5 # This file is part of mbed TLS (https://tls.mbed.org)
7 # Copyright (c) 2016, ARM Limited, All Rights Reserved
11 # Executes tests to prove various TLS/SSL options and extensions.
13 # The goal is not to cover every ciphersuite/version, but instead to cover
14 # specific options (max fragment length, truncated hmac, etc) or procedures
15 # (session resumption from cache or ticket, renego, etc).
17 # The tests assume a build with default options, with exceptions expressed
18 # with a dependency. The tests focus on functionality and do not consider
24 if cd $( dirname $0 ); then :; else
25 echo "cd $( dirname $0 ) failed" >&2
29 # default values, can be overridden by the environment
30 : ${P_SRV:=../programs/ssl/ssl_server2}
31 : ${P_CLI:=../programs/ssl/ssl_client2}
32 : ${P_PXY:=../programs/test/udp_proxy}
33 : ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
34 : ${GNUTLS_CLI:=gnutls-cli}
35 : ${GNUTLS_SERV:=gnutls-serv}
38 O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
39 O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
40 G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
41 G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt"
42 TCP_CLIENT="$PERL scripts/tcp_client.pl"
44 # alternative versions of OpenSSL and GnuTLS (no default path)
46 if [ -n "${OPENSSL_LEGACY:-}" ]; then
47 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key"
48 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client"
54 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
55 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
60 if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
61 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt"
70 CONFIG_H='../include/mbedtls/config.h'
81 # Pick a "unique" server port in the range 10000-19999, and a proxy
82 # port which is this plus 10000. Each port number may be independently
83 # overridden by a command line option.
84 SRV_PORT=$(($$ % 10000 + 10000))
85 PXY_PORT=$((SRV_PORT + 10000))
88 echo "Usage: $0 [options]"
89 printf " -h|--help\tPrint this help.\n"
90 printf " -m|--memcheck\tCheck memory leaks and errors.\n"
91 printf " -f|--filter\tOnly matching tests are executed (BRE; default: '$FILTER')\n"
92 printf " -e|--exclude\tMatching tests are excluded (BRE; default: '$EXCLUDE')\n"
93 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
94 printf " -s|--show-numbers\tShow test numbers in front of test names\n"
95 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
96 printf " --port\tTCP/UDP port (default: randomish 1xxxx)\n"
97 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
98 printf " --seed\tInteger seed value to use for this test run\n"
102 while [ $# -gt 0 ]; do
114 shift; RUN_TEST_NUMBER=$1
136 echo "Unknown argument: '$1'"
145 # Skip next test; use this macro to skip tests which are legitimate
146 # in theory and expected to be re-introduced at some point, but
147 # aren't expected to succeed at the moment due to problems outside
148 # our control (such as bugs in other TLS implementations).
153 # skip next test if the flag is not enabled in config.h
154 requires_config_enabled() {
155 if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
160 # skip next test if the flag is enabled in config.h
161 requires_config_disabled() {
162 if grep "^#define $1" $CONFIG_H > /dev/null; then
167 get_config_value_or_default() {
168 # This function uses the query_config command line option to query the
169 # required Mbed TLS compile time configuration from the ssl_server2
170 # program. The command will always return a success value if the
171 # configuration is defined and the value will be printed to stdout.
173 # Note that if the configuration is not defined or is defined to nothing,
174 # the output of this function will be an empty string.
175 ${P_SRV} "query_config=${1}"
178 requires_config_value_at_least() {
179 VAL="$( get_config_value_or_default "$1" )"
180 if [ -z "$VAL" ]; then
181 # Should never happen
182 echo "Mbed TLS configuration $1 is not defined"
184 elif [ "$VAL" -lt "$2" ]; then
189 requires_config_value_at_most() {
190 VAL=$( get_config_value_or_default "$1" )
191 if [ -z "$VAL" ]; then
192 # Should never happen
193 echo "Mbed TLS configuration $1 is not defined"
195 elif [ "$VAL" -gt "$2" ]; then
200 requires_ciphersuite_enabled() {
201 if [ -z "$($P_CLI --help | grep $1)" ]; then
206 # skip next test if OpenSSL doesn't support FALLBACK_SCSV
207 requires_openssl_with_fallback_scsv() {
208 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
209 if $OPENSSL_CMD s_client -help 2>&1 | grep fallback_scsv >/dev/null
211 OPENSSL_HAS_FBSCSV="YES"
213 OPENSSL_HAS_FBSCSV="NO"
216 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
221 # skip next test if GnuTLS isn't available
223 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
224 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
225 GNUTLS_AVAILABLE="YES"
227 GNUTLS_AVAILABLE="NO"
230 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
235 # skip next test if GnuTLS-next isn't available
236 requires_gnutls_next() {
237 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
238 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
239 GNUTLS_NEXT_AVAILABLE="YES"
241 GNUTLS_NEXT_AVAILABLE="NO"
244 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
249 # skip next test if OpenSSL-legacy isn't available
250 requires_openssl_legacy() {
251 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then
252 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then
253 OPENSSL_LEGACY_AVAILABLE="YES"
255 OPENSSL_LEGACY_AVAILABLE="NO"
258 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then
263 # skip next test if IPv6 isn't available on this host
265 if [ -z "${HAS_IPV6:-}" ]; then
266 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
269 kill $SRV_PID >/dev/null 2>&1
270 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
278 if [ "$HAS_IPV6" = "NO" ]; then
283 # skip next test if it's i686 or uname is not available
284 requires_not_i686() {
285 if [ -z "${IS_I686:-}" ]; then
287 if which "uname" >/dev/null 2>&1; then
288 if [ -z "$(uname -a | grep i686)" ]; then
293 if [ "$IS_I686" = "YES" ]; then
298 # Calculate the input & output maximum content lengths set in the config
299 MAX_CONTENT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN || echo "16384")
300 MAX_IN_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_IN_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
301 MAX_OUT_LEN=$( ../scripts/config.pl get MBEDTLS_SSL_OUT_CONTENT_LEN || echo "$MAX_CONTENT_LEN")
303 if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
304 MAX_CONTENT_LEN="$MAX_IN_LEN"
306 if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
307 MAX_CONTENT_LEN="$MAX_OUT_LEN"
310 # skip the next test if the SSL output buffer is less than 16KB
311 requires_full_size_output_buffer() {
312 if [ "$MAX_OUT_LEN" -ne 16384 ]; then
317 # skip the next test if valgrind is in use
318 not_with_valgrind() {
319 if [ "$MEMCHECK" -gt 0 ]; then
324 # skip the next test if valgrind is NOT in use
325 only_with_valgrind() {
326 if [ "$MEMCHECK" -eq 0 ]; then
331 # multiply the client timeout delay by the given factor for the next test
332 client_needs_more_time() {
336 # wait for the given seconds after the client finished in the next test
337 server_needs_more_time() {
343 TESTS=$(( $TESTS + 1 ))
346 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
352 LEN=$(( 72 - `echo "$LINE" | wc -c` ))
353 for i in `seq 1 $LEN`; do printf '.'; done
363 mv $SRV_OUT o-srv-${TESTS}.log
364 mv $CLI_OUT o-cli-${TESTS}.log
365 if [ -n "$PXY_CMD" ]; then
366 mv $PXY_OUT o-pxy-${TESTS}.log
368 echo " ! outputs saved to o-XXX-${TESTS}.log"
370 if [ "X${USER:-}" = Xbuildbot -o "X${LOGNAME:-}" = Xbuildbot -o "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
371 echo " ! server output:"
372 cat o-srv-${TESTS}.log
373 echo " ! ========================================================"
374 echo " ! client output:"
375 cat o-cli-${TESTS}.log
376 if [ -n "$PXY_CMD" ]; then
377 echo " ! ========================================================"
378 echo " ! proxy output:"
379 cat o-pxy-${TESTS}.log
384 FAILS=$(( $FAILS + 1 ))
387 # is_polar <cmd_line>
389 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
392 # openssl s_server doesn't have -www with DTLS
394 if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
396 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
402 # provide input to commands that need it
404 if [ $NEEDS_INPUT -eq 0 ]; then
409 echo "HTTP/1.0 200 OK"
414 # has_mem_err <log_file_name>
416 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
417 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
419 return 1 # false: does not have errors
421 return 0 # true: has errors
425 # Wait for process $2 to be listening on port $1
426 if type lsof >/dev/null 2>/dev/null; then
427 wait_server_start() {
428 START_TIME=$(date +%s)
429 if [ "$DTLS" -eq 1 ]; then
434 # Make a tight loop, server normally takes less than 1s to start.
435 while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
436 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
437 echo "SERVERSTART TIMEOUT"
438 echo "SERVERSTART TIMEOUT" >> $SRV_OUT
441 # Linux and *BSD support decimal arguments to sleep. On other
442 # OSes this may be a tight loop.
443 sleep 0.1 2>/dev/null || true
447 echo "Warning: lsof not available, wait_server_start = sleep"
448 wait_server_start() {
453 # Given the client or server debug output, parse the unix timestamp that is
454 # included in the first 4 bytes of the random bytes and check that it's within
456 check_server_hello_time() {
457 # Extract the time from the debug (lvl 3) output of the client
458 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
459 # Get the Unix timestamp for now
460 CUR_TIME=$(date +'%s')
461 THRESHOLD_IN_SECS=300
463 # Check if the ServerHello time was printed
464 if [ -z "$SERVER_HELLO_TIME" ]; then
468 # Check the time in ServerHello is within acceptable bounds
469 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
470 # The time in ServerHello is at least 5 minutes before now
472 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
473 # The time in ServerHello is at least 5 minutes later than now
480 # wait for client to terminate and set CLI_EXIT
481 # must be called right after starting the client
485 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
488 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
494 kill $DOG_PID >/dev/null 2>&1
497 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
499 sleep $SRV_DELAY_SECONDS
503 # check if the given command uses dtls and sets global variable DTLS
505 if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
512 # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
513 # Options: -s pattern pattern that must be present in server output
514 # -c pattern pattern that must be present in client output
515 # -u pattern lines after pattern must be unique in client output
516 # -f call shell function on client output
517 # -S pattern pattern that must be absent in server output
518 # -C pattern pattern that must be absent in client output
519 # -U pattern lines after pattern must be unique in server output
520 # -F call shell function on server output
525 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
533 # Do we only run numbered tests?
534 if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
535 elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
540 # does this test use a proxy?
541 if [ "X$1" = "X-p" ]; then
548 # get commands and client output
554 # Check if server forces ciphersuite
555 FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
556 if [ ! -z "$FORCE_CIPHERSUITE" ]; then
557 requires_ciphersuite_enabled $FORCE_CIPHERSUITE
560 # Check if client forces ciphersuite
561 FORCE_CIPHERSUITE=$(echo "$CLI_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
562 if [ ! -z "$FORCE_CIPHERSUITE" ]; then
563 requires_ciphersuite_enabled $FORCE_CIPHERSUITE
567 if [ "X$SKIP_NEXT" = "XYES" ]; then
570 SKIPS=$(( $SKIPS + 1 ))
575 if [ -n "$PXY_CMD" ]; then
576 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
578 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g )
581 # update DTLS variable
582 detect_dtls "$SRV_CMD"
584 # prepend valgrind to our commands if active
585 if [ "$MEMCHECK" -gt 0 ]; then
586 if is_polar "$SRV_CMD"; then
587 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
589 if is_polar "$CLI_CMD"; then
590 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
595 while [ $TIMES_LEFT -gt 0 ]; do
596 TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
599 if [ -n "$PXY_CMD" ]; then
600 echo "$PXY_CMD" > $PXY_OUT
601 $PXY_CMD >> $PXY_OUT 2>&1 &
603 # assume proxy starts faster than server
607 echo "$SRV_CMD" > $SRV_OUT
608 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
610 wait_server_start "$SRV_PORT" "$SRV_PID"
612 echo "$CLI_CMD" > $CLI_OUT
613 eval "$CLI_CMD" >> $CLI_OUT 2>&1 &
618 # terminate the server (and the proxy)
622 if [ -n "$PXY_CMD" ]; then
623 kill $PXY_PID >/dev/null 2>&1
627 # retry only on timeouts
628 if grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null; then
635 # check if the client and server went at least to the handshake stage
636 # (useful to avoid tests with only negative assertions and non-zero
637 # expected client exit to incorrectly succeed in case of catastrophic
639 if is_polar "$SRV_CMD"; then
640 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
642 fail "server or client failed to reach handshake stage"
646 if is_polar "$CLI_CMD"; then
647 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
649 fail "server or client failed to reach handshake stage"
654 # check server exit code
660 # check client exit code
661 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
662 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
664 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
668 # check other assertions
669 # lines beginning with == are added by valgrind, ignore them
670 # lines with 'Serious error when reading debug info', are valgrind issues as well
675 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
676 fail "pattern '$2' MUST be present in the Server output"
682 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
683 fail "pattern '$2' MUST be present in the Client output"
689 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
690 fail "pattern '$2' MUST NOT be present in the Server output"
696 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
697 fail "pattern '$2' MUST NOT be present in the Client output"
702 # The filtering in the following two options (-u and -U) do the following
703 # - ignore valgrind output
704 # - filter out everything but lines right after the pattern occurrences
705 # - keep one of each non-unique line
706 # - count how many lines remain
707 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
708 # if there were no duplicates.
710 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
711 fail "lines following pattern '$2' must be unique in Server output"
717 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
718 fail "lines following pattern '$2' must be unique in Client output"
723 if ! $2 "$SRV_OUT"; then
724 fail "function call to '$2' failed on Server output"
729 if ! $2 "$CLI_OUT"; then
730 fail "function call to '$2' failed on Client output"
736 echo "Unknown test: $1" >&2
742 # check valgrind's results
743 if [ "$MEMCHECK" -gt 0 ]; then
744 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
745 fail "Server has memory errors"
748 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
749 fail "Client has memory errors"
754 # if we're here, everything is ok
756 if [ "$PRESERVE_LOGS" -gt 0 ]; then
757 mv $SRV_OUT o-srv-${TESTS}.log
758 mv $CLI_OUT o-cli-${TESTS}.log
759 if [ -n "$PXY_CMD" ]; then
760 mv $PXY_OUT o-pxy-${TESTS}.log
764 rm -f $SRV_OUT $CLI_OUT $PXY_OUT
768 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
769 run_test "PSA-supported ciphersuite: $1" \
770 "$P_SRV debug_level=3 force_version=tls1_2" \
771 "$P_CLI debug_level=3 force_version=tls1_2 force_ciphersuite=$1" \
773 -c "Successfully setup PSA-based decryption cipher context" \
774 -c "Successfully setup PSA-based encryption cipher context" \
775 -c "PSA calc verify" \
776 -c "calc PSA finished" \
777 -s "Successfully setup PSA-based decryption cipher context" \
778 -s "Successfully setup PSA-based encryption cipher context" \
779 -s "PSA calc verify" \
780 -s "calc PSA finished" \
781 -C "Failed to setup PSA-based cipher context"\
782 -S "Failed to setup PSA-based cipher context"\
783 -s "Protocol is TLSv1.2" \
784 -c "Perform PSA-based ECDH computation."\
785 -c "Perform PSA-based computation of digest of ServerKeyExchange" \
790 run_test_psa_force_curve() {
791 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
792 run_test "PSA - ECDH with $1" \
793 "$P_SRV debug_level=4 force_version=tls1_2" \
794 "$P_CLI debug_level=4 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 curves=$1" \
796 -c "Successfully setup PSA-based decryption cipher context" \
797 -c "Successfully setup PSA-based encryption cipher context" \
798 -c "PSA calc verify" \
799 -c "calc PSA finished" \
800 -s "Successfully setup PSA-based decryption cipher context" \
801 -s "Successfully setup PSA-based encryption cipher context" \
802 -s "PSA calc verify" \
803 -s "calc PSA finished" \
804 -C "Failed to setup PSA-based cipher context"\
805 -S "Failed to setup PSA-based cipher context"\
806 -s "Protocol is TLSv1.2" \
807 -c "Perform PSA-based ECDH computation."\
808 -c "Perform PSA-based computation of digest of ServerKeyExchange" \
814 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
815 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
816 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
817 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
818 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
828 # sanity checks, avoid an avalanche of errors
829 P_SRV_BIN="${P_SRV%%[ ]*}"
830 P_CLI_BIN="${P_CLI%%[ ]*}"
831 P_PXY_BIN="${P_PXY%%[ ]*}"
832 if [ ! -x "$P_SRV_BIN" ]; then
833 echo "Command '$P_SRV_BIN' is not an executable file"
836 if [ ! -x "$P_CLI_BIN" ]; then
837 echo "Command '$P_CLI_BIN' is not an executable file"
840 if [ ! -x "$P_PXY_BIN" ]; then
841 echo "Command '$P_PXY_BIN' is not an executable file"
844 if [ "$MEMCHECK" -gt 0 ]; then
845 if which valgrind >/dev/null 2>&1; then :; else
846 echo "Memcheck not possible. Valgrind not found"
850 if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
851 echo "Command '$OPENSSL_CMD' not found"
858 # We use somewhat arbitrary delays for tests:
859 # - how long do we wait for the server to start (when lsof not available)?
860 # - how long do we allow for the client to finish?
861 # (not to check performance, just to avoid waiting indefinitely)
862 # Things are slower with valgrind, so give extra time here.
864 # Note: without lsof, there is a trade-off between the running time of this
865 # script and the risk of spurious errors because we didn't wait long enough.
866 # The watchdog delay on the other hand doesn't affect normal running time of
867 # the script, only the case where a client or server gets stuck.
