least to the handshake stage 920 # (useful to avoid tests with only negative assertions and non-zero 921 # expected client exit to incorrectly succeed in case of catastrophic 922 # failure) 923 if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] 924 then 925 if is_polar "$SRV_CMD"; then 926 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 927 else 928 fail "server or client failed to reach handshake stage" 929 return 930 fi 931 fi 932 if is_polar "$CLI_CMD"; then 933 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 934 else 935 fail "server or client failed to reach handshake stage" 936 return 937 fi 938 fi 939 fi 940 941 SKIP_HANDSHAKE_CHECK="NO" 942 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't 943 # exit with status 0 when interrupted by a signal, and we don't really 944 # care anyway), in case e.g. the server reports a memory leak. 945 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then 946 fail "Server exited with status $SRV_RET" 947 return 948 fi 949 950 # check client exit code 951 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 952 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 953 then 954 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 955 return 956 fi 957 958 # check other assertions 959 # lines beginning with == are added by valgrind, ignore them 960 # lines with 'Serious error when reading debug info', are valgrind issues as well 961 while [ $# -gt 0 ] 962 do 963 case $1 in 964 "-s") 965 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 966 fail "pattern '$2' MUST be present in the Server output" 967 return 968 fi 969 ;; 970 971 "-c") 972 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 973 fail "pattern '$2' MUST be present in the Client output" 974 return 975 fi 976 ;; 977 978 "-S") 979 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 980 if log_pattern_presence_is_conclusive "$2"; then 981 fail "pattern '$2' MUST NOT be present in the Server output" 982 fi 983 return 984 fi 985 ;; 986 987 "-C") 988 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 989 if log_pattern_presence_is_conclusive "$2"; then 990 fail "pattern '$2' MUST NOT be present in the Client output" 991 fi 992 return 993 fi 994 ;; 995 996 # The filtering in the following two options (-u and -U) do the following 997 # - ignore valgrind output 998 # - filter out everything but lines right after the pattern occurrences 999 # - keep one of each non-unique line 1000 # - count how many lines remain 1001 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 1002 # if there were no duplicates. 1003 "-U") 1004 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1005 fail "lines following pattern '$2' must be unique in Server output" 1006 return 1007 fi 1008 ;; 1009 1010 "-u") 1011 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1012 fail "lines following pattern '$2' must be unique in Client output" 1013 return 1014 fi 1015 ;; 1016 "-F") 1017 if ! $2 "$SRV_OUT"; then 1018 fail "function call to '$2' failed on Server output" 1019 return 1020 fi 1021 ;; 1022 "-f") 1023 if ! $2 "$CLI_OUT"; then 1024 fail "function call to '$2' failed on Client output" 1025 return 1026 fi 1027 ;; 1028 "-g") 1029 if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then 1030 fail "function call to '$2' failed on Server and Client output" 1031 return 1032 fi 1033 ;; 1034 1035 *) 1036 echo "Unknown test: $1" >&2 1037 exit 1 1038 esac 1039 shift 2 1040 done 1041 1042 # check valgrind's results 1043 if [ "$MEMCHECK" -gt 0 ]; then 1044 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 1045 fail "Server has memory errors" 1046 return 1047 fi 1048 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 1049 fail "Client has memory errors" 1050 return 1051 fi 1052 fi 1053 1054 # if we're here, everything is ok 1055 outcome=PASS 1056} 1057 1058# Run the current test case: start the server and if applicable the proxy, run 1059# the client, wait for all processes to finish or time out. 1060# 1061# Inputs: 1062# * $NAME: test case name 1063# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run 1064# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs 1065# 1066# Outputs: 1067# * $CLI_EXIT: client return code 1068# * $SRV_RET: server return code 1069do_run_test_once() { 1070 # run the commands 1071 if [ -n "$PXY_CMD" ]; then 1072 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT 1073 $PXY_CMD >> $PXY_OUT 2>&1 & 1074 PXY_PID=$! 1075 wait_proxy_start "$PXY_PORT" "$PXY_PID" 1076 fi 1077 1078 check_osrv_dtls 1079 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT 1080 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 1081 SRV_PID=$! 1082 wait_server_start "$SRV_PORT" "$SRV_PID" 1083 1084 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT 1085 eval "$CLI_CMD" >> $CLI_OUT 2>&1 & 1086 wait_client_done 1087 1088 sleep 0.05 1089 1090 # terminate the server (and the proxy) 1091 kill $SRV_PID 1092 wait $SRV_PID 1093 SRV_RET=$? 1094 1095 if [ -n "$PXY_CMD" ]; then 1096 kill $PXY_PID >/dev/null 2>&1 1097 wait $PXY_PID 1098 fi 1099} 1100 1101# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 1102# Options: -s pattern pattern that must be present in server output 1103# -c pattern pattern that must be present in client output 1104# -u pattern lines after pattern must be unique in client output 1105# -f call shell function on client output 1106# -S pattern pattern that must be absent in server output 1107# -C pattern pattern that must be absent in client output 1108# -U pattern lines after pattern must be unique in server output 1109# -F call shell function on server output 1110# -g call shell function on server and client output 1111run_test() { 1112 NAME="$1" 1113 shift 1 1114 1115 if is_excluded "$NAME"; then 1116 SKIP_NEXT="NO" 1117 # There was no request to run the test, so don't record its outcome. 1118 return 1119 fi 1120 1121 print_name "$NAME" 1122 1123 # Do we only run numbered tests? 1124 if [ -n "$RUN_TEST_NUMBER" ]; then 1125 case ",$RUN_TEST_NUMBER," in 1126 *",$TESTS,"*) :;; 1127 *) SKIP_NEXT="YES";; 1128 esac 1129 fi 1130 1131 # does this test use a proxy? 1132 if [ "X$1" = "X-p" ]; then 1133 PXY_CMD="$2" 1134 shift 2 1135 else 1136 PXY_CMD="" 1137 fi 1138 1139 # get commands and client output 1140 SRV_CMD="$1" 1141 CLI_CMD="$2" 1142 CLI_EXPECT="$3" 1143 shift 3 1144 1145 # Check if test uses files 1146 case "$SRV_CMD $CLI_CMD" in 1147 *data_files/*) 1148 requires_config_enabled MBEDTLS_FS_IO;; 1149 esac 1150 1151 # If the client or serve requires a ciphersuite, check that it's enabled. 1152 maybe_requires_ciphersuite_enabled "$SRV_CMD" "$@" 1153 maybe_requires_ciphersuite_enabled "$CLI_CMD" "$@" 1154 1155 # should we skip? 1156 if [ "X$SKIP_NEXT" = "XYES" ]; then 1157 SKIP_NEXT="NO" 1158 record_outcome "SKIP" 1159 SKIPS=$(( $SKIPS + 1 )) 1160 return 1161 fi 1162 1163 analyze_test_commands "$@" 1164 1165 TIMES_LEFT=2 1166 while [ $TIMES_LEFT -gt 0 ]; do 1167 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 1168 1169 do_run_test_once 1170 1171 check_test_failure "$@" 1172 case $outcome in 1173 PASS) break;; 1174 RETRY*) printf "$outcome ";; 1175 FAIL) return;; 1176 esac 1177 done 1178 1179 # If we get this far, the test case passed. 1180 record_outcome "PASS" 1181 if [ "$PRESERVE_LOGS" -gt 0 ]; then 1182 mv $SRV_OUT o-srv-${TESTS}.log 1183 mv $CLI_OUT o-cli-${TESTS}.log 1184 if [ -n "$PXY_CMD" ]; then 1185 mv $PXY_OUT o-pxy-${TESTS}.log 1186 fi 1187 fi 1188 1189 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 1190} 1191 1192run_test_psa() { 1193 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1194 run_test "PSA-supported ciphersuite: $1" \ 1195 "$P_SRV debug_level=3 force_version=tls12" \ 1196 "$P_CLI debug_level=3 force_version=tls12 force_ciphersuite=$1" \ 1197 0 \ 1198 -c "Successfully setup PSA-based decryption cipher context" \ 1199 -c "Successfully setup PSA-based encryption cipher context" \ 1200 -c "PSA calc verify" \ 1201 -c "calc PSA finished" \ 1202 -s "Successfully setup PSA-based decryption cipher context" \ 1203 -s "Successfully setup PSA-based encryption cipher context" \ 1204 -s "PSA calc verify" \ 1205 -s "calc PSA finished" \ 1206 -C "Failed to setup PSA-based cipher context"\ 1207 -S "Failed to setup PSA-based cipher context"\ 1208 -s "Protocol is TLSv1.2" \ 1209 -c "Perform PSA-based ECDH computation."\ 1210 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1211 -S "error" \ 1212 -C "error" 1213} 1214 1215run_test_psa_force_curve() { 1216 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1217 run_test "PSA - ECDH with $1" \ 1218 "$P_SRV debug_level=4 force_version=tls12 curves=$1" \ 1219 "$P_CLI debug_level=4 force_version=tls12 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \ 1220 0 \ 1221 -c "Successfully setup PSA-based decryption cipher context" \ 1222 -c "Successfully setup PSA-based encryption cipher context" \ 1223 -c "PSA calc verify" \ 1224 -c "calc PSA finished" \ 1225 -s "Successfully setup PSA-based decryption cipher context" \ 1226 -s "Successfully setup PSA-based encryption cipher context" \ 1227 -s "PSA calc verify" \ 1228 -s "calc PSA finished" \ 1229 -C "Failed to setup PSA-based cipher context"\ 1230 -S "Failed to setup PSA-based cipher context"\ 1231 -s "Protocol is TLSv1.2" \ 1232 -c "Perform PSA-based ECDH computation."\ 1233 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1234 -S "error" \ 1235 -C "error" 1236} 1237 1238# Test that the server's memory usage after a handshake is reduced when a client specifies 1239# a maximum fragment length. 1240# first argument ($1) is MFL for SSL client 1241# second argument ($2) is memory usage for SSL client with default MFL (16k) 1242run_test_memory_after_hanshake_with_mfl() 1243{ 1244 # The test passes if the difference is around 2*(16k-MFL) 1245 MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))" 1246 1247 # Leave some margin for robustness 1248 MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" 1249 1250 run_test "Handshake memory usage (MFL $1)" \ 1251 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1252 "$P_CLI debug_level=3 force_version=tls12 \ 1253 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 1254 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ 1255 0 \ 1256 -F "handshake_memory_check $MEMORY_USAGE_LIMIT" 1257} 1258 1259 1260# Test that the server's memory usage after a handshake is reduced when a client specifies 1261# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes 1262run_tests_memory_after_hanshake() 1263{ 1264 # all tests in this sequence requires the same configuration (see requires_config_enabled()) 1265 SKIP_THIS_TESTS="$SKIP_NEXT" 1266 1267 # first test with default MFU is to get reference memory usage 1268 MEMORY_USAGE_MFL_16K=0 1269 run_test "Handshake memory usage initial (MFL 16384 - default)" \ 1270 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1271 "$P_CLI debug_level=3 force_version=tls12 \ 1272 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 1273 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ 1274 0 \ 1275 -F "handshake_memory_get MEMORY_USAGE_MFL_16K" 1276 1277 SKIP_NEXT="$SKIP_THIS_TESTS" 1278 run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K" 1279 1280 SKIP_NEXT="$SKIP_THIS_TESTS" 1281 run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K" 1282 1283 SKIP_NEXT="$SKIP_THIS_TESTS" 1284 run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K" 1285 1286 SKIP_NEXT="$SKIP_THIS_TESTS" 1287 run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" 1288} 1289 1290cleanup() { 1291 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 1292 rm -f context_srv.txt 1293 rm -f context_cli.txt 1294 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 1295 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 1296 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 1297 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 1298 exit 1 1299} 1300 1301# 1302# MAIN 1303# 1304 1305get_options "$@" 1306 1307# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell 1308# patterns rather than regular expressions, use a case statement instead 1309# of calling grep. To keep the optimizer simple, it is incomplete and only 1310# detects simple cases: plain substring, everything, nothing. 1311# 1312# As an exception, the character '.' is treated as an ordinary character 1313# if it is the only special character in the string. This is because it's 1314# rare to need "any one character", but needing a literal '.' is common 1315# (e.g. '-f "DTLS 1.2"'). 1316need_grep= 1317case "$FILTER" in 1318 '^$') simple_filter=;; 1319 '.*') simple_filter='*';; 1320 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1321 need_grep=1;; 1322 *) # No regexp or shell-pattern special character 1323 simple_filter="*$FILTER*";; 1324esac 1325case "$EXCLUDE" in 1326 '^$') simple_exclude=;; 1327 '.*') simple_exclude='*';; 1328 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1329 need_grep=1;; 1330 *) # No regexp or shell-pattern special character 1331 simple_exclude="*$EXCLUDE*";; 1332esac 1333if [ -n "$need_grep" ]; then 1334 is_excluded () { 1335 ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" 1336 } 1337else 1338 is_excluded () { 1339 case "$1" in 1340 $simple_exclude) true;; 1341 $simple_filter) false;; 1342 *) true;; 1343 esac 1344 } 1345fi 1346 1347# sanity checks, avoid an avalanche of errors 1348P_SRV_BIN="${P_SRV%%[ ]*}" 1349P_CLI_BIN="${P_CLI%%[ ]*}" 1350P_PXY_BIN="${P_PXY%%[ ]*}" 1351if [ ! -x "$P_SRV_BIN" ]; then 1352 echo "Command '$P_SRV_BIN' is not an executable file" 1353 exit 1 1354fi 1355if [ ! -x "$P_CLI_BIN" ]; then 1356 echo "Command '$P_CLI_BIN' is not an executable file" 1357 exit 1 1358fi 1359if [ ! -x "$P_PXY_BIN" ]; then 1360 echo "Command '$P_PXY_BIN' is not an executable file" 1361 exit 1 1362fi 1363if [ "$MEMCHECK" -gt 0 ]; then 1364 if which valgrind >/dev/null 2>&1; then :; else 1365 echo "Memcheck not possible. Valgrind not found" 1366 exit 1 1367 fi 1368fi 1369if which $OPENSSL_CMD >/dev/null 2>&1; then :; else 1370 echo "Command '$OPENSSL_CMD' not found" 1371 exit 1 1372fi 1373 1374# used by watchdog 1375MAIN_PID="$$" 1376 1377# We use somewhat arbitrary delays for tests: 1378# - how long do we wait for the server to start (when lsof not available)? 1379# - how long do we allow for the client to finish? 1380# (not to check performance, just to avoid waiting indefinitely) 1381# Things are slower with valgrind, so give extra time here. 1382# 1383# Note: without lsof, there is a trade-off between the running time of this 1384# script and the risk of spurious errors because we didn't wait long enough. 1385# The watchdog delay on the other hand doesn't affect normal running time of 1386# the script, only the case where a client or server gets stuck. 1387if [ "$MEMCHECK" -gt 0 ]; then 1388 START_DELAY=6 1389 DOG_DELAY=60 1390else 1391 START_DELAY=2 1392 DOG_DELAY=20 1393fi 1394 1395# some particular tests need more time: 1396# - for the client, we multiply the usual watchdog limit by a factor 1397# - for the server, we sleep for a number of seconds after the client exits 1398# see client_need_more_time() and server_needs_more_time() 1399CLI_DELAY_FACTOR=1 1400SRV_DELAY_SECONDS=0 1401 1402# fix commands to use this port, force IPv4 while at it 1403# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 1404# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many 1405# machines that will resolve to ::1, and we don't want ipv6 here. 1406P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 1407P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 1408P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 1409O_SRV="$O_SRV -accept $SRV_PORT" 1410O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" 1411G_SRV="$G_SRV -p $SRV_PORT" 1412G_CLI="$G_CLI -p +SRV_PORT" 1413 1414if [ -n "${OPENSSL_LEGACY:-}" ]; then 1415 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 1416 O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" 1417fi 1418 1419if [ -n "${OPENSSL_NEXT:-}" ]; then 1420 O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" 1421 O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" 1422 O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" 1423fi 1424 1425if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 1426 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 1427 G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" 1428fi 1429 1430if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 1431 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 1432fi 1433 1434# Allow SHA-1, because many of our test certificates use it 1435P_SRV="$P_SRV allow_sha1=1" 1436P_CLI="$P_CLI allow_sha1=1" 1437 1438# Also pick a unique name for intermediate files 1439SRV_OUT="srv_out.$$" 1440CLI_OUT="cli_out.$$" 1441PXY_OUT="pxy_out.$$" 1442SESSION="session.$$" 1443 1444SKIP_NEXT="NO" 1445 1446trap cleanup INT TERM HUP 1447 1448# Basic test 1449 1450# Checks that: 1451# - things work with all ciphersuites active (used with config-full in all.sh) 1452# - the expected parameters are selected 1453# ("signature_algorithm ext: 6" means SHA-512 (highest common hash)) 1454run_test "Default" \ 1455 "$P_SRV debug_level=3" \ 1456 "$P_CLI" \ 1457 0 \ 1458 -s "Protocol is TLSv1.2" \ 1459 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 1460 -s "client hello v3, signature_algorithm ext: 6" \ 1461 -s "ECDHE curve: x25519" \ 1462 -S "error" \ 1463 -C "error" 1464 1465run_test "Default, DTLS" \ 1466 "$P_SRV dtls=1" \ 1467 "$P_CLI dtls=1" \ 1468 0 \ 1469 -s "Protocol is DTLSv1.2" \ 1470 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 1471 1472run_test "TLS client auth: required" \ 1473 "$P_SRV auth_mode=required" \ 1474 "$P_CLI" \ 1475 0 \ 1476 -s "Verifying peer X.509 certificate... ok" 1477 1478requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1479requires_config_enabled MBEDTLS_ECDSA_C 1480requires_config_enabled MBEDTLS_SHA256_C 1481run_test "TLS: password protected client key" \ 1482 "$P_SRV auth_mode=required" \ 1483 "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ 1484 0 1485 1486requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1487requires_config_enabled MBEDTLS_ECDSA_C 1488requires_config_enabled MBEDTLS_SHA256_C 1489run_test "TLS: password protected server key" \ 1490 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ 1491 "$P_CLI" \ 1492 0 1493 1494requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1495requires_config_enabled MBEDTLS_ECDSA_C 1496requires_config_enabled MBEDTLS_RSA_C 1497requires_config_enabled MBEDTLS_SHA256_C 1498run_test "TLS: password protected server key, two certificates" \ 1499 "$P_SRV \ 1500 key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \ 1501 key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \ 1502 "$P_CLI" \ 1503 0 1504 1505requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 1506run_test "CA callback on client" \ 1507 "$P_SRV debug_level=3" \ 1508 "$P_CLI ca_callback=1 debug_level=3 " \ 1509 0 \ 1510 -c "use CA callback for X.509 CRT verification" \ 1511 -S "error" \ 1512 -C "error" 1513 1514requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 1515requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1516requires_config_enabled MBEDTLS_ECDSA_C 1517requires_config_enabled MBEDTLS_SHA256_C 1518run_test "CA callback on server" \ 1519 "$P_SRV auth_mode=required" \ 1520 "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \ 1521 key_file=data_files/server5.key" \ 1522 0 \ 1523 -c "use CA callback for X.509 CRT verification" \ 1524 -s "Verifying peer X.509 certificate... ok" \ 1525 -S "error" \ 1526 -C "error" 1527 1528# Test using an opaque private key for client authentication 1529requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1530requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1531requires_config_enabled MBEDTLS_ECDSA_C 1532requires_config_enabled MBEDTLS_SHA256_C 1533run_test "Opaque key for client authentication" \ 1534 "$P_SRV auth_mode=required crt_file=data_files/server5.crt \ 1535 key_file=data_files/server5.key" \ 1536 "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ 1537 key_file=data_files/server5.key" \ 1538 0 \ 1539 -c "key type: Opaque" \ 1540 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 1541 -s "Verifying peer X.509 certificate... ok" \ 1542 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 1543 -S "error" \ 1544 -C "error" 1545 1546# Test using an opaque private key for server authentication 1547requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1548requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1549requires_config_enabled MBEDTLS_ECDSA_C 1550requires_config_enabled MBEDTLS_SHA256_C 1551run_test "Opaque key for server authentication" \ 1552 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ 1553 key_file=data_files/server5.key" \ 1554 "$P_CLI crt_file=data_files/server5.crt \ 1555 key_file=data_files/server5.key" \ 1556 0 \ 1557 -c "Verifying peer X.509 certificate... ok" \ 1558 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 1559 -s "key types: Opaque - invalid PK" \ 1560 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 1561 -S "error" \ 1562 -C "error" 1563 1564# Test using an opaque private key for client/server authentication 1565requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1566requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 1567requires_config_enabled MBEDTLS_ECDSA_C 1568requires_config_enabled MBEDTLS_SHA256_C 1569run_test "Opaque key for client/server authentication" \ 1570 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ 1571 key_file=data_files/server5.key" \ 1572 "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ 1573 key_file=data_files/server5.key" \ 1574 0 \ 1575 -c "key type: Opaque" \ 1576 -c "Verifying peer X.509 certificate... ok" \ 1577 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 1578 -s "key types: Opaque - invalid PK" \ 1579 -s "Verifying peer X.509 certificate... ok" \ 1580 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 1581 -S "error" \ 1582 -C "error" 1583 1584# Test ciphersuites which we expect to be fully supported by PSA Crypto 1585# and check that we don't fall back to Mbed TLS' internal crypto primitives. 1586run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM 1587run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 1588run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM 1589run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 1590run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 1591run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 1592run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 1593run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 1594run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 1595 1596requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED 1597run_test_psa_force_curve "secp521r1" 1598requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED 1599run_test_psa_force_curve "brainpoolP512r1" 1600requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED 1601run_test_psa_force_curve "secp384r1" 1602requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED 1603run_test_psa_force_curve "brainpoolP384r1" 1604requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 1605run_test_psa_force_curve "secp256r1" 1606requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED 1607run_test_psa_force_curve "secp256k1" 1608requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED 1609run_test_psa_force_curve "brainpoolP256r1" 1610requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED 1611run_test_psa_force_curve "secp224r1" 1612## SECP224K1 is buggy via the PSA API 1613## (https://github.com/ARMmbed/mbedtls/issues/3541), 1614## so it is disabled in PSA even when it's enabled in Mbed TLS. 1615## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but 1616## dependencies on PSA symbols in ssl-opt.sh are not implemented yet. 1617#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED 1618#run_test_psa_force_curve "secp224k1" 1619requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED 1620run_test_psa_force_curve "secp192r1" 1621requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED 1622run_test_psa_force_curve "secp192k1" 1623 1624# Test current time in ServerHello 1625requires_config_enabled MBEDTLS_HAVE_TIME 1626run_test "ServerHello contains gmt_unix_time" \ 1627 "$P_SRV debug_level=3" \ 1628 "$P_CLI debug_level=3" \ 1629 0 \ 1630 -f "check_server_hello_time" \ 1631 -F "check_server_hello_time" 1632 1633# Test for uniqueness of IVs in AEAD ciphersuites 1634run_test "Unique IV in GCM" \ 1635 "$P_SRV exchanges=20 debug_level=4" \ 1636 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 1637 0 \ 1638 -u "IV used" \ 1639 -U "IV used" 1640 1641# Tests for certificate verification callback 1642run_test "Configuration-specific CRT verification callback" \ 1643 "$P_SRV debug_level=3" \ 1644 "$P_CLI context_crt_cb=0 debug_level=3" \ 1645 0 \ 1646 -S "error" \ 1647 -c "Verify requested for " \ 1648 -c "Use configuration-specific verification callback" \ 1649 -C "Use context-specific verification callback" \ 1650 -C "error" 1651 1652run_test "Context-specific CRT verification callback" \ 1653 "$P_SRV debug_level=3" \ 1654 "$P_CLI context_crt_cb=1 debug_level=3" \ 1655 0 \ 1656 -S "error" \ 1657 -c "Verify requested for " \ 1658 -c "Use context-specific verification callback" \ 1659 -C "Use configuration-specific verification callback" \ 1660 -C "error" 1661 1662# Tests for SHA-1 support 1663run_test "SHA-1 forbidden by default in server certificate" \ 1664 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1665 "$P_CLI debug_level=2 allow_sha1=0" \ 1666 1 \ 1667 -c "The certificate is signed with an unacceptable hash" 1668 1669run_test "SHA-1 explicitly allowed in server certificate" \ 1670 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 1671 "$P_CLI allow_sha1=1" \ 1672 0 1673 1674run_test "SHA-256 allowed by default in server certificate" \ 1675 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ 1676 "$P_CLI allow_sha1=0" \ 1677 0 1678 1679run_test "SHA-1 forbidden by default in client certificate" \ 1680 "$P_SRV auth_mode=required allow_sha1=0" \ 1681 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1682 1 \ 1683 -s "The certificate is signed with an unacceptable hash" 1684 1685run_test "SHA-1 explicitly allowed in client certificate" \ 1686 "$P_SRV auth_mode=required allow_sha1=1" \ 1687 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 1688 0 1689 1690run_test "SHA-256 allowed by default in client certificate" \ 1691 "$P_SRV auth_mode=required allow_sha1=0" \ 1692 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 1693 0 1694 1695# Dummy TLS 1.3 test 1696# Currently only checking that passing TLS 1.3 key exchange modes to 1697# ssl_client2/ssl_server2 example programs works. 1698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1699run_test "TLS 1.3, key exchange mode parameter passing: PSK only" \ 1700 "$P_SRV tls13_kex_modes=psk" \ 1701 "$P_CLI tls13_kex_modes=psk" \ 1702 0 1703requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1704run_test "TLS 1.3, key exchange mode parameter passing: PSK-ephemeral only" \ 1705 "$P_SRV tls13_kex_modes=psk_ephemeral" \ 1706 "$P_CLI tls13_kex_modes=psk_ephemeral" \ 1707 0 1708requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1709run_test "TLS 1.3, key exchange mode parameter passing: Pure-ephemeral only" \ 1710 "$P_SRV tls13_kex_modes=ephemeral" \ 1711 "$P_CLI tls13_kex_modes=ephemeral" \ 1712 0 1713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1714run_test "TLS 1.3, key exchange mode parameter passing: All ephemeral" \ 1715 "$P_SRV tls13_kex_modes=ephemeral_all" \ 1716 "$P_CLI tls13_kex_modes=ephemeral_all" \ 1717 0 1718requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1719run_test "TLS 1.3, key exchange mode parameter passing: All PSK" \ 1720 "$P_SRV tls13_kex_modes=psk_all" \ 1721 "$P_CLI tls13_kex_modes=psk_all" \ 1722 0 1723requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1724run_test "TLS 1.3, key exchange mode parameter passing: All" \ 1725 "$P_SRV tls13_kex_modes=all" \ 1726 "$P_CLI tls13_kex_modes=all" \ 1727 0 1728 1729# Tests for datagram packing 1730run_test "DTLS: multiple records in same datagram, client and server" \ 1731 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1732 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1733 0 \ 1734 -c "next record in same datagram" \ 1735 -s "next record in same datagram" 1736 1737run_test "DTLS: multiple records in same datagram, client only" \ 1738 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1739 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 1740 0 \ 1741 -s "next record in same datagram" \ 1742 -C "next record in same datagram" 1743 1744run_test "DTLS: multiple records in same datagram, server only" \ 1745 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 1746 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1747 0 \ 1748 -S "next record in same datagram" \ 1749 -c "next record in same datagram" 1750 1751run_test "DTLS: multiple records in same datagram, neither client nor server" \ 1752 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 1753 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 1754 0 \ 1755 -S "next record in same datagram" \ 1756 -C "next record in same datagram" 1757 1758# Tests for Context serialization 1759 1760requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1761run_test "Context serialization, client serializes, CCM" \ 1762 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1763 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1764 0 \ 1765 -c "Deserializing connection..." \ 1766 -S "Deserializing connection..." 1767 1768requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1769run_test "Context serialization, client serializes, ChaChaPoly" \ 1770 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1771 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1772 0 \ 1773 -c "Deserializing connection..." \ 1774 -S "Deserializing connection..." 1775 1776requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1777run_test "Context serialization, client serializes, GCM" \ 1778 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1779 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 1780 0 \ 1781 -c "Deserializing connection..." \ 1782 -S "Deserializing connection..." 1783 1784requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1785requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1786run_test "Context serialization, client serializes, with CID" \ 1787 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 1788 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 1789 0 \ 1790 -c "Deserializing connection..." \ 1791 -S "Deserializing connection..." 1792 1793requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1794run_test "Context serialization, server serializes, CCM" \ 1795 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1796 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1797 0 \ 1798 -C "Deserializing connection..." \ 1799 -s "Deserializing connection..." 1800 1801requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1802run_test "Context serialization, server serializes, ChaChaPoly" \ 1803 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1804 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1805 0 \ 1806 -C "Deserializing connection..." \ 1807 -s "Deserializing connection..." 1808 1809requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1810run_test "Context serialization, server serializes, GCM" \ 1811 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1812 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 1813 0 \ 1814 -C "Deserializing connection..." \ 1815 -s "Deserializing connection..." 1816 1817requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1818requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1819run_test "Context serialization, server serializes, with CID" \ 1820 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 1821 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 1822 0 \ 1823 -C "Deserializing connection..." \ 1824 -s "Deserializing connection..." 1825 1826requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1827run_test "Context serialization, both serialize, CCM" \ 1828 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1829 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1830 0 \ 1831 -c "Deserializing connection..." \ 1832 -s "Deserializing connection..." 1833 1834requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1835run_test "Context serialization, both serialize, ChaChaPoly" \ 1836 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1837 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1838 0 \ 1839 -c "Deserializing connection..." \ 1840 -s "Deserializing connection..." 1841 1842requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1843run_test "Context serialization, both serialize, GCM" \ 1844 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 1845 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 1846 0 \ 1847 -c "Deserializing connection..." \ 1848 -s "Deserializing connection..." 1849 1850requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1851requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1852run_test "Context serialization, both serialize, with CID" \ 1853 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 1854 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 1855 0 \ 1856 -c "Deserializing connection..." \ 1857 -s "Deserializing connection..." 1858 1859requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1860run_test "Context serialization, re-init, client serializes, CCM" \ 1861 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1862 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1863 0 \ 1864 -c "Deserializing connection..." \ 1865 -S "Deserializing connection..." 1866 1867requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1868run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ 1869 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1870 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1871 0 \ 1872 -c "Deserializing connection..." \ 1873 -S "Deserializing connection..." 1874 1875requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1876run_test "Context serialization, re-init, client serializes, GCM" \ 1877 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 1878 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 1879 0 \ 1880 -c "Deserializing connection..." \ 1881 -S "Deserializing connection..." 1882 1883requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1884requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1885run_test "Context serialization, re-init, client serializes, with CID" \ 1886 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 1887 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 1888 0 \ 1889 -c "Deserializing connection..." \ 1890 -S "Deserializing connection..." 1891 1892requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1893run_test "Context serialization, re-init, server serializes, CCM" \ 1894 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1895 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1896 0 \ 1897 -C "Deserializing connection..." \ 1898 -s "Deserializing connection..." 1899 1900requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1901run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ 1902 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1903 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1904 0 \ 1905 -C "Deserializing connection..." \ 1906 -s "Deserializing connection..." 1907 1908requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1909run_test "Context serialization, re-init, server serializes, GCM" \ 1910 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1911 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1912 0 \ 1913 -C "Deserializing connection..." \ 1914 -s "Deserializing connection..." 1915 1916requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1917requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1918run_test "Context serialization, re-init, server serializes, with CID" \ 1919 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 1920 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 1921 0 \ 1922 -C "Deserializing connection..." \ 1923 -s "Deserializing connection..." 1924 1925requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1926run_test "Context serialization, re-init, both serialize, CCM" \ 1927 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1928 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 1929 0 \ 1930 -c "Deserializing connection..." \ 1931 -s "Deserializing connection..." 1932 1933requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1934run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ 1935 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1936 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1937 0 \ 1938 -c "Deserializing connection..." \ 1939 -s "Deserializing connection..." 1940 1941requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1942run_test "Context serialization, re-init, both serialize, GCM" \ 1943 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 1944 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 1945 0 \ 1946 -c "Deserializing connection..." \ 1947 -s "Deserializing connection..." 1948 1949requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1950requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1951run_test "Context serialization, re-init, both serialize, with CID" \ 1952 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 1953 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 1954 0 \ 1955 -c "Deserializing connection..." \ 1956 -s "Deserializing connection..." 1957 1958requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 1959run_test "Saving the serialized context to a file" \ 1960 "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ 1961 "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ 1962 0 \ 1963 -s "Save serialized context to a file... ok" \ 1964 -c "Save serialized context to a file... ok" 1965rm -f context_srv.txt 1966rm -f context_cli.txt 1967 1968# Tests for DTLS Connection ID extension 1969 1970# So far, the CID API isn't implemented, so we can't 1971# grep for output witnessing its use. This needs to be 1972# changed once the CID extension is implemented. 1973 1974requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1975run_test "Connection ID: Cli enabled, Srv disabled" \ 1976 "$P_SRV debug_level=3 dtls=1 cid=0" \ 1977 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 1978 0 \ 1979 -s "Disable use of CID extension." \ 1980 -s "found CID extension" \ 1981 -s "Client sent CID extension, but CID disabled" \ 1982 -c "Enable use of CID extension." \ 1983 -c "client hello, adding CID extension" \ 1984 -S "server hello, adding CID extension" \ 1985 -C "found CID extension" \ 1986 -S "Copy CIDs into SSL transform" \ 1987 -C "Copy CIDs into SSL transform" \ 1988 -c "Use of Connection ID was rejected by the server" 1989 1990requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 1991run_test "Connection ID: Cli disabled, Srv enabled" \ 1992 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 1993 "$P_CLI debug_level=3 dtls=1 cid=0" \ 1994 0 \ 1995 -c "Disable use of CID extension." \ 1996 -C "client hello, adding CID extension" \ 1997 -S "found CID extension" \ 1998 -s "Enable use of CID extension." \ 1999 -S "server hello, adding CID extension" \ 2000 -C "found CID extension" \ 2001 -S "Copy CIDs into SSL transform" \ 2002 -C "Copy CIDs into SSL transform" \ 2003 -s "Use of Connection ID was not offered by client" 2004 2005requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2006run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ 2007 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 2008 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 2009 0 \ 2010 -c "Enable use of CID extension." \ 2011 -s "Enable use of CID extension." \ 2012 -c "client hello, adding CID extension" \ 2013 -s "found CID extension" \ 2014 -s "Use of CID extension negotiated" \ 2015 -s "server hello, adding CID extension" \ 2016 -c "found CID extension" \ 2017 -c "Use of CID extension negotiated" \ 2018 -s "Copy CIDs into SSL transform" \ 2019 -c "Copy CIDs into SSL transform" \ 2020 -c "Peer CID (length 2 Bytes): de ad" \ 2021 -s "Peer CID (length 2 Bytes): be ef" \ 2022 -s "Use of Connection ID has been negotiated" \ 2023 -c "Use of Connection ID has been negotiated" 2024 2025requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2026run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ 2027 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 2028 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ 2029 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ 2030 0 \ 2031 -c "Enable use of CID extension." \ 2032 -s "Enable use of CID extension." \ 2033 -c "client hello, adding CID extension" \ 2034 -s "found CID extension" \ 2035 -s "Use of CID extension negotiated" \ 2036 -s "server hello, adding CID extension" \ 2037 -c "found CID extension" \ 2038 -c "Use of CID extension negotiated" \ 2039 -s "Copy CIDs into SSL transform" \ 2040 -c "Copy CIDs into SSL transform" \ 2041 -c "Peer CID (length 2 Bytes): de ad" \ 2042 -s "Peer CID (length 2 Bytes): be ef" \ 2043 -s "Use of Connection ID has been negotiated" \ 2044 -c "Use of Connection ID has been negotiated" \ 2045 -c "ignoring unexpected CID" \ 2046 -s "ignoring unexpected CID" 2047 2048requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2049run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 2050 -p "$P_PXY mtu=800" \ 2051 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 2052 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 2053 0 \ 2054 -c "Enable use of CID extension." \ 2055 -s "Enable use of CID extension." \ 2056 -c "client hello, adding CID extension" \ 2057 -s "found CID extension" \ 2058 -s "Use of CID extension negotiated" \ 2059 -s "server hello, adding CID extension" \ 2060 -c "found CID extension" \ 2061 -c "Use of CID extension negotiated" \ 2062 -s "Copy CIDs into SSL transform" \ 2063 -c "Copy CIDs into SSL transform" \ 2064 -c "Peer CID (length 2 Bytes): de ad" \ 2065 -s "Peer CID (length 2 Bytes): be ef" \ 2066 -s "Use of Connection ID has been negotiated" \ 2067 -c "Use of Connection ID has been negotiated" 2068 2069requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2070run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 2071 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 2072 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 2073 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 2074 0 \ 2075 -c "Enable use of CID extension." \ 2076 -s "Enable use of CID extension." \ 2077 -c "client hello, adding CID extension" \ 2078 -s "found CID extension" \ 2079 -s "Use of CID extension negotiated" \ 2080 -s "server hello, adding CID extension" \ 2081 -c "found CID extension" \ 2082 -c "Use of CID extension negotiated" \ 2083 -s "Copy CIDs into SSL transform" \ 2084 -c "Copy CIDs into SSL transform" \ 2085 -c "Peer CID (length 2 Bytes): de ad" \ 2086 -s "Peer CID (length 2 Bytes): be ef" \ 2087 -s "Use of Connection ID has been negotiated" \ 2088 -c "Use of Connection ID has been negotiated" \ 2089 -c "ignoring unexpected CID" \ 2090 -s "ignoring unexpected CID" 2091 2092requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2093run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ 2094 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2095 "$P_CLI debug_level=3 dtls=1 cid=1" \ 2096 0 \ 2097 -c "Enable use of CID extension." \ 2098 -s "Enable use of CID extension." \ 2099 -c "client hello, adding CID extension" \ 2100 -s "found CID extension" \ 2101 -s "Use of CID extension negotiated" \ 2102 -s "server hello, adding CID extension" \ 2103 -c "found CID extension" \ 2104 -c "Use of CID extension negotiated" \ 2105 -s "Copy CIDs into SSL transform" \ 2106 -c "Copy CIDs into SSL transform" \ 2107 -c "Peer CID (length 4 Bytes): de ad be ef" \ 2108 -s "Peer CID (length 0 Bytes):" \ 2109 -s "Use of Connection ID has been negotiated" \ 2110 -c "Use of Connection ID has been negotiated" 2111 2112requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2113run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ 2114 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2115 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2116 0 \ 2117 -c "Enable use of CID extension." \ 2118 -s "Enable use of CID extension." \ 2119 -c "client hello, adding CID extension" \ 2120 -s "found CID extension" \ 2121 -s "Use of CID extension negotiated" \ 2122 -s "server hello, adding CID extension" \ 2123 -c "found CID extension" \ 2124 -c "Use of CID extension negotiated" \ 2125 -s "Copy CIDs into SSL transform" \ 2126 -c "Copy CIDs into SSL transform" \ 2127 -s "Peer CID (length 4 Bytes): de ad be ef" \ 2128 -c "Peer CID (length 0 Bytes):" \ 2129 -s "Use of Connection ID has been negotiated" \ 2130 -c "Use of Connection ID has been negotiated" 2131 2132requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2133run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ 2134 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2135 "$P_CLI debug_level=3 dtls=1 cid=1" \ 2136 0 \ 2137 -c "Enable use of CID extension." \ 2138 -s "Enable use of CID extension." \ 2139 -c "client hello, adding CID extension" \ 2140 -s "found CID extension" \ 2141 -s "Use of CID extension negotiated" \ 2142 -s "server hello, adding CID extension" \ 2143 -c "found CID extension" \ 2144 -c "Use of CID extension negotiated" \ 2145 -s "Copy CIDs into SSL transform" \ 2146 -c "Copy CIDs into SSL transform" \ 2147 -S "Use of Connection ID has been negotiated" \ 2148 -C "Use of Connection ID has been negotiated" 2149 2150requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2151run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ 2152 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 2153 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2154 0 \ 2155 -c "Enable use of CID extension." \ 2156 -s "Enable use of CID extension." \ 2157 -c "client hello, adding CID extension" \ 2158 -s "found CID extension" \ 2159 -s "Use of CID extension negotiated" \ 2160 -s "server hello, adding CID extension" \ 2161 -c "found CID extension" \ 2162 -c "Use of CID extension negotiated" \ 2163 -s "Copy CIDs into SSL transform" \ 2164 -c "Copy CIDs into SSL transform" \ 2165 -c "Peer CID (length 2 Bytes): de ad" \ 2166 -s "Peer CID (length 2 Bytes): be ef" \ 2167 -s "Use of Connection ID has been negotiated" \ 2168 -c "Use of Connection ID has been negotiated" 2169 2170requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2171run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ 2172 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2173 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2174 0 \ 2175 -c "Enable use of CID extension." \ 2176 -s "Enable use of CID extension." \ 2177 -c "client hello, adding CID extension" \ 2178 -s "found CID extension" \ 2179 -s "Use of CID extension negotiated" \ 2180 -s "server hello, adding CID extension" \ 2181 -c "found CID extension" \ 2182 -c "Use of CID extension negotiated" \ 2183 -s "Copy CIDs into SSL transform" \ 2184 -c "Copy CIDs into SSL transform" \ 2185 -c "Peer CID (length 4 Bytes): de ad be ef" \ 2186 -s "Peer CID (length 0 Bytes):" \ 2187 -s "Use of Connection ID has been negotiated" \ 2188 -c "Use of Connection ID has been negotiated" 2189 2190requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2191run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ 2192 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2193 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2194 0 \ 2195 -c "Enable use of CID extension." \ 2196 -s "Enable use of CID extension." \ 2197 -c "client hello, adding CID extension" \ 2198 -s "found CID extension" \ 2199 -s "Use of CID extension negotiated" \ 2200 -s "server hello, adding CID extension" \ 2201 -c "found CID extension" \ 2202 -c "Use of CID extension negotiated" \ 2203 -s "Copy CIDs into SSL transform" \ 2204 -c "Copy CIDs into SSL transform" \ 2205 -s "Peer CID (length 4 Bytes): de ad be ef" \ 2206 -c "Peer CID (length 0 Bytes):" \ 2207 -s "Use of Connection ID has been negotiated" \ 2208 -c "Use of Connection ID has been negotiated" 2209 2210requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2211run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ 2212 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2213 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2214 0 \ 2215 -c "Enable use of CID extension." \ 2216 -s "Enable use of CID extension." \ 2217 -c "client hello, adding CID extension" \ 2218 -s "found CID extension" \ 2219 -s "Use of CID extension negotiated" \ 2220 -s "server hello, adding CID extension" \ 2221 -c "found CID extension" \ 2222 -c "Use of CID extension negotiated" \ 2223 -s "Copy CIDs into SSL transform" \ 2224 -c "Copy CIDs into SSL transform" \ 2225 -S "Use of Connection ID has been negotiated" \ 2226 -C "Use of Connection ID has been negotiated" 2227 2228requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2229run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ 2230 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 2231 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 2232 0 \ 2233 -c "Enable use of CID extension." \ 2234 -s "Enable use of CID extension." \ 2235 -c "client hello, adding CID extension" \ 2236 -s "found CID extension" \ 2237 -s "Use of CID extension negotiated" \ 2238 -s "server hello, adding CID extension" \ 2239 -c "found CID extension" \ 2240 -c "Use of CID extension negotiated" \ 2241 -s "Copy CIDs into SSL transform" \ 2242 -c "Copy CIDs into SSL transform" \ 2243 -c "Peer CID (length 2 Bytes): de ad" \ 2244 -s "Peer CID (length 2 Bytes): be ef" \ 2245 -s "Use of Connection ID has been negotiated" \ 2246 -c "Use of Connection ID has been negotiated" 2247 2248requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2249run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ 2250 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2251 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 2252 0 \ 2253 -c "Enable use of CID extension." \ 2254 -s "Enable use of CID extension." \ 2255 -c "client hello, adding CID extension" \ 2256 -s "found CID extension" \ 2257 -s "Use of CID extension negotiated" \ 2258 -s "server hello, adding CID extension" \ 2259 -c "found CID extension" \ 2260 -c "Use of CID extension negotiated" \ 2261 -s "Copy CIDs into SSL transform" \ 2262 -c "Copy CIDs into SSL transform" \ 2263 -c "Peer CID (length 4 Bytes): de ad be ef" \ 2264 -s "Peer CID (length 0 Bytes):" \ 2265 -s "Use of Connection ID has been negotiated" \ 2266 -c "Use of Connection ID has been negotiated" 2267 2268requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2269run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ 2270 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2271 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 2272 0 \ 2273 -c "Enable use of CID extension." \ 2274 -s "Enable use of CID extension." \ 2275 -c "client hello, adding CID extension" \ 2276 -s "found CID extension" \ 2277 -s "Use of CID extension negotiated" \ 2278 -s "server hello, adding CID extension" \ 2279 -c "found CID extension" \ 2280 -c "Use of CID extension negotiated" \ 2281 -s "Copy CIDs into SSL transform" \ 2282 -c "Copy CIDs into SSL transform" \ 2283 -s "Peer CID (length 4 Bytes): de ad be ef" \ 2284 -c "Peer CID (length 0 Bytes):" \ 2285 -s "Use of Connection ID has been negotiated" \ 2286 -c "Use of Connection ID has been negotiated" 2287 2288requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2289run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ 2290 "$P_SRV debug_level=3 dtls=1 cid=1" \ 2291 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 2292 0 \ 2293 -c "Enable use of CID extension." \ 2294 -s "Enable use of CID extension." \ 2295 -c "client hello, adding CID extension" \ 2296 -s "found CID extension" \ 2297 -s "Use of CID extension negotiated" \ 2298 -s "server hello, adding CID extension" \ 2299 -c "found CID extension" \ 2300 -c "Use of CID extension negotiated" \ 2301 -s "Copy CIDs into SSL transform" \ 2302 -c "Copy CIDs into SSL transform" \ 2303 -S "Use of Connection ID has been negotiated" \ 2304 -C "Use of Connection ID has been negotiated" 2305 2306requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2307requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2308run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ 2309 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 2310 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 2311 0 \ 2312 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2313 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2314 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2315 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2316 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2317 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2318 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 2319 -c "(after renegotiation) Use of Connection ID has been negotiated" 2320 2321requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2322requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2323run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ 2324 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 2325 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 2326 0 \ 2327 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2328 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2329 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2330 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2331 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2332 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2333 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 2334 -c "(after renegotiation) Use of Connection ID has been negotiated" 2335 2336requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2337requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2338run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ 2339 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ 2340 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 2341 0 \ 2342 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2343 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2344 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2345 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2346 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2347 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2348 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 2349 -c "(after renegotiation) Use of Connection ID has been negotiated" 2350 2351requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2352requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2353run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ 2354 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 2355 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 2356 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 2357 0 \ 2358 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2359 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2360 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2361 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2362 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2363 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2364 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 2365 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 2366 -c "ignoring unexpected CID" \ 2367 -s "ignoring unexpected CID" 2368 2369requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2370requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2371run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ 2372 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 2373 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 2374 0 \ 2375 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2376 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2377 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2378 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2379 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2380 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2381 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2382 -S "(after renegotiation) Use of Connection ID has been negotiated" 2383 2384requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2385requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2386run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ 2387 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 2388 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 2389 0 \ 2390 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2391 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2392 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2393 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2394 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2395 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2396 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2397 -S "(after renegotiation) Use of Connection ID has been negotiated" 2398 2399requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2400requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2401run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ 2402 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 2403 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 2404 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 2405 0 \ 2406 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2407 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2408 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2409 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2410 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2411 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2412 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2413 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 2414 -c "ignoring unexpected CID" \ 2415 -s "ignoring unexpected CID" 2416 2417requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2418requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2419run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ 2420 "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 2421 "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 2422 0 \ 2423 -S "(initial handshake) Use of Connection ID has been negotiated" \ 2424 -C "(initial handshake) Use of Connection ID has been negotiated" \ 2425 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2426 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2427 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 2428 -s "(after renegotiation) Use of Connection ID has been negotiated" 2429 2430requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2431requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2432run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ 2433 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 2434 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 2435 0 \ 2436 -S "(initial handshake) Use of Connection ID has been negotiated" \ 2437 -C "(initial handshake) Use of Connection ID has been negotiated" \ 2438 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2439 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2440 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 2441 -s "(after renegotiation) Use of Connection ID has been negotiated" 2442 2443requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2444requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2445run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ 2446 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 2447 "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 2448 "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 2449 0 \ 2450 -S "(initial handshake) Use of Connection ID has been negotiated" \ 2451 -C "(initial handshake) Use of Connection ID has been negotiated" \ 2452 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2453 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2454 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 2455 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 2456 -c "ignoring unexpected CID" \ 2457 -s "ignoring unexpected CID" 2458 2459requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2460requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2461run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ 2462 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 2463 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 2464 0 \ 2465 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2466 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2467 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2468 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2469 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2470 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2471 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2472 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 2473 -s "(after renegotiation) Use of Connection ID was not offered by client" 2474 2475requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2476requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2477run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ 2478 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 2479 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 2480 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 2481 0 \ 2482 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2483 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2484 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2485 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2486 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2487 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2488 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2489 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 2490 -s "(after renegotiation) Use of Connection ID was not offered by client" \ 2491 -c "ignoring unexpected CID" \ 2492 -s "ignoring unexpected CID" 2493 2494requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2495requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2496run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ 2497 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 2498 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 2499 0 \ 2500 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2501 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2502 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2503 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2504 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2505 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2506 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2507 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 2508 -c "(after renegotiation) Use of Connection ID was rejected by the server" 2509 2510requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2511requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 2512run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ 2513 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 2514 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 2515 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 2516 0 \ 2517 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2518 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2519 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2520 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2521 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 2522 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 2523 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 2524 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 2525 -c "(after renegotiation) Use of Connection ID was rejected by the server" \ 2526 -c "ignoring unexpected CID" \ 2527 -s "ignoring unexpected CID" 2528 2529# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the 2530# tests check that the buffer contents are reallocated when the message is 2531# larger than the buffer. 2532requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2533requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2534requires_max_content_len 513 2535run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ 2536 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 2537 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ 2538 0 \ 2539 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2540 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2541 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2542 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2543 -s "Reallocating in_buf" \ 2544 -s "Reallocating out_buf" 2545 2546requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2547requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 2548requires_max_content_len 1025 2549run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ 2550 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 2551 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ 2552 0 \ 2553 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 2554 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 2555 -s "(initial handshake) Use of Connection ID has been negotiated" \ 2556 -c "(initial handshake) Use of Connection ID has been negotiated" \ 2557 -s "Reallocating in_buf" \ 2558 -s "Reallocating out_buf" 2559 2560# Tests for Encrypt-then-MAC extension 2561 2562run_test "Encrypt then MAC: default" \ 2563 "$P_SRV debug_level=3 \ 2564 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 2565 "$P_CLI debug_level=3" \ 2566 0 \ 2567 -c "client hello, adding encrypt_then_mac extension" \ 2568 -s "found encrypt then mac extension" \ 2569 -s "server hello, adding encrypt then mac extension" \ 2570 -c "found encrypt_then_mac extension" \ 2571 -c "using encrypt then mac" \ 2572 -s "using encrypt then mac" 2573 2574run_test "Encrypt then MAC: client enabled, server disabled" \ 2575 "$P_SRV debug_level=3 etm=0 \ 2576 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 2577 "$P_CLI debug_level=3 etm=1" \ 2578 0 \ 2579 -c "client hello, adding encrypt_then_mac extension" \ 2580 -s "found encrypt then mac extension" \ 2581 -S "server hello, adding encrypt then mac extension" \ 2582 -C "found encrypt_then_mac extension" \ 2583 -C "using encrypt then mac" \ 2584 -S "using encrypt then mac" 2585 2586run_test "Encrypt then MAC: client enabled, aead cipher" \ 2587 "$P_SRV debug_level=3 etm=1 \ 2588 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 2589 "$P_CLI debug_level=3 etm=1" \ 2590 0 \ 2591 -c "client hello, adding encrypt_then_mac extension" \ 2592 -s "found encrypt then mac extension" \ 2593 -S "server hello, adding encrypt then mac extension" \ 2594 -C "found encrypt_then_mac extension" \ 2595 -C "using encrypt then mac" \ 2596 -S "using encrypt then mac" 2597 2598run_test "Encrypt then MAC: client disabled, server enabled" \ 2599 "$P_SRV debug_level=3 etm=1 \ 2600 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 2601 "$P_CLI debug_level=3 etm=0" \ 2602 0 \ 2603 -C "client hello, adding encrypt_then_mac extension" \ 2604 -S "found encrypt then mac extension" \ 2605 -S "server hello, adding encrypt then mac extension" \ 2606 -C "found encrypt_then_mac extension" \ 2607 -C "using encrypt then mac" \ 2608 -S "using encrypt then mac" 2609 2610# Tests for Extended Master Secret extension 2611 2612run_test "Extended Master Secret: default" \ 2613 "$P_SRV debug_level=3" \ 2614 "$P_CLI debug_level=3" \ 2615 0 \ 2616 -c "client hello, adding extended_master_secret extension" \ 2617 -s "found extended master secret extension" \ 2618 -s "server hello, adding extended master secret extension" \ 2619 -c "found extended_master_secret extension" \ 2620 -c "session hash for extended master secret" \ 2621 -s "session hash for extended master secret" 2622 2623run_test "Extended Master Secret: client enabled, server disabled" \ 2624 "$P_SRV debug_level=3 extended_ms=0" \ 2625 "$P_CLI debug_level=3 extended_ms=1" \ 2626 0 \ 2627 -c "client hello, adding extended_master_secret extension" \ 2628 -s "found extended master secret extension" \ 2629 -S "server hello, adding extended master secret extension" \ 2630 -C "found extended_master_secret extension" \ 2631 -C "session hash for extended master secret" \ 2632 -S "session hash for extended master secret" 2633 2634run_test "Extended Master Secret: client disabled, server enabled" \ 2635 "$P_SRV debug_level=3 extended_ms=1" \ 2636 "$P_CLI debug_level=3 extended_ms=0" \ 2637 0 \ 2638 -C "client hello, adding extended_master_secret extension" \ 2639 -S "found extended master secret extension" \ 2640 -S "server hello, adding extended master secret extension" \ 2641 -C "found extended_master_secret extension" \ 2642 -C "session hash for extended master secret" \ 2643 -S "session hash for extended master secret" 2644 2645# Test sending and receiving empty application data records 2646 2647run_test "Encrypt then MAC: empty application data record" \ 2648 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 2649 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 2650 0 \ 2651 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 2652 -s "dumping 'input payload after decrypt' (0 bytes)" \ 2653 -c "0 bytes written in 1 fragments" 2654 2655run_test "Encrypt then MAC: disabled, empty application data record" \ 2656 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 2657 "$P_CLI auth_mode=none etm=0 request_size=0" \ 2658 0 \ 2659 -s "dumping 'input payload after decrypt' (0 bytes)" \ 2660 -c "0 bytes written in 1 fragments" 2661 2662run_test "Encrypt then MAC, DTLS: empty application data record" \ 2663 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 2664 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 2665 0 \ 2666 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 2667 -s "dumping 'input payload after decrypt' (0 bytes)" \ 2668 -c "0 bytes written in 1 fragments" 2669 2670run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ 2671 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 2672 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 2673 0 \ 2674 -s "dumping 'input payload after decrypt' (0 bytes)" \ 2675 -c "0 bytes written in 1 fragments" 2676 2677# Tests for CBC 1/n-1 record splitting 2678 2679run_test "CBC Record splitting: TLS 1.2, no splitting" \ 2680 "$P_SRV" \ 2681 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 2682 request_size=123 force_version=tls12" \ 2683 0 \ 2684 -s "Read from client: 123 bytes read" \ 2685 -S "Read from client: 1 bytes read" \ 2686 -S "122 bytes read" 2687 2688# Tests for Session Tickets 2689 2690run_test "Session resume using tickets: basic" \ 2691 "$P_SRV debug_level=3 tickets=1" \ 2692 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 2693 0 \ 2694 -c "client hello, adding session ticket extension" \ 2695 -s "found session ticket extension" \ 2696 -s "server hello, adding session ticket extension" \ 2697 -c "found session_ticket extension" \ 2698 -c "parse new session ticket" \ 2699 -S "session successfully restored from cache" \ 2700 -s "session successfully restored from ticket" \ 2701 -s "a session has been resumed" \ 2702 -c "a session has been resumed" 2703 2704run_test "Session resume using tickets: cache disabled" \ 2705 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 2706 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 2707 0 \ 2708 -c "client hello, adding session ticket extension" \ 2709 -s "found session ticket extension" \ 2710 -s "server hello, adding session ticket extension" \ 2711 -c "found session_ticket extension" \ 2712 -c "parse new session ticket" \ 2713 -S "session successfully restored from cache" \ 2714 -s "session successfully restored from ticket" \ 2715 -s "a session has been resumed" \ 2716 -c "a session has been resumed" 2717 2718run_test "Session resume using tickets: timeout" \ 2719 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 2720 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \ 2721 0 \ 2722 -c "client hello, adding session ticket extension" \ 2723 -s "found session ticket extension" \ 2724 -s "server hello, adding session ticket extension" \ 2725 -c "found session_ticket extension" \ 2726 -c "parse new session ticket" \ 2727 -S "session successfully restored from cache" \ 2728 -S "session successfully restored from ticket" \ 2729 -S "a session has been resumed" \ 2730 -C "a session has been resumed" 2731 2732run_test "Session resume using tickets: session copy" \ 2733 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 2734 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ 2735 0 \ 2736 -c "client hello, adding session ticket extension" \ 2737 -s "found session ticket extension" \ 2738 -s "server hello, adding session ticket extension" \ 2739 -c "found session_ticket extension" \ 2740 -c "parse new session ticket" \ 2741 -S "session successfully restored from cache" \ 2742 -s "session successfully restored from ticket" \ 2743 -s "a session has been resumed" \ 2744 -c "a session has been resumed" 2745 2746run_test "Session resume using tickets: openssl server" \ 2747 "$O_SRV" \ 2748 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 2749 0 \ 2750 -c "client hello, adding session ticket extension" \ 2751 -c "found session_ticket extension" \ 2752 -c "parse new session ticket" \ 2753 -c "a session has been resumed" 2754 2755run_test "Session resume using tickets: openssl client" \ 2756 "$P_SRV debug_level=3 tickets=1" \ 2757 "( $O_CLI -sess_out $SESSION; \ 2758 $O_CLI -sess_in $SESSION; \ 2759 rm -f $SESSION )" \ 2760 0 \ 2761 -s "found session ticket extension" \ 2762 -s "server hello, adding session ticket extension" \ 2763 -S "session successfully restored from cache" \ 2764 -s "session successfully restored from ticket" \ 2765 -s "a session has been resumed" 2766 2767# Tests for Session Tickets with DTLS 2768 2769run_test "Session resume using tickets, DTLS: basic" \ 2770 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 2771 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 2772 0 \ 2773 -c "client hello, adding session ticket extension" \ 2774 -s "found session ticket extension" \ 2775 -s "server hello, adding session ticket extension" \ 2776 -c "found session_ticket extension" \ 2777 -c "parse new session ticket" \ 2778 -S "session successfully restored from cache" \ 2779 -s "session successfully restored from ticket" \ 2780 -s "a session has been resumed" \ 2781 -c "a session has been resumed" 2782 2783run_test "Session resume using tickets, DTLS: cache disabled" \ 2784 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 2785 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 2786 0 \ 2787 -c "client hello, adding session ticket extension" \ 2788 -s "found session ticket extension" \ 2789 -s "server hello, adding session ticket extension" \ 2790 -c "found session_ticket extension" \ 2791 -c "parse new session ticket" \ 2792 -S "session successfully restored from cache" \ 2793 -s "session successfully restored from ticket" \ 2794 -s "a session has been resumed" \ 2795 -c "a session has been resumed" 2796 2797run_test "Session resume using tickets, DTLS: timeout" \ 2798 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 2799 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2" \ 2800 0 \ 2801 -c "client hello, adding session ticket extension" \ 2802 -s "found session ticket extension" \ 2803 -s "server hello, adding session ticket extension" \ 2804 -c "found session_ticket extension" \ 2805 -c "parse new session ticket" \ 2806 -S "session successfully restored from cache" \ 2807 -S "session successfully restored from ticket" \ 2808 -S "a session has been resumed" \ 2809 -C "a session has been resumed" 2810 2811run_test "Session resume using tickets, DTLS: session copy" \ 2812 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 2813 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ 2814 0 \ 2815 -c "client hello, adding session ticket extension" \ 2816 -s "found session ticket extension" \ 2817 -s "server hello, adding session ticket extension" \ 2818 -c "found session_ticket extension" \ 2819 -c "parse new session ticket" \ 2820 -S "session successfully restored from cache" \ 2821 -s "session successfully restored from ticket" \ 2822 -s "a session has been resumed" \ 2823 -c "a session has been resumed" 2824 2825run_test "Session resume using tickets, DTLS: openssl server" \ 2826 "$O_SRV -dtls" \ 2827 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 2828 0 \ 2829 -c "client hello, adding session ticket extension" \ 2830 -c "found session_ticket extension" \ 2831 -c "parse new session ticket" \ 2832 -c "a session has been resumed" 2833 2834# For reasons that aren't fully understood, this test randomly fails with high 2835# probability with OpenSSL 1.0.2g on the CI, see #5012. 2836requires_openssl_next 2837run_test "Session resume using tickets, DTLS: openssl client" \ 2838 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 2839 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 2840 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 2841 rm -f $SESSION )" \ 2842 0 \ 2843 -s "found session ticket extension" \ 2844 -s "server hello, adding session ticket extension" \ 2845 -S "session successfully restored from cache" \ 2846 -s "session successfully restored from ticket" \ 2847 -s "a session has been resumed" 2848 2849# Tests for Session Resume based on session-ID and cache 2850 2851run_test "Session resume using cache: tickets enabled on client" \ 2852 "$P_SRV debug_level=3 tickets=0" \ 2853 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 2854 0 \ 2855 -c "client hello, adding session ticket extension" \ 2856 -s "found session ticket extension" \ 2857 -S "server hello, adding session ticket extension" \ 2858 -C "found session_ticket extension" \ 2859 -C "parse new session ticket" \ 2860 -s "session successfully restored from cache" \ 2861 -S "session successfully restored from ticket" \ 2862 -s "a session has been resumed" \ 2863 -c "a session has been resumed" 2864 2865run_test "Session resume using cache: tickets enabled on server" \ 2866 "$P_SRV debug_level=3 tickets=1" \ 2867 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 2868 0 \ 2869 -C "client hello, adding session ticket extension" \ 2870 -S "found session ticket extension" \ 2871 -S "server hello, adding session ticket extension" \ 2872 -C "found session_ticket extension" \ 2873 -C "parse new session ticket" \ 2874 -s "session successfully restored from cache" \ 2875 -S "session successfully restored from ticket" \ 2876 -s "a session has been resumed" \ 2877 -c "a session has been resumed" 2878 2879run_test "Session resume using cache: cache_max=0" \ 2880 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 2881 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 2882 0 \ 2883 -S "session successfully restored from cache" \ 2884 -S "session successfully restored from ticket" \ 2885 -S "a session has been resumed" \ 2886 -C "a session has been resumed" 2887 2888run_test "Session resume using cache: cache_max=1" \ 2889 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 2890 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 2891 0 \ 2892 -s "session successfully restored from cache" \ 2893 -S "session successfully restored from ticket" \ 2894 -s "a session has been resumed" \ 2895 -c "a session has been resumed" 2896 2897run_test "Session resume using cache: timeout > delay" \ 2898 "$P_SRV debug_level=3 tickets=0" \ 2899 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 2900 0 \ 2901 -s "session successfully restored from cache" \ 2902 -S "session successfully restored from ticket" \ 2903 -s "a session has been resumed" \ 2904 -c "a session has been resumed" 2905 2906run_test "Session resume using cache: timeout < delay" \ 2907 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 2908 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 2909 0 \ 2910 -S "session successfully restored from cache" \ 2911 -S "session successfully restored from ticket" \ 2912 -S "a session has been resumed" \ 2913 -C "a session has been resumed" 2914 2915run_test "Session resume using cache: no timeout" \ 2916 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 2917 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \ 2918 0 \ 2919 -s "session successfully restored from cache" \ 2920 -S "session successfully restored from ticket" \ 2921 -s "a session has been resumed" \ 2922 -c "a session has been resumed" 2923 2924run_test "Session resume using cache: session copy" \ 2925 "$P_SRV debug_level=3 tickets=0" \ 2926 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ 2927 0 \ 2928 -s "session successfully restored from cache" \ 2929 -S "session successfully restored from ticket" \ 2930 -s "a session has been resumed" \ 2931 -c "a session has been resumed" 2932 2933run_test "Session resume using cache: openssl client" \ 2934 "$P_SRV debug_level=3 tickets=0" \ 2935 "( $O_CLI -sess_out $SESSION; \ 2936 $O_CLI -sess_in $SESSION; \ 2937 rm -f $SESSION )" \ 2938 0 \ 2939 -s "found session ticket extension" \ 2940 -S "server hello, adding session ticket extension" \ 2941 -s "session successfully restored from cache" \ 2942 -S "session successfully restored from ticket" \ 2943 -s "a session has been resumed" 2944 2945run_test "Session resume using cache: openssl server" \ 2946 "$O_SRV" \ 2947 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 2948 0 \ 2949 -C "found session_ticket extension" \ 2950 -C "parse new session ticket" \ 2951 -c "a session has been resumed" 2952 2953# Tests for Session Resume based on session-ID and cache, DTLS 2954 2955run_test "Session resume using cache, DTLS: tickets enabled on client" \ 2956 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 2957 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ 2958 0 \ 2959 -c "client hello, adding session ticket extension" \ 2960 -s "found session ticket extension" \ 2961 -S "server hello, adding session ticket extension" \ 2962 -C "found session_ticket extension" \ 2963 -C "parse new session ticket" \ 2964 -s "session successfully restored from cache" \ 2965 -S "session successfully restored from ticket" \ 2966 -s "a session has been resumed" \ 2967 -c "a session has been resumed" 2968 2969run_test "Session resume using cache, DTLS: tickets enabled on server" \ 2970 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 2971 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 2972 0 \ 2973 -C "client hello, adding session ticket extension" \ 2974 -S "found session ticket extension" \ 2975 -S "server hello, adding session ticket extension" \ 2976 -C "found session_ticket extension" \ 2977 -C "parse new session ticket" \ 2978 -s "session successfully restored from cache" \ 2979 -S "session successfully restored from ticket" \ 2980 -s "a session has been resumed" \ 2981 -c "a session has been resumed" 2982 2983run_test "Session resume using cache, DTLS: cache_max=0" \ 2984 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 2985 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 2986 0 \ 2987 -S "session successfully restored from cache" \ 2988 -S "session successfully restored from ticket" \ 2989 -S "a session has been resumed" \ 2990 -C "a session has been resumed" 2991 2992run_test "Session resume using cache, DTLS: cache_max=1" \ 2993 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 2994 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 2995 0 \ 2996 -s "session successfully restored from cache" \ 2997 -S "session successfully restored from ticket" \ 2998 -s "a session has been resumed" \ 2999 -c "a session has been resumed" 3000 3001run_test "Session resume using cache, DTLS: timeout > delay" \ 3002 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 3003 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ 3004 0 \ 3005 -s "session successfully restored from cache" \ 3006 -S "session successfully restored from ticket" \ 3007 -s "a session has been resumed" \ 3008 -c "a session has been resumed" 3009 3010run_test "Session resume using cache, DTLS: timeout < delay" \ 3011 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 3012 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 3013 0 \ 3014 -S "session successfully restored from cache" \ 3015 -S "session successfully restored from ticket" \ 3016 -S "a session has been resumed" \ 3017 -C "a session has been resumed" 3018 3019run_test "Session resume using cache, DTLS: no timeout" \ 3020 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 3021 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2" \ 3022 0 \ 3023 -s "session successfully restored from cache" \ 3024 -S "session successfully restored from ticket" \ 3025 -s "a session has been resumed" \ 3026 -c "a session has been resumed" 3027 3028run_test "Session resume using cache, DTLS: session copy" \ 3029 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 3030 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ 3031 0 \ 3032 -s "session successfully restored from cache" \ 3033 -S "session successfully restored from ticket" \ 3034 -s "a session has been resumed" \ 3035 -c "a session has been resumed" 3036 3037# For reasons that aren't fully understood, this test randomly fails with high 3038# probability with OpenSSL 1.0.2g on the CI, see #5012. 