868 if [ "$MEMCHECK" -gt 0 ]; then
876 # some particular tests need more time:
877 # - for the client, we multiply the usual watchdog limit by a factor
878 # - for the server, we sleep for a number of seconds after the client exits
879 # see client_need_more_time() and server_needs_more_time()
883 # fix commands to use this port, force IPv4 while at it
884 # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
885 P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
886 P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
887 P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
888 O_SRV="$O_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
889 O_CLI="$O_CLI -connect localhost:+SRV_PORT"
890 G_SRV="$G_SRV -p $SRV_PORT"
891 G_CLI="$G_CLI -p +SRV_PORT"
893 if [ -n "${OPENSSL_LEGACY:-}" ]; then
894 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem"
895 O_LEGACY_CLI="$O_LEGACY_CLI -connect localhost:+SRV_PORT"
898 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
899 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
902 if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
903 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
906 # Allow SHA-1, because many of our test certificates use it
907 P_SRV="$P_SRV allow_sha1=1"
908 P_CLI="$P_CLI allow_sha1=1"
910 # Also pick a unique name for intermediate files
918 trap cleanup INT TERM HUP
923 # - things work with all ciphersuites active (used with config-full in all.sh)
924 # - the expected (highest security) parameters are selected
925 # ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
927 "$P_SRV debug_level=3" \
930 -s "Protocol is TLSv1.2" \
931 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
932 -s "client hello v3, signature_algorithm ext: 6" \
933 -s "ECDHE curve: secp521r1" \
937 run_test "Default, DTLS" \
941 -s "Protocol is DTLSv1.2" \
942 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
944 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
945 run_test "CA callback on client" \
946 "$P_SRV debug_level=3" \
947 "$P_CLI ca_callback=1 debug_level=3 " \
949 -c "use CA callback for X.509 CRT verification" \
953 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
954 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
955 requires_config_enabled MBEDTLS_ECDSA_C
956 requires_config_enabled MBEDTLS_SHA256_C
957 run_test "CA callback on server" \
958 "$P_SRV auth_mode=required" \
959 "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \
960 key_file=data_files/server5.key" \
962 -c "use CA callback for X.509 CRT verification" \
963 -s "Verifying peer X.509 certificate... ok" \
967 # Test using an opaque private key for client authentication
968 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
969 requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
970 requires_config_enabled MBEDTLS_ECDSA_C
971 requires_config_enabled MBEDTLS_SHA256_C
972 run_test "Opaque key for client authentication" \
973 "$P_SRV auth_mode=required" \
974 "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \
975 key_file=data_files/server5.key" \
977 -c "key type: Opaque" \
978 -s "Verifying peer X.509 certificate... ok" \
982 # Test ciphersuites which we expect to be fully supported by PSA Crypto
983 # and check that we don't fall back to Mbed TLS' internal crypto primitives.
984 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
985 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
986 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
987 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
988 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
989 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
990 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
991 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
992 run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
994 requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED
995 run_test_psa_force_curve "secp521r1"
996 requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED
997 run_test_psa_force_curve "brainpoolP512r1"
998 requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED
999 run_test_psa_force_curve "secp384r1"
1000 requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED
1001 run_test_psa_force_curve "brainpoolP384r1"
1002 requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED
1003 run_test_psa_force_curve "secp256r1"
1004 requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED
1005 run_test_psa_force_curve "secp256k1"
1006 requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED
1007 run_test_psa_force_curve "brainpoolP256r1"
1008 requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED
1009 run_test_psa_force_curve "secp224r1"
1010 requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED
1011 run_test_psa_force_curve "secp224k1"
1012 requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED
1013 run_test_psa_force_curve "secp192r1"
1014 requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED
1015 run_test_psa_force_curve "secp192k1"
1017 # Test current time in ServerHello
1018 requires_config_enabled MBEDTLS_HAVE_TIME
1019 run_test "ServerHello contains gmt_unix_time" \
1020 "$P_SRV debug_level=3" \
1021 "$P_CLI debug_level=3" \
1023 -f "check_server_hello_time" \
1024 -F "check_server_hello_time"
1026 # Test for uniqueness of IVs in AEAD ciphersuites
1027 run_test "Unique IV in GCM" \
1028 "$P_SRV exchanges=20 debug_level=4" \
1029 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
1034 # Tests for certificate verification callback
1035 run_test "Configuration-specific CRT verification callback" \
1036 "$P_SRV debug_level=3" \
1037 "$P_CLI context_crt_cb=0 debug_level=3" \
1040 -c "Verify requested for " \
1041 -c "Use configuration-specific verification callback" \
1042 -C "Use context-specific verification callback" \
1045 run_test "Context-specific CRT verification callback" \
1046 "$P_SRV debug_level=3" \
1047 "$P_CLI context_crt_cb=1 debug_level=3" \
1050 -c "Verify requested for " \
1051 -c "Use context-specific verification callback" \
1052 -C "Use configuration-specific verification callback" \
1055 # Tests for rc4 option
1057 requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
1058 run_test "RC4: server disabled, client enabled" \
1060 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1062 -s "SSL - The server has no ciphersuites in common"
1064 requires_config_enabled MBEDTLS_REMOVE_ARC4_CIPHERSUITES
1065 run_test "RC4: server half, client enabled" \
1067 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1069 -s "SSL - The server has no ciphersuites in common"
1071 run_test "RC4: server enabled, client disabled" \
1072 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1075 -s "SSL - The server has no ciphersuites in common"
1077 run_test "RC4: both enabled" \
1078 "$P_SRV force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1079 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1081 -S "SSL - None of the common ciphersuites is usable" \
1082 -S "SSL - The server has no ciphersuites in common"
1084 # Test empty CA list in CertificateRequest in TLS 1.1 and earlier
1087 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
1088 run_test "CertificateRequest with empty CA list, TLS 1.1 (GnuTLS server)" \
1090 "$P_CLI force_version=tls1_1" \
1094 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
1095 run_test "CertificateRequest with empty CA list, TLS 1.0 (GnuTLS server)" \
1097 "$P_CLI force_version=tls1" \
1100 # Tests for SHA-1 support
1102 requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
1103 run_test "SHA-1 forbidden by default in server certificate" \
1104 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
1105 "$P_CLI debug_level=2 allow_sha1=0" \
1107 -c "The certificate is signed with an unacceptable hash"
1109 requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
1110 run_test "SHA-1 forbidden by default in server certificate" \
1111 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
1112 "$P_CLI debug_level=2 allow_sha1=0" \
1115 run_test "SHA-1 explicitly allowed in server certificate" \
1116 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
1117 "$P_CLI allow_sha1=1" \
1120 run_test "SHA-256 allowed by default in server certificate" \
1121 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
1122 "$P_CLI allow_sha1=0" \
1125 requires_config_disabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
1126 run_test "SHA-1 forbidden by default in client certificate" \
1127 "$P_SRV auth_mode=required allow_sha1=0" \
1128 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1130 -s "The certificate is signed with an unacceptable hash"
1132 requires_config_enabled MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
1133 run_test "SHA-1 forbidden by default in client certificate" \
1134 "$P_SRV auth_mode=required allow_sha1=0" \
1135 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1138 run_test "SHA-1 explicitly allowed in client certificate" \
1139 "$P_SRV auth_mode=required allow_sha1=1" \
1140 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
1143 run_test "SHA-256 allowed by default in client certificate" \
1144 "$P_SRV auth_mode=required allow_sha1=0" \
1145 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
1148 # Tests for datagram packing
1149 run_test "DTLS: multiple records in same datagram, client and server" \
1150 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
1151 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
1153 -c "next record in same datagram" \
1154 -s "next record in same datagram"
1156 run_test "DTLS: multiple records in same datagram, client only" \
1157 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
1158 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
1160 -s "next record in same datagram" \
1161 -C "next record in same datagram"
1163 run_test "DTLS: multiple records in same datagram, server only" \
1164 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
1165 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
1167 -S "next record in same datagram" \
1168 -c "next record in same datagram"
1170 run_test "DTLS: multiple records in same datagram, neither client nor server" \
1171 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
1172 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
1174 -S "next record in same datagram" \
1175 -C "next record in same datagram"
1177 # Tests for Truncated HMAC extension
1179 run_test "Truncated HMAC: client default, server default" \
1180 "$P_SRV debug_level=4" \
1181 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1183 -s "dumping 'expected mac' (20 bytes)" \
1184 -S "dumping 'expected mac' (10 bytes)"
1186 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1187 run_test "Truncated HMAC: client disabled, server default" \
1188 "$P_SRV debug_level=4" \
1189 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
1191 -s "dumping 'expected mac' (20 bytes)" \
1192 -S "dumping 'expected mac' (10 bytes)"
1194 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1195 run_test "Truncated HMAC: client enabled, server default" \
1196 "$P_SRV debug_level=4" \
1197 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1199 -s "dumping 'expected mac' (20 bytes)" \
1200 -S "dumping 'expected mac' (10 bytes)"
1202 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1203 run_test "Truncated HMAC: client enabled, server disabled" \
1204 "$P_SRV debug_level=4 trunc_hmac=0" \
1205 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1207 -s "dumping 'expected mac' (20 bytes)" \
1208 -S "dumping 'expected mac' (10 bytes)"
1210 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1211 run_test "Truncated HMAC: client disabled, server enabled" \
1212 "$P_SRV debug_level=4 trunc_hmac=1" \
1213 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
1215 -s "dumping 'expected mac' (20 bytes)" \
1216 -S "dumping 'expected mac' (10 bytes)"
1218 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1219 run_test "Truncated HMAC: client enabled, server enabled" \
1220 "$P_SRV debug_level=4 trunc_hmac=1" \
1221 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1223 -S "dumping 'expected mac' (20 bytes)" \
1224 -s "dumping 'expected mac' (10 bytes)"
1226 run_test "Truncated HMAC, DTLS: client default, server default" \
1227 "$P_SRV dtls=1 debug_level=4" \
1228 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1230 -s "dumping 'expected mac' (20 bytes)" \
1231 -S "dumping 'expected mac' (10 bytes)"
1233 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1234 run_test "Truncated HMAC, DTLS: client disabled, server default" \
1235 "$P_SRV dtls=1 debug_level=4" \
1236 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
1238 -s "dumping 'expected mac' (20 bytes)" \
1239 -S "dumping 'expected mac' (10 bytes)"
1241 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1242 run_test "Truncated HMAC, DTLS: client enabled, server default" \
1243 "$P_SRV dtls=1 debug_level=4" \
1244 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1246 -s "dumping 'expected mac' (20 bytes)" \
1247 -S "dumping 'expected mac' (10 bytes)"
1249 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1250 run_test "Truncated HMAC, DTLS: client enabled, server disabled" \
1251 "$P_SRV dtls=1 debug_level=4 trunc_hmac=0" \
1252 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1254 -s "dumping 'expected mac' (20 bytes)" \
1255 -S "dumping 'expected mac' (10 bytes)"
1257 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1258 run_test "Truncated HMAC, DTLS: client disabled, server enabled" \
1259 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
1260 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=0" \
1262 -s "dumping 'expected mac' (20 bytes)" \
1263 -S "dumping 'expected mac' (10 bytes)"
1265 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
1266 run_test "Truncated HMAC, DTLS: client enabled, server enabled" \
1267 "$P_SRV dtls=1 debug_level=4 trunc_hmac=1" \
1268 "$P_CLI dtls=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA trunc_hmac=1" \
1270 -S "dumping 'expected mac' (20 bytes)" \
1271 -s "dumping 'expected mac' (10 bytes)"
1273 # Tests for DTLS Connection ID extension
1275 # So far, the CID API isn't implemented, so we can't
1276 # grep for output witnessing its use. This needs to be
1277 # changed once the CID extension is implemented.
1279 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1280 run_test "Connection ID: Cli enabled, Srv disabled" \
1281 "$P_SRV debug_level=3 dtls=1 cid=0" \
1282 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1284 -s "Disable use of CID extension." \
1285 -s "found CID extension" \
1286 -s "Client sent CID extension, but CID disabled" \
1287 -c "Enable use of CID extension." \
1288 -c "client hello, adding CID extension" \
1289 -S "server hello, adding CID extension" \
1290 -C "found CID extension" \
1291 -S "Copy CIDs into SSL transform" \
1292 -C "Copy CIDs into SSL transform" \
1293 -c "Use of Connection ID was rejected by the server"
1295 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1296 run_test "Connection ID: Cli disabled, Srv enabled" \
1297 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1298 "$P_CLI debug_level=3 dtls=1 cid=0" \
1300 -c "Disable use of CID extension." \
1301 -C "client hello, adding CID extension" \
1302 -S "found CID extension" \
1303 -s "Enable use of CID extension." \
1304 -S "server hello, adding CID extension" \
1305 -C "found CID extension" \
1306 -S "Copy CIDs into SSL transform" \
1307 -C "Copy CIDs into SSL transform" \
1308 -s "Use of Connection ID was not offered by client"
1310 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1311 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
1312 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
1313 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \
1315 -c "Enable use of CID extension." \
1316 -s "Enable use of CID extension." \
1317 -c "client hello, adding CID extension" \
1318 -s "found CID extension" \
1319 -s "Use of CID extension negotiated" \
1320 -s "server hello, adding CID extension" \
1321 -c "found CID extension" \
1322 -c "Use of CID extension negotiated" \
1323 -s "Copy CIDs into SSL transform" \
1324 -c "Copy CIDs into SSL transform" \
1325 -c "Peer CID (length 2 Bytes): de ad" \
1326 -s "Peer CID (length 2 Bytes): be ef" \
1327 -s "Use of Connection ID has been negotiated" \
1328 -c "Use of Connection ID has been negotiated"
1330 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1331 run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
1332 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
1333 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \
1334 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \
1336 -c "Enable use of CID extension." \
1337 -s "Enable use of CID extension." \
1338 -c "client hello, adding CID extension" \
1339 -s "found CID extension" \
1340 -s "Use of CID extension negotiated" \
1341 -s "server hello, adding CID extension" \
1342 -c "found CID extension" \
1343 -c "Use of CID extension negotiated" \
1344 -s "Copy CIDs into SSL transform" \
1345 -c "Copy CIDs into SSL transform" \
1346 -c "Peer CID (length 2 Bytes): de ad" \
1347 -s "Peer CID (length 2 Bytes): be ef" \
1348 -s "Use of Connection ID has been negotiated" \
1349 -c "Use of Connection ID has been negotiated" \
1350 -c "ignoring unexpected CID" \
1351 -s "ignoring unexpected CID"
1353 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1354 run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
1355 -p "$P_PXY mtu=800" \
1356 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
1357 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
1359 -c "Enable use of CID extension." \
1360 -s "Enable use of CID extension." \
1361 -c "client hello, adding CID extension" \
1362 -s "found CID extension" \
1363 -s "Use of CID extension negotiated" \
1364 -s "server hello, adding CID extension" \
1365 -c "found CID extension" \
1366 -c "Use of CID extension negotiated" \
1367 -s "Copy CIDs into SSL transform" \
1368 -c "Copy CIDs into SSL transform" \
1369 -c "Peer CID (length 2 Bytes): de ad" \
1370 -s "Peer CID (length 2 Bytes): be ef" \
1371 -s "Use of Connection ID has been negotiated" \
1372 -c "Use of Connection ID has been negotiated"
1374 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1375 run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
1376 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
1377 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
1378 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
1380 -c "Enable use of CID extension." \
1381 -s "Enable use of CID extension." \
1382 -c "client hello, adding CID extension" \
1383 -s "found CID extension" \
1384 -s "Use of CID extension negotiated" \
1385 -s "server hello, adding CID extension" \
1386 -c "found CID extension" \
1387 -c "Use of CID extension negotiated" \
1388 -s "Copy CIDs into SSL transform" \
1389 -c "Copy CIDs into SSL transform" \
1390 -c "Peer CID (length 2 Bytes): de ad" \
1391 -s "Peer CID (length 2 Bytes): be ef" \
1392 -s "Use of Connection ID has been negotiated" \
1393 -c "Use of Connection ID has been negotiated" \
1394 -c "ignoring unexpected CID" \
1395 -s "ignoring unexpected CID"
1397 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1398 run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
1399 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1400 "$P_CLI debug_level=3 dtls=1 cid=1" \
1402 -c "Enable use of CID extension." \
1403 -s "Enable use of CID extension." \
1404 -c "client hello, adding CID extension" \
1405 -s "found CID extension" \
1406 -s "Use of CID extension negotiated" \
1407 -s "server hello, adding CID extension" \
1408 -c "found CID extension" \
1409 -c "Use of CID extension negotiated" \
1410 -s "Copy CIDs into SSL transform" \
1411 -c "Copy CIDs into SSL transform" \
1412 -c "Peer CID (length 4 Bytes): de ad be ef" \
1413 -s "Peer CID (length 0 Bytes):" \
1414 -s "Use of Connection ID has been negotiated" \
1415 -c "Use of Connection ID has been negotiated"
1417 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1418 run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
1419 "$P_SRV debug_level=3 dtls=1 cid=1" \
1420 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1422 -c "Enable use of CID extension." \
1423 -s "Enable use of CID extension." \
1424 -c "client hello, adding CID extension" \
1425 -s "found CID extension" \
1426 -s "Use of CID extension negotiated" \
1427 -s "server hello, adding CID extension" \
1428 -c "found CID extension" \
1429 -c "Use of CID extension negotiated" \
1430 -s "Copy CIDs into SSL transform" \
1431 -c "Copy CIDs into SSL transform" \
1432 -s "Peer CID (length 4 Bytes): de ad be ef" \
1433 -c "Peer CID (length 0 Bytes):" \
1434 -s "Use of Connection ID has been negotiated" \
1435 -c "Use of Connection ID has been negotiated"
1437 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1438 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
1439 "$P_SRV debug_level=3 dtls=1 cid=1" \
1440 "$P_CLI debug_level=3 dtls=1 cid=1" \
1442 -c "Enable use of CID extension." \
1443 -s "Enable use of CID extension." \
1444 -c "client hello, adding CID extension" \
1445 -s "found CID extension" \
1446 -s "Use of CID extension negotiated" \
1447 -s "server hello, adding CID extension" \
1448 -c "found CID extension" \
1449 -c "Use of CID extension negotiated" \
1450 -s "Copy CIDs into SSL transform" \
1451 -c "Copy CIDs into SSL transform" \
1452 -S "Use of Connection ID has been negotiated" \
1453 -C "Use of Connection ID has been negotiated"
1455 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1456 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
1457 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
1458 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
1460 -c "Enable use of CID extension." \
1461 -s "Enable use of CID extension." \
1462 -c "client hello, adding CID extension" \
1463 -s "found CID extension" \
1464 -s "Use of CID extension negotiated" \
1465 -s "server hello, adding CID extension" \
1466 -c "found CID extension" \
1467 -c "Use of CID extension negotiated" \
1468 -s "Copy CIDs into SSL transform" \
1469 -c "Copy CIDs into SSL transform" \
1470 -c "Peer CID (length 2 Bytes): de ad" \
1471 -s "Peer CID (length 2 Bytes): be ef" \
1472 -s "Use of Connection ID has been negotiated" \
1473 -c "Use of Connection ID has been negotiated"
1475 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1476 run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
1477 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1478 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
1480 -c "Enable use of CID extension." \
1481 -s "Enable use of CID extension." \
1482 -c "client hello, adding CID extension" \
1483 -s "found CID extension" \
1484 -s "Use of CID extension negotiated" \
1485 -s "server hello, adding CID extension" \
1486 -c "found CID extension" \
1487 -c "Use of CID extension negotiated" \
1488 -s "Copy CIDs into SSL transform" \
1489 -c "Copy CIDs into SSL transform" \
1490 -c "Peer CID (length 4 Bytes): de ad be ef" \
1491 -s "Peer CID (length 0 Bytes):" \
1492 -s "Use of Connection ID has been negotiated" \
1493 -c "Use of Connection ID has been negotiated"
1495 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1496 run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
1497 "$P_SRV debug_level=3 dtls=1 cid=1" \
1498 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
1500 -c "Enable use of CID extension." \
1501 -s "Enable use of CID extension." \
1502 -c "client hello, adding CID extension" \
1503 -s "found CID extension" \
1504 -s "Use of CID extension negotiated" \
1505 -s "server hello, adding CID extension" \
1506 -c "found CID extension" \
1507 -c "Use of CID extension negotiated" \
1508 -s "Copy CIDs into SSL transform" \
1509 -c "Copy CIDs into SSL transform" \
1510 -s "Peer CID (length 4 Bytes): de ad be ef" \
1511 -c "Peer CID (length 0 Bytes):" \
1512 -s "Use of Connection ID has been negotiated" \
1513 -c "Use of Connection ID has been negotiated"
1515 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1516 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
1517 "$P_SRV debug_level=3 dtls=1 cid=1" \
1518 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
1520 -c "Enable use of CID extension." \
1521 -s "Enable use of CID extension." \
1522 -c "client hello, adding CID extension" \
1523 -s "found CID extension" \
1524 -s "Use of CID extension negotiated" \
1525 -s "server hello, adding CID extension" \
1526 -c "found CID extension" \
1527 -c "Use of CID extension negotiated" \
1528 -s "Copy CIDs into SSL transform" \
1529 -c "Copy CIDs into SSL transform" \
1530 -S "Use of Connection ID has been negotiated" \
1531 -C "Use of Connection ID has been negotiated"
1533 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1534 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
1535 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
1536 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
1538 -c "Enable use of CID extension." \
1539 -s "Enable use of CID extension." \
1540 -c "client hello, adding CID extension" \
1541 -s "found CID extension" \
1542 -s "Use of CID extension negotiated" \
1543 -s "server hello, adding CID extension" \
1544 -c "found CID extension" \
1545 -c "Use of CID extension negotiated" \
1546 -s "Copy CIDs into SSL transform" \
1547 -c "Copy CIDs into SSL transform" \
1548 -c "Peer CID (length 2 Bytes): de ad" \
1549 -s "Peer CID (length 2 Bytes): be ef" \
1550 -s "Use of Connection ID has been negotiated" \
1551 -c "Use of Connection ID has been negotiated"
1553 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1554 run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
1555 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
1556 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
1558 -c "Enable use of CID extension." \
1559 -s "Enable use of CID extension." \
1560 -c "client hello, adding CID extension" \
1561 -s "found CID extension" \
1562 -s "Use of CID extension negotiated" \
1563 -s "server hello, adding CID extension" \
1564 -c "found CID extension" \
1565 -c "Use of CID extension negotiated" \
1566 -s "Copy CIDs into SSL transform" \
1567 -c "Copy CIDs into SSL transform" \
1568 -c "Peer CID (length 4 Bytes): de ad be ef" \
1569 -s "Peer CID (length 0 Bytes):" \
1570 -s "Use of Connection ID has been negotiated" \
1571 -c "Use of Connection ID has been negotiated"
1573 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1574 run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
1575 "$P_SRV debug_level=3 dtls=1 cid=1" \
1576 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
1578 -c "Enable use of CID extension." \
1579 -s "Enable use of CID extension." \
1580 -c "client hello, adding CID extension" \
1581 -s "found CID extension" \
1582 -s "Use of CID extension negotiated" \
1583 -s "server hello, adding CID extension" \
1584 -c "found CID extension" \
1585 -c "Use of CID extension negotiated" \
1586 -s "Copy CIDs into SSL transform" \
1587 -c "Copy CIDs into SSL transform" \
1588 -s "Peer CID (length 4 Bytes): de ad be ef" \
1589 -c "Peer CID (length 0 Bytes):" \
1590 -s "Use of Connection ID has been negotiated" \
1591 -c "Use of Connection ID has been negotiated"
1593 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1594 run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
1595 "$P_SRV debug_level=3 dtls=1 cid=1" \
1596 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
1598 -c "Enable use of CID extension." \
1599 -s "Enable use of CID extension." \
1600 -c "client hello, adding CID extension" \
1601 -s "found CID extension" \
1602 -s "Use of CID extension negotiated" \
1603 -s "server hello, adding CID extension" \
1604 -c "found CID extension" \
1605 -c "Use of CID extension negotiated" \
1606 -s "Copy CIDs into SSL transform" \
1607 -c "Copy CIDs into SSL transform" \
1608 -S "Use of Connection ID has been negotiated" \
1609 -C "Use of Connection ID has been negotiated"
1611 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1612 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1613 run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
1614 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
1615 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
1617 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1618 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1619 -s "(initial handshake) Use of Connection ID has been negotiated" \
1620 -c "(initial handshake) Use of Connection ID has been negotiated" \
1621 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1622 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1623 -s "(after renegotiation) Use of Connection ID has been negotiated" \
1624 -c "(after renegotiation) Use of Connection ID has been negotiated"
1626 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1627 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1628 run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
1629 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
1630 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
1632 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1633 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1634 -s "(initial handshake) Use of Connection ID has been negotiated" \
1635 -c "(initial handshake) Use of Connection ID has been negotiated" \
1636 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1637 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1638 -s "(after renegotiation) Use of Connection ID has been negotiated" \
1639 -c "(after renegotiation) Use of Connection ID has been negotiated"
1641 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1642 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1643 run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
1644 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \
1645 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
1647 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1648 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1649 -s "(initial handshake) Use of Connection ID has been negotiated" \
1650 -c "(initial handshake) Use of Connection ID has been negotiated" \
1651 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1652 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1653 -s "(after renegotiation) Use of Connection ID has been negotiated" \
1654 -c "(after renegotiation) Use of Connection ID has been negotiated"
1656 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1657 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1658 run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
1659 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
1660 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
1661 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
1663 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1664 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1665 -s "(initial handshake) Use of Connection ID has been negotiated" \
1666 -c "(initial handshake) Use of Connection ID has been negotiated" \
1667 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1668 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1669 -s "(after renegotiation) Use of Connection ID has been negotiated" \
1670 -c "(after renegotiation) Use of Connection ID has been negotiated" \
1671 -c "ignoring unexpected CID" \
1672 -s "ignoring unexpected CID"
1674 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1675 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1676 run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
1677 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
1678 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
1680 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1681 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1682 -s "(initial handshake) Use of Connection ID has been negotiated" \
1683 -c "(initial handshake) Use of Connection ID has been negotiated" \
1684 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1685 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1686 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1687 -S "(after renegotiation) Use of Connection ID has been negotiated"
1689 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1690 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1691 run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
1692 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
1693 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
1695 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1696 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1697 -s "(initial handshake) Use of Connection ID has been negotiated" \
1698 -c "(initial handshake) Use of Connection ID has been negotiated" \
1699 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1700 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1701 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1702 -S "(after renegotiation) Use of Connection ID has been negotiated"
1704 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1705 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1706 run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
1707 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
1708 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
1709 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
1711 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1712 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1713 -s "(initial handshake) Use of Connection ID has been negotiated" \
1714 -c "(initial handshake) Use of Connection ID has been negotiated" \
1715 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1716 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1717 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1718 -S "(after renegotiation) Use of Connection ID has been negotiated" \
1719 -c "ignoring unexpected CID" \
1720 -s "ignoring unexpected CID"
1722 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1723 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1724 run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
1725 "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
1726 "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
1728 -S "(initial handshake) Use of Connection ID has been negotiated" \
1729 -C "(initial handshake) Use of Connection ID has been negotiated" \
1730 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1731 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1732 -c "(after renegotiation) Use of Connection ID has been negotiated" \
1733 -s "(after renegotiation) Use of Connection ID has been negotiated"
1735 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1736 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1737 run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
1738 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
1739 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
1741 -S "(initial handshake) Use of Connection ID has been negotiated" \
1742 -C "(initial handshake) Use of Connection ID has been negotiated" \
1743 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1744 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1745 -c "(after renegotiation) Use of Connection ID has been negotiated" \
1746 -s "(after renegotiation) Use of Connection ID has been negotiated"
1748 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1749 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1750 run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
1751 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
1752 "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
1753 "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
1755 -S "(initial handshake) Use of Connection ID has been negotiated" \
1756 -C "(initial handshake) Use of Connection ID has been negotiated" \
1757 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1758 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1759 -c "(after renegotiation) Use of Connection ID has been negotiated" \
1760 -s "(after renegotiation) Use of Connection ID has been negotiated" \
1761 -c "ignoring unexpected CID" \
1762 -s "ignoring unexpected CID"
1764 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1765 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1766 run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
1767 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
1768 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
1770 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1771 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1772 -s "(initial handshake) Use of Connection ID has been negotiated" \
1773 -c "(initial handshake) Use of Connection ID has been negotiated" \
1774 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1775 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1776 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1777 -S "(after renegotiation) Use of Connection ID has been negotiated" \
1778 -s "(after renegotiation) Use of Connection ID was not offered by client"
1780 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1781 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1782 run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
1783 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
1784 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
1785 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
1787 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1788 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1789 -s "(initial handshake) Use of Connection ID has been negotiated" \
1790 -c "(initial handshake) Use of Connection ID has been negotiated" \
1791 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1792 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1793 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1794 -S "(after renegotiation) Use of Connection ID has been negotiated" \
1795 -s "(after renegotiation) Use of Connection ID was not offered by client" \
1796 -c "ignoring unexpected CID" \
1797 -s "ignoring unexpected CID"
1799 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1800 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1801 run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
1802 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
1803 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
1805 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1806 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1807 -s "(initial handshake) Use of Connection ID has been negotiated" \
1808 -c "(initial handshake) Use of Connection ID has been negotiated" \
1809 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1810 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1811 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1812 -S "(after renegotiation) Use of Connection ID has been negotiated" \
1813 -c "(after renegotiation) Use of Connection ID was rejected by the server"
1815 requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
1816 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
1817 run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
1818 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
1819 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
1820 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
1822 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
1823 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
1824 -s "(initial handshake) Use of Connection ID has been negotiated" \
1825 -c "(initial handshake) Use of Connection ID has been negotiated" \
1826 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
1827 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
1828 -C "(after renegotiation) Use of Connection ID has been negotiated" \
1829 -S "(after renegotiation) Use of Connection ID has been negotiated" \
1830 -c "(after renegotiation) Use of Connection ID was rejected by the server" \
1831 -c "ignoring unexpected CID" \
1832 -s "ignoring unexpected CID"
1834 # Tests for Encrypt-then-MAC extension
1836 run_test "Encrypt then MAC: default" \
1837 "$P_SRV debug_level=3 \
1838 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1839 "$P_CLI debug_level=3" \
1841 -c "client hello, adding encrypt_then_mac extension" \
1842 -s "found encrypt then mac extension" \
1843 -s "server hello, adding encrypt then mac extension" \
1844 -c "found encrypt_then_mac extension" \
1845 -c "using encrypt then mac" \
1846 -s "using encrypt then mac"
1848 run_test "Encrypt then MAC: client enabled, server disabled" \
1849 "$P_SRV debug_level=3 etm=0 \
1850 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1851 "$P_CLI debug_level=3 etm=1" \
1853 -c "client hello, adding encrypt_then_mac extension" \
1854 -s "found encrypt then mac extension" \
1855 -S "server hello, adding encrypt then mac extension" \
1856 -C "found encrypt_then_mac extension" \
1857 -C "using encrypt then mac" \
1858 -S "using encrypt then mac"
1860 run_test "Encrypt then MAC: client enabled, aead cipher" \
1861 "$P_SRV debug_level=3 etm=1 \
1862 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \
1863 "$P_CLI debug_level=3 etm=1" \
1865 -c "client hello, adding encrypt_then_mac extension" \
1866 -s "found encrypt then mac extension" \
1867 -S "server hello, adding encrypt then mac extension" \
1868 -C "found encrypt_then_mac extension" \
1869 -C "using encrypt then mac" \
1870 -S "using encrypt then mac"
1872 run_test "Encrypt then MAC: client enabled, stream cipher" \
1873 "$P_SRV debug_level=3 etm=1 \
1874 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1875 "$P_CLI debug_level=3 etm=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1877 -c "client hello, adding encrypt_then_mac extension" \
1878 -s "found encrypt then mac extension" \
1879 -S "server hello, adding encrypt then mac extension" \
1880 -C "found encrypt_then_mac extension" \
1881 -C "using encrypt then mac" \
1882 -S "using encrypt then mac"
1884 run_test "Encrypt then MAC: client disabled, server enabled" \
1885 "$P_SRV debug_level=3 etm=1 \
1886 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1887 "$P_CLI debug_level=3 etm=0" \
1889 -C "client hello, adding encrypt_then_mac extension" \
1890 -S "found encrypt then mac extension" \
1891 -S "server hello, adding encrypt then mac extension" \
1892 -C "found encrypt_then_mac extension" \
1893 -C "using encrypt then mac" \
1894 -S "using encrypt then mac"
1896 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
1897 run_test "Encrypt then MAC: client SSLv3, server enabled" \
1898 "$P_SRV debug_level=3 min_version=ssl3 \
1899 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1900 "$P_CLI debug_level=3 force_version=ssl3" \
1902 -C "client hello, adding encrypt_then_mac extension" \
1903 -S "found encrypt then mac extension" \
1904 -S "server hello, adding encrypt then mac extension" \
1905 -C "found encrypt_then_mac extension" \
1906 -C "using encrypt then mac" \
1907 -S "using encrypt then mac"
1909 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
1910 run_test "Encrypt then MAC: client enabled, server SSLv3" \
1911 "$P_SRV debug_level=3 force_version=ssl3 \
1912 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1913 "$P_CLI debug_level=3 min_version=ssl3" \
1915 -c "client hello, adding encrypt_then_mac extension" \
1916 -S "found encrypt then mac extension" \
1917 -S "server hello, adding encrypt then mac extension" \
1918 -C "found encrypt_then_mac extension" \
1919 -C "using encrypt then mac" \
1920 -S "using encrypt then mac"
1922 # Tests for Extended Master Secret extension
1924 run_test "Extended Master Secret: default" \
1925 "$P_SRV debug_level=3" \
1926 "$P_CLI debug_level=3" \
1928 -c "client hello, adding extended_master_secret extension" \
1929 -s "found extended master secret extension" \
1930 -s "server hello, adding extended master secret extension" \
1931 -c "found extended_master_secret extension" \
1932 -c "using extended master secret" \
1933 -s "using extended master secret"
1935 run_test "Extended Master Secret: client enabled, server disabled" \
1936 "$P_SRV debug_level=3 extended_ms=0" \
1937 "$P_CLI debug_level=3 extended_ms=1" \
1939 -c "client hello, adding extended_master_secret extension" \
1940 -s "found extended master secret extension" \
1941 -S "server hello, adding extended master secret extension" \
1942 -C "found extended_master_secret extension" \
1943 -C "using extended master secret" \
1944 -S "using extended master secret"
1946 run_test "Extended Master Secret: client disabled, server enabled" \
1947 "$P_SRV debug_level=3 extended_ms=1" \
1948 "$P_CLI debug_level=3 extended_ms=0" \
1950 -C "client hello, adding extended_master_secret extension" \
1951 -S "found extended master secret extension" \
1952 -S "server hello, adding extended master secret extension" \
1953 -C "found extended_master_secret extension" \
1954 -C "using extended master secret" \
1955 -S "using extended master secret"
1957 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
1958 run_test "Extended Master Secret: client SSLv3, server enabled" \
1959 "$P_SRV debug_level=3 min_version=ssl3" \
1960 "$P_CLI debug_level=3 force_version=ssl3" \
1962 -C "client hello, adding extended_master_secret extension" \
1963 -S "found extended master secret extension" \
1964 -S "server hello, adding extended master secret extension" \
1965 -C "found extended_master_secret extension" \
1966 -C "using extended master secret" \
1967 -S "using extended master secret"
1969 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
1970 run_test "Extended Master Secret: client enabled, server SSLv3" \
1971 "$P_SRV debug_level=3 force_version=ssl3" \
1972 "$P_CLI debug_level=3 min_version=ssl3" \
1974 -c "client hello, adding extended_master_secret extension" \
1975 -S "found extended master secret extension" \
1976 -S "server hello, adding extended master secret extension" \
1977 -C "found extended_master_secret extension" \
1978 -C "using extended master secret" \
1979 -S "using extended master secret"
1981 # Tests for FALLBACK_SCSV
1983 run_test "Fallback SCSV: default" \
1984 "$P_SRV debug_level=2" \
1985 "$P_CLI debug_level=3 force_version=tls1_1" \
1987 -C "adding FALLBACK_SCSV" \
1988 -S "received FALLBACK_SCSV" \
1989 -S "inapropriate fallback" \
1990 -C "is a fatal alert message (msg 86)"
1992 run_test "Fallback SCSV: explicitly disabled" \
1993 "$P_SRV debug_level=2" \
1994 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
1996 -C "adding FALLBACK_SCSV" \
1997 -S "received FALLBACK_SCSV" \
1998 -S "inapropriate fallback" \
1999 -C "is a fatal alert message (msg 86)"
2001 run_test "Fallback SCSV: enabled" \
2002 "$P_SRV debug_level=2" \
2003 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
2005 -c "adding FALLBACK_SCSV" \
2006 -s "received FALLBACK_SCSV" \
2007 -s "inapropriate fallback" \
2008 -c "is a fatal alert message (msg 86)"
2010 run_test "Fallback SCSV: enabled, max version" \
2011 "$P_SRV debug_level=2" \
2012 "$P_CLI debug_level=3 fallback=1" \
2014 -c "adding FALLBACK_SCSV" \
2015 -s "received FALLBACK_SCSV" \
2016 -S "inapropriate fallback" \
2017 -C "is a fatal alert message (msg 86)"
2019 requires_openssl_with_fallback_scsv
2020 run_test "Fallback SCSV: default, openssl server" \
2022 "$P_CLI debug_level=3 force_version=tls1_1 fallback=0" \
2024 -C "adding FALLBACK_SCSV" \
2025 -C "is a fatal alert message (msg 86)"
2027 requires_openssl_with_fallback_scsv
2028 run_test "Fallback SCSV: enabled, openssl server" \
2030 "$P_CLI debug_level=3 force_version=tls1_1 fallback=1" \
2032 -c "adding FALLBACK_SCSV" \
2033 -c "is a fatal alert message (msg 86)"
2035 requires_openssl_with_fallback_scsv
2036 run_test "Fallback SCSV: disabled, openssl client" \
2037 "$P_SRV debug_level=2" \
2040 -S "received FALLBACK_SCSV" \
2041 -S "inapropriate fallback"
2043 requires_openssl_with_fallback_scsv
2044 run_test "Fallback SCSV: enabled, openssl client" \
2045 "$P_SRV debug_level=2" \
2046 "$O_CLI -tls1_1 -fallback_scsv" \
2048 -s "received FALLBACK_SCSV" \
2049 -s "inapropriate fallback"
2051 requires_openssl_with_fallback_scsv
2052 run_test "Fallback SCSV: enabled, max version, openssl client" \
2053 "$P_SRV debug_level=2" \
2054 "$O_CLI -fallback_scsv" \
2056 -s "received FALLBACK_SCSV" \
2057 -S "inapropriate fallback"
2059 # Test sending and receiving empty application data records
2061 run_test "Encrypt then MAC: empty application data record" \
2062 "$P_SRV auth_mode=none debug_level=4 etm=1" \
2063 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
2065 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
2066 -s "dumping 'input payload after decrypt' (0 bytes)" \
2067 -c "0 bytes written in 1 fragments"
2069 run_test "Default, no Encrypt then MAC: empty application data record" \
2070 "$P_SRV auth_mode=none debug_level=4 etm=0" \
2071 "$P_CLI auth_mode=none etm=0 request_size=0" \
2073 -s "dumping 'input payload after decrypt' (0 bytes)" \
2074 -c "0 bytes written in 1 fragments"
2076 run_test "Encrypt then MAC, DTLS: empty application data record" \
2077 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
2078 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
2080 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
2081 -s "dumping 'input payload after decrypt' (0 bytes)" \
2082 -c "0 bytes written in 1 fragments"
2084 run_test "Default, no Encrypt then MAC, DTLS: empty application data record" \
2085 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
2086 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
2088 -s "dumping 'input payload after decrypt' (0 bytes)" \
2089 -c "0 bytes written in 1 fragments"
2091 ## ClientHello generated with
2092 ## "openssl s_client -CAfile tests/data_files/test-ca.crt -tls1_1 -connect localhost:4433 -cipher ..."