3039requires_openssl_next 3040run_test "Session resume using cache, DTLS: openssl client" \ 3041 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 3042 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 3043 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 3044 rm -f $SESSION )" \ 3045 0 \ 3046 -s "found session ticket extension" \ 3047 -S "server hello, adding session ticket extension" \ 3048 -s "session successfully restored from cache" \ 3049 -S "session successfully restored from ticket" \ 3050 -s "a session has been resumed" 3051 3052run_test "Session resume using cache, DTLS: openssl server" \ 3053 "$O_SRV -dtls" \ 3054 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 3055 0 \ 3056 -C "found session_ticket extension" \ 3057 -C "parse new session ticket" \ 3058 -c "a session has been resumed" 3059 3060# Tests for Max Fragment Length extension 3061 3062requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3063run_test "Max fragment length: enabled, default" \ 3064 "$P_SRV debug_level=3" \ 3065 "$P_CLI debug_level=3" \ 3066 0 \ 3067 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3068 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3069 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3070 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3071 -C "client hello, adding max_fragment_length extension" \ 3072 -S "found max fragment length extension" \ 3073 -S "server hello, max_fragment_length extension" \ 3074 -C "found max_fragment_length extension" 3075 3076requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3077run_test "Max fragment length: enabled, default, larger message" \ 3078 "$P_SRV debug_level=3" \ 3079 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 3080 0 \ 3081 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3082 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3083 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3084 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3085 -C "client hello, adding max_fragment_length extension" \ 3086 -S "found max fragment length extension" \ 3087 -S "server hello, max_fragment_length extension" \ 3088 -C "found max_fragment_length extension" \ 3089 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 3090 -s "$MAX_CONTENT_LEN bytes read" \ 3091 -s "1 bytes read" 3092 3093requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3094run_test "Max fragment length, DTLS: enabled, default, larger message" \ 3095 "$P_SRV debug_level=3 dtls=1" \ 3096 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 3097 1 \ 3098 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3099 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3100 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3101 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3102 -C "client hello, adding max_fragment_length extension" \ 3103 -S "found max fragment length extension" \ 3104 -S "server hello, max_fragment_length extension" \ 3105 -C "found max_fragment_length extension" \ 3106 -c "fragment larger than.*maximum " 3107 3108# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 3109# (session fragment length will be 16384 regardless of mbedtls 3110# content length configuration.) 3111 3112requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3113run_test "Max fragment length: disabled, larger message" \ 3114 "$P_SRV debug_level=3" \ 3115 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 3116 0 \ 3117 -C "Maximum incoming record payload length is 16384" \ 3118 -C "Maximum outgoing record payload length is 16384" \ 3119 -S "Maximum incoming record payload length is 16384" \ 3120 -S "Maximum outgoing record payload length is 16384" \ 3121 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 3122 -s "$MAX_CONTENT_LEN bytes read" \ 3123 -s "1 bytes read" 3124 3125requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3126run_test "Max fragment length, DTLS: disabled, larger message" \ 3127 "$P_SRV debug_level=3 dtls=1" \ 3128 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 3129 1 \ 3130 -C "Maximum incoming record payload length is 16384" \ 3131 -C "Maximum outgoing record payload length is 16384" \ 3132 -S "Maximum incoming record payload length is 16384" \ 3133 -S "Maximum outgoing record payload length is 16384" \ 3134 -c "fragment larger than.*maximum " 3135 3136requires_max_content_len 4096 3137requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3138run_test "Max fragment length: used by client" \ 3139 "$P_SRV debug_level=3" \ 3140 "$P_CLI debug_level=3 max_frag_len=4096" \ 3141 0 \ 3142 -c "Maximum incoming record payload length is 4096" \ 3143 -c "Maximum outgoing record payload length is 4096" \ 3144 -s "Maximum incoming record payload length is 4096" \ 3145 -s "Maximum outgoing record payload length is 4096" \ 3146 -c "client hello, adding max_fragment_length extension" \ 3147 -s "found max fragment length extension" \ 3148 -s "server hello, max_fragment_length extension" \ 3149 -c "found max_fragment_length extension" 3150 3151requires_max_content_len 1024 3152requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3153run_test "Max fragment length: client 512, server 1024" \ 3154 "$P_SRV debug_level=3 max_frag_len=1024" \ 3155 "$P_CLI debug_level=3 max_frag_len=512" \ 3156 0 \ 3157 -c "Maximum incoming record payload length is 512" \ 3158 -c "Maximum outgoing record payload length is 512" \ 3159 -s "Maximum incoming record payload length is 512" \ 3160 -s "Maximum outgoing record payload length is 512" \ 3161 -c "client hello, adding max_fragment_length extension" \ 3162 -s "found max fragment length extension" \ 3163 -s "server hello, max_fragment_length extension" \ 3164 -c "found max_fragment_length extension" 3165 3166requires_max_content_len 2048 3167requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3168run_test "Max fragment length: client 512, server 2048" \ 3169 "$P_SRV debug_level=3 max_frag_len=2048" \ 3170 "$P_CLI debug_level=3 max_frag_len=512" \ 3171 0 \ 3172 -c "Maximum incoming record payload length is 512" \ 3173 -c "Maximum outgoing record payload length is 512" \ 3174 -s "Maximum incoming record payload length is 512" \ 3175 -s "Maximum outgoing record payload length is 512" \ 3176 -c "client hello, adding max_fragment_length extension" \ 3177 -s "found max fragment length extension" \ 3178 -s "server hello, max_fragment_length extension" \ 3179 -c "found max_fragment_length extension" 3180 3181requires_max_content_len 4096 3182requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3183run_test "Max fragment length: client 512, server 4096" \ 3184 "$P_SRV debug_level=3 max_frag_len=4096" \ 3185 "$P_CLI debug_level=3 max_frag_len=512" \ 3186 0 \ 3187 -c "Maximum incoming record payload length is 512" \ 3188 -c "Maximum outgoing record payload length is 512" \ 3189 -s "Maximum incoming record payload length is 512" \ 3190 -s "Maximum outgoing record payload length is 512" \ 3191 -c "client hello, adding max_fragment_length extension" \ 3192 -s "found max fragment length extension" \ 3193 -s "server hello, max_fragment_length extension" \ 3194 -c "found max_fragment_length extension" 3195 3196requires_max_content_len 1024 3197requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3198run_test "Max fragment length: client 1024, server 512" \ 3199 "$P_SRV debug_level=3 max_frag_len=512" \ 3200 "$P_CLI debug_level=3 max_frag_len=1024" \ 3201 0 \ 3202 -c "Maximum incoming record payload length is 1024" \ 3203 -c "Maximum outgoing record payload length is 1024" \ 3204 -s "Maximum incoming record payload length is 1024" \ 3205 -s "Maximum outgoing record payload length is 512" \ 3206 -c "client hello, adding max_fragment_length extension" \ 3207 -s "found max fragment length extension" \ 3208 -s "server hello, max_fragment_length extension" \ 3209 -c "found max_fragment_length extension" 3210 3211requires_max_content_len 2048 3212requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3213run_test "Max fragment length: client 1024, server 2048" \ 3214 "$P_SRV debug_level=3 max_frag_len=2048" \ 3215 "$P_CLI debug_level=3 max_frag_len=1024" \ 3216 0 \ 3217 -c "Maximum incoming record payload length is 1024" \ 3218 -c "Maximum outgoing record payload length is 1024" \ 3219 -s "Maximum incoming record payload length is 1024" \ 3220 -s "Maximum outgoing record payload length is 1024" \ 3221 -c "client hello, adding max_fragment_length extension" \ 3222 -s "found max fragment length extension" \ 3223 -s "server hello, max_fragment_length extension" \ 3224 -c "found max_fragment_length extension" 3225 3226requires_max_content_len 4096 3227requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3228run_test "Max fragment length: client 1024, server 4096" \ 3229 "$P_SRV debug_level=3 max_frag_len=4096" \ 3230 "$P_CLI debug_level=3 max_frag_len=1024" \ 3231 0 \ 3232 -c "Maximum incoming record payload length is 1024" \ 3233 -c "Maximum outgoing record payload length is 1024" \ 3234 -s "Maximum incoming record payload length is 1024" \ 3235 -s "Maximum outgoing record payload length is 1024" \ 3236 -c "client hello, adding max_fragment_length extension" \ 3237 -s "found max fragment length extension" \ 3238 -s "server hello, max_fragment_length extension" \ 3239 -c "found max_fragment_length extension" 3240 3241requires_max_content_len 2048 3242requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3243run_test "Max fragment length: client 2048, server 512" \ 3244 "$P_SRV debug_level=3 max_frag_len=512" \ 3245 "$P_CLI debug_level=3 max_frag_len=2048" \ 3246 0 \ 3247 -c "Maximum incoming record payload length is 2048" \ 3248 -c "Maximum outgoing record payload length is 2048" \ 3249 -s "Maximum incoming record payload length is 2048" \ 3250 -s "Maximum outgoing record payload length is 512" \ 3251 -c "client hello, adding max_fragment_length extension" \ 3252 -s "found max fragment length extension" \ 3253 -s "server hello, max_fragment_length extension" \ 3254 -c "found max_fragment_length extension" 3255 3256requires_max_content_len 2048 3257requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3258run_test "Max fragment length: client 2048, server 1024" \ 3259 "$P_SRV debug_level=3 max_frag_len=1024" \ 3260 "$P_CLI debug_level=3 max_frag_len=2048" \ 3261 0 \ 3262 -c "Maximum incoming record payload length is 2048" \ 3263 -c "Maximum outgoing record payload length is 2048" \ 3264 -s "Maximum incoming record payload length is 2048" \ 3265 -s "Maximum outgoing record payload length is 1024" \ 3266 -c "client hello, adding max_fragment_length extension" \ 3267 -s "found max fragment length extension" \ 3268 -s "server hello, max_fragment_length extension" \ 3269 -c "found max_fragment_length extension" 3270 3271requires_max_content_len 4096 3272requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3273run_test "Max fragment length: client 2048, server 4096" \ 3274 "$P_SRV debug_level=3 max_frag_len=4096" \ 3275 "$P_CLI debug_level=3 max_frag_len=2048" \ 3276 0 \ 3277 -c "Maximum incoming record payload length is 2048" \ 3278 -c "Maximum outgoing record payload length is 2048" \ 3279 -s "Maximum incoming record payload length is 2048" \ 3280 -s "Maximum outgoing record payload length is 2048" \ 3281 -c "client hello, adding max_fragment_length extension" \ 3282 -s "found max fragment length extension" \ 3283 -s "server hello, max_fragment_length extension" \ 3284 -c "found max_fragment_length extension" 3285 3286requires_max_content_len 4096 3287requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3288run_test "Max fragment length: client 4096, server 512" \ 3289 "$P_SRV debug_level=3 max_frag_len=512" \ 3290 "$P_CLI debug_level=3 max_frag_len=4096" \ 3291 0 \ 3292 -c "Maximum incoming record payload length is 4096" \ 3293 -c "Maximum outgoing record payload length is 4096" \ 3294 -s "Maximum incoming record payload length is 4096" \ 3295 -s "Maximum outgoing record payload length is 512" \ 3296 -c "client hello, adding max_fragment_length extension" \ 3297 -s "found max fragment length extension" \ 3298 -s "server hello, max_fragment_length extension" \ 3299 -c "found max_fragment_length extension" 3300 3301requires_max_content_len 4096 3302requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3303run_test "Max fragment length: client 4096, server 1024" \ 3304 "$P_SRV debug_level=3 max_frag_len=1024" \ 3305 "$P_CLI debug_level=3 max_frag_len=4096" \ 3306 0 \ 3307 -c "Maximum incoming record payload length is 4096" \ 3308 -c "Maximum outgoing record payload length is 4096" \ 3309 -s "Maximum incoming record payload length is 4096" \ 3310 -s "Maximum outgoing record payload length is 1024" \ 3311 -c "client hello, adding max_fragment_length extension" \ 3312 -s "found max fragment length extension" \ 3313 -s "server hello, max_fragment_length extension" \ 3314 -c "found max_fragment_length extension" 3315 3316requires_max_content_len 4096 3317requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3318run_test "Max fragment length: client 4096, server 2048" \ 3319 "$P_SRV debug_level=3 max_frag_len=2048" \ 3320 "$P_CLI debug_level=3 max_frag_len=4096" \ 3321 0 \ 3322 -c "Maximum incoming record payload length is 4096" \ 3323 -c "Maximum outgoing record payload length is 4096" \ 3324 -s "Maximum incoming record payload length is 4096" \ 3325 -s "Maximum outgoing record payload length is 2048" \ 3326 -c "client hello, adding max_fragment_length extension" \ 3327 -s "found max fragment length extension" \ 3328 -s "server hello, max_fragment_length extension" \ 3329 -c "found max_fragment_length extension" 3330 3331requires_max_content_len 4096 3332requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3333run_test "Max fragment length: used by server" \ 3334 "$P_SRV debug_level=3 max_frag_len=4096" \ 3335 "$P_CLI debug_level=3" \ 3336 0 \ 3337 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3338 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 3339 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 3340 -s "Maximum outgoing record payload length is 4096" \ 3341 -C "client hello, adding max_fragment_length extension" \ 3342 -S "found max fragment length extension" \ 3343 -S "server hello, max_fragment_length extension" \ 3344 -C "found max_fragment_length extension" 3345 3346requires_max_content_len 4096 3347requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3348requires_gnutls 3349run_test "Max fragment length: gnutls server" \ 3350 "$G_SRV" \ 3351 "$P_CLI debug_level=3 max_frag_len=4096" \ 3352 0 \ 3353 -c "Maximum incoming record payload length is 4096" \ 3354 -c "Maximum outgoing record payload length is 4096" \ 3355 -c "client hello, adding max_fragment_length extension" \ 3356 -c "found max_fragment_length extension" 3357 3358requires_max_content_len 2048 3359requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3360run_test "Max fragment length: client, message just fits" \ 3361 "$P_SRV debug_level=3" \ 3362 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ 3363 0 \ 3364 -c "Maximum incoming record payload length is 2048" \ 3365 -c "Maximum outgoing record payload length is 2048" \ 3366 -s "Maximum incoming record payload length is 2048" \ 3367 -s "Maximum outgoing record payload length is 2048" \ 3368 -c "client hello, adding max_fragment_length extension" \ 3369 -s "found max fragment length extension" \ 3370 -s "server hello, max_fragment_length extension" \ 3371 -c "found max_fragment_length extension" \ 3372 -c "2048 bytes written in 1 fragments" \ 3373 -s "2048 bytes read" 3374 3375requires_max_content_len 2048 3376requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3377run_test "Max fragment length: client, larger message" \ 3378 "$P_SRV debug_level=3" \ 3379 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ 3380 0 \ 3381 -c "Maximum incoming record payload length is 2048" \ 3382 -c "Maximum outgoing record payload length is 2048" \ 3383 -s "Maximum incoming record payload length is 2048" \ 3384 -s "Maximum outgoing record payload length is 2048" \ 3385 -c "client hello, adding max_fragment_length extension" \ 3386 -s "found max fragment length extension" \ 3387 -s "server hello, max_fragment_length extension" \ 3388 -c "found max_fragment_length extension" \ 3389 -c "2345 bytes written in 2 fragments" \ 3390 -s "2048 bytes read" \ 3391 -s "297 bytes read" 3392 3393requires_max_content_len 2048 3394requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3395run_test "Max fragment length: DTLS client, larger message" \ 3396 "$P_SRV debug_level=3 dtls=1" \ 3397 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 3398 1 \ 3399 -c "Maximum incoming record payload length is 2048" \ 3400 -c "Maximum outgoing record payload length is 2048" \ 3401 -s "Maximum incoming record payload length is 2048" \ 3402 -s "Maximum outgoing record payload length is 2048" \ 3403 -c "client hello, adding max_fragment_length extension" \ 3404 -s "found max fragment length extension" \ 3405 -s "server hello, max_fragment_length extension" \ 3406 -c "found max_fragment_length extension" \ 3407 -c "fragment larger than.*maximum" 3408 3409# Tests for renegotiation 3410 3411# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 3412run_test "Renegotiation: none, for reference" \ 3413 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 3414 "$P_CLI debug_level=3 exchanges=2" \ 3415 0 \ 3416 -C "client hello, adding renegotiation extension" \ 3417 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3418 -S "found renegotiation extension" \ 3419 -s "server hello, secure renegotiation extension" \ 3420 -c "found renegotiation extension" \ 3421 -C "=> renegotiate" \ 3422 -S "=> renegotiate" \ 3423 -S "write hello request" 3424 3425requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3426run_test "Renegotiation: client-initiated" \ 3427 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 3428 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 3429 0 \ 3430 -c "client hello, adding renegotiation extension" \ 3431 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3432 -s "found renegotiation extension" \ 3433 -s "server hello, secure renegotiation extension" \ 3434 -c "found renegotiation extension" \ 3435 -c "=> renegotiate" \ 3436 -s "=> renegotiate" \ 3437 -S "write hello request" 3438 3439requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3440run_test "Renegotiation: server-initiated" \ 3441 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 3442 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 3443 0 \ 3444 -c "client hello, adding renegotiation extension" \ 3445 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3446 -s "found renegotiation extension" \ 3447 -s "server hello, secure renegotiation extension" \ 3448 -c "found renegotiation extension" \ 3449 -c "=> renegotiate" \ 3450 -s "=> renegotiate" \ 3451 -s "write hello request" 3452 3453# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 3454# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 3455# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 3456requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3457run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 3458 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 3459 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 3460 0 \ 3461 -c "client hello, adding renegotiation extension" \ 3462 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3463 -s "found renegotiation extension" \ 3464 -s "server hello, secure renegotiation extension" \ 3465 -c "found renegotiation extension" \ 3466 -c "=> renegotiate" \ 3467 -s "=> renegotiate" \ 3468 -S "write hello request" \ 3469 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 3470 3471# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 3472# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 3473# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 3474requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3475run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 3476 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 3477 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 3478 0 \ 3479 -c "client hello, adding renegotiation extension" \ 3480 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3481 -s "found renegotiation extension" \ 3482 -s "server hello, secure renegotiation extension" \ 3483 -c "found renegotiation extension" \ 3484 -c "=> renegotiate" \ 3485 -s "=> renegotiate" \ 3486 -s "write hello request" \ 3487 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 3488 3489requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3490run_test "Renegotiation: double" \ 3491 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 3492 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 3493 0 \ 3494 -c "client hello, adding renegotiation extension" \ 3495 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3496 -s "found renegotiation extension" \ 3497 -s "server hello, secure renegotiation extension" \ 3498 -c "found renegotiation extension" \ 3499 -c "=> renegotiate" \ 3500 -s "=> renegotiate" \ 3501 -s "write hello request" 3502 3503requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3504requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 3505requires_max_content_len 2048 3506run_test "Renegotiation with max fragment length: client 2048, server 512" \ 3507 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ 3508 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3509 0 \ 3510 -c "Maximum incoming record payload length is 2048" \ 3511 -c "Maximum outgoing record payload length is 2048" \ 3512 -s "Maximum incoming record payload length is 2048" \ 3513 -s "Maximum outgoing record payload length is 512" \ 3514 -c "client hello, adding max_fragment_length extension" \ 3515 -s "found max fragment length extension" \ 3516 -s "server hello, max_fragment_length extension" \ 3517 -c "found max_fragment_length extension" \ 3518 -c "client hello, adding renegotiation extension" \ 3519 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3520 -s "found renegotiation extension" \ 3521 -s "server hello, secure renegotiation extension" \ 3522 -c "found renegotiation extension" \ 3523 -c "=> renegotiate" \ 3524 -s "=> renegotiate" \ 3525 -s "write hello request" 3526 3527requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3528run_test "Renegotiation: client-initiated, server-rejected" \ 3529 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 3530 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 3531 1 \ 3532 -c "client hello, adding renegotiation extension" \ 3533 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3534 -S "found renegotiation extension" \ 3535 -s "server hello, secure renegotiation extension" \ 3536 -c "found renegotiation extension" \ 3537 -c "=> renegotiate" \ 3538 -S "=> renegotiate" \ 3539 -S "write hello request" \ 3540 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 3541 -c "failed" 3542 3543requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3544run_test "Renegotiation: server-initiated, client-rejected, default" \ 3545 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 3546 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 3547 0 \ 3548 -C "client hello, adding renegotiation extension" \ 3549 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3550 -S "found renegotiation extension" \ 3551 -s "server hello, secure renegotiation extension" \ 3552 -c "found renegotiation extension" \ 3553 -C "=> renegotiate" \ 3554 -S "=> renegotiate" \ 3555 -s "write hello request" \ 3556 -S "SSL - An unexpected message was received from our peer" \ 3557 -S "failed" 3558 3559requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3560run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 3561 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 3562 renego_delay=-1 auth_mode=optional" \ 3563 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 3564 0 \ 3565 -C "client hello, adding renegotiation extension" \ 3566 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3567 -S "found renegotiation extension" \ 3568 -s "server hello, secure renegotiation extension" \ 3569 -c "found renegotiation extension" \ 3570 -C "=> renegotiate" \ 3571 -S "=> renegotiate" \ 3572 -s "write hello request" \ 3573 -S "SSL - An unexpected message was received from our peer" \ 3574 -S "failed" 3575 3576# delay 2 for 1 alert record + 1 application data record 3577requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3578run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 3579 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 3580 renego_delay=2 auth_mode=optional" \ 3581 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 3582 0 \ 3583 -C "client hello, adding renegotiation extension" \ 3584 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3585 -S "found renegotiation extension" \ 3586 -s "server hello, secure renegotiation extension" \ 3587 -c "found renegotiation extension" \ 3588 -C "=> renegotiate" \ 3589 -S "=> renegotiate" \ 3590 -s "write hello request" \ 3591 -S "SSL - An unexpected message was received from our peer" \ 3592 -S "failed" 3593 3594requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3595run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 3596 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 3597 renego_delay=0 auth_mode=optional" \ 3598 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 3599 0 \ 3600 -C "client hello, adding renegotiation extension" \ 3601 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3602 -S "found renegotiation extension" \ 3603 -s "server hello, secure renegotiation extension" \ 3604 -c "found renegotiation extension" \ 3605 -C "=> renegotiate" \ 3606 -S "=> renegotiate" \ 3607 -s "write hello request" \ 3608 -s "SSL - An unexpected message was received from our peer" 3609 3610requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3611run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 3612 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 3613 renego_delay=0 auth_mode=optional" \ 3614 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 3615 0 \ 3616 -c "client hello, adding renegotiation extension" \ 3617 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3618 -s "found renegotiation extension" \ 3619 -s "server hello, secure renegotiation extension" \ 3620 -c "found renegotiation extension" \ 3621 -c "=> renegotiate" \ 3622 -s "=> renegotiate" \ 3623 -s "write hello request" \ 3624 -S "SSL - An unexpected message was received from our peer" \ 3625 -S "failed" 3626 3627requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3628run_test "Renegotiation: periodic, just below period" \ 3629 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 3630 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 3631 0 \ 3632 -C "client hello, adding renegotiation extension" \ 3633 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3634 -S "found renegotiation extension" \ 3635 -s "server hello, secure renegotiation extension" \ 3636 -c "found renegotiation extension" \ 3637 -S "record counter limit reached: renegotiate" \ 3638 -C "=> renegotiate" \ 3639 -S "=> renegotiate" \ 3640 -S "write hello request" \ 3641 -S "SSL - An unexpected message was received from our peer" \ 3642 -S "failed" 3643 3644# one extra exchange to be able to complete renego 3645requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3646run_test "Renegotiation: periodic, just above period" \ 3647 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 3648 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 3649 0 \ 3650 -c "client hello, adding renegotiation extension" \ 3651 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3652 -s "found renegotiation extension" \ 3653 -s "server hello, secure renegotiation extension" \ 3654 -c "found renegotiation extension" \ 3655 -s "record counter limit reached: renegotiate" \ 3656 -c "=> renegotiate" \ 3657 -s "=> renegotiate" \ 3658 -s "write hello request" \ 3659 -S "SSL - An unexpected message was received from our peer" \ 3660 -S "failed" 3661 3662requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3663run_test "Renegotiation: periodic, two times period" \ 3664 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 3665 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ 3666 0 \ 3667 -c "client hello, adding renegotiation extension" \ 3668 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3669 -s "found renegotiation extension" \ 3670 -s "server hello, secure renegotiation extension" \ 3671 -c "found renegotiation extension" \ 3672 -s "record counter limit reached: renegotiate" \ 3673 -c "=> renegotiate" \ 3674 -s "=> renegotiate" \ 3675 -s "write hello request" \ 3676 -S "SSL - An unexpected message was received from our peer" \ 3677 -S "failed" 3678 3679requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3680run_test "Renegotiation: periodic, above period, disabled" \ 3681 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 3682 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 3683 0 \ 3684 -C "client hello, adding renegotiation extension" \ 3685 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3686 -S "found renegotiation extension" \ 3687 -s "server hello, secure renegotiation extension" \ 3688 -c "found renegotiation extension" \ 3689 -S "record counter limit reached: renegotiate" \ 3690 -C "=> renegotiate" \ 3691 -S "=> renegotiate" \ 3692 -S "write hello request" \ 3693 -S "SSL - An unexpected message was received from our peer" \ 3694 -S "failed" 3695 3696requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3697run_test "Renegotiation: nbio, client-initiated" \ 3698 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 3699 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 3700 0 \ 3701 -c "client hello, adding renegotiation extension" \ 3702 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3703 -s "found renegotiation extension" \ 3704 -s "server hello, secure renegotiation extension" \ 3705 -c "found renegotiation extension" \ 3706 -c "=> renegotiate" \ 3707 -s "=> renegotiate" \ 3708 -S "write hello request" 3709 3710requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3711run_test "Renegotiation: nbio, server-initiated" \ 3712 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 3713 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 3714 0 \ 3715 -c "client hello, adding renegotiation extension" \ 3716 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3717 -s "found renegotiation extension" \ 3718 -s "server hello, secure renegotiation extension" \ 3719 -c "found renegotiation extension" \ 3720 -c "=> renegotiate" \ 3721 -s "=> renegotiate" \ 3722 -s "write hello request" 3723 3724requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3725run_test "Renegotiation: openssl server, client-initiated" \ 3726 "$O_SRV -www" \ 3727 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 3728 0 \ 3729 -c "client hello, adding renegotiation extension" \ 3730 -c "found renegotiation extension" \ 3731 -c "=> renegotiate" \ 3732 -C "ssl_hanshake() returned" \ 3733 -C "error" \ 3734 -c "HTTP/1.0 200 [Oo][Kk]" 3735 3736requires_gnutls 3737requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3738run_test "Renegotiation: gnutls server strict, client-initiated" \ 3739 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 3740 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 3741 0 \ 3742 -c "client hello, adding renegotiation extension" \ 3743 -c "found renegotiation extension" \ 3744 -c "=> renegotiate" \ 3745 -C "ssl_hanshake() returned" \ 3746 -C "error" \ 3747 -c "HTTP/1.0 200 [Oo][Kk]" 3748 3749requires_gnutls 3750requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3751run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 3752 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 3753 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 3754 1 \ 3755 -c "client hello, adding renegotiation extension" \ 3756 -C "found renegotiation extension" \ 3757 -c "=> renegotiate" \ 3758 -c "mbedtls_ssl_handshake() returned" \ 3759 -c "error" \ 3760 -C "HTTP/1.0 200 [Oo][Kk]" 3761 3762requires_gnutls 3763requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3764run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 3765 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 3766 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 3767 allow_legacy=0" \ 3768 1 \ 3769 -c "client hello, adding renegotiation extension" \ 3770 -C "found renegotiation extension" \ 3771 -c "=> renegotiate" \ 3772 -c "mbedtls_ssl_handshake() returned" \ 3773 -c "error" \ 3774 -C "HTTP/1.0 200 [Oo][Kk]" 3775 3776requires_gnutls 3777requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3778run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 3779 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 3780 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 3781 allow_legacy=1" \ 3782 0 \ 3783 -c "client hello, adding renegotiation extension" \ 3784 -C "found renegotiation extension" \ 3785 -c "=> renegotiate" \ 3786 -C "ssl_hanshake() returned" \ 3787 -C "error" \ 3788 -c "HTTP/1.0 200 [Oo][Kk]" 3789 3790requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3791run_test "Renegotiation: DTLS, client-initiated" \ 3792 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 3793 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 3794 0 \ 3795 -c "client hello, adding renegotiation extension" \ 3796 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3797 -s "found renegotiation extension" \ 3798 -s "server hello, secure renegotiation extension" \ 3799 -c "found renegotiation extension" \ 3800 -c "=> renegotiate" \ 3801 -s "=> renegotiate" \ 3802 -S "write hello request" 3803 3804requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3805run_test "Renegotiation: DTLS, server-initiated" \ 3806 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 3807 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 3808 read_timeout=1000 max_resend=2" \ 3809 0 \ 3810 -c "client hello, adding renegotiation extension" \ 3811 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3812 -s "found renegotiation extension" \ 3813 -s "server hello, secure renegotiation extension" \ 3814 -c "found renegotiation extension" \ 3815 -c "=> renegotiate" \ 3816 -s "=> renegotiate" \ 3817 -s "write hello request" 3818 3819requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3820run_test "Renegotiation: DTLS, renego_period overflow" \ 3821 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 3822 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 3823 0 \ 3824 -c "client hello, adding renegotiation extension" \ 3825 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 3826 -s "found renegotiation extension" \ 3827 -s "server hello, secure renegotiation extension" \ 3828 -s "record counter limit reached: renegotiate" \ 3829 -c "=> renegotiate" \ 3830 -s "=> renegotiate" \ 3831 -s "write hello request" 3832 3833requires_gnutls 3834requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3835run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 3836 "$G_SRV -u --mtu 4096" \ 3837 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 3838 0 \ 3839 -c "client hello, adding renegotiation extension" \ 3840 -c "found renegotiation extension" \ 3841 -c "=> renegotiate" \ 3842 -C "mbedtls_ssl_handshake returned" \ 3843 -C "error" \ 3844 -s "Extra-header:" 3845 3846# Test for the "secure renegotation" extension only (no actual renegotiation) 3847 3848requires_gnutls 3849run_test "Renego ext: gnutls server strict, client default" \ 3850 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ 3851 "$P_CLI debug_level=3" \ 3852 0 \ 3853 -c "found renegotiation extension" \ 3854 -C "error" \ 3855 -c "HTTP/1.0 200 [Oo][Kk]" 3856 3857requires_gnutls 3858run_test "Renego ext: gnutls server unsafe, client default" \ 3859 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 3860 "$P_CLI debug_level=3" \ 3861 0 \ 3862 -C "found renegotiation extension" \ 3863 -C "error" \ 3864 -c "HTTP/1.0 200 [Oo][Kk]" 3865 3866requires_gnutls 3867run_test "Renego ext: gnutls server unsafe, client break legacy" \ 3868 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ 3869 "$P_CLI debug_level=3 allow_legacy=-1" \ 3870 1 \ 3871 -C "found renegotiation extension" \ 3872 -c "error" \ 3873 -C "HTTP/1.0 200 [Oo][Kk]" 3874 3875requires_gnutls 3876run_test "Renego ext: gnutls client strict, server default" \ 3877 "$P_SRV debug_level=3" \ 3878 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ 3879 0 \ 3880 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 3881 -s "server hello, secure renegotiation extension" 3882 3883requires_gnutls 3884run_test "Renego ext: gnutls client unsafe, server default" \ 3885 "$P_SRV debug_level=3" \ 3886 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 3887 0 \ 3888 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 3889 -S "server hello, secure renegotiation extension" 3890 3891requires_gnutls 3892run_test "Renego ext: gnutls client unsafe, server break legacy" \ 3893 "$P_SRV debug_level=3 allow_legacy=-1" \ 3894 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 3895 1 \ 3896 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 3897 -S "server hello, secure renegotiation extension" 3898 3899# Tests for silently dropping trailing extra bytes in .der certificates 3900 3901requires_gnutls 3902run_test "DER format: no trailing bytes" \ 3903 "$P_SRV crt_file=data_files/server5-der0.crt \ 3904 key_file=data_files/server5.key" \ 3905 "$G_CLI localhost" \ 3906 0 \ 3907 -c "Handshake was completed" \ 3908 3909requires_gnutls 3910run_test "DER format: with a trailing zero byte" \ 3911 "$P_SRV crt_file=data_files/server5-der1a.crt \ 3912 key_file=data_files/server5.key" \ 3913 "$G_CLI localhost" \ 3914 0 \ 3915 -c "Handshake was completed" \ 3916 3917requires_gnutls 3918run_test "DER format: with a trailing random byte" \ 3919 "$P_SRV crt_file=data_files/server5-der1b.crt \ 3920 key_file=data_files/server5.key" \ 3921 "$G_CLI localhost" \ 3922 0 \ 3923 -c "Handshake was completed" \ 3924 3925requires_gnutls 3926run_test "DER format: with 2 trailing random bytes" \ 3927 "$P_SRV crt_file=data_files/server5-der2.crt \ 3928 key_file=data_files/server5.key" \ 3929 "$G_CLI localhost" \ 3930 0 \ 3931 -c "Handshake was completed" \ 3932 3933requires_gnutls 3934run_test "DER format: with 4 trailing random bytes" \ 3935 "$P_SRV crt_file=data_files/server5-der4.crt \ 3936 key_file=data_files/server5.key" \ 3937 "$G_CLI localhost" \ 3938 0 \ 3939 -c "Handshake was completed" \ 3940 3941requires_gnutls 3942run_test "DER format: with 8 trailing random bytes" \ 3943 "$P_SRV crt_file=data_files/server5-der8.crt \ 3944 key_file=data_files/server5.key" \ 3945 "$G_CLI localhost" \ 3946 0 \ 3947 -c "Handshake was completed" \ 3948 3949requires_gnutls 3950run_test "DER format: with 9 trailing random bytes" \ 3951 "$P_SRV crt_file=data_files/server5-der9.crt \ 3952 key_file=data_files/server5.key" \ 3953 "$G_CLI localhost" \ 3954 0 \ 3955 -c "Handshake was completed" \ 3956 3957# Tests for auth_mode, there are duplicated tests using ca callback for authentication 3958# When updating these tests, modify the matching authentication tests accordingly 3959 3960run_test "Authentication: server badcert, client required" \ 3961 "$P_SRV crt_file=data_files/server5-badsign.crt \ 3962 key_file=data_files/server5.key" \ 3963 "$P_CLI debug_level=1 auth_mode=required" \ 3964 1 \ 3965 -c "x509_verify_cert() returned" \ 3966 -c "! The certificate is not correctly signed by the trusted CA" \ 3967 -c "! mbedtls_ssl_handshake returned" \ 3968 -c "X509 - Certificate verification failed" 3969 3970run_test "Authentication: server badcert, client optional" \ 3971 "$P_SRV crt_file=data_files/server5-badsign.crt \ 3972 key_file=data_files/server5.key" \ 3973 "$P_CLI debug_level=1 auth_mode=optional" \ 3974 0 \ 3975 -c "x509_verify_cert() returned" \ 3976 -c "! The certificate is not correctly signed by the trusted CA" \ 3977 -C "! mbedtls_ssl_handshake returned" \ 3978 -C "X509 - Certificate verification failed" 3979 3980run_test "Authentication: server goodcert, client optional, no trusted CA" \ 3981 "$P_SRV" \ 3982 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 3983 0 \ 3984 -c "x509_verify_cert() returned" \ 3985 -c "! The certificate is not correctly signed by the trusted CA" \ 3986 -c "! Certificate verification flags"\ 3987 -C "! mbedtls_ssl_handshake returned" \ 3988 -C "X509 - Certificate verification failed" \ 3989 -C "SSL - No CA Chain is set, but required to operate" 3990 3991run_test "Authentication: server goodcert, client required, no trusted CA" \ 3992 "$P_SRV" \ 3993 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 3994 1 \ 3995 -c "x509_verify_cert() returned" \ 3996 -c "! The certificate is not correctly signed by the trusted CA" \ 3997 -c "! Certificate verification flags"\ 3998 -c "! mbedtls_ssl_handshake returned" \ 3999 -c "SSL - No CA Chain is set, but required to operate" 4000 4001# The purpose of the next two tests is to test the client's behaviour when receiving a server 4002# certificate with an unsupported elliptic curve. This should usually not happen because 4003# the client informs the server about the supported curves - it does, though, in the 4004# corner case of a static ECDH suite, because the server doesn't check the curve on that 4005# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 4006# different means to have the server ignoring the client's supported curve list. 4007 4008requires_config_enabled MBEDTLS_ECP_C 4009run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 4010 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 4011 crt_file=data_files/server5.ku-ka.crt" \ 4012 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \ 4013 1 \ 4014 -c "bad certificate (EC key curve)"\ 4015 -c "! Certificate verification flags"\ 4016 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 4017 4018requires_config_enabled MBEDTLS_ECP_C 4019run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 4020 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 4021 crt_file=data_files/server5.ku-ka.crt" \ 4022 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \ 4023 1 \ 4024 -c "bad certificate (EC key curve)"\ 4025 -c "! Certificate verification flags"\ 4026 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 4027 4028run_test "Authentication: server badcert, client none" \ 4029 "$P_SRV crt_file=data_files/server5-badsign.crt \ 4030 key_file=data_files/server5.key" \ 4031 "$P_CLI debug_level=1 auth_mode=none" \ 4032 0 \ 4033 -C "x509_verify_cert() returned" \ 4034 -C "! The certificate is not correctly signed by the trusted CA" \ 4035 -C "! mbedtls_ssl_handshake returned" \ 4036 -C "X509 - Certificate verification failed" 4037 4038run_test "Authentication: client SHA256, server required" \ 4039 "$P_SRV auth_mode=required" \ 4040 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 4041 key_file=data_files/server6.key \ 4042 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 4043 0 \ 4044 -c "Supported Signature Algorithm found: 4," \ 4045 -c "Supported Signature Algorithm found: 5," 4046 4047run_test "Authentication: client SHA384, server required" \ 4048 "$P_SRV auth_mode=required" \ 4049 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 4050 key_file=data_files/server6.key \ 4051 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 4052 0 \ 4053 -c "Supported Signature Algorithm found: 4," \ 4054 -c "Supported Signature Algorithm found: 5," 4055 4056run_test "Authentication: client has no cert, server required (TLS)" \ 4057 "$P_SRV debug_level=3 auth_mode=required" \ 4058 "$P_CLI debug_level=3 crt_file=none \ 4059 key_file=data_files/server5.key" \ 4060 1 \ 4061 -S "skip write certificate request" \ 4062 -C "skip parse certificate request" \ 4063 -c "got a certificate request" \ 4064 -c "= write certificate$" \ 4065 -C "skip write certificate$" \ 4066 -S "x509_verify_cert() returned" \ 4067 -s "client has no certificate" \ 4068 -s "! mbedtls_ssl_handshake returned" \ 4069 -c "! mbedtls_ssl_handshake returned" \ 4070 -s "No client certification received from the client, but required by the authentication mode" 4071 4072run_test "Authentication: client badcert, server required" \ 4073 "$P_SRV debug_level=3 auth_mode=required" \ 4074 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 4075 key_file=data_files/server5.key" \ 4076 1 \ 4077 -S "skip write certificate request" \ 4078 -C "skip parse certificate request" \ 4079 -c "got a certificate request" \ 4080 -C "skip write certificate" \ 4081 -C "skip write certificate verify" \ 4082 -S "skip parse certificate verify" \ 4083 -s "x509_verify_cert() returned" \ 4084 -s "! The certificate is not correctly signed by the trusted CA" \ 4085 -s "! mbedtls_ssl_handshake returned" \ 4086 -s "send alert level=2 message=48" \ 4087 -c "! mbedtls_ssl_handshake returned" \ 4088 -s "X509 - Certificate verification failed" 4089# We don't check that the client receives the alert because it might 4090# detect that its write end of the connection is closed and abort 4091# before reading the alert message. 4092 4093run_test "Authentication: client cert not trusted, server required" \ 4094 "$P_SRV debug_level=3 auth_mode=required" \ 4095 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 4096 key_file=data_files/server5.key" \ 4097 1 \ 4098 -S "skip write certificate request" \ 4099 -C "skip parse certificate request" \ 4100 -c "got a certificate request" \ 4101 -C "skip write certificate" \ 4102 -C "skip write certificate verify" \ 4103 -S "skip parse certificate verify" \ 4104 -s "x509_verify_cert() returned" \ 4105 -s "! The certificate is not correctly signed by the trusted CA" \ 4106 -s "! mbedtls_ssl_handshake returned" \ 4107 -c "! mbedtls_ssl_handshake returned" \ 4108 -s "X509 - Certificate verification failed" 4109 4110run_test "Authentication: client badcert, server optional" \ 4111 "$P_SRV debug_level=3 auth_mode=optional" \ 4112 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 4113 key_file=data_files/server5.key" \ 4114 0 \ 4115 -S "skip write certificate request" \ 4116 -C "skip parse certificate request" \ 4117 -c "got a certificate request" \ 4118 -C "skip write certificate" \ 4119 -C "skip write certificate verify" \ 4120 -S "skip parse certificate verify" \ 4121 -s "x509_verify_cert() returned" \ 4122 -s "! The certificate is not correctly signed by the trusted CA" \ 4123 -S "! mbedtls_ssl_handshake returned" \ 4124 -C "! mbedtls_ssl_handshake returned" \ 4125 -S "X509 - Certificate verification failed" 4126 4127run_test "Authentication: client badcert, server none" \ 4128 "$P_SRV debug_level=3 auth_mode=none" \ 4129 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 4130 key_file=data_files/server5.key" \ 4131 0 \ 4132 -s "skip write certificate request" \ 4133 -C "skip parse certificate request" \ 4134 -c "got no certificate request" \ 4135 -c "skip write certificate" \ 4136 -c "skip write certificate verify" \ 4137 -s "skip parse certificate verify" \ 4138 -S "x509_verify_cert() returned" \ 4139 -S "! The certificate is not correctly signed by the trusted CA" \ 4140 -S "! mbedtls_ssl_handshake returned" \ 4141 -C "! mbedtls_ssl_handshake returned" \ 4142 -S "X509 - Certificate verification failed" 4143 4144run_test "Authentication: client no cert, server optional" \ 4145 "$P_SRV debug_level=3 auth_mode=optional" \ 4146 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 4147 0 \ 4148 -S "skip write certificate request" \ 4149 -C "skip parse certificate request" \ 4150 -c "got a certificate request" \ 4151 -C "skip write certificate$" \ 4152 -C "got no certificate to send" \ 4153 -c "skip write certificate verify" \ 4154 -s "skip parse certificate verify" \ 4155 -s "! Certificate was missing" \ 4156 -S "! mbedtls_ssl_handshake returned" \ 4157 -C "! mbedtls_ssl_handshake returned" \ 4158 -S "X509 - Certificate verification failed" 4159 4160run_test "Authentication: openssl client no cert, server optional" \ 4161 "$P_SRV debug_level=3 auth_mode=optional" \ 4162 "$O_CLI" \ 4163 0 \ 4164 -S "skip write certificate request" \ 4165 -s "skip parse certificate verify" \ 4166 -s "! Certificate was missing" \ 4167 -S "! mbedtls_ssl_handshake returned" \ 4168 -S "X509 - Certificate verification failed" 4169 4170run_test "Authentication: client no cert, openssl server optional" \ 4171 "$O_SRV -verify 10" \ 4172 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 4173 0 \ 4174 -C "skip parse certificate request" \ 4175 -c "got a certificate request" \ 4176 -C "skip write certificate$" \ 4177 -c "skip write certificate verify" \ 4178 -C "! mbedtls_ssl_handshake returned" 4179 4180run_test "Authentication: client no cert, openssl server required" \ 4181 "$O_SRV -Verify 10" \ 4182 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 4183 1 \ 4184 -C "skip parse certificate request" \ 4185 -c "got a certificate request" \ 4186 -C "skip write certificate$" \ 4187 -c "skip write certificate verify" \ 4188 -c "! mbedtls_ssl_handshake returned" 4189 4190# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default 4191# value, defined here as MAX_IM_CA. Some test cases will be skipped if the 4192# library is configured with a different value. 4193 4194MAX_IM_CA='8' 4195 4196# The tests for the max_int tests can pass with any number higher than MAX_IM_CA 4197# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 4198# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions 4199# are in place so that the semantics are consistent with the test description. 4200requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4201requires_full_size_output_buffer 4202run_test "Authentication: server max_int chain, client default" \ 4203 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 4204 key_file=data_files/dir-maxpath/09.key" \ 4205 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 4206 0 \ 4207 -C "X509 - A fatal error occurred" 4208 4209requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4210requires_full_size_output_buffer 4211run_test "Authentication: server max_int+1 chain, client default" \ 4212 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 4213 key_file=data_files/dir-maxpath/10.key" \ 4214 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 4215 1 \ 4216 -c "X509 - A fatal error occurred" 4217 4218requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4219requires_full_size_output_buffer 4220run_test "Authentication: server max_int+1 chain, client optional" \ 4221 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 4222 key_file=data_files/dir-maxpath/10.key" \ 4223 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 4224 auth_mode=optional" \ 4225 1 \ 4226 -c "X509 - A fatal error occurred" 4227 4228requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4229requires_full_size_output_buffer 4230run_test "Authentication: server max_int+1 chain, client none" \ 4231 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 4232 key_file=data_files/dir-maxpath/10.key" \ 4233 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 4234 auth_mode=none" \ 4235 0 \ 4236 -C "X509 - A fatal error occurred" 4237 4238requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4239requires_full_size_output_buffer 4240run_test "Authentication: client max_int+1 chain, server default" \ 4241 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ 4242 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 4243 key_file=data_files/dir-maxpath/10.key" \ 4244 0 \ 4245 -S "X509 - A fatal error occurred" 4246 4247requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4248requires_full_size_output_buffer 4249run_test "Authentication: client max_int+1 chain, server optional" \ 4250 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 4251 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 4252 key_file=data_files/dir-maxpath/10.key" \ 4253 1 \ 4254 -s "X509 - A fatal error occurred" 4255 4256requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4257requires_full_size_output_buffer 4258run_test "Authentication: client max_int+1 chain, server required" \ 4259 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 4260 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 4261 key_file=data_files/dir-maxpath/10.key" \ 4262 1 \ 4263 -s "X509 - A fatal error occurred" 4264 4265requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4266requires_full_size_output_buffer 4267run_test "Authentication: client max_int chain, server required" \ 4268 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 4269 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 4270 key_file=data_files/dir-maxpath/09.key" \ 4271 0 \ 4272 -S "X509 - A fatal error occurred" 4273 4274# Tests for CA list in CertificateRequest messages 4275 4276run_test "Authentication: send CA list in CertificateRequest (default)" \ 4277 "$P_SRV debug_level=3 auth_mode=required" \ 4278 "$P_CLI crt_file=data_files/server6.crt \ 4279 key_file=data_files/server6.key" \ 4280 0 \ 4281 -s "requested DN" 4282 4283run_test "Authentication: do not send CA list in CertificateRequest" \ 4284 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 4285 "$P_CLI crt_file=data_files/server6.crt \ 4286 key_file=data_files/server6.key" \ 4287 0 \ 4288 -S "requested DN" 4289 4290run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 4291 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 4292 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 4293 key_file=data_files/server5.key" \ 4294 1 \ 4295 -S "requested DN" \ 4296 -s "x509_verify_cert() returned" \ 4297 -s "! The certificate is not correctly signed by the trusted CA" \ 4298 -s "! mbedtls_ssl_handshake returned" \ 4299 -c "! mbedtls_ssl_handshake returned" \ 4300 -s "X509 - Certificate verification failed" 4301 4302# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests 4303# When updating these tests, modify the matching authentication tests accordingly 4304 4305requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4306run_test "Authentication, CA callback: server badcert, client required" \ 4307 "$P_SRV crt_file=data_files/server5-badsign.crt \ 4308 key_file=data_files/server5.key" \ 4309 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \ 4310 1 \ 4311 -c "use CA callback for X.509 CRT verification" \ 4312 -c "x509_verify_cert() returned" \ 4313 -c "! The certificate is not correctly signed by the trusted CA" \ 4314 -c "! mbedtls_ssl_handshake returned" \ 4315 -c "X509 - Certificate verification failed" 4316 4317requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4318run_test "Authentication, CA callback: server badcert, client optional" \ 4319 "$P_SRV crt_file=data_files/server5-badsign.crt \ 4320 key_file=data_files/server5.key" \ 4321 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \ 4322 0 \ 4323 -c "use CA callback for X.509 CRT verification" \ 4324 -c "x509_verify_cert() returned" \ 4325 -c "! The certificate is not correctly signed by the trusted CA" \ 4326 -C "! mbedtls_ssl_handshake returned" \ 4327 -C "X509 - Certificate verification failed" 4328 4329# The purpose of the next two tests is to test the client's behaviour when receiving a server 4330# certificate with an unsupported elliptic curve. This should usually not happen because 4331# the client informs the server about the supported curves - it does, though, in the 4332# corner case of a static ECDH suite, because the server doesn't check the curve on that 4333# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 4334# different means to have the server ignoring the client's supported curve list. 4335 4336requires_config_enabled MBEDTLS_ECP_C 4337requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4338run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ 4339 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 4340 crt_file=data_files/server5.ku-ka.crt" \ 4341 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \ 4342 1 \ 4343 -c "use CA callback for X.509 CRT verification" \ 4344 -c "bad certificate (EC key curve)" \ 4345 -c "! Certificate verification flags" \ 4346 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 4347 4348requires_config_enabled MBEDTLS_ECP_C 4349requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4350run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ 4351 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 4352 crt_file=data_files/server5.ku-ka.crt" \ 4353 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \ 4354 1 \ 4355 -c "use CA callback for X.509 CRT verification" \ 4356 -c "bad certificate (EC key curve)"\ 4357 -c "! Certificate verification flags"\ 4358 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 4359 4360requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4361run_test "Authentication, CA callback: client SHA256, server required" \ 4362 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 4363 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 4364 key_file=data_files/server6.key \ 4365 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 4366 0 \ 4367 -s "use CA callback for X.509 CRT verification" \ 4368 -c "Supported Signature Algorithm found: 4," \ 4369 -c "Supported Signature Algorithm found: 5," 4370 4371requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4372run_test "Authentication, CA callback: client SHA384, server required" \ 4373 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 4374 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 4375 key_file=data_files/server6.key \ 4376 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 4377 0 \ 4378 -s "use CA callback for X.509 CRT verification" \ 4379 -c "Supported Signature Algorithm found: 4," \ 4380 -c "Supported Signature Algorithm found: 5," 4381 4382requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4383run_test "Authentication, CA callback: client badcert, server required" \ 4384 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 4385 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 4386 key_file=data_files/server5.key" \ 4387 1 \ 4388 -s "use CA callback for X.509 CRT verification" \ 4389 -S "skip write certificate request" \ 4390 -C "skip parse certificate request" \ 4391 -c "got a certificate request" \ 4392 -C "skip write certificate" \ 4393 -C "skip write certificate verify" \ 4394 -S "skip parse certificate verify" \ 4395 -s "x509_verify_cert() returned" \ 4396 -s "! The certificate is not correctly signed by the trusted CA" \ 4397 -s "! mbedtls_ssl_handshake returned" \ 4398 -s "send alert level=2 message=48" \ 4399 -c "! mbedtls_ssl_handshake returned" \ 4400 -s "X509 - Certificate verification failed" 4401# We don't check that the client receives the alert because it might 4402# detect that its write end of the connection is closed and abort 4403# before reading the alert message. 4404 4405requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4406run_test "Authentication, CA callback: client cert not trusted, server required" \ 4407 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 4408 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 4409 key_file=data_files/server5.key" \ 4410 1 \ 4411 -s "use CA callback for X.509 CRT verification" \ 4412 -S "skip write certificate request" \ 4413 -C "skip parse certificate request" \ 4414 -c "got a certificate request" \ 4415 -C "skip write certificate" \ 4416 -C "skip write certificate verify" \ 4417 -S "skip parse certificate verify" \ 4418 -s "x509_verify_cert() returned" \ 4419 -s "! The certificate is not correctly signed by the trusted CA" \ 4420 -s "! mbedtls_ssl_handshake returned" \ 4421 -c "! mbedtls_ssl_handshake returned" \ 4422 -s "X509 - Certificate verification failed" 4423 4424requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4425run_test "Authentication, CA callback: client badcert, server optional" \ 4426 "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \ 4427 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 4428 key_file=data_files/server5.key" \ 4429 0 \ 4430 -s "use CA callback for X.509 CRT verification" \ 4431 -S "skip write certificate request" \ 4432 -C "skip parse certificate request" \ 4433 -c "got a certificate request" \ 4434 -C "skip write certificate" \ 4435 -C "skip write certificate verify" \ 4436 -S "skip parse certificate verify" \ 4437 -s "x509_verify_cert() returned" \ 4438 -s "! The certificate is not correctly signed by the trusted CA" \ 4439 -S "! mbedtls_ssl_handshake returned" \ 4440 -C "! mbedtls_ssl_handshake returned" \ 4441 -S "X509 - Certificate verification failed" 4442 4443requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4444requires_full_size_output_buffer 4445requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4446run_test "Authentication, CA callback: server max_int chain, client default" \ 4447 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 4448 key_file=data_files/dir-maxpath/09.key" \ 4449 "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 4450 0 \ 4451 -c "use CA callback for X.509 CRT verification" \ 4452 -C "X509 - A fatal error occurred" 4453 4454requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4455requires_full_size_output_buffer 4456requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4457run_test "Authentication, CA callback: server max_int+1 chain, client default" \ 4458 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 4459 key_file=data_files/dir-maxpath/10.key" \ 4460 "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 4461 1 \ 4462 -c "use CA callback for X.509 CRT verification" \ 4463 -c "X509 - A fatal error occurred" 4464 4465requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4466requires_full_size_output_buffer 4467requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4468run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ 4469 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 4470 key_file=data_files/dir-maxpath/10.key" \ 4471 "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 4472 debug_level=3 auth_mode=optional" \ 4473 1 \ 4474 -c "use CA callback for X.509 CRT verification" \ 4475 -c "X509 - A fatal error occurred" 4476 4477requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4478requires_full_size_output_buffer 4479requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4480run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ 4481 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 4482 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 4483 key_file=data_files/dir-maxpath/10.key" \ 4484 1 \ 4485 -s "use CA callback for X.509 CRT verification" \ 4486 -s "X509 - A fatal error occurred" 4487 4488requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4489requires_full_size_output_buffer 4490requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4491run_test "Authentication, CA callback: client max_int+1 chain, server required" \ 4492 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 4493 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 4494 key_file=data_files/dir-maxpath/10.key" \ 4495 1 \ 4496 -s "use CA callback for X.509 CRT verification" \ 4497 -s "X509 - A fatal error occurred" 4498 4499requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 4500requires_full_size_output_buffer 4501requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 4502run_test "Authentication, CA callback: client max_int chain, server required" \ 4503 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 4504 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 4505 key_file=data_files/dir-maxpath/09.key" \ 4506 0 \ 4507 -s "use CA callback for X.509 CRT verification" \ 4508 -S "X509 - A fatal error occurred" 4509 4510# Tests for certificate selection based on SHA verson 4511 4512requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4513run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 4514 "$P_SRV crt_file=data_files/server5.crt \ 4515 key_file=data_files/server5.key \ 4516 crt_file2=data_files/server5-sha1.crt \ 4517 key_file2=data_files/server5.key" \ 4518 "$P_CLI force_version=tls12" \ 4519 0 \ 4520 -c "signed using.*ECDSA with SHA256" \ 4521 -C "signed using.*ECDSA with SHA1" 4522 4523# tests for SNI 4524 4525requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4526run_test "SNI: no SNI callback" \ 4527 "$P_SRV debug_level=3 \ 4528 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 4529 "$P_CLI server_name=localhost" \ 4530 0 \ 4531 -S "parse ServerName extension" \ 4532 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 4533 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 4534 4535requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4536run_test "SNI: matching cert 1" \ 4537 "$P_SRV debug_level=3 \ 4538 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4539 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4540 "$P_CLI server_name=localhost" \ 4541 0 \ 4542 -s "parse ServerName extension" \ 4543 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 4544 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 4545 4546requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4547run_test "SNI: matching cert 2" \ 4548 "$P_SRV debug_level=3 \ 4549 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4550 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4551 "$P_CLI server_name=polarssl.example" \ 4552 0 \ 4553 -s "parse ServerName extension" \ 4554 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 4555 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 4556 4557requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4558run_test "SNI: no matching cert" \ 4559 "$P_SRV debug_level=3 \ 4560 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4561 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4562 "$P_CLI server_name=nonesuch.example" \ 4563 1 \ 4564 -s "parse ServerName extension" \ 4565 -s "ssl_sni_wrapper() returned" \ 4566 -s "mbedtls_ssl_handshake returned" \ 4567 -c "mbedtls_ssl_handshake returned" \ 4568 -c "SSL - A fatal alert message was received from our peer" 4569 4570run_test "SNI: client auth no override: optional" \ 4571 "$P_SRV debug_level=3 auth_mode=optional \ 4572 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4573 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 4574 "$P_CLI debug_level=3 server_name=localhost" \ 4575 0 \ 4576 -S "skip write certificate request" \ 4577 -C "skip parse certificate request" \ 4578 -c "got a certificate request" \ 4579 -C "skip write certificate" \ 4580 -C "skip write certificate verify" \ 4581 -S "skip parse certificate verify" 4582 4583run_test "SNI: client auth override: none -> optional" \ 4584 "$P_SRV debug_level=3 auth_mode=none \ 4585 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4586 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 4587 "$P_CLI debug_level=3 server_name=localhost" \ 4588 0 \ 4589 -S "skip write certificate request" \ 4590 -C "skip parse certificate request" \ 4591 -c "got a certificate request" \ 4592 -C "skip write certificate" \ 4593 -C "skip write certificate verify" \ 4594 -S "skip parse certificate verify" 4595 4596run_test "SNI: client auth override: optional -> none" \ 4597 "$P_SRV debug_level=3 auth_mode=optional \ 4598 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4599 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 4600 "$P_CLI debug_level=3 server_name=localhost" \ 4601 0 \ 4602 -s "skip write certificate request" \ 4603 -C "skip parse certificate request" \ 4604 -c "got no certificate request" \ 4605 -c "skip write certificate" \ 4606 -c "skip write certificate verify" \ 4607 -s "skip parse certificate verify" 4608 4609run_test "SNI: CA no override" \ 4610 "$P_SRV debug_level=3 auth_mode=optional \ 4611 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4612 ca_file=data_files/test-ca.crt \ 4613 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 4614 "$P_CLI debug_level=3 server_name=localhost \ 4615 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4616 1 \ 4617 -S "skip write certificate request" \ 4618 -C "skip parse certificate request" \ 4619 -c "got a certificate request" \ 4620 -C "skip write certificate" \ 4621 -C "skip write certificate verify" \ 4622 -S "skip parse certificate verify" \ 4623 -s "x509_verify_cert() returned" \ 4624 -s "! The certificate is not correctly signed by the trusted CA" \ 4625 -S "The certificate has been revoked (is on a CRL)" 4626 4627run_test "SNI: CA override" \ 4628 "$P_SRV debug_level=3 auth_mode=optional \ 4629 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4630 ca_file=data_files/test-ca.crt \ 4631 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 4632 "$P_CLI debug_level=3 server_name=localhost \ 4633 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4634 0 \ 4635 -S "skip write certificate request" \ 4636 -C "skip parse certificate request" \ 4637 -c "got a certificate request" \ 4638 -C "skip write certificate" \ 4639 -C "skip write certificate verify" \ 4640 -S "skip parse certificate verify" \ 4641 -S "x509_verify_cert() returned" \ 4642 -S "! The certificate is not correctly signed by the trusted CA" \ 4643 -S "The certificate has been revoked (is on a CRL)" 4644 4645run_test "SNI: CA override with CRL" \ 4646 "$P_SRV debug_level=3 auth_mode=optional \ 4647 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4648 ca_file=data_files/test-ca.crt \ 4649 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 4650 "$P_CLI debug_level=3 server_name=localhost \ 4651 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4652 1 \ 4653 -S "skip write certificate request" \ 4654 -C "skip parse certificate request" \ 4655 -c "got a certificate request" \ 4656 -C "skip write certificate" \ 4657 -C "skip write certificate verify" \ 4658 -S "skip parse certificate verify" \ 4659 -s "x509_verify_cert() returned" \ 4660 -S "! The certificate is not correctly signed by the trusted CA" \ 4661 -s "The certificate has been revoked (is on a CRL)" 4662 4663# Tests for SNI and DTLS 4664 4665requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4666run_test "SNI: DTLS, no SNI callback" \ 4667 "$P_SRV debug_level=3 dtls=1 \ 4668 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 4669 "$P_CLI server_name=localhost dtls=1" \ 4670 0 \ 4671 -S "parse ServerName extension" \ 4672 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 4673 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 4674 4675requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4676run_test "SNI: DTLS, matching cert 1" \ 4677 "$P_SRV debug_level=3 dtls=1 \ 4678 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4679 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4680 "$P_CLI server_name=localhost dtls=1" \ 4681 0 \ 4682 -s "parse ServerName extension" \ 4683 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 4684 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 4685 4686requires_config_disabled MBEDTLS_X509_REMOVE_INFO 4687run_test "SNI: DTLS, matching cert 2" \ 4688 "$P_SRV debug_level=3 dtls=1 \ 4689 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4690 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4691 "$P_CLI server_name=polarssl.example dtls=1" \ 4692 0 \ 4693 -s "parse ServerName extension" \ 4694 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 4695 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 4696 4697run_test "SNI: DTLS, no matching cert" \ 4698 "$P_SRV debug_level=3 dtls=1 \ 4699 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4700 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 4701 "$P_CLI server_name=nonesuch.example dtls=1" \ 4702 1 \ 4703 -s "parse ServerName extension" \ 4704 -s "ssl_sni_wrapper() returned" \ 4705 -s "mbedtls_ssl_handshake returned" \ 4706 -c "mbedtls_ssl_handshake returned" \ 4707 -c "SSL - A fatal alert message was received from our peer" 4708 4709run_test "SNI: DTLS, client auth no override: optional" \ 4710 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 4711 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4712 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 4713 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 4714 0 \ 4715 -S "skip write certificate request" \ 4716 -C "skip parse certificate request" \ 4717 -c "got a certificate request" \ 4718 -C "skip write certificate" \ 4719 -C "skip write certificate verify" \ 4720 -S "skip parse certificate verify" 4721 4722run_test "SNI: DTLS, client auth override: none -> optional" \ 4723 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 4724 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4725 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 4726 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 4727 0 \ 4728 -S "skip write certificate request" \ 4729 -C "skip parse certificate request" \ 4730 -c "got a certificate request" \ 4731 -C "skip write certificate" \ 4732 -C "skip write certificate verify" \ 4733 -S "skip parse certificate verify" 4734 4735run_test "SNI: DTLS, client auth override: optional -> none" \ 4736 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 4737 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4738 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 4739 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 4740 0 \ 4741 -s "skip write certificate request" \ 4742 -C "skip parse certificate request" \ 4743 -c "got no certificate request" \ 4744 -c "skip write certificate" \ 4745 -c "skip write certificate verify" \ 4746 -s "skip parse certificate verify" 4747 4748run_test "SNI: DTLS, CA no override" \ 4749 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 4750 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4751 ca_file=data_files/test-ca.crt \ 4752 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 4753 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 4754 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4755 1 \ 4756 -S "skip write certificate request" \ 4757 -C "skip parse certificate request" \ 4758 -c "got a certificate request" \ 4759 -C "skip write certificate" \ 4760 -C "skip write certificate verify" \ 4761 -S "skip parse certificate verify" \ 4762 -s "x509_verify_cert() returned" \ 4763 -s "! The certificate is not correctly signed by the trusted CA" \ 4764 -S "The certificate has been revoked (is on a CRL)" 4765 4766run_test "SNI: DTLS, CA override" \ 4767 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 4768 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 4769 ca_file=data_files/test-ca.crt \ 4770 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 4771 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 4772 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4773 0 \ 4774 -S "skip write certificate request" \ 4775 -C "skip parse certificate request" \ 4776 -c "got a certificate request" \ 4777 -C "skip write certificate" \ 4778 -C "skip write certificate verify" \ 4779 -S "skip parse certificate verify" \ 4780 -S "x509_verify_cert() returned" \ 4781 -S "! The certificate is not correctly signed by the trusted CA" \ 4782 -S "The certificate has been revoked (is on a CRL)" 4783 4784run_test "SNI: DTLS, CA override with CRL" \ 4785 "$P_SRV debug_level=3 auth_mode=optional \ 4786 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ 4787 ca_file=data_files/test-ca.crt \ 4788 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 4789 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 4790 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 4791 1 \ 4792 -S "skip write certificate request" \ 4793 -C "skip parse certificate request" \ 4794 -c "got a certificate request" \ 4795 -C "skip write certificate" \ 4796 -C "skip write certificate verify" \ 4797 -S "skip parse certificate verify" \ 4798 -s "x509_verify_cert() returned" \ 4799 -S "! The certificate is not correctly signed by the trusted CA" \ 4800 -s "The certificate has been revoked (is on a CRL)" 4801 4802# Tests for non-blocking I/O: exercise a variety of handshake flows 4803 4804run_test "Non-blocking I/O: basic handshake" \ 4805 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 4806 "$P_CLI nbio=2 tickets=0" \ 4807 0 \ 4808 -S "mbedtls_ssl_handshake returned" \ 4809 -C "mbedtls_ssl_handshake returned" \ 4810 -c "Read from server: .* bytes read" 4811 4812run_test "Non-blocking I/O: client auth" \ 4813 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 4814 "$P_CLI nbio=2 tickets=0" \ 4815 0 \ 4816 -S "mbedtls_ssl_handshake returned" \ 4817 -C "mbedtls_ssl_handshake returned" \ 4818 -c "Read from server: .* bytes read" 4819 4820run_test "Non-blocking I/O: ticket" \ 4821 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 4822 "$P_CLI nbio=2 tickets=1" \ 4823 0 \ 4824 -S "mbedtls_ssl_handshake returned" \ 4825 -C "mbedtls_ssl_handshake returned" \ 4826 -c "Read from server: .* bytes read" 4827 4828run_test "Non-blocking I/O: ticket + client auth" \ 4829 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 4830 "$P_CLI nbio=2 tickets=1" \ 4831 0 \ 4832 -S "mbedtls_ssl_handshake returned" \ 4833 -C "mbedtls_ssl_handshake returned" \ 4834 -c "Read from server: .* bytes read" 4835 4836run_test "Non-blocking I/O: ticket + client auth + resume" \ 4837 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 4838 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 4839 0 \ 4840 -S "mbedtls_ssl_handshake returned" \ 4841 -C "mbedtls_ssl_handshake returned" \ 4842 -c "Read from server: .* bytes read" 4843 4844run_test "Non-blocking I/O: ticket + resume" \ 4845 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 4846 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 4847 0 \ 4848 -S "mbedtls_ssl_handshake returned" \ 4849 -C "mbedtls_ssl_handshake returned" \ 4850 -c "Read from server: .* bytes read" 4851 4852run_test "Non-blocking I/O: session-id resume" \ 4853 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 4854 "$P_CLI nbio=2 tickets=0 reconnect=1" \ 4855 0 \ 4856 -S "mbedtls_ssl_handshake returned" \ 4857 -C "mbedtls_ssl_handshake returned" \ 4858 -c "Read from server: .* bytes read" 4859 4860# Tests for event-driven I/O: exercise a variety of handshake flows 4861 4862run_test "Event-driven I/O: basic handshake" \ 4863 "$P_SRV event=1 tickets=0 auth_mode=none" \ 4864 "$P_CLI event=1 tickets=0" \ 4865 0 \ 4866 -S "mbedtls_ssl_handshake returned" \ 4867 -C "mbedtls_ssl_handshake returned" \ 4868 -c "Read from server: .* bytes read" 4869 4870run_test "Event-driven I/O: client auth" \ 4871 "$P_SRV event=1 tickets=0 auth_mode=required" \ 4872 "$P_CLI event=1 tickets=0" \ 4873 0 \ 4874 -S "mbedtls_ssl_handshake returned" \ 4875 -C "mbedtls_ssl_handshake returned" \ 4876 -c "Read from server: .* bytes read" 4877 4878run_test "Event-driven I/O: ticket" \ 4879 "$P_SRV event=1 tickets=1 auth_mode=none" \ 4880 "$P_CLI event=1 tickets=1" \ 4881 0 \ 4882 -S "mbedtls_ssl_handshake returned" \ 4883 -C "mbedtls_ssl_handshake returned" \ 4884 -c "Read from server: .* bytes read" 4885 4886run_test "Event-driven I/O: ticket + client auth" \ 4887 "$P_SRV event=1 tickets=1 auth_mode=required" \ 4888 "$P_CLI event=1 tickets=1" \ 4889 0 \ 4890 -S "mbedtls_ssl_handshake returned" \ 4891 -C "mbedtls_ssl_handshake returned" \ 4892 -c "Read from server: .* bytes read" 4893 4894run_test "Event-driven I/O: ticket + client auth + resume" \ 4895 "$P_SRV event=1 tickets=1 auth_mode=required" \ 4896 "$P_CLI event=1 tickets=1 reconnect=1" \ 4897 0 \ 4898 -S "mbedtls_ssl_handshake returned" \ 4899 -C "mbedtls_ssl_handshake returned" \ 4900 -c "Read from server: .* bytes read" 4901 4902run_test "Event-driven I/O: ticket + resume" \ 4903 "$P_SRV event=1 tickets=1 auth_mode=none" \ 4904 "$P_CLI event=1 tickets=1 reconnect=1" \ 4905 0 \ 4906 -S "mbedtls_ssl_handshake returned" \ 4907 -C "mbedtls_ssl_handshake returned" \ 4908 -c "Read from server: .* bytes read" 4909 4910run_test "Event-driven I/O: session-id resume" \ 4911 "$P_SRV event=1 tickets=0 auth_mode=none" \ 4912 "$P_CLI event=1 tickets=0 reconnect=1" \ 4913 0 \ 4914 -S "mbedtls_ssl_handshake returned" \ 4915 -C "mbedtls_ssl_handshake returned" \ 4916 -c "Read from server: .* bytes read" 4917 4918run_test "Event-driven I/O, DTLS: basic handshake" \ 4919 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 4920 "$P_CLI dtls=1 event=1 tickets=0" \ 4921 0 \ 4922 -c "Read from server: .* bytes read" 4923 4924run_test "Event-driven I/O, DTLS: client auth" \ 4925 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 4926 "$P_CLI dtls=1 event=1 tickets=0" \ 4927 0 \ 4928 -c "Read from server: .