2093 ## then manually twiddling the ciphersuite list.
2094 ## The ClientHello content is spelled out below as a hex string as
2095 ## "prefix ciphersuite1 ciphersuite2 ciphersuite3 ciphersuite4 suffix".
2096 ## The expected response is an inappropriate_fallback alert.
2097 requires_openssl_with_fallback_scsv
2098 run_test "Fallback SCSV: beginning of list" \
2099 "$P_SRV debug_level=2" \
2100 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 5600 0031 0032 0033 0100000900230000000f000101' '15030200020256'" \
2102 -s "received FALLBACK_SCSV" \
2103 -s "inapropriate fallback"
2105 requires_openssl_with_fallback_scsv
2106 run_test "Fallback SCSV: end of list" \
2107 "$P_SRV debug_level=2" \
2108 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0031 0032 0033 5600 0100000900230000000f000101' '15030200020256'" \
2110 -s "received FALLBACK_SCSV" \
2111 -s "inapropriate fallback"
2113 ## Here the expected response is a valid ServerHello prefix, up to the random.
2114 requires_openssl_with_fallback_scsv
2115 run_test "Fallback SCSV: not in list" \
2116 "$P_SRV debug_level=2" \
2117 "$TCP_CLIENT localhost $SRV_PORT '160301003e0100003a03022aafb94308dc22ca1086c65acc00e414384d76b61ecab37df1633b1ae1034dbe000008 0056 0031 0032 0033 0100000900230000000f000101' '16030200300200002c0302'" \
2119 -S "received FALLBACK_SCSV" \
2120 -S "inapropriate fallback"
2122 # Tests for CBC 1/n-1 record splitting
2124 run_test "CBC Record splitting: TLS 1.2, no splitting" \
2126 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2127 request_size=123 force_version=tls1_2" \
2129 -s "Read from client: 123 bytes read" \
2130 -S "Read from client: 1 bytes read" \
2133 run_test "CBC Record splitting: TLS 1.1, no splitting" \
2135 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2136 request_size=123 force_version=tls1_1" \
2138 -s "Read from client: 123 bytes read" \
2139 -S "Read from client: 1 bytes read" \
2142 run_test "CBC Record splitting: TLS 1.0, splitting" \
2144 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2145 request_size=123 force_version=tls1" \
2147 -S "Read from client: 123 bytes read" \
2148 -s "Read from client: 1 bytes read" \
2151 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
2152 run_test "CBC Record splitting: SSLv3, splitting" \
2153 "$P_SRV min_version=ssl3" \
2154 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2155 request_size=123 force_version=ssl3" \
2157 -S "Read from client: 123 bytes read" \
2158 -s "Read from client: 1 bytes read" \
2161 run_test "CBC Record splitting: TLS 1.0 RC4, no splitting" \
2162 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
2163 "$P_CLI force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
2164 request_size=123 force_version=tls1" \
2166 -s "Read from client: 123 bytes read" \
2167 -S "Read from client: 1 bytes read" \
2170 run_test "CBC Record splitting: TLS 1.0, splitting disabled" \
2172 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2173 request_size=123 force_version=tls1 recsplit=0" \
2175 -s "Read from client: 123 bytes read" \
2176 -S "Read from client: 1 bytes read" \
2179 run_test "CBC Record splitting: TLS 1.0, splitting, nbio" \
2181 "$P_CLI nbio=2 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \
2182 request_size=123 force_version=tls1" \
2184 -S "Read from client: 123 bytes read" \
2185 -s "Read from client: 1 bytes read" \
2188 # Tests for Session Tickets
2190 run_test "Session resume using tickets: basic" \
2191 "$P_SRV debug_level=3 tickets=1" \
2192 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
2194 -c "client hello, adding session ticket extension" \
2195 -s "found session ticket extension" \
2196 -s "server hello, adding session ticket extension" \
2197 -c "found session_ticket extension" \
2198 -c "parse new session ticket" \
2199 -S "session successfully restored from cache" \
2200 -s "session successfully restored from ticket" \
2201 -s "a session has been resumed" \
2202 -c "a session has been resumed"
2204 run_test "Session resume using tickets: cache disabled" \
2205 "$P_SRV debug_level=3 tickets=1 cache_max=0" \
2206 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
2208 -c "client hello, adding session ticket extension" \
2209 -s "found session ticket extension" \
2210 -s "server hello, adding session ticket extension" \
2211 -c "found session_ticket extension" \
2212 -c "parse new session ticket" \
2213 -S "session successfully restored from cache" \
2214 -s "session successfully restored from ticket" \
2215 -s "a session has been resumed" \
2216 -c "a session has been resumed"
2218 run_test "Session resume using tickets: timeout" \
2219 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
2220 "$P_CLI debug_level=3 tickets=1 reconnect=1 reco_delay=2" \
2222 -c "client hello, adding session ticket extension" \
2223 -s "found session ticket extension" \
2224 -s "server hello, adding session ticket extension" \
2225 -c "found session_ticket extension" \
2226 -c "parse new session ticket" \
2227 -S "session successfully restored from cache" \
2228 -S "session successfully restored from ticket" \
2229 -S "a session has been resumed" \
2230 -C "a session has been resumed"
2232 run_test "Session resume using tickets: openssl server" \
2234 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
2236 -c "client hello, adding session ticket extension" \
2237 -c "found session_ticket extension" \
2238 -c "parse new session ticket" \
2239 -c "a session has been resumed"
2241 run_test "Session resume using tickets: openssl client" \
2242 "$P_SRV debug_level=3 tickets=1" \
2243 "( $O_CLI -sess_out $SESSION; \
2244 $O_CLI -sess_in $SESSION; \
2247 -s "found session ticket extension" \
2248 -s "server hello, adding session ticket extension" \
2249 -S "session successfully restored from cache" \
2250 -s "session successfully restored from ticket" \
2251 -s "a session has been resumed"
2253 # Tests for Session Tickets with DTLS
2255 run_test "Session resume using tickets, DTLS: basic" \
2256 "$P_SRV debug_level=3 dtls=1 tickets=1" \
2257 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
2259 -c "client hello, adding session ticket extension" \
2260 -s "found session ticket extension" \
2261 -s "server hello, adding session ticket extension" \
2262 -c "found session_ticket extension" \
2263 -c "parse new session ticket" \
2264 -S "session successfully restored from cache" \
2265 -s "session successfully restored from ticket" \
2266 -s "a session has been resumed" \
2267 -c "a session has been resumed"
2269 run_test "Session resume using tickets, DTLS: cache disabled" \
2270 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
2271 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1" \
2273 -c "client hello, adding session ticket extension" \
2274 -s "found session ticket extension" \
2275 -s "server hello, adding session ticket extension" \
2276 -c "found session_ticket extension" \
2277 -c "parse new session ticket" \
2278 -S "session successfully restored from cache" \
2279 -s "session successfully restored from ticket" \
2280 -s "a session has been resumed" \
2281 -c "a session has been resumed"
2283 run_test "Session resume using tickets, DTLS: timeout" \
2284 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
2285 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 reco_delay=2" \
2287 -c "client hello, adding session ticket extension" \
2288 -s "found session ticket extension" \
2289 -s "server hello, adding session ticket extension" \
2290 -c "found session_ticket extension" \
2291 -c "parse new session ticket" \
2292 -S "session successfully restored from cache" \
2293 -S "session successfully restored from ticket" \
2294 -S "a session has been resumed" \
2295 -C "a session has been resumed"
2297 run_test "Session resume using tickets, DTLS: openssl server" \
2299 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
2301 -c "client hello, adding session ticket extension" \
2302 -c "found session_ticket extension" \
2303 -c "parse new session ticket" \
2304 -c "a session has been resumed"
2306 run_test "Session resume using tickets, DTLS: openssl client" \
2307 "$P_SRV dtls=1 debug_level=3 tickets=1" \
2308 "( $O_CLI -dtls1 -sess_out $SESSION; \
2309 $O_CLI -dtls1 -sess_in $SESSION; \
2312 -s "found session ticket extension" \
2313 -s "server hello, adding session ticket extension" \
2314 -S "session successfully restored from cache" \
2315 -s "session successfully restored from ticket" \
2316 -s "a session has been resumed"
2318 # Tests for Session Resume based on session-ID and cache
2320 run_test "Session resume using cache: tickets enabled on client" \
2321 "$P_SRV debug_level=3 tickets=0" \
2322 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
2324 -c "client hello, adding session ticket extension" \
2325 -s "found session ticket extension" \
2326 -S "server hello, adding session ticket extension" \
2327 -C "found session_ticket extension" \
2328 -C "parse new session ticket" \
2329 -s "session successfully restored from cache" \
2330 -S "session successfully restored from ticket" \
2331 -s "a session has been resumed" \
2332 -c "a session has been resumed"
2334 run_test "Session resume using cache: tickets enabled on server" \
2335 "$P_SRV debug_level=3 tickets=1" \
2336 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
2338 -C "client hello, adding session ticket extension" \
2339 -S "found session ticket extension" \
2340 -S "server hello, adding session ticket extension" \
2341 -C "found session_ticket extension" \
2342 -C "parse new session ticket" \
2343 -s "session successfully restored from cache" \
2344 -S "session successfully restored from ticket" \
2345 -s "a session has been resumed" \
2346 -c "a session has been resumed"
2348 run_test "Session resume using cache: cache_max=0" \
2349 "$P_SRV debug_level=3 tickets=0 cache_max=0" \
2350 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
2352 -S "session successfully restored from cache" \
2353 -S "session successfully restored from ticket" \
2354 -S "a session has been resumed" \
2355 -C "a session has been resumed"
2357 run_test "Session resume using cache: cache_max=1" \
2358 "$P_SRV debug_level=3 tickets=0 cache_max=1" \
2359 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
2361 -s "session successfully restored from cache" \
2362 -S "session successfully restored from ticket" \
2363 -s "a session has been resumed" \
2364 -c "a session has been resumed"
2366 run_test "Session resume using cache: timeout > delay" \
2367 "$P_SRV debug_level=3 tickets=0" \
2368 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
2370 -s "session successfully restored from cache" \
2371 -S "session successfully restored from ticket" \
2372 -s "a session has been resumed" \
2373 -c "a session has been resumed"
2375 run_test "Session resume using cache: timeout < delay" \
2376 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
2377 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
2379 -S "session successfully restored from cache" \
2380 -S "session successfully restored from ticket" \
2381 -S "a session has been resumed" \
2382 -C "a session has been resumed"
2384 run_test "Session resume using cache: no timeout" \
2385 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
2386 "$P_CLI debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
2388 -s "session successfully restored from cache" \
2389 -S "session successfully restored from ticket" \
2390 -s "a session has been resumed" \
2391 -c "a session has been resumed"
2393 run_test "Session resume using cache: openssl client" \
2394 "$P_SRV debug_level=3 tickets=0" \
2395 "( $O_CLI -sess_out $SESSION; \
2396 $O_CLI -sess_in $SESSION; \
2399 -s "found session ticket extension" \
2400 -S "server hello, adding session ticket extension" \
2401 -s "session successfully restored from cache" \
2402 -S "session successfully restored from ticket" \
2403 -s "a session has been resumed"
2405 run_test "Session resume using cache: openssl server" \
2407 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
2409 -C "found session_ticket extension" \
2410 -C "parse new session ticket" \
2411 -c "a session has been resumed"
2413 # Tests for Session Resume based on session-ID and cache, DTLS
2415 run_test "Session resume using cache, DTLS: tickets enabled on client" \
2416 "$P_SRV dtls=1 debug_level=3 tickets=0" \
2417 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
2419 -c "client hello, adding session ticket extension" \
2420 -s "found session ticket extension" \
2421 -S "server hello, adding session ticket extension" \
2422 -C "found session_ticket extension" \
2423 -C "parse new session ticket" \
2424 -s "session successfully restored from cache" \
2425 -S "session successfully restored from ticket" \
2426 -s "a session has been resumed" \
2427 -c "a session has been resumed"
2429 run_test "Session resume using cache, DTLS: tickets enabled on server" \
2430 "$P_SRV dtls=1 debug_level=3 tickets=1" \
2431 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
2433 -C "client hello, adding session ticket extension" \
2434 -S "found session ticket extension" \
2435 -S "server hello, adding session ticket extension" \
2436 -C "found session_ticket extension" \
2437 -C "parse new session ticket" \
2438 -s "session successfully restored from cache" \
2439 -S "session successfully restored from ticket" \
2440 -s "a session has been resumed" \
2441 -c "a session has been resumed"
2443 run_test "Session resume using cache, DTLS: cache_max=0" \
2444 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
2445 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
2447 -S "session successfully restored from cache" \
2448 -S "session successfully restored from ticket" \
2449 -S "a session has been resumed" \
2450 -C "a session has been resumed"
2452 run_test "Session resume using cache, DTLS: cache_max=1" \
2453 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
2454 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
2456 -s "session successfully restored from cache" \
2457 -S "session successfully restored from ticket" \
2458 -s "a session has been resumed" \
2459 -c "a session has been resumed"
2461 run_test "Session resume using cache, DTLS: timeout > delay" \
2462 "$P_SRV dtls=1 debug_level=3 tickets=0" \
2463 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
2465 -s "session successfully restored from cache" \
2466 -S "session successfully restored from ticket" \
2467 -s "a session has been resumed" \
2468 -c "a session has been resumed"
2470 run_test "Session resume using cache, DTLS: timeout < delay" \
2471 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
2472 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
2474 -S "session successfully restored from cache" \
2475 -S "session successfully restored from ticket" \
2476 -S "a session has been resumed" \
2477 -C "a session has been resumed"
2479 run_test "Session resume using cache, DTLS: no timeout" \
2480 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
2481 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 reco_delay=2" \
2483 -s "session successfully restored from cache" \
2484 -S "session successfully restored from ticket" \
2485 -s "a session has been resumed" \
2486 -c "a session has been resumed"
2488 run_test "Session resume using cache, DTLS: openssl client" \
2489 "$P_SRV dtls=1 debug_level=3 tickets=0" \
2490 "( $O_CLI -dtls1 -sess_out $SESSION; \
2491 $O_CLI -dtls1 -sess_in $SESSION; \
2494 -s "found session ticket extension" \
2495 -S "server hello, adding session ticket extension" \
2496 -s "session successfully restored from cache" \
2497 -S "session successfully restored from ticket" \
2498 -s "a session has been resumed"
2500 run_test "Session resume using cache, DTLS: openssl server" \
2502 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
2504 -C "found session_ticket extension" \
2505 -C "parse new session ticket" \
2506 -c "a session has been resumed"
2508 # Tests for Max Fragment Length extension
2510 if [ "$MAX_CONTENT_LEN" -lt "4096" ]; then
2511 printf "${CONFIG_H} defines MBEDTLS_SSL_MAX_CONTENT_LEN to be less than 4096. Fragment length tests will fail.\n"
2515 if [ $MAX_CONTENT_LEN -ne 16384 ]; then
2516 printf "Using non-default maximum content length $MAX_CONTENT_LEN\n"
2519 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2520 run_test "Max fragment length: enabled, default" \
2521 "$P_SRV debug_level=3" \
2522 "$P_CLI debug_level=3" \
2524 -c "Maximum fragment length is $MAX_CONTENT_LEN" \
2525 -s "Maximum fragment length is $MAX_CONTENT_LEN" \
2526 -C "client hello, adding max_fragment_length extension" \
2527 -S "found max fragment length extension" \
2528 -S "server hello, max_fragment_length extension" \
2529 -C "found max_fragment_length extension"
2531 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2532 run_test "Max fragment length: enabled, default, larger message" \
2533 "$P_SRV debug_level=3" \
2534 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
2536 -c "Maximum fragment length is $MAX_CONTENT_LEN" \
2537 -s "Maximum fragment length is $MAX_CONTENT_LEN" \
2538 -C "client hello, adding max_fragment_length extension" \
2539 -S "found max fragment length extension" \
2540 -S "server hello, max_fragment_length extension" \
2541 -C "found max_fragment_length extension" \
2542 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
2543 -s "$MAX_CONTENT_LEN bytes read" \
2546 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2547 run_test "Max fragment length, DTLS: enabled, default, larger message" \
2548 "$P_SRV debug_level=3 dtls=1" \
2549 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
2551 -c "Maximum fragment length is $MAX_CONTENT_LEN" \
2552 -s "Maximum fragment length is $MAX_CONTENT_LEN" \
2553 -C "client hello, adding max_fragment_length extension" \
2554 -S "found max fragment length extension" \
2555 -S "server hello, max_fragment_length extension" \
2556 -C "found max_fragment_length extension" \
2557 -c "fragment larger than.*maximum "
2559 # Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
2560 # (session fragment length will be 16384 regardless of mbedtls
2561 # content length configuration.)