* bytes read" 4929 4930run_test "Event-driven I/O, DTLS: ticket" \ 4931 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 4932 "$P_CLI dtls=1 event=1 tickets=1" \ 4933 0 \ 4934 -c "Read from server: .* bytes read" 4935 4936run_test "Event-driven I/O, DTLS: ticket + client auth" \ 4937 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 4938 "$P_CLI dtls=1 event=1 tickets=1" \ 4939 0 \ 4940 -c "Read from server: .* bytes read" 4941 4942run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 4943 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 4944 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4945 0 \ 4946 -c "Read from server: .* bytes read" 4947 4948run_test "Event-driven I/O, DTLS: ticket + resume" \ 4949 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 4950 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4951 0 \ 4952 -c "Read from server: .* bytes read" 4953 4954run_test "Event-driven I/O, DTLS: session-id resume" \ 4955 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 4956 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 4957 0 \ 4958 -c "Read from server: .* bytes read" 4959 4960# This test demonstrates the need for the mbedtls_ssl_check_pending function. 4961# During session resumption, the client will send its ApplicationData record 4962# within the same datagram as the Finished messages. In this situation, the 4963# server MUST NOT idle on the underlying transport after handshake completion, 4964# because the ApplicationData request has already been queued internally. 4965run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 4966 -p "$P_PXY pack=50" \ 4967 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 4968 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 4969 0 \ 4970 -c "Read from server: .* bytes read" 4971 4972# Tests for version negotiation 4973 4974run_test "Version check: all -> 1.2" \ 4975 "$P_SRV" \ 4976 "$P_CLI" \ 4977 0 \ 4978 -S "mbedtls_ssl_handshake returned" \ 4979 -C "mbedtls_ssl_handshake returned" \ 4980 -s "Protocol is TLSv1.2" \ 4981 -c "Protocol is TLSv1.2" 4982 4983run_test "Not supported version check: cli TLS 1.0" \ 4984 "$P_SRV" \ 4985 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ 4986 1 \ 4987 -s "Handshake protocol not within min/max boundaries" \ 4988 -c "Error in protocol version" \ 4989 -S "Protocol is TLSv1.0" \ 4990 -C "Handshake was completed" 4991 4992run_test "Not supported version check: cli TLS 1.1" \ 4993 "$P_SRV" \ 4994 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ 4995 1 \ 4996 -s "Handshake protocol not within min/max boundaries" \ 4997 -c "Error in protocol version" \ 4998 -S "Protocol is TLSv1.1" \ 4999 -C "Handshake was completed" 5000 5001run_test "Not supported version check: srv max TLS 1.0" \ 5002 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ 5003 "$P_CLI" \ 5004 1 \ 5005 -s "Error in protocol version" \ 5006 -c "Handshake protocol not within min/max boundaries" \ 5007 -S "Version: TLS1.0" \ 5008 -C "Protocol is TLSv1.0" 5009 5010run_test "Not supported version check: srv max TLS 1.1" \ 5011 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ 5012 "$P_CLI" \ 5013 1 \ 5014 -s "Error in protocol version" \ 5015 -c "Handshake protocol not within min/max boundaries" \ 5016 -S "Version: TLS1.1" \ 5017 -C "Protocol is TLSv1.1" 5018 5019# Tests for ALPN extension 5020 5021run_test "ALPN: none" \ 5022 "$P_SRV debug_level=3" \ 5023 "$P_CLI debug_level=3" \ 5024 0 \ 5025 -C "client hello, adding alpn extension" \ 5026 -S "found alpn extension" \ 5027 -C "got an alert message, type: \\[2:120]" \ 5028 -S "server hello, adding alpn extension" \ 5029 -C "found alpn extension " \ 5030 -C "Application Layer Protocol is" \ 5031 -S "Application Layer Protocol is" 5032 5033run_test "ALPN: client only" \ 5034 "$P_SRV debug_level=3" \ 5035 "$P_CLI debug_level=3 alpn=abc,1234" \ 5036 0 \ 5037 -c "client hello, adding alpn extension" \ 5038 -s "found alpn extension" \ 5039 -C "got an alert message, type: \\[2:120]" \ 5040 -S "server hello, adding alpn extension" \ 5041 -C "found alpn extension " \ 5042 -c "Application Layer Protocol is (none)" \ 5043 -S "Application Layer Protocol is" 5044 5045run_test "ALPN: server only" \ 5046 "$P_SRV debug_level=3 alpn=abc,1234" \ 5047 "$P_CLI debug_level=3" \ 5048 0 \ 5049 -C "client hello, adding alpn extension" \ 5050 -S "found alpn extension" \ 5051 -C "got an alert message, type: \\[2:120]" \ 5052 -S "server hello, adding alpn extension" \ 5053 -C "found alpn extension " \ 5054 -C "Application Layer Protocol is" \ 5055 -s "Application Layer Protocol is (none)" 5056 5057run_test "ALPN: both, common cli1-srv1" \ 5058 "$P_SRV debug_level=3 alpn=abc,1234" \ 5059 "$P_CLI debug_level=3 alpn=abc,1234" \ 5060 0 \ 5061 -c "client hello, adding alpn extension" \ 5062 -s "found alpn extension" \ 5063 -C "got an alert message, type: \\[2:120]" \ 5064 -s "server hello, adding alpn extension" \ 5065 -c "found alpn extension" \ 5066 -c "Application Layer Protocol is abc" \ 5067 -s "Application Layer Protocol is abc" 5068 5069run_test "ALPN: both, common cli2-srv1" \ 5070 "$P_SRV debug_level=3 alpn=abc,1234" \ 5071 "$P_CLI debug_level=3 alpn=1234,abc" \ 5072 0 \ 5073 -c "client hello, adding alpn extension" \ 5074 -s "found alpn extension" \ 5075 -C "got an alert message, type: \\[2:120]" \ 5076 -s "server hello, adding alpn extension" \ 5077 -c "found alpn extension" \ 5078 -c "Application Layer Protocol is abc" \ 5079 -s "Application Layer Protocol is abc" 5080 5081run_test "ALPN: both, common cli1-srv2" \ 5082 "$P_SRV debug_level=3 alpn=abc,1234" \ 5083 "$P_CLI debug_level=3 alpn=1234,abcde" \ 5084 0 \ 5085 -c "client hello, adding alpn extension" \ 5086 -s "found alpn extension" \ 5087 -C "got an alert message, type: \\[2:120]" \ 5088 -s "server hello, adding alpn extension" \ 5089 -c "found alpn extension" \ 5090 -c "Application Layer Protocol is 1234" \ 5091 -s "Application Layer Protocol is 1234" 5092 5093run_test "ALPN: both, no common" \ 5094 "$P_SRV debug_level=3 alpn=abc,123" \ 5095 "$P_CLI debug_level=3 alpn=1234,abcde" \ 5096 1 \ 5097 -c "client hello, adding alpn extension" \ 5098 -s "found alpn extension" \ 5099 -c "got an alert message, type: \\[2:120]" \ 5100 -S "server hello, adding alpn extension" \ 5101 -C "found alpn extension" \ 5102 -C "Application Layer Protocol is 1234" \ 5103 -S "Application Layer Protocol is 1234" 5104 5105 5106# Tests for keyUsage in leaf certificates, part 1: 5107# server-side certificate/suite selection 5108 5109run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ 5110 "$P_SRV key_file=data_files/server2.key \ 5111 crt_file=data_files/server2.ku-ds.crt" \ 5112 "$P_CLI" \ 5113 0 \ 5114 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 5115 5116 5117run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 5118 "$P_SRV key_file=data_files/server2.key \ 5119 crt_file=data_files/server2.ku-ke.crt" \ 5120 "$P_CLI" \ 5121 0 \ 5122 -c "Ciphersuite is TLS-RSA-WITH-" 5123 5124run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 5125 "$P_SRV key_file=data_files/server2.key \ 5126 crt_file=data_files/server2.ku-ka.crt" \ 5127 "$P_CLI" \ 5128 1 \ 5129 -C "Ciphersuite is " 5130 5131run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ 5132 "$P_SRV key_file=data_files/server5.key \ 5133 crt_file=data_files/server5.ku-ds.crt" \ 5134 "$P_CLI" \ 5135 0 \ 5136 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 5137 5138 5139run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 5140 "$P_SRV key_file=data_files/server5.key \ 5141 crt_file=data_files/server5.ku-ka.crt" \ 5142 "$P_CLI" \ 5143 0 \ 5144 -c "Ciphersuite is TLS-ECDH-" 5145 5146run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ 5147 "$P_SRV key_file=data_files/server5.key \ 5148 crt_file=data_files/server5.ku-ke.crt" \ 5149 "$P_CLI" \ 5150 1 \ 5151 -C "Ciphersuite is " 5152 5153# Tests for keyUsage in leaf certificates, part 2: 5154# client-side checking of server cert 5155 5156run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ 5157 "$O_SRV -key data_files/server2.key \ 5158 -cert data_files/server2.ku-ds_ke.crt" \ 5159 "$P_CLI debug_level=1 \ 5160 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5161 0 \ 5162 -C "bad certificate (usage extensions)" \ 5163 -C "Processing of the Certificate handshake message failed" \ 5164 -c "Ciphersuite is TLS-" 5165 5166run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 5167 "$O_SRV -key data_files/server2.key \ 5168 -cert data_files/server2.ku-ds_ke.crt" \ 5169 "$P_CLI debug_level=1 \ 5170 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 5171 0 \ 5172 -C "bad certificate (usage extensions)" \ 5173 -C "Processing of the Certificate handshake message failed" \ 5174 -c "Ciphersuite is TLS-" 5175 5176run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ 5177 "$O_SRV -key data_files/server2.key \ 5178 -cert data_files/server2.ku-ke.crt" \ 5179 "$P_CLI debug_level=1 \ 5180 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5181 0 \ 5182 -C "bad certificate (usage extensions)" \ 5183 -C "Processing of the Certificate handshake message failed" \ 5184 -c "Ciphersuite is TLS-" 5185 5186run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ 5187 "$O_SRV -key data_files/server2.key \ 5188 -cert data_files/server2.ku-ke.crt" \ 5189 "$P_CLI debug_level=1 \ 5190 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 5191 1 \ 5192 -c "bad certificate (usage extensions)" \ 5193 -c "Processing of the Certificate handshake message failed" \ 5194 -C "Ciphersuite is TLS-" 5195 5196run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ 5197 "$O_SRV -key data_files/server2.key \ 5198 -cert data_files/server2.ku-ke.crt" \ 5199 "$P_CLI debug_level=1 auth_mode=optional \ 5200 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 5201 0 \ 5202 -c "bad certificate (usage extensions)" \ 5203 -C "Processing of the Certificate handshake message failed" \ 5204 -c "Ciphersuite is TLS-" \ 5205 -c "! Usage does not match the keyUsage extension" 5206 5207run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ 5208 "$O_SRV -key data_files/server2.key \ 5209 -cert data_files/server2.ku-ds.crt" \ 5210 "$P_CLI debug_level=1 \ 5211 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 5212 0 \ 5213 -C "bad certificate (usage extensions)" \ 5214 -C "Processing of the Certificate handshake message failed" \ 5215 -c "Ciphersuite is TLS-" 5216 5217run_test "keyUsage cli: DigitalSignature, RSA: fail" \ 5218 "$O_SRV -key data_files/server2.key \ 5219 -cert data_files/server2.ku-ds.crt" \ 5220 "$P_CLI debug_level=1 \ 5221 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5222 1 \ 5223 -c "bad certificate (usage extensions)" \ 5224 -c "Processing of the Certificate handshake message failed" \ 5225 -C "Ciphersuite is TLS-" 5226 5227run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ 5228 "$O_SRV -key data_files/server2.key \ 5229 -cert data_files/server2.ku-ds.crt" \ 5230 "$P_CLI debug_level=1 auth_mode=optional \ 5231 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 5232 0 \ 5233 -c "bad certificate (usage extensions)" \ 5234 -C "Processing of the Certificate handshake message failed" \ 5235 -c "Ciphersuite is TLS-" \ 5236 -c "! Usage does not match the keyUsage extension" 5237 5238# Tests for keyUsage in leaf certificates, part 3: 5239# server-side checking of client cert 5240 5241run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ 5242 "$P_SRV debug_level=1 auth_mode=optional" \ 5243 "$O_CLI -key data_files/server2.key \ 5244 -cert data_files/server2.ku-ds.crt" \ 5245 0 \ 5246 -S "bad certificate (usage extensions)" \ 5247 -S "Processing of the Certificate handshake message failed" 5248 5249run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ 5250 "$P_SRV debug_level=1 auth_mode=optional" \ 5251 "$O_CLI -key data_files/server2.key \ 5252 -cert data_files/server2.ku-ke.crt" \ 5253 0 \ 5254 -s "bad certificate (usage extensions)" \ 5255 -S "Processing of the Certificate handshake message failed" 5256 5257run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ 5258 "$P_SRV debug_level=1 auth_mode=required" \ 5259 "$O_CLI -key data_files/server2.key \ 5260 -cert data_files/server2.ku-ke.crt" \ 5261 1 \ 5262 -s "bad certificate (usage extensions)" \ 5263 -s "Processing of the Certificate handshake message failed" 5264 5265run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ 5266 "$P_SRV debug_level=1 auth_mode=optional" \ 5267 "$O_CLI -key data_files/server5.key \ 5268 -cert data_files/server5.ku-ds.crt" \ 5269 0 \ 5270 -S "bad certificate (usage extensions)" \ 5271 -S "Processing of the Certificate handshake message failed" 5272 5273run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ 5274 "$P_SRV debug_level=1 auth_mode=optional" \ 5275 "$O_CLI -key data_files/server5.key \ 5276 -cert data_files/server5.ku-ka.crt" \ 5277 0 \ 5278 -s "bad certificate (usage extensions)" \ 5279 -S "Processing of the Certificate handshake message failed" 5280 5281# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 5282 5283run_test "extKeyUsage srv: serverAuth -> OK" \ 5284 "$P_SRV key_file=data_files/server5.key \ 5285 crt_file=data_files/server5.eku-srv.crt" \ 5286 "$P_CLI" \ 5287 0 5288 5289run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 5290 "$P_SRV key_file=data_files/server5.key \ 5291 crt_file=data_files/server5.eku-srv.crt" \ 5292 "$P_CLI" \ 5293 0 5294 5295run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 5296 "$P_SRV key_file=data_files/server5.key \ 5297 crt_file=data_files/server5.eku-cs_any.crt" \ 5298 "$P_CLI" \ 5299 0 5300 5301run_test "extKeyUsage srv: codeSign -> fail" \ 5302 "$P_SRV key_file=data_files/server5.key \ 5303 crt_file=data_files/server5.eku-cli.crt" \ 5304 "$P_CLI" \ 5305 1 5306 5307# Tests for extendedKeyUsage, part 2: client-side checking of server cert 5308 5309run_test "extKeyUsage cli: serverAuth -> OK" \ 5310 "$O_SRV -key data_files/server5.key \ 5311 -cert data_files/server5.eku-srv.crt" \ 5312 "$P_CLI debug_level=1" \ 5313 0 \ 5314 -C "bad certificate (usage extensions)" \ 5315 -C "Processing of the Certificate handshake message failed" \ 5316 -c "Ciphersuite is TLS-" 5317 5318run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ 5319 "$O_SRV -key data_files/server5.key \ 5320 -cert data_files/server5.eku-srv_cli.crt" \ 5321 "$P_CLI debug_level=1" \ 5322 0 \ 5323 -C "bad certificate (usage extensions)" \ 5324 -C "Processing of the Certificate handshake message failed" \ 5325 -c "Ciphersuite is TLS-" 5326 5327run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ 5328 "$O_SRV -key data_files/server5.key \ 5329 -cert data_files/server5.eku-cs_any.crt" \ 5330 "$P_CLI debug_level=1" \ 5331 0 \ 5332 -C "bad certificate (usage extensions)" \ 5333 -C "Processing of the Certificate handshake message failed" \ 5334 -c "Ciphersuite is TLS-" 5335 5336run_test "extKeyUsage cli: codeSign -> fail" \ 5337 "$O_SRV -key data_files/server5.key \ 5338 -cert data_files/server5.eku-cs.crt" \ 5339 "$P_CLI debug_level=1" \ 5340 1 \ 5341 -c "bad certificate (usage extensions)" \ 5342 -c "Processing of the Certificate handshake message failed" \ 5343 -C "Ciphersuite is TLS-" 5344 5345# Tests for extendedKeyUsage, part 3: server-side checking of client cert 5346 5347run_test "extKeyUsage cli-auth: clientAuth -> OK" \ 5348 "$P_SRV debug_level=1 auth_mode=optional" \ 5349 "$O_CLI -key data_files/server5.key \ 5350 -cert data_files/server5.eku-cli.crt" \ 5351 0 \ 5352 -S "bad certificate (usage extensions)" \ 5353 -S "Processing of the Certificate handshake message failed" 5354 5355run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ 5356 "$P_SRV debug_level=1 auth_mode=optional" \ 5357 "$O_CLI -key data_files/server5.key \ 5358 -cert data_files/server5.eku-srv_cli.crt" \ 5359 0 \ 5360 -S "bad certificate (usage extensions)" \ 5361 -S "Processing of the Certificate handshake message failed" 5362 5363run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ 5364 "$P_SRV debug_level=1 auth_mode=optional" \ 5365 "$O_CLI -key data_files/server5.key \ 5366 -cert data_files/server5.eku-cs_any.crt" \ 5367 0 \ 5368 -S "bad certificate (usage extensions)" \ 5369 -S "Processing of the Certificate handshake message failed" 5370 5371run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ 5372 "$P_SRV debug_level=1 auth_mode=optional" \ 5373 "$O_CLI -key data_files/server5.key \ 5374 -cert data_files/server5.eku-cs.crt" \ 5375 0 \ 5376 -s "bad certificate (usage extensions)" \ 5377 -S "Processing of the Certificate handshake message failed" 5378 5379run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ 5380 "$P_SRV debug_level=1 auth_mode=required" \ 5381 "$O_CLI -key data_files/server5.key \ 5382 -cert data_files/server5.eku-cs.crt" \ 5383 1 \ 5384 -s "bad certificate (usage extensions)" \ 5385 -s "Processing of the Certificate handshake message failed" 5386 5387# Tests for DHM parameters loading 5388 5389run_test "DHM parameters: reference" \ 5390 "$P_SRV" \ 5391 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5392 debug_level=3" \ 5393 0 \ 5394 -c "value of 'DHM: P ' (2048 bits)" \ 5395 -c "value of 'DHM: G ' (2 bits)" 5396 5397run_test "DHM parameters: other parameters" \ 5398 "$P_SRV dhm_file=data_files/dhparams.pem" \ 5399 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5400 debug_level=3" \ 5401 0 \ 5402 -c "value of 'DHM: P ' (1024 bits)" \ 5403 -c "value of 'DHM: G ' (2 bits)" 5404 5405# Tests for DHM client-side size checking 5406 5407run_test "DHM size: server default, client default, OK" \ 5408 "$P_SRV" \ 5409 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5410 debug_level=1" \ 5411 0 \ 5412 -C "DHM prime too short:" 5413 5414run_test "DHM size: server default, client 2048, OK" \ 5415 "$P_SRV" \ 5416 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5417 debug_level=1 dhmlen=2048" \ 5418 0 \ 5419 -C "DHM prime too short:" 5420 5421run_test "DHM size: server 1024, client default, OK" \ 5422 "$P_SRV dhm_file=data_files/dhparams.pem" \ 5423 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5424 debug_level=1" \ 5425 0 \ 5426 -C "DHM prime too short:" 5427 5428run_test "DHM size: server 999, client 999, OK" \ 5429 "$P_SRV dhm_file=data_files/dh.999.pem" \ 5430 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5431 debug_level=1 dhmlen=999" \ 5432 0 \ 5433 -C "DHM prime too short:" 5434 5435run_test "DHM size: server 1000, client 1000, OK" \ 5436 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 5437 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5438 debug_level=1 dhmlen=1000" \ 5439 0 \ 5440 -C "DHM prime too short:" 5441 5442run_test "DHM size: server 1000, client default, rejected" \ 5443 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 5444 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5445 debug_level=1" \ 5446 1 \ 5447 -c "DHM prime too short:" 5448 5449run_test "DHM size: server 1000, client 1001, rejected" \ 5450 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 5451 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5452 debug_level=1 dhmlen=1001" \ 5453 1 \ 5454 -c "DHM prime too short:" 5455 5456run_test "DHM size: server 999, client 1000, rejected" \ 5457 "$P_SRV dhm_file=data_files/dh.999.pem" \ 5458 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5459 debug_level=1 dhmlen=1000" \ 5460 1 \ 5461 -c "DHM prime too short:" 5462 5463run_test "DHM size: server 998, client 999, rejected" \ 5464 "$P_SRV dhm_file=data_files/dh.998.pem" \ 5465 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5466 debug_level=1 dhmlen=999" \ 5467 1 \ 5468 -c "DHM prime too short:" 5469 5470run_test "DHM size: server default, client 2049, rejected" \ 5471 "$P_SRV" \ 5472 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 5473 debug_level=1 dhmlen=2049" \ 5474 1 \ 5475 -c "DHM prime too short:" 5476 5477# Tests for PSK callback 5478 5479run_test "PSK callback: psk, no callback" \ 5480 "$P_SRV psk=abc123 psk_identity=foo" \ 5481 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5482 psk_identity=foo psk=abc123" \ 5483 0 \ 5484 -S "SSL - The handshake negotiation failed" \ 5485 -S "SSL - Unknown identity received" \ 5486 -S "SSL - Verification of the message MAC failed" 5487 5488requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5489run_test "PSK callback: opaque psk on client, no callback" \ 5490 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 5491 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5492 psk_identity=foo psk=abc123 psk_opaque=1" \ 5493 0 \ 5494 -c "skip PMS generation for opaque PSK"\ 5495 -S "skip PMS generation for opaque PSK"\ 5496 -C "session hash for extended master secret"\ 5497 -S "session hash for extended master secret"\ 5498 -S "SSL - The handshake negotiation failed" \ 5499 -S "SSL - Unknown identity received" \ 5500 -S "SSL - Verification of the message MAC failed" 5501 5502requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5503run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ 5504 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 5505 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5506 psk_identity=foo psk=abc123 psk_opaque=1" \ 5507 0 \ 5508 -c "skip PMS generation for opaque PSK"\ 5509 -S "skip PMS generation for opaque PSK"\ 5510 -C "session hash for extended master secret"\ 5511 -S "session hash for extended master secret"\ 5512 -S "SSL - The handshake negotiation failed" \ 5513 -S "SSL - Unknown identity received" \ 5514 -S "SSL - Verification of the message MAC failed" 5515 5516requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5517run_test "PSK callback: opaque psk on client, no callback, EMS" \ 5518 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 5519 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5520 psk_identity=foo psk=abc123 psk_opaque=1" \ 5521 0 \ 5522 -c "skip PMS generation for opaque PSK"\ 5523 -S "skip PMS generation for opaque PSK"\ 5524 -c "session hash for extended master secret"\ 5525 -s "session hash for extended master secret"\ 5526 -S "SSL - The handshake negotiation failed" \ 5527 -S "SSL - Unknown identity received" \ 5528 -S "SSL - Verification of the message MAC failed" 5529 5530requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5531run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ 5532 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 5533 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5534 psk_identity=foo psk=abc123 psk_opaque=1" \ 5535 0 \ 5536 -c "skip PMS generation for opaque PSK"\ 5537 -S "skip PMS generation for opaque PSK"\ 5538 -c "session hash for extended master secret"\ 5539 -s "session hash for extended master secret"\ 5540 -S "SSL - The handshake negotiation failed" \ 5541 -S "SSL - Unknown identity received" \ 5542 -S "SSL - Verification of the message MAC failed" 5543 5544requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5545run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ 5546 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5547 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5548 psk_identity=foo psk=abc123" \ 5549 0 \ 5550 -C "skip PMS generation for opaque PSK"\ 5551 -s "skip PMS generation for opaque PSK"\ 5552 -C "session hash for extended master secret"\ 5553 -S "session hash for extended master secret"\ 5554 -S "SSL - The handshake negotiation failed" \ 5555 -S "SSL - Unknown identity received" \ 5556 -S "SSL - Verification of the message MAC failed" 5557 5558requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5559run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ 5560 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 5561 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5562 psk_identity=foo psk=abc123" \ 5563 0 \ 5564 -C "skip PMS generation for opaque PSK"\ 5565 -s "skip PMS generation for opaque PSK"\ 5566 -C "session hash for extended master secret"\ 5567 -S "session hash for extended master secret"\ 5568 -S "SSL - The handshake negotiation failed" \ 5569 -S "SSL - Unknown identity received" \ 5570 -S "SSL - Verification of the message MAC failed" 5571 5572requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5573run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ 5574 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 5575 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 5576 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5577 psk_identity=foo psk=abc123 extended_ms=1" \ 5578 0 \ 5579 -c "session hash for extended master secret"\ 5580 -s "session hash for extended master secret"\ 5581 -C "skip PMS generation for opaque PSK"\ 5582 -s "skip PMS generation for opaque PSK"\ 5583 -S "SSL - The handshake negotiation failed" \ 5584 -S "SSL - Unknown identity received" \ 5585 -S "SSL - Verification of the message MAC failed" 5586 5587requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5588run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ 5589 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 5590 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 5591 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5592 psk_identity=foo psk=abc123 extended_ms=1" \ 5593 0 \ 5594 -c "session hash for extended master secret"\ 5595 -s "session hash for extended master secret"\ 5596 -C "skip PMS generation for opaque PSK"\ 5597 -s "skip PMS generation for opaque PSK"\ 5598 -S "SSL - The handshake negotiation failed" \ 5599 -S "SSL - Unknown identity received" \ 5600 -S "SSL - Verification of the message MAC failed" 5601 5602requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5603run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ 5604 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5605 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5606 psk_identity=def psk=beef" \ 5607 0 \ 5608 -C "skip PMS generation for opaque PSK"\ 5609 -s "skip PMS generation for opaque PSK"\ 5610 -C "session hash for extended master secret"\ 5611 -S "session hash for extended master secret"\ 5612 -S "SSL - The handshake negotiation failed" \ 5613 -S "SSL - Unknown identity received" \ 5614 -S "SSL - Verification of the message MAC failed" 5615 5616requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5617run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ 5618 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 5619 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5620 psk_identity=def psk=beef" \ 5621 0 \ 5622 -C "skip PMS generation for opaque PSK"\ 5623 -s "skip PMS generation for opaque PSK"\ 5624 -C "session hash for extended master secret"\ 5625 -S "session hash for extended master secret"\ 5626 -S "SSL - The handshake negotiation failed" \ 5627 -S "SSL - Unknown identity received" \ 5628 -S "SSL - Verification of the message MAC failed" 5629 5630requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5631run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ 5632 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 5633 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 5634 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5635 psk_identity=abc psk=dead extended_ms=1" \ 5636 0 \ 5637 -c "session hash for extended master secret"\ 5638 -s "session hash for extended master secret"\ 5639 -C "skip PMS generation for opaque PSK"\ 5640 -s "skip PMS generation for opaque PSK"\ 5641 -S "SSL - The handshake negotiation failed" \ 5642 -S "SSL - Unknown identity received" \ 5643 -S "SSL - Verification of the message MAC failed" 5644 5645requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5646run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ 5647 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 5648 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 5649 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 5650 psk_identity=abc psk=dead extended_ms=1" \ 5651 0 \ 5652 -c "session hash for extended master secret"\ 5653 -s "session hash for extended master secret"\ 5654 -C "skip PMS generation for opaque PSK"\ 5655 -s "skip PMS generation for opaque PSK"\ 5656 -S "SSL - The handshake negotiation failed" \ 5657 -S "SSL - Unknown identity received" \ 5658 -S "SSL - Verification of the message MAC failed" 5659 5660requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5661run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ 5662 "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5663 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5664 psk_identity=def psk=beef" \ 5665 0 \ 5666 -C "skip PMS generation for opaque PSK"\ 5667 -s "skip PMS generation for opaque PSK"\ 5668 -C "session hash for extended master secret"\ 5669 -S "session hash for extended master secret"\ 5670 -S "SSL - The handshake negotiation failed" \ 5671 -S "SSL - Unknown identity received" \ 5672 -S "SSL - Verification of the message MAC failed" 5673 5674requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5675run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ 5676 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5677 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5678 psk_identity=def psk=beef" \ 5679 0 \ 5680 -C "skip PMS generation for opaque PSK"\ 5681 -s "skip PMS generation for opaque PSK"\ 5682 -C "session hash for extended master secret"\ 5683 -S "session hash for extended master secret"\ 5684 -S "SSL - The handshake negotiation failed" \ 5685 -S "SSL - Unknown identity received" \ 5686 -S "SSL - Verification of the message MAC failed" 5687 5688requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5689run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ 5690 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5691 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5692 psk_identity=def psk=beef" \ 5693 0 \ 5694 -C "skip PMS generation for opaque PSK"\ 5695 -C "session hash for extended master secret"\ 5696 -S "session hash for extended master secret"\ 5697 -S "SSL - The handshake negotiation failed" \ 5698 -S "SSL - Unknown identity received" \ 5699 -S "SSL - Verification of the message MAC failed" 5700 5701requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5702run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ 5703 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5704 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5705 psk_identity=def psk=beef" \ 5706 0 \ 5707 -C "skip PMS generation for opaque PSK"\ 5708 -C "session hash for extended master secret"\ 5709 -S "session hash for extended master secret"\ 5710 -S "SSL - The handshake negotiation failed" \ 5711 -S "SSL - Unknown identity received" \ 5712 -S "SSL - Verification of the message MAC failed" 5713 5714requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 5715run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ 5716 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 5717 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5718 psk_identity=def psk=beef" \ 5719 1 \ 5720 -s "SSL - Verification of the message MAC failed" 5721 5722run_test "PSK callback: no psk, no callback" \ 5723 "$P_SRV" \ 5724 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5725 psk_identity=foo psk=abc123" \ 5726 1 \ 5727 -s "SSL - The handshake negotiation failed" \ 5728 -S "SSL - Unknown identity received" \ 5729 -S "SSL - Verification of the message MAC failed" 5730 5731run_test "PSK callback: callback overrides other settings" \ 5732 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ 5733 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5734 psk_identity=foo psk=abc123" \ 5735 1 \ 5736 -S "SSL - The handshake negotiation failed" \ 5737 -s "SSL - Unknown identity received" \ 5738 -S "SSL - Verification of the message MAC failed" 5739 5740run_test "PSK callback: first id matches" \ 5741 "$P_SRV psk_list=abc,dead,def,beef" \ 5742 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5743 psk_identity=abc psk=dead" \ 5744 0 \ 5745 -S "SSL - The handshake negotiation failed" \ 5746 -S "SSL - Unknown identity received" \ 5747 -S "SSL - Verification of the message MAC failed" 5748 5749run_test "PSK callback: second id matches" \ 5750 "$P_SRV psk_list=abc,dead,def,beef" \ 5751 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5752 psk_identity=def psk=beef" \ 5753 0 \ 5754 -S "SSL - The handshake negotiation failed" \ 5755 -S "SSL - Unknown identity received" \ 5756 -S "SSL - Verification of the message MAC failed" 5757 5758run_test "PSK callback: no match" \ 5759 "$P_SRV psk_list=abc,dead,def,beef" \ 5760 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5761 psk_identity=ghi psk=beef" \ 5762 1 \ 5763 -S "SSL - The handshake negotiation failed" \ 5764 -s "SSL - Unknown identity received" \ 5765 -S "SSL - Verification of the message MAC failed" 5766 5767run_test "PSK callback: wrong key" \ 5768 "$P_SRV psk_list=abc,dead,def,beef" \ 5769 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 5770 psk_identity=abc psk=beef" \ 5771 1 \ 5772 -S "SSL - The handshake negotiation failed" \ 5773 -S "SSL - Unknown identity received" \ 5774 -s "SSL - Verification of the message MAC failed" 5775 5776# Tests for EC J-PAKE 5777 5778requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5779run_test "ECJPAKE: client not configured" \ 5780 "$P_SRV debug_level=3" \ 5781 "$P_CLI debug_level=3" \ 5782 0 \ 5783 -C "add ciphersuite: 0xc0ff" \ 5784 -C "adding ecjpake_kkpp extension" \ 5785 -S "found ecjpake kkpp extension" \ 5786 -S "skip ecjpake kkpp extension" \ 5787 -S "ciphersuite mismatch: ecjpake not configured" \ 5788 -S "server hello, ecjpake kkpp extension" \ 5789 -C "found ecjpake_kkpp extension" \ 5790 -S "SSL - The handshake negotiation failed" 5791 5792requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5793run_test "ECJPAKE: server not configured" \ 5794 "$P_SRV debug_level=3" \ 5795 "$P_CLI debug_level=3 ecjpake_pw=bla \ 5796 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5797 1 \ 5798 -c "add ciphersuite: 0xc0ff" \ 5799 -c "adding ecjpake_kkpp extension" \ 5800 -s "found ecjpake kkpp extension" \ 5801 -s "skip ecjpake kkpp extension" \ 5802 -s "ciphersuite mismatch: ecjpake not configured" \ 5803 -S "server hello, ecjpake kkpp extension" \ 5804 -C "found ecjpake_kkpp extension" \ 5805 -s "SSL - The handshake negotiation failed" 5806 5807requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5808run_test "ECJPAKE: working, TLS" \ 5809 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 5810 "$P_CLI debug_level=3 ecjpake_pw=bla \ 5811 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5812 0 \ 5813 -c "add ciphersuite: 0xc0ff" \ 5814 -c "adding ecjpake_kkpp extension" \ 5815 -C "re-using cached ecjpake parameters" \ 5816 -s "found ecjpake kkpp extension" \ 5817 -S "skip ecjpake kkpp extension" \ 5818 -S "ciphersuite mismatch: ecjpake not configured" \ 5819 -s "server hello, ecjpake kkpp extension" \ 5820 -c "found ecjpake_kkpp extension" \ 5821 -S "SSL - The handshake negotiation failed" \ 5822 -S "SSL - Verification of the message MAC failed" 5823 5824server_needs_more_time 1 5825requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5826run_test "ECJPAKE: password mismatch, TLS" \ 5827 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 5828 "$P_CLI debug_level=3 ecjpake_pw=bad \ 5829 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5830 1 \ 5831 -C "re-using cached ecjpake parameters" \ 5832 -s "SSL - Verification of the message MAC failed" 5833 5834requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5835run_test "ECJPAKE: working, DTLS" \ 5836 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 5837 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 5838 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5839 0 \ 5840 -c "re-using cached ecjpake parameters" \ 5841 -S "SSL - Verification of the message MAC failed" 5842 5843requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5844run_test "ECJPAKE: working, DTLS, no cookie" \ 5845 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 5846 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 5847 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5848 0 \ 5849 -C "re-using cached ecjpake parameters" \ 5850 -S "SSL - Verification of the message MAC failed" 5851 5852server_needs_more_time 1 5853requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5854run_test "ECJPAKE: password mismatch, DTLS" \ 5855 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 5856 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 5857 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5858 1 \ 5859 -c "re-using cached ecjpake parameters" \ 5860 -s "SSL - Verification of the message MAC failed" 5861 5862# for tests with configs/config-thread.h 5863requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 5864run_test "ECJPAKE: working, DTLS, nolog" \ 5865 "$P_SRV dtls=1 ecjpake_pw=bla" \ 5866 "$P_CLI dtls=1 ecjpake_pw=bla \ 5867 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 5868 0 5869 5870# Test for ClientHello without extensions 5871 5872requires_gnutls 5873run_test "ClientHello without extensions" \ 5874 "$P_SRV debug_level=3" \ 5875 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 5876 0 \ 5877 -s "dumping 'client hello extensions' (0 bytes)" 5878 5879# Tests for mbedtls_ssl_get_bytes_avail() 5880 5881run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 5882 "$P_SRV" \ 5883 "$P_CLI request_size=100" \ 5884 0 \ 5885 -s "Read from client: 100 bytes read$" 5886 5887run_test "mbedtls_ssl_get_bytes_avail: extra data" \ 5888 "$P_SRV" \ 5889 "$P_CLI request_size=500" \ 5890 0 \ 5891 -s "Read from client: 500 bytes read (.*+.*)" 5892 5893# Tests for small client packets 5894 5895run_test "Small client packet TLS 1.2 BlockCipher" \ 5896 "$P_SRV" \ 5897 "$P_CLI request_size=1 force_version=tls12 \ 5898 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5899 0 \ 5900 -s "Read from client: 1 bytes read" 5901 5902run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 5903 "$P_SRV" \ 5904 "$P_CLI request_size=1 force_version=tls12 \ 5905 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 5906 0 \ 5907 -s "Read from client: 1 bytes read" 5908 5909run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 5910 "$P_SRV" \ 5911 "$P_CLI request_size=1 force_version=tls12 \ 5912 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5913 0 \ 5914 -s "Read from client: 1 bytes read" 5915 5916run_test "Small client packet TLS 1.2 AEAD" \ 5917 "$P_SRV" \ 5918 "$P_CLI request_size=1 force_version=tls12 \ 5919 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5920 0 \ 5921 -s "Read from client: 1 bytes read" 5922 5923run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 5924 "$P_SRV" \ 5925 "$P_CLI request_size=1 force_version=tls12 \ 5926 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5927 0 \ 5928 -s "Read from client: 1 bytes read" 5929 5930# Tests for small client packets in DTLS 5931 5932requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5933run_test "Small client packet DTLS 1.2" \ 5934 "$P_SRV dtls=1 force_version=dtls12" \ 5935 "$P_CLI dtls=1 request_size=1 \ 5936 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5937 0 \ 5938 -s "Read from client: 1 bytes read" 5939 5940requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5941run_test "Small client packet DTLS 1.2, without EtM" \ 5942 "$P_SRV dtls=1 force_version=dtls12 etm=0" \ 5943 "$P_CLI dtls=1 request_size=1 \ 5944 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5945 0 \ 5946 -s "Read from client: 1 bytes read" 5947 5948# Tests for small server packets 5949 5950run_test "Small server packet TLS 1.2 BlockCipher" \ 5951 "$P_SRV response_size=1" \ 5952 "$P_CLI force_version=tls12 \ 5953 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5954 0 \ 5955 -c "Read from server: 1 bytes read" 5956 5957run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 5958 "$P_SRV response_size=1" \ 5959 "$P_CLI force_version=tls12 \ 5960 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 5961 0 \ 5962 -c "Read from server: 1 bytes read" 5963 5964run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 5965 "$P_SRV response_size=1" \ 5966 "$P_CLI force_version=tls12 \ 5967 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 5968 0 \ 5969 -c "Read from server: 1 bytes read" 5970 5971run_test "Small server packet TLS 1.2 AEAD" \ 5972 "$P_SRV response_size=1" \ 5973 "$P_CLI force_version=tls12 \ 5974 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 5975 0 \ 5976 -c "Read from server: 1 bytes read" 5977 5978run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 5979 "$P_SRV response_size=1" \ 5980 "$P_CLI force_version=tls12 \ 5981 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 5982 0 \ 5983 -c "Read from server: 1 bytes read" 5984 5985# Tests for small server packets in DTLS 5986 5987requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5988run_test "Small server packet DTLS 1.2" \ 5989 "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ 5990 "$P_CLI dtls=1 \ 5991 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 5992 0 \ 5993 -c "Read from server: 1 bytes read" 5994 5995requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 5996run_test "Small server packet DTLS 1.2, without EtM" \ 5997 "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ 5998 "$P_CLI dtls=1 \ 5999 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 6000 0 \ 6001 -c "Read from server: 1 bytes read" 6002 6003# Test for large client packets 6004 6005# How many fragments do we expect to write $1 bytes? 6006fragments_for_write() { 6007 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 6008} 6009 6010run_test "Large client packet TLS 1.2 BlockCipher" \ 6011 "$P_SRV" \ 6012 "$P_CLI request_size=16384 force_version=tls12 \ 6013 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 6014 0 \ 6015 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 6016 -s "Read from client: $MAX_CONTENT_LEN bytes read" 6017 6018run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 6019 "$P_SRV" \ 6020 "$P_CLI request_size=16384 force_version=tls12 etm=0 \ 6021 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 6022 0 \ 6023 -s "Read from client: $MAX_CONTENT_LEN bytes read" 6024 6025run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 6026 "$P_SRV" \ 6027 "$P_CLI request_size=16384 force_version=tls12 \ 6028 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 6029 0 \ 6030 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 6031 -s "Read from client: $MAX_CONTENT_LEN bytes read" 6032 6033run_test "Large client packet TLS 1.2 AEAD" \ 6034 "$P_SRV" \ 6035 "$P_CLI request_size=16384 force_version=tls12 \ 6036 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 6037 0 \ 6038 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 6039 -s "Read from client: $MAX_CONTENT_LEN bytes read" 6040 6041run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 6042 "$P_SRV" \ 6043 "$P_CLI request_size=16384 force_version=tls12 \ 6044 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 6045 0 \ 6046 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 6047 -s "Read from client: $MAX_CONTENT_LEN bytes read" 6048 6049# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. 6050run_test "Large server packet TLS 1.2 BlockCipher" \ 6051 "$P_SRV response_size=16384" \ 6052 "$P_CLI force_version=tls12 \ 6053 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 6054 0 \ 6055 -c "Read from server: 16384 bytes read" 6056 6057run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 6058 "$P_SRV response_size=16384" \ 6059 "$P_CLI force_version=tls12 etm=0 \ 6060 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 6061 0 \ 6062 -s "16384 bytes written in 1 fragments" \ 6063 -c "Read from server: 16384 bytes read" 6064 6065run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 6066 "$P_SRV response_size=16384" \ 6067 "$P_CLI force_version=tls12 \ 6068 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 6069 0 \ 6070 -c "Read from server: 16384 bytes read" 6071 6072run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 6073 "$P_SRV response_size=16384 trunc_hmac=1" \ 6074 "$P_CLI force_version=tls12 \ 6075 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 6076 0 \ 6077 -s "16384 bytes written in 1 fragments" \ 6078 -c "Read from server: 16384 bytes read" 6079 6080run_test "Large server packet TLS 1.2 AEAD" \ 6081 "$P_SRV response_size=16384" \ 6082 "$P_CLI force_version=tls12 \ 6083 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 6084 0 \ 6085 -c "Read from server: 16384 bytes read" 6086 6087run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 6088 "$P_SRV response_size=16384" \ 6089 "$P_CLI force_version=tls12 \ 6090 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 6091 0 \ 6092 -c "Read from server: 16384 bytes read" 6093 6094# Tests for restartable ECC 6095 6096# Force the use of a curve that supports restartable ECC (secp256r1). 6097 6098requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6099requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6100run_test "EC restart: TLS, default" \ 6101 "$P_SRV curves=secp256r1 auth_mode=required" \ 6102 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6103 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6104 debug_level=1" \ 6105 0 \ 6106 -C "x509_verify_cert.*4b00" \ 6107 -C "mbedtls_pk_verify.*4b00" \ 6108 -C "mbedtls_ecdh_make_public.*4b00" \ 6109 -C "mbedtls_pk_sign.*4b00" 6110 6111requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6112requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6113run_test "EC restart: TLS, max_ops=0" \ 6114 "$P_SRV curves=secp256r1 auth_mode=required" \ 6115 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6116 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6117 debug_level=1 ec_max_ops=0" \ 6118 0 \ 6119 -C "x509_verify_cert.*4b00" \ 6120 -C "mbedtls_pk_verify.*4b00" \ 6121 -C "mbedtls_ecdh_make_public.*4b00" \ 6122 -C "mbedtls_pk_sign.*4b00" 6123 6124requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6125requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6126run_test "EC restart: TLS, max_ops=65535" \ 6127 "$P_SRV curves=secp256r1 auth_mode=required" \ 6128 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6129 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6130 debug_level=1 ec_max_ops=65535" \ 6131 0 \ 6132 -C "x509_verify_cert.*4b00" \ 6133 -C "mbedtls_pk_verify.*4b00" \ 6134 -C "mbedtls_ecdh_make_public.*4b00" \ 6135 -C "mbedtls_pk_sign.*4b00" 6136 6137requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6138requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6139run_test "EC restart: TLS, max_ops=1000" \ 6140 "$P_SRV curves=secp256r1 auth_mode=required" \ 6141 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6142 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6143 debug_level=1 ec_max_ops=1000" \ 6144 0 \ 6145 -c "x509_verify_cert.*4b00" \ 6146 -c "mbedtls_pk_verify.*4b00" \ 6147 -c "mbedtls_ecdh_make_public.*4b00" \ 6148 -c "mbedtls_pk_sign.*4b00" 6149 6150requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6151requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6152run_test "EC restart: TLS, max_ops=1000, badsign" \ 6153 "$P_SRV curves=secp256r1 auth_mode=required \ 6154 crt_file=data_files/server5-badsign.crt \ 6155 key_file=data_files/server5.key" \ 6156 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6157 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6158 debug_level=1 ec_max_ops=1000" \ 6159 1 \ 6160 -c "x509_verify_cert.*4b00" \ 6161 -C "mbedtls_pk_verify.*4b00" \ 6162 -C "mbedtls_ecdh_make_public.*4b00" \ 6163 -C "mbedtls_pk_sign.*4b00" \ 6164 -c "! The certificate is not correctly signed by the trusted CA" \ 6165 -c "! mbedtls_ssl_handshake returned" \ 6166 -c "X509 - Certificate verification failed" 6167 6168requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6169requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6170run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \ 6171 "$P_SRV curves=secp256r1 auth_mode=required \ 6172 crt_file=data_files/server5-badsign.crt \ 6173 key_file=data_files/server5.key" \ 6174 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6175 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6176 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 6177 0 \ 6178 -c "x509_verify_cert.*4b00" \ 6179 -c "mbedtls_pk_verify.*4b00" \ 6180 -c "mbedtls_ecdh_make_public.*4b00" \ 6181 -c "mbedtls_pk_sign.*4b00" \ 6182 -c "! The certificate is not correctly signed by the trusted CA" \ 6183 -C "! mbedtls_ssl_handshake returned" \ 6184 -C "X509 - Certificate verification failed" 6185 6186requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6187requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6188run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \ 6189 "$P_SRV curves=secp256r1 auth_mode=required \ 6190 crt_file=data_files/server5-badsign.crt \ 6191 key_file=data_files/server5.key" \ 6192 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6193 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6194 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 6195 0 \ 6196 -C "x509_verify_cert.*4b00" \ 6197 -c "mbedtls_pk_verify.*4b00" \ 6198 -c "mbedtls_ecdh_make_public.*4b00" \ 6199 -c "mbedtls_pk_sign.*4b00" \ 6200 -C "! The certificate is not correctly signed by the trusted CA" \ 6201 -C "! mbedtls_ssl_handshake returned" \ 6202 -C "X509 - Certificate verification failed" 6203 6204requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6205requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6206run_test "EC restart: DTLS, max_ops=1000" \ 6207 "$P_SRV curves=secp256r1 auth_mode=required dtls=1" \ 6208 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6209 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6210 dtls=1 debug_level=1 ec_max_ops=1000" \ 6211 0 \ 6212 -c "x509_verify_cert.*4b00" \ 6213 -c "mbedtls_pk_verify.*4b00" \ 6214 -c "mbedtls_ecdh_make_public.*4b00" \ 6215 -c "mbedtls_pk_sign.*4b00" 6216 6217requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6218requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6219run_test "EC restart: TLS, max_ops=1000 no client auth" \ 6220 "$P_SRV curves=secp256r1" \ 6221 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 6222 debug_level=1 ec_max_ops=1000" \ 6223 0 \ 6224 -c "x509_verify_cert.*4b00" \ 6225 -c "mbedtls_pk_verify.*4b00" \ 6226 -c "mbedtls_ecdh_make_public.*4b00" \ 6227 -C "mbedtls_pk_sign.*4b00" 6228 6229requires_config_enabled MBEDTLS_ECP_RESTARTABLE 6230requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 6231run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \ 6232 "$P_SRV curves=secp256r1 psk=abc123" \ 6233 "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 6234 psk=abc123 debug_level=1 ec_max_ops=1000" \ 6235 0 \ 6236 -C "x509_verify_cert.*4b00" \ 6237 -C "mbedtls_pk_verify.*4b00" \ 6238 -C "mbedtls_ecdh_make_public.*4b00" \ 6239 -C "mbedtls_pk_sign.*4b00" 6240 6241# Tests of asynchronous private key support in SSL 6242 6243requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6244run_test "SSL async private: sign, delay=0" \ 6245 "$P_SRV \ 6246 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 6247 "$P_CLI" \ 6248 0 \ 6249 -s "Async sign callback: using key slot " \ 6250 -s "Async resume (slot [0-9]): sign done, status=0" 6251 6252requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6253run_test "SSL async private: sign, delay=1" \ 6254 "$P_SRV \ 6255 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 6256 "$P_CLI" \ 6257 0 \ 6258 -s "Async sign callback: using key slot " \ 6259 -s "Async resume (slot [0-9]): call 0 more times." \ 6260 -s "Async resume (slot [0-9]): sign done, status=0" 6261 6262requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6263run_test "SSL async private: sign, delay=2" \ 6264 "$P_SRV \ 6265 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 6266 "$P_CLI" \ 6267 0 \ 6268 -s "Async sign callback: using key slot " \ 6269 -U "Async sign callback: using key slot " \ 6270 -s "Async resume (slot [0-9]): call 1 more times." \ 6271 -s "Async resume (slot [0-9]): call 0 more times." \ 6272 -s "Async resume (slot [0-9]): sign done, status=0" 6273 6274requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6275requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6276run_test "SSL async private: sign, SNI" \ 6277 "$P_SRV debug_level=3 \ 6278 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 6279 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6280 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6281 "$P_CLI server_name=polarssl.example" \ 6282 0 \ 6283 -s "Async sign callback: using key slot " \ 6284 -s "Async resume (slot [0-9]): sign done, status=0" \ 6285 -s "parse ServerName extension" \ 6286 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6287 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 6288 6289requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6290run_test "SSL async private: decrypt, delay=0" \ 6291 "$P_SRV \ 6292 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 6293 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6294 0 \ 6295 -s "Async decrypt callback: using key slot " \ 6296 -s "Async resume (slot [0-9]): decrypt done, status=0" 6297 6298requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6299run_test "SSL async private: decrypt, delay=1" \ 6300 "$P_SRV \ 6301 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 6302 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6303 0 \ 6304 -s "Async decrypt callback: using key slot " \ 6305 -s "Async resume (slot [0-9]): call 0 more times." \ 6306 -s "Async resume (slot [0-9]): decrypt done, status=0" 6307 6308requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6309run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 6310 "$P_SRV psk=abc123 \ 6311 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 6312 "$P_CLI psk=abc123 \ 6313 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 6314 0 \ 6315 -s "Async decrypt callback: using key slot " \ 6316 -s "Async resume (slot [0-9]): decrypt done, status=0" 6317 6318requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6319run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 6320 "$P_SRV psk=abc123 \ 6321 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 6322 "$P_CLI psk=abc123 \ 6323 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 6324 0 \ 6325 -s "Async decrypt callback: using key slot " \ 6326 -s "Async resume (slot [0-9]): call 0 more times." \ 6327 -s "Async resume (slot [0-9]): decrypt done, status=0" 6328 6329requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6330run_test "SSL async private: sign callback not present" \ 6331 "$P_SRV \ 6332 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 6333 "$P_CLI; [ \$? -eq 1 ] && 6334 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6335 0 \ 6336 -S "Async sign callback" \ 6337 -s "! mbedtls_ssl_handshake returned" \ 6338 -s "The own private key or pre-shared key is not set, but needed" \ 6339 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 6340 -s "Successful connection" 6341 6342requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6343run_test "SSL async private: decrypt callback not present" \ 6344 "$P_SRV debug_level=1 \ 6345 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 6346 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 6347 [ \$? -eq 1 ] && $P_CLI" \ 6348 0 \ 6349 -S "Async decrypt callback" \ 6350 -s "! mbedtls_ssl_handshake returned" \ 6351 -s "got no RSA private key" \ 6352 -s "Async resume (slot [0-9]): sign done, status=0" \ 6353 -s "Successful connection" 6354 6355# key1: ECDSA, key2: RSA; use key1 from slot 0 6356requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6357run_test "SSL async private: slot 0 used with key1" \ 6358 "$P_SRV \ 6359 async_operations=s async_private_delay1=1 \ 6360 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6361 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 6362 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 6363 0 \ 6364 -s "Async sign callback: using key slot 0," \ 6365 -s "Async resume (slot 0): call 0 more times." \ 6366 -s "Async resume (slot 0): sign done, status=0" 6367 6368# key1: ECDSA, key2: RSA; use key2 from slot 0 6369requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6370run_test "SSL async private: slot 0 used with key2" \ 6371 "$P_SRV \ 6372 async_operations=s async_private_delay2=1 \ 6373 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6374 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 6375 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 6376 0 \ 6377 -s "Async sign callback: using key slot 0," \ 6378 -s "Async resume (slot 0): call 0 more times." \ 6379 -s "Async resume (slot 0): sign done, status=0" 6380 6381# key1: ECDSA, key2: RSA; use key2 from slot 1 6382requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6383run_test "SSL async private: slot 1 used with key2" \ 6384 "$P_SRV \ 6385 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6386 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6387 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 6388 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 6389 0 \ 6390 -s "Async sign callback: using key slot 1," \ 6391 -s "Async resume (slot 1): call 0 more times." \ 6392 -s "Async resume (slot 1): sign done, status=0" 6393 6394# key1: ECDSA, key2: RSA; use key2 directly 6395requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6396run_test "SSL async private: fall back to transparent key" \ 6397 "$P_SRV \ 6398 async_operations=s async_private_delay1=1 \ 6399 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6400 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \ 6401 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 6402 0 \ 6403 -s "Async sign callback: no key matches this certificate." 6404 6405requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6406run_test "SSL async private: sign, error in start" \ 6407 "$P_SRV \ 6408 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6409 async_private_error=1" \ 6410 "$P_CLI" \ 6411 1 \ 6412 -s "Async sign callback: injected error" \ 6413 -S "Async resume" \ 6414 -S "Async cancel" \ 6415 -s "! mbedtls_ssl_handshake returned" 6416 6417requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6418run_test "SSL async private: sign, cancel after start" \ 6419 "$P_SRV \ 6420 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6421 async_private_error=2" \ 6422 "$P_CLI" \ 6423 1 \ 6424 -s "Async sign callback: using key slot " \ 6425 -S "Async resume" \ 6426 -s "Async cancel" 6427 6428requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6429run_test "SSL async private: sign, error in resume" \ 6430 "$P_SRV \ 6431 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6432 async_private_error=3" \ 6433 "$P_CLI" \ 6434 1 \ 6435 -s "Async sign callback: using key slot " \ 6436 -s "Async resume callback: sign done but injected error" \ 6437 -S "Async cancel" \ 6438 -s "! mbedtls_ssl_handshake returned" 6439 6440requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6441run_test "SSL async private: decrypt, error in start" \ 6442 "$P_SRV \ 6443 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 6444 async_private_error=1" \ 6445 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6446 1 \ 6447 -s "Async decrypt callback: injected error" \ 6448 -S "Async resume" \ 6449 -S "Async cancel" \ 6450 -s "! mbedtls_ssl_handshake returned" 6451 6452requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6453run_test "SSL async private: decrypt, cancel after start" \ 6454 "$P_SRV \ 6455 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 6456 async_private_error=2" \ 6457 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6458 1 \ 6459 -s "Async decrypt callback: using key slot " \ 6460 -S "Async resume" \ 6461 -s "Async cancel" 6462 6463requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6464run_test "SSL async private: decrypt, error in resume" \ 6465 "$P_SRV \ 6466 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 6467 async_private_error=3" \ 6468 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6469 1 \ 6470 -s "Async decrypt callback: using key slot " \ 6471 -s "Async resume callback: decrypt done but injected error" \ 6472 -S "Async cancel" \ 6473 -s "! mbedtls_ssl_handshake returned" 6474 6475requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6476run_test "SSL async private: cancel after start then operate correctly" \ 6477 "$P_SRV \ 6478 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6479 async_private_error=-2" \ 6480 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 6481 0 \ 6482 -s "Async cancel" \ 6483 -s "! mbedtls_ssl_handshake returned" \ 6484 -s "Async resume" \ 6485 -s "Successful connection" 6486 6487requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6488run_test "SSL async private: error in resume then operate correctly" \ 6489 "$P_SRV \ 6490 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6491 async_private_error=-3" \ 6492 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 6493 0 \ 6494 -s "! mbedtls_ssl_handshake returned" \ 6495 -s "Async resume" \ 6496 -s "Successful connection" 6497 6498# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 6499requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6500run_test "SSL async private: cancel after start then fall back to transparent key" \ 6501 "$P_SRV \ 6502 async_operations=s async_private_delay1=1 async_private_error=-2 \ 6503 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6504 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 6505 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 6506 [ \$? -eq 1 ] && 6507 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 6508 0 \ 6509 -s "Async sign callback: using key slot 0" \ 6510 -S "Async resume" \ 6511 -s "Async cancel" \ 6512 -s "! mbedtls_ssl_handshake returned" \ 6513 -s "Async sign callback: no key matches this certificate." \ 6514 -s "Successful connection" 6515 6516# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 6517requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6518run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 6519 "$P_SRV \ 6520 async_operations=s async_private_delay1=1 async_private_error=-3 \ 6521 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 6522 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 6523 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 6524 [ \$? -eq 1 ] && 6525 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 6526 0 \ 6527 -s "Async resume" \ 6528 -s "! mbedtls_ssl_handshake returned" \ 6529 -s "Async sign callback: no key matches this certificate." \ 6530 -s "Successful connection" 6531 6532requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6533requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6534run_test "SSL async private: renegotiation: client-initiated, sign" \ 6535 "$P_SRV \ 6536 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6537 exchanges=2 renegotiation=1" \ 6538 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 6539 0 \ 6540 -s "Async sign callback: using key slot " \ 6541 -s "Async resume (slot [0-9]): sign done, status=0" 6542 6543requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6544requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6545run_test "SSL async private: renegotiation: server-initiated, sign" \ 6546 "$P_SRV \ 6547 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 6548 exchanges=2 renegotiation=1 renegotiate=1" \ 6549 "$P_CLI exchanges=2 renegotiation=1" \ 6550 0 \ 6551 -s "Async sign callback: using key slot " \ 6552 -s "Async resume (slot [0-9]): sign done, status=0" 6553 6554requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6555requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6556run_test "SSL async private: renegotiation: client-initiated, decrypt" \ 6557 "$P_SRV \ 6558 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 6559 exchanges=2 renegotiation=1" \ 6560 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 6561 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6562 0 \ 6563 -s "Async decrypt callback: using key slot " \ 6564 -s "Async resume (slot [0-9]): decrypt done, status=0" 6565 6566requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 6567requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6568run_test "SSL async private: renegotiation: server-initiated, decrypt" \ 6569 "$P_SRV \ 6570 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 6571 exchanges=2 renegotiation=1 renegotiate=1" \ 6572 "$P_CLI exchanges=2 renegotiation=1 \ 6573 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6574 0 \ 6575 -s "Async decrypt callback: using key slot " \ 6576 -s "Async resume (slot [0-9]): decrypt done, status=0" 6577 6578# Tests for ECC extensions (rfc 4492) 6579 6580requires_config_enabled MBEDTLS_AES_C 6581requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6582requires_config_enabled MBEDTLS_SHA256_C 6583requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 6584run_test "Force a non ECC ciphersuite in the client side" \ 6585 "$P_SRV debug_level=3" \ 6586 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 6587 0 \ 6588 -C "client hello, adding supported_elliptic_curves extension" \ 6589 -C "client hello, adding supported_point_formats extension" \ 6590 -S "found supported elliptic curves extension" \ 6591 -S "found supported point formats extension" 6592 6593requires_config_enabled MBEDTLS_AES_C 6594requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6595requires_config_enabled MBEDTLS_SHA256_C 6596requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 6597run_test "Force a non ECC ciphersuite in the server side" \ 6598 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 6599 "$P_CLI debug_level=3" \ 6600 0 \ 6601 -C "found supported_point_formats extension" \ 6602 -S "server hello, supported_point_formats extension" 6603 6604requires_config_enabled MBEDTLS_AES_C 6605requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6606requires_config_enabled MBEDTLS_SHA256_C 6607requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6608run_test "Force an ECC ciphersuite in the client side" \ 6609 "$P_SRV debug_level=3" \ 6610 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 6611 0 \ 6612 -c "client hello, adding supported_elliptic_curves extension" \ 6613 -c "client hello, adding supported_point_formats extension" \ 6614 -s "found supported elliptic curves extension" \ 6615 -s "found supported point formats extension" 6616 6617requires_config_enabled MBEDTLS_AES_C 6618requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 6619requires_config_enabled MBEDTLS_SHA256_C 6620requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6621run_test "Force an ECC ciphersuite in the server side" \ 6622 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 6623 "$P_CLI debug_level=3" \ 6624 0 \ 6625 -c "found supported_point_formats extension" \ 6626 -s "server hello, supported_point_formats extension" 6627 6628# Tests for DTLS HelloVerifyRequest 6629 6630run_test "DTLS cookie: enabled" \ 6631 "$P_SRV dtls=1 debug_level=2" \ 6632 "$P_CLI dtls=1 debug_level=2" \ 6633 0 \ 6634 -s "cookie verification failed" \ 6635 -s "cookie verification passed" \ 6636 -S "cookie verification skipped" \ 6637 -c "received hello verify request" \ 6638 -s "hello verification requested" \ 6639 -S "SSL - The requested feature is not available" 6640 6641run_test "DTLS cookie: disabled" \ 6642 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 6643 "$P_CLI dtls=1 debug_level=2" \ 6644 0 \ 6645 -S "cookie verification failed" \ 6646 -S "cookie verification passed" \ 6647 -s "cookie verification skipped" \ 6648 -C "received hello verify request" \ 6649 -S "hello verification requested" \ 6650 -S "SSL - The requested feature is not available" 6651 6652run_test "DTLS cookie: default (failing)" \ 6653 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 6654 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 6655 1 \ 6656 -s "cookie verification failed" \ 6657 -S "cookie verification passed" \ 6658 -S "cookie verification skipped" \ 6659 -C "received hello verify request" \ 6660 -S "hello verification requested" \ 6661 -s "SSL - The requested feature is not available" 6662 6663requires_ipv6 6664run_test "DTLS cookie: enabled, IPv6" \ 6665 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 6666 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 6667 0 \ 6668 -s "cookie verification failed" \ 6669 -s "cookie verification passed" \ 6670 -S "cookie verification skipped" \ 6671 -c "received hello verify request" \ 6672 -s "hello verification requested" \ 6673 -S "SSL - The requested feature is not available" 6674 6675run_test "DTLS cookie: enabled, nbio" \ 6676 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 6677 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6678 0 \ 6679 -s "cookie verification failed" \ 6680 -s "cookie verification passed" \ 6681 -S "cookie verification skipped" \ 6682 -c "received hello verify request" \ 6683 -s "hello verification requested" \ 6684 -S "SSL - The requested feature is not available" 6685 6686# Tests for client reconnecting from the same port with DTLS 6687 6688not_with_valgrind # spurious resend 6689run_test "DTLS client reconnect from same port: reference" \ 6690 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 6691 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 6692 0 \ 6693 -C "resend" \ 6694 -S "The operation timed out" \ 6695 -S "Client initiated reconnection from same port" 6696 6697not_with_valgrind # spurious resend 6698run_test "DTLS client reconnect from same port: reconnect" \ 6699 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 6700 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 6701 0 \ 6702 -C "resend" \ 6703 -S "The operation timed out" \ 6704 -s "Client initiated reconnection from same port" 6705 6706not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 6707run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 6708 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 6709 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 6710 0 \ 6711 -S "The operation timed out" \ 6712 -s "Client initiated reconnection from same port" 6713 6714only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 6715run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 6716 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 6717 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 6718 0 \ 6719 -S "The operation timed out" \ 6720 -s "Client initiated reconnection from same port" 6721 6722run_test "DTLS client reconnect from same port: no cookies" \ 6723 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 6724 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 6725 0 \ 6726 -s "The operation timed out" \ 6727 -S "Client initiated reconnection from same port" 6728 6729run_test "DTLS client reconnect from same port: attacker-injected" \ 6730 -p "$P_PXY inject_clihlo=1" \ 6731 "$P_SRV dtls=1 exchanges=2 debug_level=1" \ 6732 "$P_CLI dtls=1 exchanges=2" \ 6733 0 \ 6734 -s "possible client reconnect from the same port" \ 6735 -S "Client initiated reconnection from same port" 6736 6737# Tests for various cases of client authentication with DTLS 6738# (focused on handshake flows and message parsing) 6739 6740run_test "DTLS client auth: required" \ 6741 "$P_SRV dtls=1 auth_mode=required" \ 6742 "$P_CLI dtls=1" \ 6743 0 \ 6744 -s "Verifying peer X.509 certificate... ok" 6745 6746run_test "DTLS client auth: optional, client has no cert" \ 6747 "$P_SRV dtls=1 auth_mode=optional" \ 6748 "$P_CLI dtls=1 crt_file=none key_file=none" \ 6749 0 \ 6750 -s "! Certificate was missing" 6751 6752run_test "DTLS client auth: none, client has no cert" \ 6753 "$P_SRV dtls=1 auth_mode=none" \ 6754 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 6755 0 \ 6756 -c "skip write certificate$" \ 6757 -s "! Certificate verification was skipped" 6758 6759run_test "DTLS wrong PSK: badmac alert" \ 6760 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 6761 "$P_CLI dtls=1 psk=abc124" \ 6762 1 \ 6763 -s "SSL - Verification of the message MAC failed" \ 6764 -c "SSL - A fatal alert message was received from our peer" 6765 6766# Tests for receiving fragmented handshake messages with DTLS 6767 6768requires_gnutls 6769run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 6770 "$G_SRV -u --mtu 2048 -a" \ 6771 "$P_CLI dtls=1 debug_level=2" \ 6772 0 \ 6773 -C "found fragmented DTLS handshake message" \ 6774 -C "error" 6775 6776requires_gnutls 6777run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 6778 "$G_SRV -u --mtu 512" \ 6779 "$P_CLI dtls=1 debug_level=2" \ 6780 0 \ 6781 -c "found fragmented DTLS handshake message" \ 6782 -C "error" 6783 6784requires_gnutls 6785run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 6786 "$G_SRV -u --mtu 128" \ 6787 "$P_CLI dtls=1 debug_level=2" \ 6788 0 \ 6789 -c "found fragmented DTLS handshake message" \ 6790 -C "error" 6791 6792requires_gnutls 6793run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 6794 "$G_SRV -u --mtu 128" \ 6795 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6796 0 \ 6797 -c "found fragmented DTLS handshake message" \ 6798 -C "error" 6799 6800requires_gnutls 6801requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6802run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 6803 "$G_SRV -u --mtu 256" \ 6804 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 6805 0 \ 6806 -c "found fragmented DTLS handshake message" \ 6807 -c "client hello, adding renegotiation extension" \ 6808 -c "found renegotiation extension" \ 6809 -c "=> renegotiate" \ 6810 -C "mbedtls_ssl_handshake returned" \ 6811 -C "error" \ 6812 -s "Extra-header:" 6813 6814requires_gnutls 6815requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 6816run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 6817 "$G_SRV -u --mtu 256" \ 6818 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 6819 0 \ 6820 -c "found fragmented DTLS handshake message" \ 6821 -c "client hello, adding renegotiation extension" \ 6822 -c "found renegotiation extension" \ 6823 -c "=> renegotiate" \ 6824 -C "mbedtls_ssl_handshake returned" \ 6825 -C "error" \ 6826 -s "Extra-header:" 6827 6828run_test "DTLS reassembly: no fragmentation (openssl server)" \ 6829 "$O_SRV -dtls -mtu 2048" \ 6830 "$P_CLI dtls=1 debug_level=2" \ 6831 0 \ 6832 -C "found fragmented DTLS handshake message" \ 6833 -C "error" 6834 6835run_test "DTLS reassembly: some fragmentation (openssl server)" \ 6836 "$O_SRV -dtls -mtu 768" \ 6837 "$P_CLI dtls=1 debug_level=2" \ 6838 0 \ 6839 -c "found fragmented DTLS handshake message" \ 6840 -C "error" 6841 6842run_test "DTLS reassembly: more fragmentation (openssl server)" \ 6843 "$O_SRV -dtls -mtu 256" \ 6844 "$P_CLI dtls=1 debug_level=2" \ 6845 0 \ 6846 -c "found fragmented DTLS handshake message" \ 6847 -C "error" 6848 6849run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 6850 "$O_SRV -dtls -mtu 256" \ 6851 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 6852 0 \ 6853 -c "found fragmented DTLS handshake message" \ 6854 -C "error" 6855 6856# Tests for sending fragmented handshake messages with DTLS 6857# 6858# Use client auth when we need the client to send large messages, 6859# and use large cert chains on both sides too (the long chains we have all use 6860# both RSA and ECDSA, but ideally we should have long chains with either). 6861# Sizes reached (UDP payload): 6862# - 2037B for server certificate 6863# - 1542B for client certificate 6864# - 1013B for newsessionticket 6865# - all others below 512B 6866# All those tests assume MAX_CONTENT_LEN is at least 2048 6867 6868requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6869requires_config_enabled MBEDTLS_RSA_C 6870requires_config_enabled MBEDTLS_ECDSA_C 6871requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6872requires_max_content_len 4096 6873run_test "DTLS fragmenting: none (for reference)" \ 6874 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6875 crt_file=data_files/server7_int-ca.crt \ 6876 key_file=data_files/server7.key \ 6877 hs_timeout=2500-60000 \ 6878 max_frag_len=4096" \ 6879 "$P_CLI dtls=1 debug_level=2 \ 6880 crt_file=data_files/server8_int-ca2.crt \ 6881 key_file=data_files/server8.key \ 6882 hs_timeout=2500-60000 \ 6883 max_frag_len=4096" \ 6884 0 \ 6885 -S "found fragmented DTLS handshake message" \ 6886 -C "found fragmented DTLS handshake message" \ 6887 -C "error" 6888 6889requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6890requires_config_enabled MBEDTLS_RSA_C 6891requires_config_enabled MBEDTLS_ECDSA_C 6892requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6893requires_max_content_len 2048 6894run_test "DTLS fragmenting: server only (max_frag_len)" \ 6895 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6896 crt_file=data_files/server7_int-ca.crt \ 6897 key_file=data_files/server7.key \ 6898 hs_timeout=2500-60000 \ 6899 max_frag_len=1024" \ 6900 "$P_CLI dtls=1 debug_level=2 \ 6901 crt_file=data_files/server8_int-ca2.crt \ 6902 key_file=data_files/server8.key \ 6903 hs_timeout=2500-60000 \ 6904 max_frag_len=2048" \ 6905 0 \ 6906 -S "found fragmented DTLS handshake message" \ 6907 -c "found fragmented DTLS handshake message" \ 6908 -C "error" 6909 6910# With the MFL extension, the server has no way of forcing 6911# the client to not exceed a certain MTU; hence, the following 6912# test can't be replicated with an MTU proxy such as the one 6913# `client-initiated, server only (max_frag_len)` below. 6914requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6915requires_config_enabled MBEDTLS_RSA_C 6916requires_config_enabled MBEDTLS_ECDSA_C 6917requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6918requires_max_content_len 4096 6919run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 6920 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6921 crt_file=data_files/server7_int-ca.crt \ 6922 key_file=data_files/server7.key \ 6923 hs_timeout=2500-60000 \ 6924 max_frag_len=512" \ 6925 "$P_CLI dtls=1 debug_level=2 \ 6926 crt_file=data_files/server8_int-ca2.crt \ 6927 key_file=data_files/server8.key \ 6928 hs_timeout=2500-60000 \ 6929 max_frag_len=4096" \ 6930 0 \ 6931 -S "found fragmented DTLS handshake message" \ 6932 -c "found fragmented DTLS handshake message" \ 6933 -C "error" 6934 6935requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6936requires_config_enabled MBEDTLS_RSA_C 6937requires_config_enabled MBEDTLS_ECDSA_C 6938requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6939requires_max_content_len 2048 6940run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 6941 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6942 crt_file=data_files/server7_int-ca.crt \ 6943 key_file=data_files/server7.key \ 6944 hs_timeout=2500-60000 \ 6945 max_frag_len=2048" \ 6946 "$P_CLI dtls=1 debug_level=2 \ 6947 crt_file=data_files/server8_int-ca2.crt \ 6948 key_file=data_files/server8.key \ 6949 hs_timeout=2500-60000 \ 6950 max_frag_len=1024" \ 6951 0 \ 6952 -S "found fragmented DTLS handshake message" \ 6953 -c "found fragmented DTLS handshake message" \ 6954 -C "error" 6955 6956# While not required by the standard defining the MFL extension 6957# (according to which it only applies to records, not to datagrams), 6958# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 6959# as otherwise there wouldn't be any means to communicate MTU restrictions 6960# to the peer. 6961# The next test checks that no datagrams significantly larger than the 6962# negotiated MFL are sent. 6963requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6964requires_config_enabled MBEDTLS_RSA_C 6965requires_config_enabled MBEDTLS_ECDSA_C 6966requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6967requires_max_content_len 2048 6968run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 6969 -p "$P_PXY mtu=1110" \ 6970 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 6971 crt_file=data_files/server7_int-ca.crt \ 6972 key_file=data_files/server7.key \ 6973 hs_timeout=2500-60000 \ 6974 max_frag_len=2048" \ 6975 "$P_CLI dtls=1 debug_level=2 \ 6976 crt_file=data_files/server8_int-ca2.crt \ 6977 key_file=data_files/server8.key \ 6978 hs_timeout=2500-60000 \ 6979 max_frag_len=1024" \ 6980 0 \ 6981 -S "found fragmented DTLS handshake message" \ 6982 -c "found fragmented DTLS handshake message" \ 6983 -C "error" 6984 6985requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 6986requires_config_enabled MBEDTLS_RSA_C 6987requires_config_enabled MBEDTLS_ECDSA_C 6988requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 6989requires_max_content_len 2048 6990run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 6991 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 6992 crt_file=data_files/server7_int-ca.crt \ 6993 key_file=data_files/server7.key \ 6994 hs_timeout=2500-60000 \ 6995 max_frag_len=2048" \ 6996 "$P_CLI dtls=1 debug_level=2 \ 6997 crt_file=data_files/server8_int-ca2.crt \ 6998 key_file=data_files/server8.key \ 6999 hs_timeout=2500-60000 \ 7000 max_frag_len=1024" \ 7001 0 \ 7002 -s "found fragmented DTLS handshake message" \ 7003 -c "found fragmented DTLS handshake message" \ 7004 -C "error" 7005 7006# While not required by the standard defining the MFL extension 7007# (according to which it only applies to records, not to datagrams), 7008# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 7009# as otherwise there wouldn't be any means to communicate MTU restrictions 7010# to the peer. 7011# The next test checks that no datagrams significantly larger than the 7012# negotiated MFL are sent. 7013requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7014requires_config_enabled MBEDTLS_RSA_C 7015requires_config_enabled MBEDTLS_ECDSA_C 7016requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 7017requires_max_content_len 2048 7018run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 7019 -p "$P_PXY mtu=1110" \ 7020 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7021 crt_file=data_files/server7_int-ca.crt \ 7022 key_file=data_files/server7.key \ 7023 hs_timeout=2500-60000 \ 7024 max_frag_len=2048" \ 7025 "$P_CLI dtls=1 debug_level=2 \ 7026 crt_file=data_files/server8_int-ca2.crt \ 7027 key_file=data_files/server8.key \ 7028 hs_timeout=2500-60000 \ 7029 max_frag_len=1024" \ 7030 0 \ 7031 -s "found fragmented DTLS handshake message" \ 7032 -c "found fragmented DTLS handshake message" \ 7033 -C "error" 7034 7035requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7036requires_config_enabled MBEDTLS_RSA_C 7037requires_config_enabled MBEDTLS_ECDSA_C 7038requires_max_content_len 4096 7039run_test "DTLS fragmenting: none (for reference) (MTU)" \ 7040 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7041 crt_file=data_files/server7_int-ca.crt \ 7042 key_file=data_files/server7.key \ 7043 hs_timeout=2500-60000 \ 7044 mtu=4096" \ 7045 "$P_CLI dtls=1 debug_level=2 \ 7046 crt_file=data_files/server8_int-ca2.crt \ 7047 key_file=data_files/server8.key \ 7048 hs_timeout=2500-60000 \ 7049 mtu=4096" \ 7050 0 \ 7051 -S "found fragmented DTLS handshake message" \ 7052 -C "found fragmented DTLS handshake message" \ 7053 -C "error" 7054 7055requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7056requires_config_enabled MBEDTLS_RSA_C 7057requires_config_enabled MBEDTLS_ECDSA_C 7058requires_max_content_len 4096 7059run_test "DTLS fragmenting: client (MTU)" \ 7060 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7061 crt_file=data_files/server7_int-ca.crt \ 7062 key_file=data_files/server7.key \ 7063 hs_timeout=3500-60000 \ 7064 mtu=4096" \ 7065 "$P_CLI dtls=1 debug_level=2 \ 7066 crt_file=data_files/server8_int-ca2.crt \ 7067 key_file=data_files/server8.key \ 7068 hs_timeout=3500-60000 \ 7069 mtu=1024" \ 7070 0 \ 7071 -s "found fragmented DTLS handshake message" \ 7072 -C "found fragmented DTLS handshake message" \ 7073 -C "error" 7074 7075requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7076requires_config_enabled MBEDTLS_RSA_C 7077requires_config_enabled MBEDTLS_ECDSA_C 7078requires_max_content_len 2048 7079run_test "DTLS fragmenting: server (MTU)" \ 7080 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7081 crt_file=data_files/server7_int-ca.crt \ 7082 key_file=data_files/server7.key \ 7083 hs_timeout=2500-60000 \ 7084 mtu=512" \ 7085 "$P_CLI dtls=1 debug_level=2 \ 7086 crt_file=data_files/server8_int-ca2.crt \ 7087 key_file=data_files/server8.key \ 7088 hs_timeout=2500-60000 \ 7089 mtu=2048" \ 7090 0 \ 7091 -S "found fragmented DTLS handshake message" \ 7092 -c "found fragmented DTLS handshake message" \ 7093 -C "error" 7094 7095requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7096requires_config_enabled MBEDTLS_RSA_C 7097requires_config_enabled MBEDTLS_ECDSA_C 7098requires_max_content_len 2048 7099run_test "DTLS fragmenting: both (MTU=1024)" \ 7100 -p "$P_PXY mtu=1024" \ 7101 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7102 crt_file=data_files/server7_int-ca.crt \ 7103 key_file=data_files/server7.key \ 7104 hs_timeout=2500-60000 \ 7105 mtu=1024" \ 7106 "$P_CLI dtls=1 debug_level=2 \ 7107 crt_file=data_files/server8_int-ca2.crt \ 7108 key_file=data_files/server8.key \ 7109 hs_timeout=2500-60000 \ 7110 mtu=1024" \ 7111 0 \ 7112 -s "found fragmented DTLS handshake message" \ 7113 -c "found fragmented DTLS handshake message" \ 7114 -C "error" 7115 7116# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 7117requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7118requires_config_enabled MBEDTLS_RSA_C 7119requires_config_enabled MBEDTLS_ECDSA_C 7120requires_config_enabled MBEDTLS_SHA256_C 7121requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7122requires_config_enabled MBEDTLS_AES_C 7123requires_config_enabled MBEDTLS_GCM_C 7124requires_max_content_len 2048 7125run_test "DTLS fragmenting: both (MTU=512)" \ 7126 -p "$P_PXY mtu=512" \ 7127 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7128 crt_file=data_files/server7_int-ca.crt \ 7129 key_file=data_files/server7.key \ 7130 hs_timeout=2500-60000 \ 7131 mtu=512" \ 7132 "$P_CLI dtls=1 debug_level=2 \ 7133 crt_file=data_files/server8_int-ca2.crt \ 7134 key_file=data_files/server8.key \ 7135 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7136 hs_timeout=2500-60000 \ 7137 mtu=512" \ 7138 0 \ 7139 -s "found fragmented DTLS handshake message" \ 7140 -c "found fragmented DTLS handshake message" \ 7141 -C "error" 7142 7143# Test for automatic MTU reduction on repeated resend. 