2563 requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2564 run_test "Max fragment length: disabled, larger message" \
2565 "$P_SRV debug_level=3" \
2566 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
2568 -C "Maximum fragment length is 16384" \
2569 -S "Maximum fragment length is 16384" \
2570 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
2571 -s "$MAX_CONTENT_LEN bytes read" \
2574 requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2575 run_test "Max fragment length DTLS: disabled, larger message" \
2576 "$P_SRV debug_level=3 dtls=1" \
2577 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
2579 -C "Maximum fragment length is 16384" \
2580 -S "Maximum fragment length is 16384" \
2581 -c "fragment larger than.*maximum "
2583 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2584 run_test "Max fragment length: used by client" \
2585 "$P_SRV debug_level=3" \
2586 "$P_CLI debug_level=3 max_frag_len=4096" \
2588 -c "Maximum fragment length is 4096" \
2589 -s "Maximum fragment length is 4096" \
2590 -c "client hello, adding max_fragment_length extension" \
2591 -s "found max fragment length extension" \
2592 -s "server hello, max_fragment_length extension" \
2593 -c "found max_fragment_length extension"
2595 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2596 run_test "Max fragment length: used by server" \
2597 "$P_SRV debug_level=3 max_frag_len=4096" \
2598 "$P_CLI debug_level=3" \
2600 -c "Maximum fragment length is $MAX_CONTENT_LEN" \
2601 -s "Maximum fragment length is 4096" \
2602 -C "client hello, adding max_fragment_length extension" \
2603 -S "found max fragment length extension" \
2604 -S "server hello, max_fragment_length extension" \
2605 -C "found max_fragment_length extension"
2607 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2609 run_test "Max fragment length: gnutls server" \
2611 "$P_CLI debug_level=3 max_frag_len=4096" \
2613 -c "Maximum fragment length is 4096" \
2614 -c "client hello, adding max_fragment_length extension" \
2615 -c "found max_fragment_length extension"
2617 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2618 run_test "Max fragment length: client, message just fits" \
2619 "$P_SRV debug_level=3" \
2620 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \
2622 -c "Maximum fragment length is 2048" \
2623 -s "Maximum fragment length is 2048" \
2624 -c "client hello, adding max_fragment_length extension" \
2625 -s "found max fragment length extension" \
2626 -s "server hello, max_fragment_length extension" \
2627 -c "found max_fragment_length extension" \
2628 -c "2048 bytes written in 1 fragments" \
2629 -s "2048 bytes read"
2631 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2632 run_test "Max fragment length: client, larger message" \
2633 "$P_SRV debug_level=3" \
2634 "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \
2636 -c "Maximum fragment length is 2048" \
2637 -s "Maximum fragment length is 2048" \
2638 -c "client hello, adding max_fragment_length extension" \
2639 -s "found max fragment length extension" \
2640 -s "server hello, max_fragment_length extension" \
2641 -c "found max_fragment_length extension" \
2642 -c "2345 bytes written in 2 fragments" \
2643 -s "2048 bytes read" \
2646 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
2647 run_test "Max fragment length: DTLS client, larger message" \
2648 "$P_SRV debug_level=3 dtls=1" \
2649 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
2651 -c "Maximum fragment length is 2048" \
2652 -s "Maximum fragment length is 2048" \
2653 -c "client hello, adding max_fragment_length extension" \
2654 -s "found max fragment length extension" \
2655 -s "server hello, max_fragment_length extension" \
2656 -c "found max_fragment_length extension" \
2657 -c "fragment larger than.*maximum"
2659 # Tests for renegotiation
2661 # Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
2662 run_test "Renegotiation: none, for reference" \
2663 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
2664 "$P_CLI debug_level=3 exchanges=2" \
2666 -C "client hello, adding renegotiation extension" \
2667 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2668 -S "found renegotiation extension" \
2669 -s "server hello, secure renegotiation extension" \
2670 -c "found renegotiation extension" \
2671 -C "=> renegotiate" \
2672 -S "=> renegotiate" \
2673 -S "write hello request"
2675 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2676 run_test "Renegotiation: client-initiated" \
2677 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
2678 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
2680 -c "client hello, adding renegotiation extension" \
2681 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2682 -s "found renegotiation extension" \
2683 -s "server hello, secure renegotiation extension" \
2684 -c "found renegotiation extension" \
2685 -c "=> renegotiate" \
2686 -s "=> renegotiate" \
2687 -S "write hello request"
2689 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2690 run_test "Renegotiation: server-initiated" \
2691 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
2692 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
2694 -c "client hello, adding renegotiation extension" \
2695 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2696 -s "found renegotiation extension" \
2697 -s "server hello, secure renegotiation extension" \
2698 -c "found renegotiation extension" \
2699 -c "=> renegotiate" \
2700 -s "=> renegotiate" \
2701 -s "write hello request"
2703 # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
2704 # the server did not parse the Signature Algorithm extension. This test is valid only if an MD
2705 # algorithm stronger than SHA-1 is enabled in config.h
2706 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2707 run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
2708 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
2709 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
2711 -c "client hello, adding renegotiation extension" \
2712 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2713 -s "found renegotiation extension" \
2714 -s "server hello, secure renegotiation extension" \
2715 -c "found renegotiation extension" \
2716 -c "=> renegotiate" \
2717 -s "=> renegotiate" \
2718 -S "write hello request" \
2719 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
2721 # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
2722 # the server did not parse the Signature Algorithm extension. This test is valid only if an MD
2723 # algorithm stronger than SHA-1 is enabled in config.h
2724 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2725 run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
2726 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
2727 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
2729 -c "client hello, adding renegotiation extension" \
2730 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2731 -s "found renegotiation extension" \
2732 -s "server hello, secure renegotiation extension" \
2733 -c "found renegotiation extension" \
2734 -c "=> renegotiate" \
2735 -s "=> renegotiate" \
2736 -s "write hello request" \
2737 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
2739 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2740 run_test "Renegotiation: double" \
2741 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
2742 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
2744 -c "client hello, adding renegotiation extension" \
2745 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2746 -s "found renegotiation extension" \
2747 -s "server hello, secure renegotiation extension" \
2748 -c "found renegotiation extension" \
2749 -c "=> renegotiate" \
2750 -s "=> renegotiate" \
2751 -s "write hello request"
2753 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2754 run_test "Renegotiation: client-initiated, server-rejected" \
2755 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
2756 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
2758 -c "client hello, adding renegotiation extension" \
2759 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2760 -S "found renegotiation extension" \
2761 -s "server hello, secure renegotiation extension" \
2762 -c "found renegotiation extension" \
2763 -c "=> renegotiate" \
2764 -S "=> renegotiate" \
2765 -S "write hello request" \
2766 -c "SSL - Unexpected message at ServerHello in renegotiation" \
2769 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2770 run_test "Renegotiation: server-initiated, client-rejected, default" \
2771 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
2772 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
2774 -C "client hello, adding renegotiation extension" \
2775 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2776 -S "found renegotiation extension" \
2777 -s "server hello, secure renegotiation extension" \
2778 -c "found renegotiation extension" \
2779 -C "=> renegotiate" \
2780 -S "=> renegotiate" \
2781 -s "write hello request" \
2782 -S "SSL - An unexpected message was received from our peer" \
2785 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2786 run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
2787 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
2788 renego_delay=-1 auth_mode=optional" \
2789 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
2791 -C "client hello, adding renegotiation extension" \
2792 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2793 -S "found renegotiation extension" \
2794 -s "server hello, secure renegotiation extension" \
2795 -c "found renegotiation extension" \
2796 -C "=> renegotiate" \
2797 -S "=> renegotiate" \
2798 -s "write hello request" \
2799 -S "SSL - An unexpected message was received from our peer" \
2802 # delay 2 for 1 alert record + 1 application data record
2803 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2804 run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
2805 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
2806 renego_delay=2 auth_mode=optional" \
2807 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
2809 -C "client hello, adding renegotiation extension" \
2810 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2811 -S "found renegotiation extension" \
2812 -s "server hello, secure renegotiation extension" \
2813 -c "found renegotiation extension" \
2814 -C "=> renegotiate" \
2815 -S "=> renegotiate" \
2816 -s "write hello request" \
2817 -S "SSL - An unexpected message was received from our peer" \
2820 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2821 run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
2822 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
2823 renego_delay=0 auth_mode=optional" \
2824 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
2826 -C "client hello, adding renegotiation extension" \
2827 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2828 -S "found renegotiation extension" \
2829 -s "server hello, secure renegotiation extension" \
2830 -c "found renegotiation extension" \
2831 -C "=> renegotiate" \
2832 -S "=> renegotiate" \
2833 -s "write hello request" \
2834 -s "SSL - An unexpected message was received from our peer"
2836 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2837 run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
2838 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
2839 renego_delay=0 auth_mode=optional" \
2840 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
2842 -c "client hello, adding renegotiation extension" \
2843 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2844 -s "found renegotiation extension" \
2845 -s "server hello, secure renegotiation extension" \
2846 -c "found renegotiation extension" \
2847 -c "=> renegotiate" \
2848 -s "=> renegotiate" \
2849 -s "write hello request" \
2850 -S "SSL - An unexpected message was received from our peer" \
2853 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2854 run_test "Renegotiation: periodic, just below period" \
2855 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
2856 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
2858 -C "client hello, adding renegotiation extension" \
2859 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2860 -S "found renegotiation extension" \
2861 -s "server hello, secure renegotiation extension" \
2862 -c "found renegotiation extension" \
2863 -S "record counter limit reached: renegotiate" \
2864 -C "=> renegotiate" \
2865 -S "=> renegotiate" \
2866 -S "write hello request" \
2867 -S "SSL - An unexpected message was received from our peer" \
2870 # one extra exchange to be able to complete renego
2871 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2872 run_test "Renegotiation: periodic, just above period" \
2873 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
2874 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
2876 -c "client hello, adding renegotiation extension" \
2877 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2878 -s "found renegotiation extension" \
2879 -s "server hello, secure renegotiation extension" \
2880 -c "found renegotiation extension" \
2881 -s "record counter limit reached: renegotiate" \
2882 -c "=> renegotiate" \
2883 -s "=> renegotiate" \
2884 -s "write hello request" \
2885 -S "SSL - An unexpected message was received from our peer" \
2888 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2889 run_test "Renegotiation: periodic, two times period" \
2890 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
2891 "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \
2893 -c "client hello, adding renegotiation extension" \
2894 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2895 -s "found renegotiation extension" \
2896 -s "server hello, secure renegotiation extension" \
2897 -c "found renegotiation extension" \
2898 -s "record counter limit reached: renegotiate" \
2899 -c "=> renegotiate" \
2900 -s "=> renegotiate" \
2901 -s "write hello request" \
2902 -S "SSL - An unexpected message was received from our peer" \
2905 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2906 run_test "Renegotiation: periodic, above period, disabled" \
2907 "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
2908 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
2910 -C "client hello, adding renegotiation extension" \
2911 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2912 -S "found renegotiation extension" \
2913 -s "server hello, secure renegotiation extension" \
2914 -c "found renegotiation extension" \
2915 -S "record counter limit reached: renegotiate" \
2916 -C "=> renegotiate" \
2917 -S "=> renegotiate" \
2918 -S "write hello request" \
2919 -S "SSL - An unexpected message was received from our peer" \
2922 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2923 run_test "Renegotiation: nbio, client-initiated" \
2924 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
2925 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
2927 -c "client hello, adding renegotiation extension" \
2928 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2929 -s "found renegotiation extension" \
2930 -s "server hello, secure renegotiation extension" \
2931 -c "found renegotiation extension" \
2932 -c "=> renegotiate" \
2933 -s "=> renegotiate" \
2934 -S "write hello request"
2936 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2937 run_test "Renegotiation: nbio, server-initiated" \
2938 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
2939 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
2941 -c "client hello, adding renegotiation extension" \
2942 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
2943 -s "found renegotiation extension" \
2944 -s "server hello, secure renegotiation extension" \
2945 -c "found renegotiation extension" \
2946 -c "=> renegotiate" \
2947 -s "=> renegotiate" \
2948 -s "write hello request"
2950 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2951 run_test "Renegotiation: openssl server, client-initiated" \
2953 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
2955 -c "client hello, adding renegotiation extension" \
2956 -c "found renegotiation extension" \
2957 -c "=> renegotiate" \
2958 -C "ssl_hanshake() returned" \
2960 -c "HTTP/1.0 200 [Oo][Kk]"
2963 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2964 run_test "Renegotiation: gnutls server strict, client-initiated" \
2965 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
2966 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
2968 -c "client hello, adding renegotiation extension" \
2969 -c "found renegotiation extension" \
2970 -c "=> renegotiate" \
2971 -C "ssl_hanshake() returned" \
2973 -c "HTTP/1.0 200 [Oo][Kk]"
2976 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2977 run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
2978 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2979 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
2981 -c "client hello, adding renegotiation extension" \
2982 -C "found renegotiation extension" \
2983 -c "=> renegotiate" \
2984 -c "mbedtls_ssl_handshake() returned" \
2986 -C "HTTP/1.0 200 [Oo][Kk]"
2989 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
2990 run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
2991 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
2992 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
2995 -c "client hello, adding renegotiation extension" \
2996 -C "found renegotiation extension" \
2997 -c "=> renegotiate" \
2998 -c "mbedtls_ssl_handshake() returned" \
3000 -C "HTTP/1.0 200 [Oo][Kk]"
3003 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3004 run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
3005 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
3006 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
3009 -c "client hello, adding renegotiation extension" \
3010 -C "found renegotiation extension" \
3011 -c "=> renegotiate" \
3012 -C "ssl_hanshake() returned" \
3014 -c "HTTP/1.0 200 [Oo][Kk]"
3016 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3017 run_test "Renegotiation: DTLS, client-initiated" \
3018 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
3019 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
3021 -c "client hello, adding renegotiation extension" \
3022 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
3023 -s "found renegotiation extension" \
3024 -s "server hello, secure renegotiation extension" \
3025 -c "found renegotiation extension" \
3026 -c "=> renegotiate" \
3027 -s "=> renegotiate" \
3028 -S "write hello request"
3030 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3031 run_test "Renegotiation: DTLS, server-initiated" \
3032 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
3033 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
3034 read_timeout=1000 max_resend=2" \
3036 -c "client hello, adding renegotiation extension" \
3037 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
3038 -s "found renegotiation extension" \
3039 -s "server hello, secure renegotiation extension" \
3040 -c "found renegotiation extension" \
3041 -c "=> renegotiate" \
3042 -s "=> renegotiate" \
3043 -s "write hello request"
3045 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3046 run_test "Renegotiation: DTLS, renego_period overflow" \
3047 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
3048 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
3050 -c "client hello, adding renegotiation extension" \
3051 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
3052 -s "found renegotiation extension" \
3053 -s "server hello, secure renegotiation extension" \
3054 -s "record counter limit reached: renegotiate" \
3055 -c "=> renegotiate" \
3056 -s "=> renegotiate" \
3057 -s "write hello request"
3060 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3061 run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
3062 "$G_SRV -u --mtu 4096" \
3063 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
3065 -c "client hello, adding renegotiation extension" \
3066 -c "found renegotiation extension" \
3067 -c "=> renegotiate" \
3068 -C "mbedtls_ssl_handshake returned" \
3072 # Test for the "secure renegotation" extension only (no actual renegotiation)
3075 run_test "Renego ext: gnutls server strict, client default" \
3076 "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \
3077 "$P_CLI debug_level=3" \
3079 -c "found renegotiation extension" \
3081 -c "HTTP/1.0 200 [Oo][Kk]"
3084 run_test "Renego ext: gnutls server unsafe, client default" \
3085 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
3086 "$P_CLI debug_level=3" \
3088 -C "found renegotiation extension" \
3090 -c "HTTP/1.0 200 [Oo][Kk]"
3093 run_test "Renego ext: gnutls server unsafe, client break legacy" \
3094 "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \
3095 "$P_CLI debug_level=3 allow_legacy=-1" \
3097 -C "found renegotiation extension" \
3099 -C "HTTP/1.0 200 [Oo][Kk]"
3102 run_test "Renego ext: gnutls client strict, server default" \
3103 "$P_SRV debug_level=3" \
3104 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \
3106 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
3107 -s "server hello, secure renegotiation extension"
3110 run_test "Renego ext: gnutls client unsafe, server default" \
3111 "$P_SRV debug_level=3" \
3112 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
3114 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
3115 -S "server hello, secure renegotiation extension"
3118 run_test "Renego ext: gnutls client unsafe, server break legacy" \
3119 "$P_SRV debug_level=3 allow_legacy=-1" \
3120 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \
3122 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
3123 -S "server hello, secure renegotiation extension"
3125 # Tests for silently dropping trailing extra bytes in .der certificates
3128 run_test "DER format: no trailing bytes" \
3129 "$P_SRV crt_file=data_files/server5-der0.crt \
3130 key_file=data_files/server5.key" \
3131 "$G_CLI localhost" \
3133 -c "Handshake was completed" \
3136 run_test "DER format: with a trailing zero byte" \
3137 "$P_SRV crt_file=data_files/server5-der1a.crt \
3138 key_file=data_files/server5.key" \
3139 "$G_CLI localhost" \
3141 -c "Handshake was completed" \
3144 run_test "DER format: with a trailing random byte" \
3145 "$P_SRV crt_file=data_files/server5-der1b.crt \
3146 key_file=data_files/server5.key" \
3147 "$G_CLI localhost" \
3149 -c "Handshake was completed" \
3152 run_test "DER format: with 2 trailing random bytes" \
3153 "$P_SRV crt_file=data_files/server5-der2.crt \
3154 key_file=data_files/server5.key" \
3155 "$G_CLI localhost" \
3157 -c "Handshake was completed" \
3160 run_test "DER format: with 4 trailing random bytes" \
3161 "$P_SRV crt_file=data_files/server5-der4.crt \
3162 key_file=data_files/server5.key" \
3163 "$G_CLI localhost" \
3165 -c "Handshake was completed" \
3168 run_test "DER format: with 8 trailing random bytes" \
3169 "$P_SRV crt_file=data_files/server5-der8.crt \
3170 key_file=data_files/server5.key" \
3171 "$G_CLI localhost" \
3173 -c "Handshake was completed" \
3176 run_test "DER format: with 9 trailing random bytes" \
3177 "$P_SRV crt_file=data_files/server5-der9.crt \
3178 key_file=data_files/server5.key" \
3179 "$G_CLI localhost" \
3181 -c "Handshake was completed" \
3183 # Tests for auth_mode, there are duplicated tests using ca callback for authentication
3184 # When updating these tests, modify the matching authentication tests accordingly
3186 run_test "Authentication: server badcert, client required" \
3187 "$P_SRV crt_file=data_files/server5-badsign.crt \
3188 key_file=data_files/server5.key" \
3189 "$P_CLI debug_level=1 auth_mode=required" \
3191 -c "x509_verify_cert() returned" \
3192 -c "! The certificate is not correctly signed by the trusted CA" \
3193 -c "! mbedtls_ssl_handshake returned" \
3194 -c "X509 - Certificate verification failed"
3196 run_test "Authentication: server badcert, client optional" \
3197 "$P_SRV crt_file=data_files/server5-badsign.crt \
3198 key_file=data_files/server5.key" \
3199 "$P_CLI debug_level=1 auth_mode=optional" \
3201 -c "x509_verify_cert() returned" \
3202 -c "! The certificate is not correctly signed by the trusted CA" \
3203 -C "! mbedtls_ssl_handshake returned" \
3204 -C "X509 - Certificate verification failed"
3206 run_test "Authentication: server goodcert, client optional, no trusted CA" \
3208 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
3210 -c "x509_verify_cert() returned" \
3211 -c "! The certificate is not correctly signed by the trusted CA" \
3212 -c "! Certificate verification flags"\
3213 -C "! mbedtls_ssl_handshake returned" \
3214 -C "X509 - Certificate verification failed" \
3215 -C "SSL - No CA Chain is set, but required to operate"
3217 run_test "Authentication: server goodcert, client required, no trusted CA" \
3219 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
3221 -c "x509_verify_cert() returned" \
3222 -c "! The certificate is not correctly signed by the trusted CA" \
3223 -c "! Certificate verification flags"\
3224 -c "! mbedtls_ssl_handshake returned" \
3225 -c "SSL - No CA Chain is set, but required to operate"
3227 # The purpose of the next two tests is to test the client's behaviour when receiving a server
3228 # certificate with an unsupported elliptic curve. This should usually not happen because
3229 # the client informs the server about the supported curves - it does, though, in the
3230 # corner case of a static ECDH suite, because the server doesn't check the curve on that
3231 # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
3232 # different means to have the server ignoring the client's supported curve list.