7144# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 7145# The ratio of max/min timeout should ideally equal 4 to accept two 7146# retransmissions, but in some cases (like both the server and client using 7147# fragmentation and auto-reduction) an extra retransmission might occur, 7148# hence the ratio of 8. 7149not_with_valgrind 7150requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7151requires_config_enabled MBEDTLS_RSA_C 7152requires_config_enabled MBEDTLS_ECDSA_C 7153requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7154requires_config_enabled MBEDTLS_AES_C 7155requires_config_enabled MBEDTLS_GCM_C 7156requires_max_content_len 2048 7157run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ 7158 -p "$P_PXY mtu=508" \ 7159 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7160 crt_file=data_files/server7_int-ca.crt \ 7161 key_file=data_files/server7.key \ 7162 hs_timeout=400-3200" \ 7163 "$P_CLI dtls=1 debug_level=2 \ 7164 crt_file=data_files/server8_int-ca2.crt \ 7165 key_file=data_files/server8.key \ 7166 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7167 hs_timeout=400-3200" \ 7168 0 \ 7169 -s "found fragmented DTLS handshake message" \ 7170 -c "found fragmented DTLS handshake message" \ 7171 -C "error" 7172 7173# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 7174only_with_valgrind 7175requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7176requires_config_enabled MBEDTLS_RSA_C 7177requires_config_enabled MBEDTLS_ECDSA_C 7178requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7179requires_config_enabled MBEDTLS_AES_C 7180requires_config_enabled MBEDTLS_GCM_C 7181requires_max_content_len 2048 7182run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ 7183 -p "$P_PXY mtu=508" \ 7184 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7185 crt_file=data_files/server7_int-ca.crt \ 7186 key_file=data_files/server7.key \ 7187 hs_timeout=250-10000" \ 7188 "$P_CLI dtls=1 debug_level=2 \ 7189 crt_file=data_files/server8_int-ca2.crt \ 7190 key_file=data_files/server8.key \ 7191 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7192 hs_timeout=250-10000" \ 7193 0 \ 7194 -s "found fragmented DTLS handshake message" \ 7195 -c "found fragmented DTLS handshake message" \ 7196 -C "error" 7197 7198# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 7199# OTOH the client might resend if the server is to slow to reset after sending 7200# a HelloVerifyRequest, so only check for no retransmission server-side 7201not_with_valgrind # spurious autoreduction due to timeout 7202requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7203requires_config_enabled MBEDTLS_RSA_C 7204requires_config_enabled MBEDTLS_ECDSA_C 7205requires_max_content_len 2048 7206run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 7207 -p "$P_PXY mtu=1024" \ 7208 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7209 crt_file=data_files/server7_int-ca.crt \ 7210 key_file=data_files/server7.key \ 7211 hs_timeout=10000-60000 \ 7212 mtu=1024" \ 7213 "$P_CLI dtls=1 debug_level=2 \ 7214 crt_file=data_files/server8_int-ca2.crt \ 7215 key_file=data_files/server8.key \ 7216 hs_timeout=10000-60000 \ 7217 mtu=1024" \ 7218 0 \ 7219 -S "autoreduction" \ 7220 -s "found fragmented DTLS handshake message" \ 7221 -c "found fragmented DTLS handshake message" \ 7222 -C "error" 7223 7224# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 7225# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 7226# OTOH the client might resend if the server is to slow to reset after sending 7227# a HelloVerifyRequest, so only check for no retransmission server-side 7228not_with_valgrind # spurious autoreduction due to timeout 7229requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7230requires_config_enabled MBEDTLS_RSA_C 7231requires_config_enabled MBEDTLS_ECDSA_C 7232requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7233requires_config_enabled MBEDTLS_AES_C 7234requires_config_enabled MBEDTLS_GCM_C 7235requires_max_content_len 2048 7236run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 7237 -p "$P_PXY mtu=512" \ 7238 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7239 crt_file=data_files/server7_int-ca.crt \ 7240 key_file=data_files/server7.key \ 7241 hs_timeout=10000-60000 \ 7242 mtu=512" \ 7243 "$P_CLI dtls=1 debug_level=2 \ 7244 crt_file=data_files/server8_int-ca2.crt \ 7245 key_file=data_files/server8.key \ 7246 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7247 hs_timeout=10000-60000 \ 7248 mtu=512" \ 7249 0 \ 7250 -S "autoreduction" \ 7251 -s "found fragmented DTLS handshake message" \ 7252 -c "found fragmented DTLS handshake message" \ 7253 -C "error" 7254 7255not_with_valgrind # spurious autoreduction due to timeout 7256requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7257requires_config_enabled MBEDTLS_RSA_C 7258requires_config_enabled MBEDTLS_ECDSA_C 7259requires_max_content_len 2048 7260run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 7261 -p "$P_PXY mtu=1024" \ 7262 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7263 crt_file=data_files/server7_int-ca.crt \ 7264 key_file=data_files/server7.key \ 7265 hs_timeout=10000-60000 \ 7266 mtu=1024 nbio=2" \ 7267 "$P_CLI dtls=1 debug_level=2 \ 7268 crt_file=data_files/server8_int-ca2.crt \ 7269 key_file=data_files/server8.key \ 7270 hs_timeout=10000-60000 \ 7271 mtu=1024 nbio=2" \ 7272 0 \ 7273 -S "autoreduction" \ 7274 -s "found fragmented DTLS handshake message" \ 7275 -c "found fragmented DTLS handshake message" \ 7276 -C "error" 7277 7278# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 7279not_with_valgrind # spurious autoreduction due to timeout 7280requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7281requires_config_enabled MBEDTLS_RSA_C 7282requires_config_enabled MBEDTLS_ECDSA_C 7283requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7284requires_config_enabled MBEDTLS_AES_C 7285requires_config_enabled MBEDTLS_GCM_C 7286requires_max_content_len 2048 7287run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 7288 -p "$P_PXY mtu=512" \ 7289 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7290 crt_file=data_files/server7_int-ca.crt \ 7291 key_file=data_files/server7.key \ 7292 hs_timeout=10000-60000 \ 7293 mtu=512 nbio=2" \ 7294 "$P_CLI dtls=1 debug_level=2 \ 7295 crt_file=data_files/server8_int-ca2.crt \ 7296 key_file=data_files/server8.key \ 7297 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7298 hs_timeout=10000-60000 \ 7299 mtu=512 nbio=2" \ 7300 0 \ 7301 -S "autoreduction" \ 7302 -s "found fragmented DTLS handshake message" \ 7303 -c "found fragmented DTLS handshake message" \ 7304 -C "error" 7305 7306# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 7307# This ensures things still work after session_reset(). 7308# It also exercises the "resumed handshake" flow. 7309# Since we don't support reading fragmented ClientHello yet, 7310# up the MTU to 1450 (larger than ClientHello with session ticket, 7311# but still smaller than client's Certificate to ensure fragmentation). 7312# An autoreduction on the client-side might happen if the server is 7313# slow to reset, therefore omitting '-C "autoreduction"' below. 7314# reco_delay avoids races where the client reconnects before the server has 7315# resumed listening, which would result in a spurious autoreduction. 7316not_with_valgrind # spurious autoreduction due to timeout 7317requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7318requires_config_enabled MBEDTLS_RSA_C 7319requires_config_enabled MBEDTLS_ECDSA_C 7320requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7321requires_config_enabled MBEDTLS_AES_C 7322requires_config_enabled MBEDTLS_GCM_C 7323requires_max_content_len 2048 7324run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 7325 -p "$P_PXY mtu=1450" \ 7326 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7327 crt_file=data_files/server7_int-ca.crt \ 7328 key_file=data_files/server7.key \ 7329 hs_timeout=10000-60000 \ 7330 mtu=1450" \ 7331 "$P_CLI dtls=1 debug_level=2 \ 7332 crt_file=data_files/server8_int-ca2.crt \ 7333 key_file=data_files/server8.key \ 7334 hs_timeout=10000-60000 \ 7335 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7336 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1" \ 7337 0 \ 7338 -S "autoreduction" \ 7339 -s "found fragmented DTLS handshake message" \ 7340 -c "found fragmented DTLS handshake message" \ 7341 -C "error" 7342 7343# An autoreduction on the client-side might happen if the server is 7344# slow to reset, therefore omitting '-C "autoreduction"' below. 7345not_with_valgrind # spurious autoreduction due to timeout 7346requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7347requires_config_enabled MBEDTLS_RSA_C 7348requires_config_enabled MBEDTLS_ECDSA_C 7349requires_config_enabled MBEDTLS_SHA256_C 7350requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7351requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7352requires_config_enabled MBEDTLS_CHACHAPOLY_C 7353requires_max_content_len 2048 7354run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 7355 -p "$P_PXY mtu=512" \ 7356 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7357 crt_file=data_files/server7_int-ca.crt \ 7358 key_file=data_files/server7.key \ 7359 exchanges=2 renegotiation=1 \ 7360 hs_timeout=10000-60000 \ 7361 mtu=512" \ 7362 "$P_CLI dtls=1 debug_level=2 \ 7363 crt_file=data_files/server8_int-ca2.crt \ 7364 key_file=data_files/server8.key \ 7365 exchanges=2 renegotiation=1 renegotiate=1 \ 7366 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7367 hs_timeout=10000-60000 \ 7368 mtu=512" \ 7369 0 \ 7370 -S "autoreduction" \ 7371 -s "found fragmented DTLS handshake message" \ 7372 -c "found fragmented DTLS handshake message" \ 7373 -C "error" 7374 7375# An autoreduction on the client-side might happen if the server is 7376# slow to reset, therefore omitting '-C "autoreduction"' below. 7377not_with_valgrind # spurious autoreduction due to timeout 7378requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7379requires_config_enabled MBEDTLS_RSA_C 7380requires_config_enabled MBEDTLS_ECDSA_C 7381requires_config_enabled MBEDTLS_SHA256_C 7382requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7383requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7384requires_config_enabled MBEDTLS_AES_C 7385requires_config_enabled MBEDTLS_GCM_C 7386requires_max_content_len 2048 7387run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 7388 -p "$P_PXY mtu=512" \ 7389 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7390 crt_file=data_files/server7_int-ca.crt \ 7391 key_file=data_files/server7.key \ 7392 exchanges=2 renegotiation=1 \ 7393 hs_timeout=10000-60000 \ 7394 mtu=512" \ 7395 "$P_CLI dtls=1 debug_level=2 \ 7396 crt_file=data_files/server8_int-ca2.crt \ 7397 key_file=data_files/server8.key \ 7398 exchanges=2 renegotiation=1 renegotiate=1 \ 7399 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7400 hs_timeout=10000-60000 \ 7401 mtu=512" \ 7402 0 \ 7403 -S "autoreduction" \ 7404 -s "found fragmented DTLS handshake message" \ 7405 -c "found fragmented DTLS handshake message" \ 7406 -C "error" 7407 7408# An autoreduction on the client-side might happen if the server is 7409# slow to reset, therefore omitting '-C "autoreduction"' below. 7410not_with_valgrind # spurious autoreduction due to timeout 7411requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7412requires_config_enabled MBEDTLS_RSA_C 7413requires_config_enabled MBEDTLS_ECDSA_C 7414requires_config_enabled MBEDTLS_SHA256_C 7415requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7416requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7417requires_config_enabled MBEDTLS_AES_C 7418requires_config_enabled MBEDTLS_CCM_C 7419requires_max_content_len 2048 7420run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 7421 -p "$P_PXY mtu=1024" \ 7422 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7423 crt_file=data_files/server7_int-ca.crt \ 7424 key_file=data_files/server7.key \ 7425 exchanges=2 renegotiation=1 \ 7426 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 7427 hs_timeout=10000-60000 \ 7428 mtu=1024" \ 7429 "$P_CLI dtls=1 debug_level=2 \ 7430 crt_file=data_files/server8_int-ca2.crt \ 7431 key_file=data_files/server8.key \ 7432 exchanges=2 renegotiation=1 renegotiate=1 \ 7433 hs_timeout=10000-60000 \ 7434 mtu=1024" \ 7435 0 \ 7436 -S "autoreduction" \ 7437 -s "found fragmented DTLS handshake message" \ 7438 -c "found fragmented DTLS handshake message" \ 7439 -C "error" 7440 7441# An autoreduction on the client-side might happen if the server is 7442# slow to reset, therefore omitting '-C "autoreduction"' below. 7443not_with_valgrind # spurious autoreduction due to timeout 7444requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7445requires_config_enabled MBEDTLS_RSA_C 7446requires_config_enabled MBEDTLS_ECDSA_C 7447requires_config_enabled MBEDTLS_SHA256_C 7448requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7449requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7450requires_config_enabled MBEDTLS_AES_C 7451requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 7452requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 7453requires_max_content_len 2048 7454run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 7455 -p "$P_PXY mtu=1024" \ 7456 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7457 crt_file=data_files/server7_int-ca.crt \ 7458 key_file=data_files/server7.key \ 7459 exchanges=2 renegotiation=1 \ 7460 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 7461 hs_timeout=10000-60000 \ 7462 mtu=1024" \ 7463 "$P_CLI dtls=1 debug_level=2 \ 7464 crt_file=data_files/server8_int-ca2.crt \ 7465 key_file=data_files/server8.key \ 7466 exchanges=2 renegotiation=1 renegotiate=1 \ 7467 hs_timeout=10000-60000 \ 7468 mtu=1024" \ 7469 0 \ 7470 -S "autoreduction" \ 7471 -s "found fragmented DTLS handshake message" \ 7472 -c "found fragmented DTLS handshake message" \ 7473 -C "error" 7474 7475# An autoreduction on the client-side might happen if the server is 7476# slow to reset, therefore omitting '-C "autoreduction"' below. 7477not_with_valgrind # spurious autoreduction due to timeout 7478requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7479requires_config_enabled MBEDTLS_RSA_C 7480requires_config_enabled MBEDTLS_ECDSA_C 7481requires_config_enabled MBEDTLS_SHA256_C 7482requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7483requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 7484requires_config_enabled MBEDTLS_AES_C 7485requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 7486requires_max_content_len 2048 7487run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 7488 -p "$P_PXY mtu=1024" \ 7489 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7490 crt_file=data_files/server7_int-ca.crt \ 7491 key_file=data_files/server7.key \ 7492 exchanges=2 renegotiation=1 \ 7493 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 7494 hs_timeout=10000-60000 \ 7495 mtu=1024" \ 7496 "$P_CLI dtls=1 debug_level=2 \ 7497 crt_file=data_files/server8_int-ca2.crt \ 7498 key_file=data_files/server8.key \ 7499 exchanges=2 renegotiation=1 renegotiate=1 \ 7500 hs_timeout=10000-60000 \ 7501 mtu=1024" \ 7502 0 \ 7503 -S "autoreduction" \ 7504 -s "found fragmented DTLS handshake message" \ 7505 -c "found fragmented DTLS handshake message" \ 7506 -C "error" 7507 7508# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 7509requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7510requires_config_enabled MBEDTLS_RSA_C 7511requires_config_enabled MBEDTLS_ECDSA_C 7512requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7513requires_config_enabled MBEDTLS_AES_C 7514requires_config_enabled MBEDTLS_GCM_C 7515client_needs_more_time 2 7516requires_max_content_len 2048 7517run_test "DTLS fragmenting: proxy MTU + 3d" \ 7518 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 7519 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 7520 crt_file=data_files/server7_int-ca.crt \ 7521 key_file=data_files/server7.key \ 7522 hs_timeout=250-10000 mtu=512" \ 7523 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7524 crt_file=data_files/server8_int-ca2.crt \ 7525 key_file=data_files/server8.key \ 7526 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7527 hs_timeout=250-10000 mtu=512" \ 7528 0 \ 7529 -s "found fragmented DTLS handshake message" \ 7530 -c "found fragmented DTLS handshake message" \ 7531 -C "error" 7532 7533# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 7534requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7535requires_config_enabled MBEDTLS_RSA_C 7536requires_config_enabled MBEDTLS_ECDSA_C 7537requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 7538requires_config_enabled MBEDTLS_AES_C 7539requires_config_enabled MBEDTLS_GCM_C 7540client_needs_more_time 2 7541requires_max_content_len 2048 7542run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 7543 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 7544 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 7545 crt_file=data_files/server7_int-ca.crt \ 7546 key_file=data_files/server7.key \ 7547 hs_timeout=250-10000 mtu=512 nbio=2" \ 7548 "$P_CLI dtls=1 debug_level=2 \ 7549 crt_file=data_files/server8_int-ca2.crt \ 7550 key_file=data_files/server8.key \ 7551 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 7552 hs_timeout=250-10000 mtu=512 nbio=2" \ 7553 0 \ 7554 -s "found fragmented DTLS handshake message" \ 7555 -c "found fragmented DTLS handshake message" \ 7556 -C "error" 7557 7558# interop tests for DTLS fragmentating with reliable connection 7559# 7560# here and below we just want to test that the we fragment in a way that 7561# pleases other implementations, so we don't need the peer to fragment 7562requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7563requires_config_enabled MBEDTLS_RSA_C 7564requires_config_enabled MBEDTLS_ECDSA_C 7565requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7566requires_gnutls 7567requires_max_content_len 2048 7568run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 7569 "$G_SRV -u" \ 7570 "$P_CLI dtls=1 debug_level=2 \ 7571 crt_file=data_files/server8_int-ca2.crt \ 7572 key_file=data_files/server8.key \ 7573 mtu=512 force_version=dtls12" \ 7574 0 \ 7575 -c "fragmenting handshake message" \ 7576 -C "error" 7577 7578# We use --insecure for the GnuTLS client because it expects 7579# the hostname / IP it connects to to be the name used in the 7580# certificate obtained from the server. Here, however, it 7581# connects to 127.0.0.1 while our test certificates use 'localhost' 7582# as the server name in the certificate. This will make the 7583# certifiate validation fail, but passing --insecure makes 7584# GnuTLS continue the connection nonetheless. 7585requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7586requires_config_enabled MBEDTLS_RSA_C 7587requires_config_enabled MBEDTLS_ECDSA_C 7588requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7589requires_gnutls 7590requires_not_i686 7591requires_max_content_len 2048 7592run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 7593 "$P_SRV dtls=1 debug_level=2 \ 7594 crt_file=data_files/server7_int-ca.crt \ 7595 key_file=data_files/server7.key \ 7596 mtu=512 force_version=dtls12" \ 7597 "$G_CLI -u --insecure 127.0.0.1" \ 7598 0 \ 7599 -s "fragmenting handshake message" 7600 7601requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7602requires_config_enabled MBEDTLS_RSA_C 7603requires_config_enabled MBEDTLS_ECDSA_C 7604requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7605requires_max_content_len 2048 7606run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 7607 "$O_SRV -dtls1_2 -verify 10" \ 7608 "$P_CLI dtls=1 debug_level=2 \ 7609 crt_file=data_files/server8_int-ca2.crt \ 7610 key_file=data_files/server8.key \ 7611 mtu=512 force_version=dtls12" \ 7612 0 \ 7613 -c "fragmenting handshake message" \ 7614 -C "error" 7615 7616requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7617requires_config_enabled MBEDTLS_RSA_C 7618requires_config_enabled MBEDTLS_ECDSA_C 7619requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7620requires_max_content_len 2048 7621run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 7622 "$P_SRV dtls=1 debug_level=2 \ 7623 crt_file=data_files/server7_int-ca.crt \ 7624 key_file=data_files/server7.key \ 7625 mtu=512 force_version=dtls12" \ 7626 "$O_CLI -dtls1_2" \ 7627 0 \ 7628 -s "fragmenting handshake message" 7629 7630# interop tests for DTLS fragmentating with unreliable connection 7631# 7632# again we just want to test that the we fragment in a way that 7633# pleases other implementations, so we don't need the peer to fragment 7634requires_gnutls_next 7635requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7636requires_config_enabled MBEDTLS_RSA_C 7637requires_config_enabled MBEDTLS_ECDSA_C 7638requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7639client_needs_more_time 4 7640requires_max_content_len 2048 7641run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 7642 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7643 "$G_NEXT_SRV -u" \ 7644 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 7645 crt_file=data_files/server8_int-ca2.crt \ 7646 key_file=data_files/server8.key \ 7647 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 7648 0 \ 7649 -c "fragmenting handshake message" \ 7650 -C "error" 7651 7652requires_gnutls_next 7653requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7654requires_config_enabled MBEDTLS_RSA_C 7655requires_config_enabled MBEDTLS_ECDSA_C 7656requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7657client_needs_more_time 4 7658requires_max_content_len 2048 7659run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 7660 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7661 "$P_SRV dtls=1 debug_level=2 \ 7662 crt_file=data_files/server7_int-ca.crt \ 7663 key_file=data_files/server7.key \ 7664 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 7665 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 7666 0 \ 7667 -s "fragmenting handshake message" 7668 7669## Interop test with OpenSSL might trigger a bug in recent versions (including 7670## all versions installed on the CI machines), reported here: 7671## Bug report: https://github.com/openssl/openssl/issues/6902 7672## They should be re-enabled once a fixed version of OpenSSL is available 7673## (this should happen in some 1.1.1_ release according to the ticket). 7674skip_next_test 7675requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7676requires_config_enabled MBEDTLS_RSA_C 7677requires_config_enabled MBEDTLS_ECDSA_C 7678requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7679client_needs_more_time 4 7680requires_max_content_len 2048 7681run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 7682 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7683 "$O_SRV -dtls1_2 -verify 10" \ 7684 "$P_CLI dtls=1 debug_level=2 \ 7685 crt_file=data_files/server8_int-ca2.crt \ 7686 key_file=data_files/server8.key \ 7687 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 7688 0 \ 7689 -c "fragmenting handshake message" \ 7690 -C "error" 7691 7692skip_next_test 7693requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 7694requires_config_enabled MBEDTLS_RSA_C 7695requires_config_enabled MBEDTLS_ECDSA_C 7696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7697client_needs_more_time 4 7698requires_max_content_len 2048 7699run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 7700 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 7701 "$P_SRV dtls=1 debug_level=2 \ 7702 crt_file=data_files/server7_int-ca.crt \ 7703 key_file=data_files/server7.key \ 7704 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 7705 "$O_CLI -dtls1_2" \ 7706 0 \ 7707 -s "fragmenting handshake message" 7708 7709# Tests for DTLS-SRTP (RFC 5764) 7710requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7711run_test "DTLS-SRTP all profiles supported" \ 7712 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7713 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7714 0 \ 7715 -s "found use_srtp extension" \ 7716 -s "found srtp profile" \ 7717 -s "selected srtp profile" \ 7718 -s "server hello, adding use_srtp extension" \ 7719 -s "DTLS-SRTP key material is"\ 7720 -c "client hello, adding use_srtp extension" \ 7721 -c "found use_srtp extension" \ 7722 -c "found srtp profile" \ 7723 -c "selected srtp profile" \ 7724 -c "DTLS-SRTP key material is"\ 7725 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7726 -C "error" 7727 7728 7729requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7730run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ 7731 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7732 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ 7733 0 \ 7734 -s "found use_srtp extension" \ 7735 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 7736 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 7737 -s "server hello, adding use_srtp extension" \ 7738 -s "DTLS-SRTP key material is"\ 7739 -c "client hello, adding use_srtp extension" \ 7740 -c "found use_srtp extension" \ 7741 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 7742 -c "selected srtp profile" \ 7743 -c "DTLS-SRTP key material is"\ 7744 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7745 -C "error" 7746 7747requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7748run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ 7749 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 7750 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7751 0 \ 7752 -s "found use_srtp extension" \ 7753 -s "found srtp profile" \ 7754 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 7755 -s "server hello, adding use_srtp extension" \ 7756 -s "DTLS-SRTP key material is"\ 7757 -c "client hello, adding use_srtp extension" \ 7758 -c "found use_srtp extension" \ 7759 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 7760 -c "selected srtp profile" \ 7761 -c "DTLS-SRTP key material is"\ 7762 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7763 -C "error" 7764 7765requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7766run_test "DTLS-SRTP server and Client support only one matching profile." \ 7767 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7768 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7769 0 \ 7770 -s "found use_srtp extension" \ 7771 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 7772 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 7773 -s "server hello, adding use_srtp extension" \ 7774 -s "DTLS-SRTP key material is"\ 7775 -c "client hello, adding use_srtp extension" \ 7776 -c "found use_srtp extension" \ 7777 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 7778 -c "selected srtp profile" \ 7779 -c "DTLS-SRTP key material is"\ 7780 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7781 -C "error" 7782 7783requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7784run_test "DTLS-SRTP server and Client support only one different profile." \ 7785 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7786 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 7787 0 \ 7788 -s "found use_srtp extension" \ 7789 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 7790 -S "selected srtp profile" \ 7791 -S "server hello, adding use_srtp extension" \ 7792 -S "DTLS-SRTP key material is"\ 7793 -c "client hello, adding use_srtp extension" \ 7794 -C "found use_srtp extension" \ 7795 -C "found srtp profile" \ 7796 -C "selected srtp profile" \ 7797 -C "DTLS-SRTP key material is"\ 7798 -C "error" 7799 7800requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7801run_test "DTLS-SRTP server doesn't support use_srtp extension." \ 7802 "$P_SRV dtls=1 debug_level=3" \ 7803 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7804 0 \ 7805 -s "found use_srtp extension" \ 7806 -S "server hello, adding use_srtp extension" \ 7807 -S "DTLS-SRTP key material is"\ 7808 -c "client hello, adding use_srtp extension" \ 7809 -C "found use_srtp extension" \ 7810 -C "found srtp profile" \ 7811 -C "selected srtp profile" \ 7812 -C "DTLS-SRTP key material is"\ 7813 -C "error" 7814 7815requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7816run_test "DTLS-SRTP all profiles supported. mki used" \ 7817 "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ 7818 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 7819 0 \ 7820 -s "found use_srtp extension" \ 7821 -s "found srtp profile" \ 7822 -s "selected srtp profile" \ 7823 -s "server hello, adding use_srtp extension" \ 7824 -s "dumping 'using mki' (8 bytes)" \ 7825 -s "DTLS-SRTP key material is"\ 7826 -c "client hello, adding use_srtp extension" \ 7827 -c "found use_srtp extension" \ 7828 -c "found srtp profile" \ 7829 -c "selected srtp profile" \ 7830 -c "dumping 'sending mki' (8 bytes)" \ 7831 -c "dumping 'received mki' (8 bytes)" \ 7832 -c "DTLS-SRTP key material is"\ 7833 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7834 -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ 7835 -C "error" 7836 7837requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7838run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ 7839 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7840 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 7841 0 \ 7842 -s "found use_srtp extension" \ 7843 -s "found srtp profile" \ 7844 -s "selected srtp profile" \ 7845 -s "server hello, adding use_srtp extension" \ 7846 -s "DTLS-SRTP key material is"\ 7847 -s "DTLS-SRTP no mki value negotiated"\ 7848 -S "dumping 'using mki' (8 bytes)" \ 7849 -c "client hello, adding use_srtp extension" \ 7850 -c "found use_srtp extension" \ 7851 -c "found srtp profile" \ 7852 -c "selected srtp profile" \ 7853 -c "DTLS-SRTP key material is"\ 7854 -c "DTLS-SRTP no mki value negotiated"\ 7855 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7856 -c "dumping 'sending mki' (8 bytes)" \ 7857 -C "dumping 'received mki' (8 bytes)" \ 7858 -C "error" 7859 7860requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7861run_test "DTLS-SRTP all profiles supported. openssl client." \ 7862 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7863 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7864 0 \ 7865 -s "found use_srtp extension" \ 7866 -s "found srtp profile" \ 7867 -s "selected srtp profile" \ 7868 -s "server hello, adding use_srtp extension" \ 7869 -s "DTLS-SRTP key material is"\ 7870 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7871 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" 7872 7873requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7874run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ 7875 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7876 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7877 0 \ 7878 -s "found use_srtp extension" \ 7879 -s "found srtp profile" \ 7880 -s "selected srtp profile" \ 7881 -s "server hello, adding use_srtp extension" \ 7882 -s "DTLS-SRTP key material is"\ 7883 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7884 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 7885 7886requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7887run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ 7888 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 7889 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7890 0 \ 7891 -s "found use_srtp extension" \ 7892 -s "found srtp profile" \ 7893 -s "selected srtp profile" \ 7894 -s "server hello, adding use_srtp extension" \ 7895 -s "DTLS-SRTP key material is"\ 7896 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7897 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 7898 7899requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7900run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ 7901 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7902 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7903 0 \ 7904 -s "found use_srtp extension" \ 7905 -s "found srtp profile" \ 7906 -s "selected srtp profile" \ 7907 -s "server hello, adding use_srtp extension" \ 7908 -s "DTLS-SRTP key material is"\ 7909 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7910 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 7911 7912requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7913run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ 7914 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7915 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7916 0 \ 7917 -s "found use_srtp extension" \ 7918 -s "found srtp profile" \ 7919 -s "selected srtp profile" \ 7920 -s "server hello, adding use_srtp extension" \ 7921 -s "DTLS-SRTP key material is"\ 7922 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 7923 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 7924 7925requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7926run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ 7927 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 7928 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7929 0 \ 7930 -s "found use_srtp extension" \ 7931 -s "found srtp profile" \ 7932 -S "selected srtp profile" \ 7933 -S "server hello, adding use_srtp extension" \ 7934 -S "DTLS-SRTP key material is"\ 7935 -C "SRTP Extension negotiated, profile" 7936 7937requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7938run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ 7939 "$P_SRV dtls=1 debug_level=3" \ 7940 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7941 0 \ 7942 -s "found use_srtp extension" \ 7943 -S "server hello, adding use_srtp extension" \ 7944 -S "DTLS-SRTP key material is"\ 7945 -C "SRTP Extension negotiated, profile" 7946 7947requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7948run_test "DTLS-SRTP all profiles supported. openssl server" \ 7949 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7950 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7951 0 \ 7952 -c "client hello, adding use_srtp extension" \ 7953 -c "found use_srtp extension" \ 7954 -c "found srtp profile" \ 7955 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 7956 -c "DTLS-SRTP key material is"\ 7957 -C "error" 7958 7959requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7960run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ 7961 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7962 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7963 0 \ 7964 -c "client hello, adding use_srtp extension" \ 7965 -c "found use_srtp extension" \ 7966 -c "found srtp profile" \ 7967 -c "selected srtp profile" \ 7968 -c "DTLS-SRTP key material is"\ 7969 -C "error" 7970 7971requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7972run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ 7973 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7974 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7975 0 \ 7976 -c "client hello, adding use_srtp extension" \ 7977 -c "found use_srtp extension" \ 7978 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 7979 -c "selected srtp profile" \ 7980 -c "DTLS-SRTP key material is"\ 7981 -C "error" 7982 7983requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7984run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ 7985 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7986 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 7987 0 \ 7988 -c "client hello, adding use_srtp extension" \ 7989 -c "found use_srtp extension" \ 7990 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 7991 -c "selected srtp profile" \ 7992 -c "DTLS-SRTP key material is"\ 7993 -C "error" 7994 7995requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 7996run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ 7997 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 7998 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 7999 0 \ 8000 -c "client hello, adding use_srtp extension" \ 8001 -c "found use_srtp extension" \ 8002 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 8003 -c "selected srtp profile" \ 8004 -c "DTLS-SRTP key material is"\ 8005 -C "error" 8006 8007requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8008run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ 8009 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 8010 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 8011 0 \ 8012 -c "client hello, adding use_srtp extension" \ 8013 -C "found use_srtp extension" \ 8014 -C "found srtp profile" \ 8015 -C "selected srtp profile" \ 8016 -C "DTLS-SRTP key material is"\ 8017 -C "error" 8018 8019requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8020run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ 8021 "$O_SRV -dtls" \ 8022 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 8023 0 \ 8024 -c "client hello, adding use_srtp extension" \ 8025 -C "found use_srtp extension" \ 8026 -C "found srtp profile" \ 8027 -C "selected srtp profile" \ 8028 -C "DTLS-SRTP key material is"\ 8029 -C "error" 8030 8031requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8032run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ 8033 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 8034 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 8035 0 \ 8036 -c "client hello, adding use_srtp extension" \ 8037 -c "found use_srtp extension" \ 8038 -c "found srtp profile" \ 8039 -c "selected srtp profile" \ 8040 -c "DTLS-SRTP key material is"\ 8041 -c "DTLS-SRTP no mki value negotiated"\ 8042 -c "dumping 'sending mki' (8 bytes)" \ 8043 -C "dumping 'received mki' (8 bytes)" \ 8044 -C "error" 8045 8046requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8047requires_gnutls 8048run_test "DTLS-SRTP all profiles supported. gnutls client." \ 8049 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 8050 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 8051 0 \ 8052 -s "found use_srtp extension" \ 8053 -s "found srtp profile" \ 8054 -s "selected srtp profile" \ 8055 -s "server hello, adding use_srtp extension" \ 8056 -s "DTLS-SRTP key material is"\ 8057 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" 8058 