3234 requires_config_enabled MBEDTLS_ECP_C
3235 run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
3236 "$P_SRV debug_level=1 key_file=data_files/server5.key \
3237 crt_file=data_files/server5.ku-ka.crt" \
3238 "$P_CLI debug_level=3 auth_mode=required curves=secp521r1" \
3240 -c "bad certificate (EC key curve)"\
3241 -c "! Certificate verification flags"\
3242 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
3244 requires_config_enabled MBEDTLS_ECP_C
3245 run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
3246 "$P_SRV debug_level=1 key_file=data_files/server5.key \
3247 crt_file=data_files/server5.ku-ka.crt" \
3248 "$P_CLI debug_level=3 auth_mode=optional curves=secp521r1" \
3250 -c "bad certificate (EC key curve)"\
3251 -c "! Certificate verification flags"\
3252 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
3254 run_test "Authentication: server badcert, client none" \
3255 "$P_SRV crt_file=data_files/server5-badsign.crt \
3256 key_file=data_files/server5.key" \
3257 "$P_CLI debug_level=1 auth_mode=none" \
3259 -C "x509_verify_cert() returned" \
3260 -C "! The certificate is not correctly signed by the trusted CA" \
3261 -C "! mbedtls_ssl_handshake returned" \
3262 -C "X509 - Certificate verification failed"
3264 run_test "Authentication: client SHA256, server required" \
3265 "$P_SRV auth_mode=required" \
3266 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
3267 key_file=data_files/server6.key \
3268 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
3270 -c "Supported Signature Algorithm found: 4," \
3271 -c "Supported Signature Algorithm found: 5,"
3273 run_test "Authentication: client SHA384, server required" \
3274 "$P_SRV auth_mode=required" \
3275 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
3276 key_file=data_files/server6.key \
3277 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
3279 -c "Supported Signature Algorithm found: 4," \
3280 -c "Supported Signature Algorithm found: 5,"
3282 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
3283 run_test "Authentication: client has no cert, server required (SSLv3)" \
3284 "$P_SRV debug_level=3 min_version=ssl3 auth_mode=required" \
3285 "$P_CLI debug_level=3 force_version=ssl3 crt_file=none \
3286 key_file=data_files/server5.key" \
3288 -S "skip write certificate request" \
3289 -C "skip parse certificate request" \
3290 -c "got a certificate request" \
3291 -c "got no certificate to send" \
3292 -S "x509_verify_cert() returned" \
3293 -s "client has no certificate" \
3294 -s "! mbedtls_ssl_handshake returned" \
3295 -c "! mbedtls_ssl_handshake returned" \
3296 -s "No client certification received from the client, but required by the authentication mode"
3298 run_test "Authentication: client has no cert, server required (TLS)" \
3299 "$P_SRV debug_level=3 auth_mode=required" \
3300 "$P_CLI debug_level=3 crt_file=none \
3301 key_file=data_files/server5.key" \
3303 -S "skip write certificate request" \
3304 -C "skip parse certificate request" \
3305 -c "got a certificate request" \
3306 -c "= write certificate$" \
3307 -C "skip write certificate$" \
3308 -S "x509_verify_cert() returned" \
3309 -s "client has no certificate" \
3310 -s "! mbedtls_ssl_handshake returned" \
3311 -c "! mbedtls_ssl_handshake returned" \
3312 -s "No client certification received from the client, but required by the authentication mode"
3314 run_test "Authentication: client badcert, server required" \
3315 "$P_SRV debug_level=3 auth_mode=required" \
3316 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
3317 key_file=data_files/server5.key" \
3319 -S "skip write certificate request" \
3320 -C "skip parse certificate request" \
3321 -c "got a certificate request" \
3322 -C "skip write certificate" \
3323 -C "skip write certificate verify" \
3324 -S "skip parse certificate verify" \
3325 -s "x509_verify_cert() returned" \
3326 -s "! The certificate is not correctly signed by the trusted CA" \
3327 -s "! mbedtls_ssl_handshake returned" \
3328 -s "send alert level=2 message=48" \
3329 -c "! mbedtls_ssl_handshake returned" \
3330 -s "X509 - Certificate verification failed"
3331 # We don't check that the client receives the alert because it might
3332 # detect that its write end of the connection is closed and abort
3333 # before reading the alert message.
3335 run_test "Authentication: client cert not trusted, server required" \
3336 "$P_SRV debug_level=3 auth_mode=required" \
3337 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
3338 key_file=data_files/server5.key" \
3340 -S "skip write certificate request" \
3341 -C "skip parse certificate request" \
3342 -c "got a certificate request" \
3343 -C "skip write certificate" \
3344 -C "skip write certificate verify" \
3345 -S "skip parse certificate verify" \
3346 -s "x509_verify_cert() returned" \
3347 -s "! The certificate is not correctly signed by the trusted CA" \
3348 -s "! mbedtls_ssl_handshake returned" \
3349 -c "! mbedtls_ssl_handshake returned" \
3350 -s "X509 - Certificate verification failed"
3352 run_test "Authentication: client badcert, server optional" \
3353 "$P_SRV debug_level=3 auth_mode=optional" \
3354 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
3355 key_file=data_files/server5.key" \
3357 -S "skip write certificate request" \
3358 -C "skip parse certificate request" \
3359 -c "got a certificate request" \
3360 -C "skip write certificate" \
3361 -C "skip write certificate verify" \
3362 -S "skip parse certificate verify" \
3363 -s "x509_verify_cert() returned" \
3364 -s "! The certificate is not correctly signed by the trusted CA" \
3365 -S "! mbedtls_ssl_handshake returned" \
3366 -C "! mbedtls_ssl_handshake returned" \
3367 -S "X509 - Certificate verification failed"
3369 run_test "Authentication: client badcert, server none" \
3370 "$P_SRV debug_level=3 auth_mode=none" \
3371 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
3372 key_file=data_files/server5.key" \
3374 -s "skip write certificate request" \
3375 -C "skip parse certificate request" \
3376 -c "got no certificate request" \
3377 -c "skip write certificate" \
3378 -c "skip write certificate verify" \
3379 -s "skip parse certificate verify" \
3380 -S "x509_verify_cert() returned" \
3381 -S "! The certificate is not correctly signed by the trusted CA" \
3382 -S "! mbedtls_ssl_handshake returned" \
3383 -C "! mbedtls_ssl_handshake returned" \
3384 -S "X509 - Certificate verification failed"
3386 run_test "Authentication: client no cert, server optional" \
3387 "$P_SRV debug_level=3 auth_mode=optional" \
3388 "$P_CLI debug_level=3 crt_file=none key_file=none" \
3390 -S "skip write certificate request" \
3391 -C "skip parse certificate request" \
3392 -c "got a certificate request" \
3393 -C "skip write certificate$" \
3394 -C "got no certificate to send" \
3395 -S "SSLv3 client has no certificate" \
3396 -c "skip write certificate verify" \
3397 -s "skip parse certificate verify" \
3398 -s "! Certificate was missing" \
3399 -S "! mbedtls_ssl_handshake returned" \
3400 -C "! mbedtls_ssl_handshake returned" \
3401 -S "X509 - Certificate verification failed"
3403 run_test "Authentication: openssl client no cert, server optional" \
3404 "$P_SRV debug_level=3 auth_mode=optional" \
3407 -S "skip write certificate request" \
3408 -s "skip parse certificate verify" \
3409 -s "! Certificate was missing" \
3410 -S "! mbedtls_ssl_handshake returned" \
3411 -S "X509 - Certificate verification failed"
3413 run_test "Authentication: client no cert, openssl server optional" \
3414 "$O_SRV -verify 10" \
3415 "$P_CLI debug_level=3 crt_file=none key_file=none" \
3417 -C "skip parse certificate request" \
3418 -c "got a certificate request" \
3419 -C "skip write certificate$" \
3420 -c "skip write certificate verify" \
3421 -C "! mbedtls_ssl_handshake returned"
3423 run_test "Authentication: client no cert, openssl server required" \
3424 "$O_SRV -Verify 10" \
3425 "$P_CLI debug_level=3 crt_file=none key_file=none" \
3427 -C "skip parse certificate request" \
3428 -c "got a certificate request" \
3429 -C "skip write certificate$" \
3430 -c "skip write certificate verify" \
3431 -c "! mbedtls_ssl_handshake returned"
3433 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
3434 run_test "Authentication: client no cert, ssl3" \
3435 "$P_SRV debug_level=3 auth_mode=optional force_version=ssl3" \
3436 "$P_CLI debug_level=3 crt_file=none key_file=none min_version=ssl3" \
3438 -S "skip write certificate request" \
3439 -C "skip parse certificate request" \
3440 -c "got a certificate request" \
3441 -C "skip write certificate$" \
3442 -c "skip write certificate verify" \
3443 -c "got no certificate to send" \
3444 -s "SSLv3 client has no certificate" \
3445 -s "skip parse certificate verify" \
3446 -s "! Certificate was missing" \
3447 -S "! mbedtls_ssl_handshake returned" \
3448 -C "! mbedtls_ssl_handshake returned" \
3449 -S "X509 - Certificate verification failed"
3451 # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its
3455 MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA)
3457 if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then
3458 printf "The ${CONFIG_H} file contains a value for the configuration of\n"
3459 printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n"
3460 printf "test value of ${MAX_IM_CA}. \n"
3462 printf "The tests assume this value and if it changes, the tests in this\n"
3463 printf "script should also be adjusted.\n"
3469 requires_full_size_output_buffer
3470 run_test "Authentication: server max_int chain, client default" \
3471 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
3472 key_file=data_files/dir-maxpath/09.key" \
3473 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
3475 -C "X509 - A fatal error occurred"
3477 requires_full_size_output_buffer
3478 run_test "Authentication: server max_int+1 chain, client default" \
3479 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
3480 key_file=data_files/dir-maxpath/10.key" \
3481 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
3483 -c "X509 - A fatal error occurred"
3485 requires_full_size_output_buffer
3486 run_test "Authentication: server max_int+1 chain, client optional" \
3487 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
3488 key_file=data_files/dir-maxpath/10.key" \
3489 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
3490 auth_mode=optional" \
3492 -c "X509 - A fatal error occurred"
3494 requires_full_size_output_buffer
3495 run_test "Authentication: server max_int+1 chain, client none" \
3496 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
3497 key_file=data_files/dir-maxpath/10.key" \
3498 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
3501 -C "X509 - A fatal error occurred"
3503 requires_full_size_output_buffer
3504 run_test "Authentication: client max_int+1 chain, server default" \
3505 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \
3506 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
3507 key_file=data_files/dir-maxpath/10.key" \
3509 -S "X509 - A fatal error occurred"
3511 requires_full_size_output_buffer
3512 run_test "Authentication: client max_int+1 chain, server optional" \
3513 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
3514 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
3515 key_file=data_files/dir-maxpath/10.key" \
3517 -s "X509 - A fatal error occurred"
3519 requires_full_size_output_buffer
3520 run_test "Authentication: client max_int+1 chain, server required" \
3521 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
3522 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
3523 key_file=data_files/dir-maxpath/10.key" \
3525 -s "X509 - A fatal error occurred"
3527 requires_full_size_output_buffer
3528 run_test "Authentication: client max_int chain, server required" \
3529 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
3530 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
3531 key_file=data_files/dir-maxpath/09.key" \
3533 -S "X509 - A fatal error occurred"
3535 # Tests for CA list in CertificateRequest messages
3537 run_test "Authentication: send CA list in CertificateRequest (default)" \
3538 "$P_SRV debug_level=3 auth_mode=required" \
3539 "$P_CLI crt_file=data_files/server6.crt \
3540 key_file=data_files/server6.key" \
3544 run_test "Authentication: do not send CA list in CertificateRequest" \
3545 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
3546 "$P_CLI crt_file=data_files/server6.crt \
3547 key_file=data_files/server6.key" \
3551 run_test "Authentication: send CA list in CertificateRequest, client self signed" \
3552 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
3553 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
3554 key_file=data_files/server5.key" \
3557 -s "x509_verify_cert() returned" \
3558 -s "! The certificate is not correctly signed by the trusted CA" \
3559 -s "! mbedtls_ssl_handshake returned" \
3560 -c "! mbedtls_ssl_handshake returned" \
3561 -s "X509 - Certificate verification failed"
3563 # Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
3564 # When updating these tests, modify the matching authentication tests accordingly
3566 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3567 run_test "Authentication, CA callback: server badcert, client required" \
3568 "$P_SRV crt_file=data_files/server5-badsign.crt \
3569 key_file=data_files/server5.key" \
3570 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
3572 -c "use CA callback for X.509 CRT verification" \
3573 -c "x509_verify_cert() returned" \
3574 -c "! The certificate is not correctly signed by the trusted CA" \
3575 -c "! mbedtls_ssl_handshake returned" \
3576 -c "X509 - Certificate verification failed"
3578 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3579 run_test "Authentication, CA callback: server badcert, client optional" \
3580 "$P_SRV crt_file=data_files/server5-badsign.crt \
3581 key_file=data_files/server5.key" \
3582 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
3584 -c "use CA callback for X.509 CRT verification" \
3585 -c "x509_verify_cert() returned" \
3586 -c "! The certificate is not correctly signed by the trusted CA" \
3587 -C "! mbedtls_ssl_handshake returned" \
3588 -C "X509 - Certificate verification failed"
3590 # The purpose of the next two tests is to test the client's behaviour when receiving a server
3591 # certificate with an unsupported elliptic curve. This should usually not happen because
3592 # the client informs the server about the supported curves - it does, though, in the
3593 # corner case of a static ECDH suite, because the server doesn't check the curve on that
3594 # occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
3595 # different means to have the server ignoring the client's supported curve list.
3597 requires_config_enabled MBEDTLS_ECP_C
3598 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3599 run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
3600 "$P_SRV debug_level=1 key_file=data_files/server5.key \
3601 crt_file=data_files/server5.ku-ka.crt" \
3602 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required curves=secp521r1" \
3604 -c "use CA callback for X.509 CRT verification" \
3605 -c "bad certificate (EC key curve)" \
3606 -c "! Certificate verification flags" \
3607 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
3609 requires_config_enabled MBEDTLS_ECP_C
3610 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3611 run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
3612 "$P_SRV debug_level=1 key_file=data_files/server5.key \
3613 crt_file=data_files/server5.ku-ka.crt" \
3614 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional curves=secp521r1" \
3616 -c "use CA callback for X.509 CRT verification" \
3617 -c "bad certificate (EC key curve)"\
3618 -c "! Certificate verification flags"\
3619 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
3621 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3622 run_test "Authentication, CA callback: client SHA256, server required" \
3623 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
3624 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
3625 key_file=data_files/server6.key \
3626 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
3628 -s "use CA callback for X.509 CRT verification" \
3629 -c "Supported Signature Algorithm found: 4," \
3630 -c "Supported Signature Algorithm found: 5,"
3632 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3633 run_test "Authentication, CA callback: client SHA384, server required" \
3634 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
3635 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \
3636 key_file=data_files/server6.key \
3637 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
3639 -s "use CA callback for X.509 CRT verification" \
3640 -c "Supported Signature Algorithm found: 4," \
3641 -c "Supported Signature Algorithm found: 5,"
3643 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3644 run_test "Authentication, CA callback: client badcert, server required" \
3645 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
3646 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
3647 key_file=data_files/server5.key" \
3649 -s "use CA callback for X.509 CRT verification" \
3650 -S "skip write certificate request" \
3651 -C "skip parse certificate request" \
3652 -c "got a certificate request" \
3653 -C "skip write certificate" \
3654 -C "skip write certificate verify" \
3655 -S "skip parse certificate verify" \
3656 -s "x509_verify_cert() returned" \
3657 -s "! The certificate is not correctly signed by the trusted CA" \
3658 -s "! mbedtls_ssl_handshake returned" \
3659 -s "send alert level=2 message=48" \
3660 -c "! mbedtls_ssl_handshake returned" \
3661 -s "X509 - Certificate verification failed"
3662 # We don't check that the client receives the alert because it might
3663 # detect that its write end of the connection is closed and abort
3664 # before reading the alert message.
3666 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3667 run_test "Authentication, CA callback: client cert not trusted, server required" \
3668 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
3669 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
3670 key_file=data_files/server5.key" \
3672 -s "use CA callback for X.509 CRT verification" \
3673 -S "skip write certificate request" \
3674 -C "skip parse certificate request" \
3675 -c "got a certificate request" \
3676 -C "skip write certificate" \
3677 -C "skip write certificate verify" \
3678 -S "skip parse certificate verify" \
3679 -s "x509_verify_cert() returned" \
3680 -s "! The certificate is not correctly signed by the trusted CA" \
3681 -s "! mbedtls_ssl_handshake returned" \
3682 -c "! mbedtls_ssl_handshake returned" \
3683 -s "X509 - Certificate verification failed"
3685 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3686 run_test "Authentication, CA callback: client badcert, server optional" \
3687 "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
3688 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
3689 key_file=data_files/server5.key" \
3691 -s "use CA callback for X.509 CRT verification" \
3692 -S "skip write certificate request" \
3693 -C "skip parse certificate request" \
3694 -c "got a certificate request" \
3695 -C "skip write certificate" \
3696 -C "skip write certificate verify" \
3697 -S "skip parse certificate verify" \
3698 -s "x509_verify_cert() returned" \
3699 -s "! The certificate is not correctly signed by the trusted CA" \
3700 -S "! mbedtls_ssl_handshake returned" \
3701 -C "! mbedtls_ssl_handshake returned" \
3702 -S "X509 - Certificate verification failed"
3704 requires_full_size_output_buffer
3705 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3706 run_test "Authentication, CA callback: server max_int chain, client default" \
3707 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \
3708 key_file=data_files/dir-maxpath/09.key" \
3709 "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \
3711 -c "use CA callback for X.509 CRT verification" \
3712 -C "X509 - A fatal error occurred"
3714 requires_full_size_output_buffer
3715 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3716 run_test "Authentication, CA callback: server max_int+1 chain, client default" \
3717 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
3718 key_file=data_files/dir-maxpath/10.key" \
3719 "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \
3721 -c "use CA callback for X.509 CRT verification" \
3722 -c "X509 - A fatal error occurred"
3724 requires_full_size_output_buffer
3725 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3726 run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
3727 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \
3728 key_file=data_files/dir-maxpath/10.key" \
3729 "$P_CLI ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \
3730 debug_level=3 auth_mode=optional" \
3732 -c "use CA callback for X.509 CRT verification" \
3733 -c "X509 - A fatal error occurred"
3735 requires_full_size_output_buffer
3736 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3737 run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
3738 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \
3739 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
3740 key_file=data_files/dir-maxpath/10.key" \
3742 -s "use CA callback for X.509 CRT verification" \
3743 -s "X509 - A fatal error occurred"
3745 requires_full_size_output_buffer
3746 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3747 run_test "Authentication, CA callback: client max_int+1 chain, server required" \
3748 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
3749 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \
3750 key_file=data_files/dir-maxpath/10.key" \
3752 -s "use CA callback for X.509 CRT verification" \
3753 -s "X509 - A fatal error occurred"
3755 requires_full_size_output_buffer
3756 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK
3757 run_test "Authentication, CA callback: client max_int chain, server required" \
3758 "$P_SRV ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \
3759 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \
3760 key_file=data_files/dir-maxpath/09.key" \
3762 -s "use CA callback for X.509 CRT verification" \
3763 -S "X509 - A fatal error occurred"
3765 # Tests for certificate selection based on SHA verson
3767 run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
3768 "$P_SRV crt_file=data_files/server5.crt \
3769 key_file=data_files/server5.key \
3770 crt_file2=data_files/server5-sha1.crt \
3771 key_file2=data_files/server5.key" \
3772 "$P_CLI force_version=tls1_2" \
3774 -c "signed using.*ECDSA with SHA256" \
3775 -C "signed using.*ECDSA with SHA1"
3777 run_test "Certificate hash: client TLS 1.1 -> SHA-1" \
3778 "$P_SRV crt_file=data_files/server5.crt \
3779 key_file=data_files/server5.key \
3780 crt_file2=data_files/server5-sha1.crt \
3781 key_file2=data_files/server5.key" \
3782 "$P_CLI force_version=tls1_1" \
3784 -C "signed using.*ECDSA with SHA256" \
3785 -c "signed using.*ECDSA with SHA1"
3787 run_test "Certificate hash: client TLS 1.0 -> SHA-1" \
3788 "$P_SRV crt_file=data_files/server5.crt \
3789 key_file=data_files/server5.key \
3790 crt_file2=data_files/server5-sha1.crt \
3791 key_file2=data_files/server5.key" \
3792 "$P_CLI force_version=tls1" \
3794 -C "signed using.*ECDSA with SHA256" \
3795 -c "signed using.*ECDSA with SHA1"
3797 run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \
3798 "$P_SRV crt_file=data_files/server5.crt \
3799 key_file=data_files/server5.key \
3800 crt_file2=data_files/server6.crt \
3801 key_file2=data_files/server6.key" \
3802 "$P_CLI force_version=tls1_1" \
3804 -c "serial number.*09" \
3805 -c "signed using.*ECDSA with SHA256" \
3806 -C "signed using.*ECDSA with SHA1"
3808 run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \
3809 "$P_SRV crt_file=data_files/server6.crt \
3810 key_file=data_files/server6.key \
3811 crt_file2=data_files/server5.crt \
3812 key_file2=data_files/server5.key" \
3813 "$P_CLI force_version=tls1_1" \
3815 -c "serial number.*0A" \
3816 -c "signed using.*ECDSA with SHA256" \
3817 -C "signed using.*ECDSA with SHA1"
3821 run_test "SNI: no SNI callback" \
3822 "$P_SRV debug_level=3 \
3823 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
3824 "$P_CLI server_name=localhost" \
3826 -S "parse ServerName extension" \
3827 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
3828 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
3830 run_test "SNI: matching cert 1" \
3831 "$P_SRV debug_level=3 \
3832 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3833 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3834 "$P_CLI server_name=localhost" \
3836 -s "parse ServerName extension" \
3837 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
3838 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
3840 run_test "SNI: matching cert 2" \
3841 "$P_SRV debug_level=3 \
3842 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3843 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3844 "$P_CLI server_name=polarssl.example" \
3846 -s "parse ServerName extension" \
3847 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
3848 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
3850 run_test "SNI: no matching cert" \
3851 "$P_SRV debug_level=3 \
3852 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3853 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3854 "$P_CLI server_name=nonesuch.example" \
3856 -s "parse ServerName extension" \
3857 -s "ssl_sni_wrapper() returned" \
3858 -s "mbedtls_ssl_handshake returned" \
3859 -c "mbedtls_ssl_handshake returned" \
3860 -c "SSL - A fatal alert message was received from our peer"
3862 run_test "SNI: client auth no override: optional" \
3863 "$P_SRV debug_level=3 auth_mode=optional \
3864 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3865 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
3866 "$P_CLI debug_level=3 server_name=localhost" \
3868 -S "skip write certificate request" \
3869 -C "skip parse certificate request" \
3870 -c "got a certificate request" \
3871 -C "skip write certificate" \
3872 -C "skip write certificate verify" \
3873 -S "skip parse certificate verify"
3875 run_test "SNI: client auth override: none -> optional" \
3876 "$P_SRV debug_level=3 auth_mode=none \
3877 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3878 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
3879 "$P_CLI debug_level=3 server_name=localhost" \
3881 -S "skip write certificate request" \
3882 -C "skip parse certificate request" \
3883 -c "got a certificate request" \
3884 -C "skip write certificate" \
3885 -C "skip write certificate verify" \
3886 -S "skip parse certificate verify"
3888 run_test "SNI: client auth override: optional -> none" \
3889 "$P_SRV debug_level=3 auth_mode=optional \
3890 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3891 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
3892 "$P_CLI debug_level=3 server_name=localhost" \
3894 -s "skip write certificate request" \
3895 -C "skip parse certificate request" \
3896 -c "got no certificate request" \
3897 -c "skip write certificate" \
3898 -c "skip write certificate verify" \
3899 -s "skip parse certificate verify"
3901 run_test "SNI: CA no override" \
3902 "$P_SRV debug_level=3 auth_mode=optional \
3903 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3904 ca_file=data_files/test-ca.crt \
3905 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
3906 "$P_CLI debug_level=3 server_name=localhost \
3907 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
3909 -S "skip write certificate request" \
3910 -C "skip parse certificate request" \
3911 -c "got a certificate request" \
3912 -C "skip write certificate" \
3913 -C "skip write certificate verify" \
3914 -S "skip parse certificate verify" \
3915 -s "x509_verify_cert() returned" \
3916 -s "! The certificate is not correctly signed by the trusted CA" \
3917 -S "The certificate has been revoked (is on a CRL)"
3919 run_test "SNI: CA override" \
3920 "$P_SRV debug_level=3 auth_mode=optional \
3921 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3922 ca_file=data_files/test-ca.crt \
3923 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
3924 "$P_CLI debug_level=3 server_name=localhost \
3925 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
3927 -S "skip write certificate request" \
3928 -C "skip parse certificate request" \
3929 -c "got a certificate request" \
3930 -C "skip write certificate" \
3931 -C "skip write certificate verify" \
3932 -S "skip parse certificate verify" \
3933 -S "x509_verify_cert() returned" \
3934 -S "! The certificate is not correctly signed by the trusted CA" \
3935 -S "The certificate has been revoked (is on a CRL)"
3937 run_test "SNI: CA override with CRL" \
3938 "$P_SRV debug_level=3 auth_mode=optional \
3939 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3940 ca_file=data_files/test-ca.crt \
3941 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
3942 "$P_CLI debug_level=3 server_name=localhost \
3943 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
3945 -S "skip write certificate request" \
3946 -C "skip parse certificate request" \
3947 -c "got a certificate request" \
3948 -C "skip write certificate" \
3949 -C "skip write certificate verify" \
3950 -S "skip parse certificate verify" \
3951 -s "x509_verify_cert() returned" \
3952 -S "! The certificate is not correctly signed by the trusted CA" \
3953 -s "The certificate has been revoked (is on a CRL)"
3955 # Tests for SNI and DTLS
3957 run_test "SNI: DTLS, no SNI callback" \
3958 "$P_SRV debug_level=3 dtls=1 \
3959 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
3960 "$P_CLI server_name=localhost dtls=1" \
3962 -S "parse ServerName extension" \
3963 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
3964 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
3966 run_test "SNI: DTLS, matching cert 1" \
3967 "$P_SRV debug_level=3 dtls=1 \
3968 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3969 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3970 "$P_CLI server_name=localhost dtls=1" \
3972 -s "parse ServerName extension" \
3973 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
3974 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
3976 run_test "SNI: DTLS, matching cert 2" \
3977 "$P_SRV debug_level=3 dtls=1 \
3978 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3979 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3980 "$P_CLI server_name=polarssl.example dtls=1" \
3982 -s "parse ServerName extension" \
3983 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
3984 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
3986 run_test "SNI: DTLS, no matching cert" \
3987 "$P_SRV debug_level=3 dtls=1 \
3988 crt_file=data_files/server5.crt key_file=data_files/server5.key \
3989 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
3990 "$P_CLI server_name=nonesuch.example dtls=1" \
3992 -s "parse ServerName extension" \
3993 -s "ssl_sni_wrapper() returned" \
3994 -s "mbedtls_ssl_handshake returned" \
3995 -c "mbedtls_ssl_handshake returned" \
3996 -c "SSL - A fatal alert message was received from our peer"
3998 run_test "SNI: DTLS, client auth no override: optional" \
3999 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
4000 crt_file=data_files/server5.crt key_file=data_files/server5.key \
4001 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \
4002 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
4004 -S "skip write certificate request" \
4005 -C "skip parse certificate request" \
4006 -c "got a certificate request" \
4007 -C "skip write certificate" \
4008 -C "skip write certificate verify" \
4009 -S "skip parse certificate verify"
4011 run_test "SNI: DTLS, client auth override: none -> optional" \
4012 "$P_SRV debug_level=3 auth_mode=none dtls=1 \
4013 crt_file=data_files/server5.crt key_file=data_files/server5.key \
4014 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \
4015 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
4017 -S "skip write certificate request" \
4018 -C "skip parse certificate request" \
4019 -c "got a certificate request" \
4020 -C "skip write certificate" \
4021 -C "skip write certificate verify" \
4022 -S "skip parse certificate verify"
4024 run_test "SNI: DTLS, client auth override: optional -> none" \
4025 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
4026 crt_file=data_files/server5.crt key_file=data_files/server5.key \
4027 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \
4028 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
4030 -s "skip write certificate request" \
4031 -C "skip parse certificate request" \
4032 -c "got no certificate request" \
4033 -c "skip write certificate" \
4034 -c "skip write certificate verify" \
4035 -s "skip parse certificate verify"
4037 run_test "SNI: DTLS, CA no override" \
4038 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
4039 crt_file=data_files/server5.crt key_file=data_files/server5.key \
4040 ca_file=data_files/test-ca.crt \
4041 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \
4042 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
4043 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
4045 -S "skip write certificate request" \
4046 -C "skip parse certificate request" \
4047 -c "got a certificate request" \
4048 -C "skip write certificate" \
4049 -C "skip write certificate verify" \
4050 -S "skip parse certificate verify" \
4051 -s "x509_verify_cert() returned" \
4052 -s "! The certificate is not correctly signed by the trusted CA" \
4053 -S "The certificate has been revoked (is on a CRL)"
4055 run_test "SNI: DTLS, CA override" \
4056 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
4057 crt_file=data_files/server5.crt key_file=data_files/server5.key \
4058 ca_file=data_files/test-ca.crt \
4059 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \
4060 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
4061 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
4063 -S "skip write certificate request" \
4064 -C "skip parse certificate request" \
4065 -c "got a certificate request" \
4066 -C "skip write certificate" \
4067 -C "skip write certificate verify" \
4068 -S "skip parse certificate verify" \
4069 -S "x509_verify_cert() returned" \
4070 -S "! The certificate is not correctly signed by the trusted CA" \
4071 -S "The certificate has been revoked (is on a CRL)"
4073 run_test "SNI: DTLS, CA override with CRL" \
4074 "$P_SRV debug_level=3 auth_mode=optional \
4075 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \
4076 ca_file=data_files/test-ca.crt \
4077 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \
4078 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
4079 crt_file=data_files/server6.crt key_file=data_files/server6.key" \
4081 -S "skip write certificate request" \
4082 -C "skip parse certificate request" \
4083 -c "got a certificate request" \
4084 -C "skip write certificate" \
4085 -C "skip write certificate verify" \
4086 -S "skip parse certificate verify" \
4087 -s "x509_verify_cert() returned" \
4088 -S "! The certificate is not correctly signed by the trusted CA" \
4089 -s "The certificate has been revoked (is on a CRL)"
4091 # Tests for non-blocking I/O: exercise a variety of handshake flows
4093 run_test "Non-blocking I/O: basic handshake" \
4094 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
4095 "$P_CLI nbio=2 tickets=0" \
4097 -S "mbedtls_ssl_handshake returned" \
4098 -C "mbedtls_ssl_handshake returned" \
4099 -c "Read from server: .* bytes read"
4101 run_test "Non-blocking I/O: client auth" \
4102 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
4103 "$P_CLI nbio=2 tickets=0" \
4105 -S "mbedtls_ssl_handshake returned" \
4106 -C "mbedtls_ssl_handshake returned" \
4107 -c "Read from server: .* bytes read"
4109 run_test "Non-blocking I/O: ticket" \
4110 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
4111 "$P_CLI nbio=2 tickets=1" \
4113 -S "mbedtls_ssl_handshake returned" \
4114 -C "mbedtls_ssl_handshake returned" \
4115 -c "Read from server: .* bytes read"
4117 run_test "Non-blocking I/O: ticket + client auth" \
4118 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
4119 "$P_CLI nbio=2 tickets=1" \
4121 -S "mbedtls_ssl_handshake returned" \
4122 -C "mbedtls_ssl_handshake returned" \
4123 -c "Read from server: .* bytes read"
4125 run_test "Non-blocking I/O: ticket + client auth + resume" \
4126 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
4127 "$P_CLI nbio=2 tickets=1 reconnect=1" \
4129 -S "mbedtls_ssl_handshake returned" \
4130 -C "mbedtls_ssl_handshake returned" \
4131 -c "Read from server: .* bytes read"
4133 run_test "Non-blocking I/O: ticket + resume" \
4134 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
4135 "$P_CLI nbio=2 tickets=1 reconnect=1" \
4137 -S "mbedtls_ssl_handshake returned" \
4138 -C "mbedtls_ssl_handshake returned" \
4139 -c "Read from server: .* bytes read"
4141 run_test "Non-blocking I/O: session-id resume" \
4142 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
4143 "$P_CLI nbio=2 tickets=0 reconnect=1" \
4145 -S "mbedtls_ssl_handshake returned" \
4146 -C "mbedtls_ssl_handshake returned" \
4147 -c "Read from server: .* bytes read"
4149 # Tests for event-driven I/O: exercise a variety of handshake flows
4151 run_test "Event-driven I/O: basic handshake" \
4152 "$P_SRV event=1 tickets=0 auth_mode=none" \
4153 "$P_CLI event=1 tickets=0" \
4155 -S "mbedtls_ssl_handshake returned" \
4156 -C "mbedtls_ssl_handshake returned" \
4157 -c "Read from server: .* bytes read"
4159 run_test "Event-driven I/O: client auth" \
4160 "$P_SRV event=1 tickets=0 auth_mode=required" \
4161 "$P_CLI event=1 tickets=0" \
4163 -S "mbedtls_ssl_handshake returned" \
4164 -C "mbedtls_ssl_handshake returned" \
4165 -c "Read from server: .* bytes read"
4167 run_test "Event-driven I/O: ticket" \
4168 "$P_SRV event=1 tickets=1 auth_mode=none" \
4169 "$P_CLI event=1 tickets=1" \
4171 -S "mbedtls_ssl_handshake returned" \
4172 -C "mbedtls_ssl_handshake returned" \
4173 -c "Read from server: .* bytes read"
4175 run_test "Event-driven I/O: ticket + client auth" \
4176 "$P_SRV event=1 tickets=1 auth_mode=required" \
4177 "$P_CLI event=1 tickets=1" \
4179 -S "mbedtls_ssl_handshake returned" \
4180 -C "mbedtls_ssl_handshake returned" \
4181 -c "Read from server: .* bytes read"
4183 run_test "Event-driven I/O: ticket + client auth + resume" \
4184 "$P_SRV event=1 tickets=1 auth_mode=required" \
4185 "$P_CLI event=1 tickets=1 reconnect=1" \
4187 -S "mbedtls_ssl_handshake returned" \
4188 -C "mbedtls_ssl_handshake returned" \
4189 -c "Read from server: .* bytes read"
4191 run_test "Event-driven I/O: ticket + resume" \
4192 "$P_SRV event=1 tickets=1 auth_mode=none" \
4193 "$P_CLI event=1 tickets=1 reconnect=1" \
4195 -S "mbedtls_ssl_handshake returned" \
4196 -C "mbedtls_ssl_handshake returned" \
4197 -c "Read from server: .* bytes read"
4199 run_test "Event-driven I/O: session-id resume" \
4200 "$P_SRV event=1 tickets=0 auth_mode=none" \
4201 "$P_CLI event=1 tickets=0 reconnect=1" \
4203 -S "mbedtls_ssl_handshake returned" \
4204 -C "mbedtls_ssl_handshake returned" \
4205 -c "Read from server: .* bytes read"
4207 run_test "Event-driven I/O, DTLS: basic handshake" \
4208 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
4209 "$P_CLI dtls=1 event=1 tickets=0" \
4211 -c "Read from server: .* bytes read"
4213 run_test "Event-driven I/O, DTLS: client auth" \
4214 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
4215 "$P_CLI dtls=1 event=1 tickets=0" \
4217 -c "Read from server: .* bytes read"
4219 run_test "Event-driven I/O, DTLS: ticket" \
4220 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
4221 "$P_CLI dtls=1 event=1 tickets=1" \
4223 -c "Read from server: .* bytes read"
4225 run_test "Event-driven I/O, DTLS: ticket + client auth" \
4226 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
4227 "$P_CLI dtls=1 event=1 tickets=1" \
4229 -c "Read from server: .* bytes read"
4231 run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
4232 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
4233 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
4235 -c "Read from server: .* bytes read"
4237 run_test "Event-driven I/O, DTLS: ticket + resume" \
4238 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
4239 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1" \
4241 -c "Read from server: .* bytes read"
4243 run_test "Event-driven I/O, DTLS: session-id resume" \
4244 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
4245 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
4247 -c "Read from server: .* bytes read"
4249 # This test demonstrates the need for the mbedtls_ssl_check_pending function.