8059requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8060requires_gnutls 8061run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ 8062 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 8063 "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 8064 0 \ 8065 -s "found use_srtp extension" \ 8066 -s "found srtp profile" \ 8067 -s "selected srtp profile" \ 8068 -s "server hello, adding use_srtp extension" \ 8069 -s "DTLS-SRTP key material is"\ 8070 -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" 8071 8072requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8073requires_gnutls 8074run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ 8075 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 8076 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 8077 0 \ 8078 -s "found use_srtp extension" \ 8079 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 8080 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 8081 -s "server hello, adding use_srtp extension" \ 8082 -s "DTLS-SRTP key material is"\ 8083 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 8084 8085requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8086requires_gnutls 8087run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ 8088 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 8089 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 8090 0 \ 8091 -s "found use_srtp extension" \ 8092 -s "found srtp profile" \ 8093 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 8094 -s "server hello, adding use_srtp extension" \ 8095 -s "DTLS-SRTP key material is"\ 8096 -c "SRTP profile: SRTP_NULL_SHA1_32" 8097 8098requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8099requires_gnutls 8100run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ 8101 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 8102 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 8103 0 \ 8104 -s "found use_srtp extension" \ 8105 -s "found srtp profile" \ 8106 -s "selected srtp profile" \ 8107 -s "server hello, adding use_srtp extension" \ 8108 -s "DTLS-SRTP key material is"\ 8109 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 8110 8111requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8112requires_gnutls 8113run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ 8114 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 8115 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 8116 0 \ 8117 -s "found use_srtp extension" \ 8118 -s "found srtp profile" \ 8119 -S "selected srtp profile" \ 8120 -S "server hello, adding use_srtp extension" \ 8121 -S "DTLS-SRTP key material is"\ 8122 -C "SRTP profile:" 8123 8124requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8125requires_gnutls 8126run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ 8127 "$P_SRV dtls=1 debug_level=3" \ 8128 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 8129 0 \ 8130 -s "found use_srtp extension" \ 8131 -S "server hello, adding use_srtp extension" \ 8132 -S "DTLS-SRTP key material is"\ 8133 -C "SRTP profile:" 8134 8135requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8136requires_gnutls 8137run_test "DTLS-SRTP all profiles supported. gnutls server" \ 8138 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 8139 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 8140 0 \ 8141 -c "client hello, adding use_srtp extension" \ 8142 -c "found use_srtp extension" \ 8143 -c "found srtp profile" \ 8144 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 8145 -c "DTLS-SRTP key material is"\ 8146 -C "error" 8147 8148requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8149requires_gnutls 8150run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ 8151 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 8152 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 8153 0 \ 8154 -c "client hello, adding use_srtp extension" \ 8155 -c "found use_srtp extension" \ 8156 -c "found srtp profile" \ 8157 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 8158 -c "DTLS-SRTP key material is"\ 8159 -C "error" 8160 8161requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8162requires_gnutls 8163run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ 8164 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 8165 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 8166 0 \ 8167 -c "client hello, adding use_srtp extension" \ 8168 -c "found use_srtp extension" \ 8169 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 8170 -c "selected srtp profile" \ 8171 -c "DTLS-SRTP key material is"\ 8172 -C "error" 8173 8174requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8175requires_gnutls 8176run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ 8177 "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ 8178 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 8179 0 \ 8180 -c "client hello, adding use_srtp extension" \ 8181 -c "found use_srtp extension" \ 8182 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 8183 -c "selected srtp profile" \ 8184 -c "DTLS-SRTP key material is"\ 8185 -C "error" 8186 8187requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8188requires_gnutls 8189run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ 8190 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 8191 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 8192 0 \ 8193 -c "client hello, adding use_srtp extension" \ 8194 -c "found use_srtp extension" \ 8195 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 8196 -c "selected srtp profile" \ 8197 -c "DTLS-SRTP key material is"\ 8198 -C "error" 8199 8200requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8201requires_gnutls 8202run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ 8203 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 8204 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 8205 0 \ 8206 -c "client hello, adding use_srtp extension" \ 8207 -C "found use_srtp extension" \ 8208 -C "found srtp profile" \ 8209 -C "selected srtp profile" \ 8210 -C "DTLS-SRTP key material is"\ 8211 -C "error" 8212 8213requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8214requires_gnutls 8215run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ 8216 "$G_SRV -u" \ 8217 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 8218 0 \ 8219 -c "client hello, adding use_srtp extension" \ 8220 -C "found use_srtp extension" \ 8221 -C "found srtp profile" \ 8222 -C "selected srtp profile" \ 8223 -C "DTLS-SRTP key material is"\ 8224 -C "error" 8225 8226requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 8227requires_gnutls 8228run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ 8229 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 8230 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 8231 0 \ 8232 -c "client hello, adding use_srtp extension" \ 8233 -c "found use_srtp extension" \ 8234 -c "found srtp profile" \ 8235 -c "selected srtp profile" \ 8236 -c "DTLS-SRTP key material is"\ 8237 -c "DTLS-SRTP mki value:"\ 8238 -c "dumping 'sending mki' (8 bytes)" \ 8239 -c "dumping 'received mki' (8 bytes)" \ 8240 -C "error" 8241 8242# Tests for specific things with "unreliable" UDP connection 8243 8244not_with_valgrind # spurious resend due to timeout 8245run_test "DTLS proxy: reference" \ 8246 -p "$P_PXY" \ 8247 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ 8248 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 8249 0 \ 8250 -C "replayed record" \ 8251 -S "replayed record" \ 8252 -C "Buffer record from epoch" \ 8253 -S "Buffer record from epoch" \ 8254 -C "ssl_buffer_message" \ 8255 -S "ssl_buffer_message" \ 8256 -C "discarding invalid record" \ 8257 -S "discarding invalid record" \ 8258 -S "resend" \ 8259 -s "Extra-header:" \ 8260 -c "HTTP/1.0 200 OK" 8261 8262not_with_valgrind # spurious resend due to timeout 8263run_test "DTLS proxy: duplicate every packet" \ 8264 -p "$P_PXY duplicate=1" \ 8265 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 8266 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 8267 0 \ 8268 -c "replayed record" \ 8269 -s "replayed record" \ 8270 -c "record from another epoch" \ 8271 -s "record from another epoch" \ 8272 -S "resend" \ 8273 -s "Extra-header:" \ 8274 -c "HTTP/1.0 200 OK" 8275 8276run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 8277 -p "$P_PXY duplicate=1" \ 8278 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 8279 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 8280 0 \ 8281 -c "replayed record" \ 8282 -S "replayed record" \ 8283 -c "record from another epoch" \ 8284 -s "record from another epoch" \ 8285 -c "resend" \ 8286 -s "resend" \ 8287 -s "Extra-header:" \ 8288 -c "HTTP/1.0 200 OK" 8289 8290run_test "DTLS proxy: multiple records in same datagram" \ 8291 -p "$P_PXY pack=50" \ 8292 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 8293 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 8294 0 \ 8295 -c "next record in same datagram" \ 8296 -s "next record in same datagram" 8297 8298run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 8299 -p "$P_PXY pack=50 duplicate=1" \ 8300 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 8301 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 8302 0 \ 8303 -c "next record in same datagram" \ 8304 -s "next record in same datagram" 8305 8306run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 8307 -p "$P_PXY bad_ad=1" \ 8308 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 8309 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 8310 0 \ 8311 -c "discarding invalid record (mac)" \ 8312 -s "discarding invalid record (mac)" \ 8313 -s "Extra-header:" \ 8314 -c "HTTP/1.0 200 OK" \ 8315 -S "too many records with bad MAC" \ 8316 -S "Verification of the message MAC failed" 8317 8318run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 8319 -p "$P_PXY bad_ad=1" \ 8320 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 8321 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 8322 1 \ 8323 -C "discarding invalid record (mac)" \ 8324 -S "discarding invalid record (mac)" \ 8325 -S "Extra-header:" \ 8326 -C "HTTP/1.0 200 OK" \ 8327 -s "too many records with bad MAC" \ 8328 -s "Verification of the message MAC failed" 8329 8330run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 8331 -p "$P_PXY bad_ad=1" \ 8332 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 8333 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 8334 0 \ 8335 -c "discarding invalid record (mac)" \ 8336 -s "discarding invalid record (mac)" \ 8337 -s "Extra-header:" \ 8338 -c "HTTP/1.0 200 OK" \ 8339 -S "too many records with bad MAC" \ 8340 -S "Verification of the message MAC failed" 8341 8342run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 8343 -p "$P_PXY bad_ad=1" \ 8344 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 8345 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 8346 1 \ 8347 -c "discarding invalid record (mac)" \ 8348 -s "discarding invalid record (mac)" \ 8349 -s "Extra-header:" \ 8350 -c "HTTP/1.0 200 OK" \ 8351 -s "too many records with bad MAC" \ 8352 -s "Verification of the message MAC failed" 8353 8354run_test "DTLS proxy: delay ChangeCipherSpec" \ 8355 -p "$P_PXY delay_ccs=1" \ 8356 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 8357 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 8358 0 \ 8359 -c "record from another epoch" \ 8360 -s "record from another epoch" \ 8361 -s "Extra-header:" \ 8362 -c "HTTP/1.0 200 OK" 8363 8364# Tests for reordering support with DTLS 8365 8366run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 8367 -p "$P_PXY delay_srv=ServerHello" \ 8368 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8369 hs_timeout=2500-60000" \ 8370 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8371 hs_timeout=2500-60000" \ 8372 0 \ 8373 -c "Buffering HS message" \ 8374 -c "Next handshake message has been buffered - load"\ 8375 -S "Buffering HS message" \ 8376 -S "Next handshake message has been buffered - load"\ 8377 -C "Injecting buffered CCS message" \ 8378 -C "Remember CCS message" \ 8379 -S "Injecting buffered CCS message" \ 8380 -S "Remember CCS message" 8381 8382run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 8383 -p "$P_PXY delay_srv=ServerHello" \ 8384 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8385 hs_timeout=2500-60000" \ 8386 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8387 hs_timeout=2500-60000" \ 8388 0 \ 8389 -c "Buffering HS message" \ 8390 -c "found fragmented DTLS handshake message"\ 8391 -c "Next handshake message 1 not or only partially bufffered" \ 8392 -c "Next handshake message has been buffered - load"\ 8393 -S "Buffering HS message" \ 8394 -S "Next handshake message has been buffered - load"\ 8395 -C "Injecting buffered CCS message" \ 8396 -C "Remember CCS message" \ 8397 -S "Injecting buffered CCS message" \ 8398 -S "Remember CCS message" 8399 8400# The client buffers the ServerKeyExchange before receiving the fragmented 8401# Certificate message; at the time of writing, together these are aroudn 1200b 8402# in size, so that the bound below ensures that the certificate can be reassembled 8403# while keeping the ServerKeyExchange. 8404requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 8405run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 8406 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 8407 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8408 hs_timeout=2500-60000" \ 8409 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8410 hs_timeout=2500-60000" \ 8411 0 \ 8412 -c "Buffering HS message" \ 8413 -c "Next handshake message has been buffered - load"\ 8414 -C "attempt to make space by freeing buffered messages" \ 8415 -S "Buffering HS message" \ 8416 -S "Next handshake message has been buffered - load"\ 8417 -C "Injecting buffered CCS message" \ 8418 -C "Remember CCS message" \ 8419 -S "Injecting buffered CCS message" \ 8420 -S "Remember CCS message" 8421 8422# The size constraints ensure that the delayed certificate message can't 8423# be reassembled while keeping the ServerKeyExchange message, but it can 8424# when dropping it first. 8425requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 8426requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 8427run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 8428 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 8429 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8430 hs_timeout=2500-60000" \ 8431 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8432 hs_timeout=2500-60000" \ 8433 0 \ 8434 -c "Buffering HS message" \ 8435 -c "attempt to make space by freeing buffered future messages" \ 8436 -c "Enough space available after freeing buffered HS messages" \ 8437 -S "Buffering HS message" \ 8438 -S "Next handshake message has been buffered - load"\ 8439 -C "Injecting buffered CCS message" \ 8440 -C "Remember CCS message" \ 8441 -S "Injecting buffered CCS message" \ 8442 -S "Remember CCS message" 8443 8444run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 8445 -p "$P_PXY delay_cli=Certificate" \ 8446 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 8447 hs_timeout=2500-60000" \ 8448 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8449 hs_timeout=2500-60000" \ 8450 0 \ 8451 -C "Buffering HS message" \ 8452 -C "Next handshake message has been buffered - load"\ 8453 -s "Buffering HS message" \ 8454 -s "Next handshake message has been buffered - load" \ 8455 -C "Injecting buffered CCS message" \ 8456 -C "Remember CCS message" \ 8457 -S "Injecting buffered CCS message" \ 8458 -S "Remember CCS message" 8459 8460run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 8461 -p "$P_PXY delay_srv=NewSessionTicket" \ 8462 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8463 hs_timeout=2500-60000" \ 8464 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8465 hs_timeout=2500-60000" \ 8466 0 \ 8467 -C "Buffering HS message" \ 8468 -C "Next handshake message has been buffered - load"\ 8469 -S "Buffering HS message" \ 8470 -S "Next handshake message has been buffered - load" \ 8471 -c "Injecting buffered CCS message" \ 8472 -c "Remember CCS message" \ 8473 -S "Injecting buffered CCS message" \ 8474 -S "Remember CCS message" 8475 8476run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 8477 -p "$P_PXY delay_cli=ClientKeyExchange" \ 8478 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8479 hs_timeout=2500-60000" \ 8480 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8481 hs_timeout=2500-60000" \ 8482 0 \ 8483 -C "Buffering HS message" \ 8484 -C "Next handshake message has been buffered - load"\ 8485 -S "Buffering HS message" \ 8486 -S "Next handshake message has been buffered - load" \ 8487 -C "Injecting buffered CCS message" \ 8488 -C "Remember CCS message" \ 8489 -s "Injecting buffered CCS message" \ 8490 -s "Remember CCS message" 8491 8492run_test "DTLS reordering: Buffer encrypted Finished message" \ 8493 -p "$P_PXY delay_ccs=1" \ 8494 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 8495 hs_timeout=2500-60000" \ 8496 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 8497 hs_timeout=2500-60000" \ 8498 0 \ 8499 -s "Buffer record from epoch 1" \ 8500 -s "Found buffered record from current epoch - load" \ 8501 -c "Buffer record from epoch 1" \ 8502 -c "Found buffered record from current epoch - load" 8503 8504# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 8505# from the server are delayed, so that the encrypted Finished message 8506# is received and buffered. When the fragmented NewSessionTicket comes 8507# in afterwards, the encrypted Finished message must be freed in order 8508# to make space for the NewSessionTicket to be reassembled. 8509# This works only in very particular circumstances: 8510# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 8511# of the NewSessionTicket, but small enough to also allow buffering of 8512# the encrypted Finished message. 8513# - The MTU setting on the server must be so small that the NewSessionTicket 8514# needs to be fragmented. 8515# - All messages sent by the server must be small enough to be either sent 8516# without fragmentation or be reassembled within the bounds of 8517# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 8518# handshake, omitting CRTs. 8519requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 8520requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 8521run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 8522 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 8523 "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 8524 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ 8525 0 \ 8526 -s "Buffer record from epoch 1" \ 8527 -s "Found buffered record from current epoch - load" \ 8528 -c "Buffer record from epoch 1" \ 8529 -C "Found buffered record from current epoch - load" \ 8530 -c "Enough space available after freeing future epoch record" 8531 8532# Tests for "randomly unreliable connection": try a variety of flows and peers 8533 8534client_needs_more_time 2 8535run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 8536 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8537 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8538 psk=abc123" \ 8539 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8540 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8541 0 \ 8542 -s "Extra-header:" \ 8543 -c "HTTP/1.0 200 OK" 8544 8545client_needs_more_time 2 8546run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 8547 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8548 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 8549 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 8550 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8551 0 \ 8552 -s "Extra-header:" \ 8553 -c "HTTP/1.0 200 OK" 8554 8555client_needs_more_time 2 8556run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 8557 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8558 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 8559 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 8560 0 \ 8561 -s "Extra-header:" \ 8562 -c "HTTP/1.0 200 OK" 8563 8564client_needs_more_time 2 8565run_test "DTLS proxy: 3d, FS, client auth" \ 8566 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8567 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 8568 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 8569 0 \ 8570 -s "Extra-header:" \ 8571 -c "HTTP/1.0 200 OK" 8572 8573client_needs_more_time 2 8574run_test "DTLS proxy: 3d, FS, ticket" \ 8575 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8576 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 8577 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 8578 0 \ 8579 -s "Extra-header:" \ 8580 -c "HTTP/1.0 200 OK" 8581 8582client_needs_more_time 2 8583run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 8584 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8585 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 8586 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 8587 0 \ 8588 -s "Extra-header:" \ 8589 -c "HTTP/1.0 200 OK" 8590 8591client_needs_more_time 2 8592run_test "DTLS proxy: 3d, max handshake, nbio" \ 8593 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8594 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 8595 auth_mode=required" \ 8596 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 8597 0 \ 8598 -s "Extra-header:" \ 8599 -c "HTTP/1.0 200 OK" 8600 8601client_needs_more_time 4 8602run_test "DTLS proxy: 3d, min handshake, resumption" \ 8603 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8604 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8605 psk=abc123 debug_level=3" \ 8606 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8607 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 8608 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8609 0 \ 8610 -s "a session has been resumed" \ 8611 -c "a session has been resumed" \ 8612 -s "Extra-header:" \ 8613 -c "HTTP/1.0 200 OK" 8614 8615client_needs_more_time 4 8616run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 8617 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8618 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8619 psk=abc123 debug_level=3 nbio=2" \ 8620 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8621 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 8622 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 8623 0 \ 8624 -s "a session has been resumed" \ 8625 -c "a session has been resumed" \ 8626 -s "Extra-header:" \ 8627 -c "HTTP/1.0 200 OK" 8628 8629client_needs_more_time 4 8630requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8631run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 8632 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8633 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8634 psk=abc123 renegotiation=1 debug_level=2" \ 8635 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8636 renegotiate=1 debug_level=2 \ 8637 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8638 0 \ 8639 -c "=> renegotiate" \ 8640 -s "=> renegotiate" \ 8641 -s "Extra-header:" \ 8642 -c "HTTP/1.0 200 OK" 8643 8644client_needs_more_time 4 8645requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8646run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 8647 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8648 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8649 psk=abc123 renegotiation=1 debug_level=2" \ 8650 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8651 renegotiate=1 debug_level=2 \ 8652 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8653 0 \ 8654 -c "=> renegotiate" \ 8655 -s "=> renegotiate" \ 8656 -s "Extra-header:" \ 8657 -c "HTTP/1.0 200 OK" 8658 8659client_needs_more_time 4 8660requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8661run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 8662 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8663 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8664 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 8665 debug_level=2" \ 8666 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8667 renegotiation=1 exchanges=4 debug_level=2 \ 8668 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8669 0 \ 8670 -c "=> renegotiate" \ 8671 -s "=> renegotiate" \ 8672 -s "Extra-header:" \ 8673 -c "HTTP/1.0 200 OK" 8674 8675client_needs_more_time 4 8676requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8677run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 8678 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8679 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 8680 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 8681 debug_level=2 nbio=2" \ 8682 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 8683 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 8684 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 8685 0 \ 8686 -c "=> renegotiate" \ 8687 -s "=> renegotiate" \ 8688 -s "Extra-header:" \ 8689 -c "HTTP/1.0 200 OK" 8690 8691## Interop tests with OpenSSL might trigger a bug in recent versions (including 8692## all versions installed on the CI machines), reported here: 8693## Bug report: https://github.com/openssl/openssl/issues/6902 8694## They should be re-enabled once a fixed version of OpenSSL is available 8695## (this should happen in some 1.1.1_ release according to the ticket). 8696skip_next_test 8697client_needs_more_time 6 8698not_with_valgrind # risk of non-mbedtls peer timing out 8699run_test "DTLS proxy: 3d, openssl server" \ 8700 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 8701 "$O_SRV -dtls1 -mtu 2048" \ 8702 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 8703 0 \ 8704 -c "HTTP/1.0 200 OK" 8705 8706skip_next_test # see above 8707client_needs_more_time 8 8708not_with_valgrind # risk of non-mbedtls peer timing out 8709run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 8710 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 8711 "$O_SRV -dtls1 -mtu 768" \ 8712 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 8713 0 \ 8714 -c "HTTP/1.0 200 OK" 8715 8716skip_next_test # see above 8717client_needs_more_time 8 8718not_with_valgrind # risk of non-mbedtls peer timing out 8719run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 8720 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 8721 "$O_SRV -dtls1 -mtu 768" \ 8722 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 8723 0 \ 8724 -c "HTTP/1.0 200 OK" 8725 8726requires_gnutls 8727client_needs_more_time 6 8728not_with_valgrind # risk of non-mbedtls peer timing out 8729run_test "DTLS proxy: 3d, gnutls server" \ 8730 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8731 "$G_SRV -u --mtu 2048 -a" \ 8732 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 8733 0 \ 8734 -s "Extra-header:" \ 8735 -c "Extra-header:" 8736 8737requires_gnutls_next 8738client_needs_more_time 8 8739not_with_valgrind # risk of non-mbedtls peer timing out 8740run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 8741 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8742 "$G_NEXT_SRV -u --mtu 512" \ 8743 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 8744 0 \ 8745 -s "Extra-header:" \ 8746 -c "Extra-header:" 8747 8748requires_gnutls_next 8749client_needs_more_time 8 8750not_with_valgrind # risk of non-mbedtls peer timing out 8751run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 8752 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 8753 "$G_NEXT_SRV -u --mtu 512" \ 8754 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 8755 0 \ 8756 -s "Extra-header:" \ 8757 -c "Extra-header:" 8758 8759run_test "export keys functionality" \ 8760 "$P_SRV eap_tls=1 debug_level=3" \ 8761 "$P_CLI eap_tls=1 debug_level=3" \ 8762 0 \ 8763 -c "EAP-TLS key material is:"\ 8764 -s "EAP-TLS key material is:"\ 8765 -c "EAP-TLS IV is:" \ 8766 -s "EAP-TLS IV is:" 8767 8768# openssl feature tests: check if tls1.3 exists. 8769requires_openssl_tls1_3 8770run_test "TLS 1.3: Test openssl tls1_3 feature" \ 8771 "$O_NEXT_SRV -tls1_3 -msg" \ 8772 "$O_NEXT_CLI -tls1_3 -msg" \ 8773 0 \ 8774 -c "TLS 1.3" \ 8775 -s "TLS 1.3" 8776 8777# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. 8778requires_gnutls_tls1_3 8779requires_gnutls_next_no_ticket 8780requires_gnutls_next_disable_tls13_compat 8781run_test "TLS 1.3: Test gnutls tls1_3 feature" \ 8782 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ 8783 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 8784 0 \ 8785 -s "Version: TLS1.3" \ 8786 -c "Version: TLS1.3" 8787 8788# TLS1.3 test cases 8789# TODO: remove or rewrite this test case if #4832 is resolved. 8790requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8791requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8792skip_handshake_stage_check 8793run_test "TLS 1.3: Not supported version check: tls12 and tls13" \ 8794 "$P_SRV debug_level=1 min_version=tls12 max_version=tls13" \ 8795 "$P_CLI debug_level=1 min_version=tls12 max_version=tls13" \ 8796 1 \ 8797 -s "SSL - The requested feature is not available" \ 8798 -c "SSL - The requested feature is not available" \ 8799 -s "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" \ 8800 -c "Hybrid TLS 1.2 + TLS 1.3 configurations are not yet supported" 8801 8802requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8803requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8804run_test "TLS 1.3: handshake dispatch test: tls13 only" \ 8805 "$P_SRV debug_level=2 min_version=tls13 max_version=tls13" \ 8806 "$P_CLI debug_level=2 min_version=tls13 max_version=tls13" \ 8807 1 \ 8808 -s "tls13 server state: MBEDTLS_SSL_HELLO_REQUEST" \ 8809 -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST" 8810 8811requires_openssl_tls1_3 8812requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8813requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 8814requires_config_enabled MBEDTLS_DEBUG_C 8815requires_config_enabled MBEDTLS_SSL_CLI_C 8816requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8817run_test "TLS 1.3: minimal feature sets - openssl" \ 8818 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 8819 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 8820 0 \ 8821 -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \ 8822 -c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \ 8823 -c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \ 8824 -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \ 8825 -c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \ 8826 -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \ 8827 -c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \ 8828 -c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \ 8829 -c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \ 8830 -c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \ 8831 -c "<= ssl_tls13_process_server_hello" \ 8832 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8833 -c "ECDH curve: x25519" \ 8834 -c "=> ssl_tls13_process_server_hello" \ 8835 -c "<= parse encrypted extensions" \ 8836 -c "Certificate verification flags clear" \ 8837 -c "=> parse certificate verify" \ 8838 -c "<= parse certificate verify" \ 8839 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 8840 -c "<= parse finished message" \ 8841 -c "HTTP/1.0 200 ok" 8842 8843requires_gnutls_tls1_3 8844requires_gnutls_next_no_ticket 8845requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8846requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 8847requires_config_enabled MBEDTLS_DEBUG_C 8848requires_config_enabled MBEDTLS_SSL_CLI_C 8849requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8850run_test "TLS 1.3: minimal feature sets - gnutls" \ 8851 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 8852 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 8853 0 \ 8854 -s "SERVER HELLO was queued" \ 8855 -c "tls13 client state: MBEDTLS_SSL_HELLO_REQUEST(0)" \ 8856 -c "tls13 client state: MBEDTLS_SSL_SERVER_HELLO(2)" \ 8857 -c "tls13 client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS(19)" \ 8858 -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_REQUEST(5)" \ 8859 -c "tls13 client state: MBEDTLS_SSL_SERVER_CERTIFICATE(3)" \ 8860 -c "tls13 client state: MBEDTLS_SSL_CERTIFICATE_VERIFY(9)" \ 8861 -c "tls13 client state: MBEDTLS_SSL_SERVER_FINISHED(13)" \ 8862 -c "tls13 client state: MBEDTLS_SSL_CLIENT_FINISHED(11)" \ 8863 -c "tls13 client state: MBEDTLS_SSL_FLUSH_BUFFERS(14)" \ 8864 -c "tls13 client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP(15)" \ 8865 -c "<= ssl_tls13_process_server_hello" \ 8866 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 8867 -c "ECDH curve: x25519" \ 8868 -c "=> ssl_tls13_process_server_hello" \ 8869 -c "<= parse encrypted extensions" \ 8870 -c "Certificate verification flags clear" \ 8871 -c "=> parse certificate verify" \ 8872 -c "<= parse certificate verify" \ 8873 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 8874 -c "<= parse finished message" \ 8875 -c "HTTP/1.0 200 OK" 8876 8877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8878requires_config_enabled MBEDTLS_DEBUG_C 8879requires_config_enabled MBEDTLS_SSL_CLI_C 8880skip_handshake_stage_check 8881requires_gnutls_tls1_3 8882run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.0" \ 8883 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \ 8884 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8885 1 \ 8886 -s "Client's version: 3.3" \ 8887 -c "is a fatal alert message (msg 40)" \ 8888 -S "Version: TLS1.0" \ 8889 -C "Protocol is TLSv1.0" 8890 8891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8892requires_config_enabled MBEDTLS_DEBUG_C 8893requires_config_enabled MBEDTLS_SSL_CLI_C 8894skip_handshake_stage_check 8895requires_gnutls_tls1_3 8896run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.1" \ 8897 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \ 8898 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8899 1 \ 8900 -s "Client's version: 3.3" \ 8901 -c "is a fatal alert message (msg 40)" \ 8902 -S "Version: TLS1.1" \ 8903 -C "Protocol is TLSv1.1" 8904 8905requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8906requires_config_enabled MBEDTLS_DEBUG_C 8907requires_config_enabled MBEDTLS_SSL_CLI_C 8908skip_handshake_stage_check 8909requires_gnutls_tls1_3 8910run_test "TLS 1.3:Not supported version check:gnutls: srv max TLS 1.2" \ 8911 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \ 8912 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8913 1 \ 8914 -s "Client's version: 3.3" \ 8915 -c "is a fatal alert message (msg 40)" \ 8916 -S "Version: TLS1.2" \ 8917 -C "Protocol is TLSv1.2" 8918 8919requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8920requires_config_enabled MBEDTLS_DEBUG_C 8921requires_config_enabled MBEDTLS_SSL_CLI_C 8922skip_handshake_stage_check 8923requires_openssl_next 8924run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.0" \ 8925 "$O_NEXT_SRV -msg -tls1" \ 8926 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8927 1 \ 8928 -s "fatal protocol_version" \ 8929 -c "is a fatal alert message (msg 70)" \ 8930 -S "Version: TLS1.0" \ 8931 -C "Protocol : TLSv1.0" 8932 8933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8934requires_config_enabled MBEDTLS_DEBUG_C 8935requires_config_enabled MBEDTLS_SSL_CLI_C 8936skip_handshake_stage_check 8937requires_openssl_next 8938run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.1" \ 8939 "$O_NEXT_SRV -msg -tls1_1" \ 8940 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8941 1 \ 8942 -s "fatal protocol_version" \ 8943 -c "is a fatal alert message (msg 70)" \ 8944 -S "Version: TLS1.1" \ 8945 -C "Protocol : TLSv1.1" 8946 8947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8948requires_config_enabled MBEDTLS_DEBUG_C 8949requires_config_enabled MBEDTLS_SSL_CLI_C 8950skip_handshake_stage_check 8951requires_openssl_next 8952run_test "TLS 1.3:Not supported version check:openssl: srv max TLS 1.2" \ 8953 "$O_NEXT_SRV -msg -tls1_2" \ 8954 "$P_CLI min_version=tls13 max_version=tls13 debug_level=4" \ 8955 1 \ 8956 -s "fatal protocol_version" \ 8957 -c "is a fatal alert message (msg 70)" \ 8958 -S "Version: TLS1.2" \ 8959 -C "Protocol : TLSv1.2" 8960 8961requires_openssl_tls1_3 8962requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8963requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 8964requires_config_enabled MBEDTLS_DEBUG_C 8965requires_config_enabled MBEDTLS_SSL_CLI_C 8966requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8967run_test "TLS 1.3: CertificateRequest check - openssl" \ 8968 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 8969 "$P_CLI debug_level=4 force_version=tls13 " \ 8970 1 \ 8971 -c "CertificateRequest not supported" 8972 8973requires_gnutls_tls1_3 8974requires_gnutls_next_no_ticket 8975requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8976requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 8977requires_config_enabled MBEDTLS_DEBUG_C 8978requires_config_enabled MBEDTLS_SSL_CLI_C 8979requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8980run_test "TLS 1.3: CertificateRequest check - gnutls" \ 8981 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 8982 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 8983 1 \ 8984 -c "CertificateRequest not supported" 8985 8986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 8987requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 8988requires_config_enabled MBEDTLS_DEBUG_C 8989requires_config_enabled MBEDTLS_SSL_CLI_C 8990requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8991requires_openssl_tls1_3 8992run_test "TLS 1.3: HelloRetryRequest check - openssl" \ 8993 "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 8994 "$P_CLI debug_level=4 force_version=tls13" \ 8995 1 \ 8996 -c "received HelloRetryRequest message" \ 8997 -c "HRR not supported" \ 8998 -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" 8999 9000requires_gnutls_tls1_3 9001requires_gnutls_next_no_ticket 9002requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9003requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 9004requires_config_enabled MBEDTLS_DEBUG_C 9005requires_config_enabled MBEDTLS_SSL_CLI_C 9006requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9007run_test "TLS 1.3: HelloRetryRequest check - gnutls" \ 9008 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS" \ 9009 "$P_CLI debug_level=4 force_version=tls13" \ 9010 1 \ 9011 -c "received HelloRetryRequest message" \ 9012 -c "HRR not supported" \ 9013 -c "Last error was: -0x6E00 - SSL - The handshake negotiation failed" \ 9014 -s "HELLO RETRY REQUEST was queued" 9015 9016for i in $(ls opt-testcases/*.sh) 9017do 9018 . $i 9019done 9020 9021requires_openssl_tls1_3 9022requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9023requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 9024requires_config_enabled MBEDTLS_DEBUG_C 9025requires_config_enabled MBEDTLS_SSL_CLI_C 9026requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9027run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ 9028 "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ 9029 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 9030 0 \ 9031 -c "HTTP/1.0 200 ok" 9032 9033requires_openssl_tls1_3 9034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9035requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 9036requires_config_enabled MBEDTLS_DEBUG_C 9037requires_config_enabled MBEDTLS_SSL_CLI_C 9038requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9039run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ 9040 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 9041 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 9042 1 \ 9043 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 9044 9045requires_gnutls_tls1_3 9046requires_gnutls_next_no_ticket 9047requires_gnutls_next_disable_tls13_compat 9048requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9049requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 9050requires_config_enabled MBEDTLS_DEBUG_C 9051requires_config_enabled MBEDTLS_SSL_CLI_C 9052requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9053run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ 9054 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ 9055 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 9056 0 \ 9057 -c "HTTP/1.0 200 OK" 9058 9059requires_gnutls_tls1_3 9060requires_gnutls_next_no_ticket 9061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 9062requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 9063requires_config_enabled MBEDTLS_DEBUG_C 9064requires_config_enabled MBEDTLS_SSL_CLI_C 9065requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 9066run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ 9067 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 9068 "$P_CLI debug_level=3 min_version=tls13 max_version=tls13" \ 9069 1 \ 9070 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 9071 9072# Test heap memory usage after handshake 9073requires_config_enabled MBEDTLS_MEMORY_DEBUG 9074requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C 9075requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9076requires_max_content_len 16384 9077run_tests_memory_after_hanshake 9078 9079# Final report 9080 9081echo "------------------------------------------------------------------------" 9082 9083if [ $FAILS = 0 ]; then 9084 printf "PASSED" 9085else 9086 printf "FAILED" 9087fi 9088PASSES=$(( $TESTS - $FAILS )) 9089echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 9090 9091exit $FAILS 9092