4250 # During session resumption, the client will send its ApplicationData record
4251 # within the same datagram as the Finished messages. In this situation, the
4252 # server MUST NOT idle on the underlying transport after handshake completion,
4253 # because the ApplicationData request has already been queued internally.
4254 run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
4255 -p "$P_PXY pack=50" \
4256 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
4257 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1" \
4259 -c "Read from server: .* bytes read"
4261 # Tests for version negotiation
4263 run_test "Version check: all -> 1.2" \
4267 -S "mbedtls_ssl_handshake returned" \
4268 -C "mbedtls_ssl_handshake returned" \
4269 -s "Protocol is TLSv1.2" \
4270 -c "Protocol is TLSv1.2"
4272 run_test "Version check: cli max 1.1 -> 1.1" \
4274 "$P_CLI max_version=tls1_1" \
4276 -S "mbedtls_ssl_handshake returned" \
4277 -C "mbedtls_ssl_handshake returned" \
4278 -s "Protocol is TLSv1.1" \
4279 -c "Protocol is TLSv1.1"
4281 run_test "Version check: srv max 1.1 -> 1.1" \
4282 "$P_SRV max_version=tls1_1" \
4285 -S "mbedtls_ssl_handshake returned" \
4286 -C "mbedtls_ssl_handshake returned" \
4287 -s "Protocol is TLSv1.1" \
4288 -c "Protocol is TLSv1.1"
4290 run_test "Version check: cli+srv max 1.1 -> 1.1" \
4291 "$P_SRV max_version=tls1_1" \
4292 "$P_CLI max_version=tls1_1" \
4294 -S "mbedtls_ssl_handshake returned" \
4295 -C "mbedtls_ssl_handshake returned" \
4296 -s "Protocol is TLSv1.1" \
4297 -c "Protocol is TLSv1.1"
4299 run_test "Version check: cli max 1.1, srv min 1.1 -> 1.1" \
4300 "$P_SRV min_version=tls1_1" \
4301 "$P_CLI max_version=tls1_1" \
4303 -S "mbedtls_ssl_handshake returned" \
4304 -C "mbedtls_ssl_handshake returned" \
4305 -s "Protocol is TLSv1.1" \
4306 -c "Protocol is TLSv1.1"
4308 run_test "Version check: cli min 1.1, srv max 1.1 -> 1.1" \
4309 "$P_SRV max_version=tls1_1" \
4310 "$P_CLI min_version=tls1_1" \
4312 -S "mbedtls_ssl_handshake returned" \
4313 -C "mbedtls_ssl_handshake returned" \
4314 -s "Protocol is TLSv1.1" \
4315 -c "Protocol is TLSv1.1"
4317 run_test "Version check: cli min 1.2, srv max 1.1 -> fail" \
4318 "$P_SRV max_version=tls1_1" \
4319 "$P_CLI min_version=tls1_2" \
4321 -s "mbedtls_ssl_handshake returned" \
4322 -c "mbedtls_ssl_handshake returned" \
4323 -c "SSL - Handshake protocol not within min/max boundaries"
4325 run_test "Version check: srv min 1.2, cli max 1.1 -> fail" \
4326 "$P_SRV min_version=tls1_2" \
4327 "$P_CLI max_version=tls1_1" \
4329 -s "mbedtls_ssl_handshake returned" \
4330 -c "mbedtls_ssl_handshake returned" \
4331 -s "SSL - Handshake protocol not within min/max boundaries"
4333 # Tests for ALPN extension
4335 run_test "ALPN: none" \
4336 "$P_SRV debug_level=3" \
4337 "$P_CLI debug_level=3" \
4339 -C "client hello, adding alpn extension" \
4340 -S "found alpn extension" \
4341 -C "got an alert message, type: \\[2:120]" \
4342 -S "server hello, adding alpn extension" \
4343 -C "found alpn extension " \
4344 -C "Application Layer Protocol is" \
4345 -S "Application Layer Protocol is"
4347 run_test "ALPN: client only" \
4348 "$P_SRV debug_level=3" \
4349 "$P_CLI debug_level=3 alpn=abc,1234" \
4351 -c "client hello, adding alpn extension" \
4352 -s "found alpn extension" \
4353 -C "got an alert message, type: \\[2:120]" \
4354 -S "server hello, adding alpn extension" \
4355 -C "found alpn extension " \
4356 -c "Application Layer Protocol is (none)" \
4357 -S "Application Layer Protocol is"
4359 run_test "ALPN: server only" \
4360 "$P_SRV debug_level=3 alpn=abc,1234" \
4361 "$P_CLI debug_level=3" \
4363 -C "client hello, adding alpn extension" \
4364 -S "found alpn extension" \
4365 -C "got an alert message, type: \\[2:120]" \
4366 -S "server hello, adding alpn extension" \
4367 -C "found alpn extension " \
4368 -C "Application Layer Protocol is" \
4369 -s "Application Layer Protocol is (none)"
4371 run_test "ALPN: both, common cli1-srv1" \
4372 "$P_SRV debug_level=3 alpn=abc,1234" \
4373 "$P_CLI debug_level=3 alpn=abc,1234" \
4375 -c "client hello, adding alpn extension" \
4376 -s "found alpn extension" \
4377 -C "got an alert message, type: \\[2:120]" \
4378 -s "server hello, adding alpn extension" \
4379 -c "found alpn extension" \
4380 -c "Application Layer Protocol is abc" \
4381 -s "Application Layer Protocol is abc"
4383 run_test "ALPN: both, common cli2-srv1" \
4384 "$P_SRV debug_level=3 alpn=abc,1234" \
4385 "$P_CLI debug_level=3 alpn=1234,abc" \
4387 -c "client hello, adding alpn extension" \
4388 -s "found alpn extension" \
4389 -C "got an alert message, type: \\[2:120]" \
4390 -s "server hello, adding alpn extension" \
4391 -c "found alpn extension" \
4392 -c "Application Layer Protocol is abc" \
4393 -s "Application Layer Protocol is abc"
4395 run_test "ALPN: both, common cli1-srv2" \
4396 "$P_SRV debug_level=3 alpn=abc,1234" \
4397 "$P_CLI debug_level=3 alpn=1234,abcde" \
4399 -c "client hello, adding alpn extension" \
4400 -s "found alpn extension" \
4401 -C "got an alert message, type: \\[2:120]" \
4402 -s "server hello, adding alpn extension" \
4403 -c "found alpn extension" \
4404 -c "Application Layer Protocol is 1234" \
4405 -s "Application Layer Protocol is 1234"
4407 run_test "ALPN: both, no common" \
4408 "$P_SRV debug_level=3 alpn=abc,123" \
4409 "$P_CLI debug_level=3 alpn=1234,abcde" \
4411 -c "client hello, adding alpn extension" \
4412 -s "found alpn extension" \
4413 -c "got an alert message, type: \\[2:120]" \
4414 -S "server hello, adding alpn extension" \
4415 -C "found alpn extension" \
4416 -C "Application Layer Protocol is 1234" \
4417 -S "Application Layer Protocol is 1234"
4420 # Tests for keyUsage in leaf certificates, part 1:
4421 # server-side certificate/suite selection
4423 run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \
4424 "$P_SRV key_file=data_files/server2.key \
4425 crt_file=data_files/server2.ku-ds.crt" \
4428 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
4431 run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \
4432 "$P_SRV key_file=data_files/server2.key \
4433 crt_file=data_files/server2.ku-ke.crt" \
4436 -c "Ciphersuite is TLS-RSA-WITH-"
4438 run_test "keyUsage srv: RSA, keyAgreement -> fail" \
4439 "$P_SRV key_file=data_files/server2.key \
4440 crt_file=data_files/server2.ku-ka.crt" \
4443 -C "Ciphersuite is "
4445 run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \
4446 "$P_SRV key_file=data_files/server5.key \
4447 crt_file=data_files/server5.ku-ds.crt" \
4450 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
4453 run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \
4454 "$P_SRV key_file=data_files/server5.key \
4455 crt_file=data_files/server5.ku-ka.crt" \
4458 -c "Ciphersuite is TLS-ECDH-"
4460 run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \
4461 "$P_SRV key_file=data_files/server5.key \
4462 crt_file=data_files/server5.ku-ke.crt" \
4465 -C "Ciphersuite is "
4467 # Tests for keyUsage in leaf certificates, part 2:
4468 # client-side checking of server cert
4470 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \
4471 "$O_SRV -key data_files/server2.key \
4472 -cert data_files/server2.ku-ds_ke.crt" \
4473 "$P_CLI debug_level=1 \
4474 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
4476 -C "bad certificate (usage extensions)" \
4477 -C "Processing of the Certificate handshake message failed" \
4478 -c "Ciphersuite is TLS-"
4480 run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \
4481 "$O_SRV -key data_files/server2.key \
4482 -cert data_files/server2.ku-ds_ke.crt" \
4483 "$P_CLI debug_level=1 \
4484 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
4486 -C "bad certificate (usage extensions)" \
4487 -C "Processing of the Certificate handshake message failed" \
4488 -c "Ciphersuite is TLS-"
4490 run_test "keyUsage cli: KeyEncipherment, RSA: OK" \
4491 "$O_SRV -key data_files/server2.key \
4492 -cert data_files/server2.ku-ke.crt" \
4493 "$P_CLI debug_level=1 \
4494 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
4496 -C "bad certificate (usage extensions)" \
4497 -C "Processing of the Certificate handshake message failed" \
4498 -c "Ciphersuite is TLS-"
4500 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \
4501 "$O_SRV -key data_files/server2.key \
4502 -cert data_files/server2.ku-ke.crt" \
4503 "$P_CLI debug_level=1 \
4504 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
4506 -c "bad certificate (usage extensions)" \
4507 -c "Processing of the Certificate handshake message failed" \
4508 -C "Ciphersuite is TLS-"
4510 run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \
4511 "$O_SRV -key data_files/server2.key \
4512 -cert data_files/server2.ku-ke.crt" \
4513 "$P_CLI debug_level=1 auth_mode=optional \
4514 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
4516 -c "bad certificate (usage extensions)" \
4517 -C "Processing of the Certificate handshake message failed" \
4518 -c "Ciphersuite is TLS-" \
4519 -c "! Usage does not match the keyUsage extension"
4521 run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \
4522 "$O_SRV -key data_files/server2.key \
4523 -cert data_files/server2.ku-ds.crt" \
4524 "$P_CLI debug_level=1 \
4525 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
4527 -C "bad certificate (usage extensions)" \
4528 -C "Processing of the Certificate handshake message failed" \
4529 -c "Ciphersuite is TLS-"
4531 run_test "keyUsage cli: DigitalSignature, RSA: fail" \
4532 "$O_SRV -key data_files/server2.key \
4533 -cert data_files/server2.ku-ds.crt" \
4534 "$P_CLI debug_level=1 \
4535 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
4537 -c "bad certificate (usage extensions)" \
4538 -c "Processing of the Certificate handshake message failed" \
4539 -C "Ciphersuite is TLS-"
4541 run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \
4542 "$O_SRV -key data_files/server2.key \
4543 -cert data_files/server2.ku-ds.crt" \
4544 "$P_CLI debug_level=1 auth_mode=optional \
4545 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
4547 -c "bad certificate (usage extensions)" \
4548 -C "Processing of the Certificate handshake message failed" \
4549 -c "Ciphersuite is TLS-" \
4550 -c "! Usage does not match the keyUsage extension"
4552 # Tests for keyUsage in leaf certificates, part 3:
4553 # server-side checking of client cert
4555 run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \
4556 "$P_SRV debug_level=1 auth_mode=optional" \
4557 "$O_CLI -key data_files/server2.key \
4558 -cert data_files/server2.ku-ds.crt" \
4560 -S "bad certificate (usage extensions)" \
4561 -S "Processing of the Certificate handshake message failed"
4563 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \
4564 "$P_SRV debug_level=1 auth_mode=optional" \
4565 "$O_CLI -key data_files/server2.key \
4566 -cert data_files/server2.ku-ke.crt" \
4568 -s "bad certificate (usage extensions)" \
4569 -S "Processing of the Certificate handshake message failed"
4571 run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \
4572 "$P_SRV debug_level=1 auth_mode=required" \
4573 "$O_CLI -key data_files/server2.key \
4574 -cert data_files/server2.ku-ke.crt" \
4576 -s "bad certificate (usage extensions)" \
4577 -s "Processing of the Certificate handshake message failed"
4579 run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \
4580 "$P_SRV debug_level=1 auth_mode=optional" \
4581 "$O_CLI -key data_files/server5.key \
4582 -cert data_files/server5.ku-ds.crt" \
4584 -S "bad certificate (usage extensions)" \
4585 -S "Processing of the Certificate handshake message failed"
4587 run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \
4588 "$P_SRV debug_level=1 auth_mode=optional" \
4589 "$O_CLI -key data_files/server5.key \
4590 -cert data_files/server5.ku-ka.crt" \
4592 -s "bad certificate (usage extensions)" \
4593 -S "Processing of the Certificate handshake message failed"
4595 # Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
4597 run_test "extKeyUsage srv: serverAuth -> OK" \
4598 "$P_SRV key_file=data_files/server5.key \
4599 crt_file=data_files/server5.eku-srv.crt" \
4603 run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
4604 "$P_SRV key_file=data_files/server5.key \
4605 crt_file=data_files/server5.eku-srv.crt" \
4609 run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
4610 "$P_SRV key_file=data_files/server5.key \
4611 crt_file=data_files/server5.eku-cs_any.crt" \
4615 run_test "extKeyUsage srv: codeSign -> fail" \
4616 "$P_SRV key_file=data_files/server5.key \
4617 crt_file=data_files/server5.eku-cli.crt" \
4621 # Tests for extendedKeyUsage, part 2: client-side checking of server cert
4623 run_test "extKeyUsage cli: serverAuth -> OK" \
4624 "$O_SRV -key data_files/server5.key \
4625 -cert data_files/server5.eku-srv.crt" \
4626 "$P_CLI debug_level=1" \
4628 -C "bad certificate (usage extensions)" \
4629 -C "Processing of the Certificate handshake message failed" \
4630 -c "Ciphersuite is TLS-"
4632 run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \
4633 "$O_SRV -key data_files/server5.key \
4634 -cert data_files/server5.eku-srv_cli.crt" \
4635 "$P_CLI debug_level=1" \
4637 -C "bad certificate (usage extensions)" \
4638 -C "Processing of the Certificate handshake message failed" \
4639 -c "Ciphersuite is TLS-"
4641 run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \
4642 "$O_SRV -key data_files/server5.key \
4643 -cert data_files/server5.eku-cs_any.crt" \
4644 "$P_CLI debug_level=1" \
4646 -C "bad certificate (usage extensions)" \
4647 -C "Processing of the Certificate handshake message failed" \
4648 -c "Ciphersuite is TLS-"
4650 run_test "extKeyUsage cli: codeSign -> fail" \
4651 "$O_SRV -key data_files/server5.key \
4652 -cert data_files/server5.eku-cs.crt" \
4653 "$P_CLI debug_level=1" \
4655 -c "bad certificate (usage extensions)" \
4656 -c "Processing of the Certificate handshake message failed" \
4657 -C "Ciphersuite is TLS-"
4659 # Tests for extendedKeyUsage, part 3: server-side checking of client cert
4661 run_test "extKeyUsage cli-auth: clientAuth -> OK" \
4662 "$P_SRV debug_level=1 auth_mode=optional" \
4663 "$O_CLI -key data_files/server5.key \
4664 -cert data_files/server5.eku-cli.crt" \
4666 -S "bad certificate (usage extensions)" \
4667 -S "Processing of the Certificate handshake message failed"
4669 run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \
4670 "$P_SRV debug_level=1 auth_mode=optional" \
4671 "$O_CLI -key data_files/server5.key \
4672 -cert data_files/server5.eku-srv_cli.crt" \
4674 -S "bad certificate (usage extensions)" \
4675 -S "Processing of the Certificate handshake message failed"
4677 run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \
4678 "$P_SRV debug_level=1 auth_mode=optional" \
4679 "$O_CLI -key data_files/server5.key \
4680 -cert data_files/server5.eku-cs_any.crt" \
4682 -S "bad certificate (usage extensions)" \
4683 -S "Processing of the Certificate handshake message failed"
4685 run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \
4686 "$P_SRV debug_level=1 auth_mode=optional" \
4687 "$O_CLI -key data_files/server5.key \
4688 -cert data_files/server5.eku-cs.crt" \
4690 -s "bad certificate (usage extensions)" \
4691 -S "Processing of the Certificate handshake message failed"
4693 run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \
4694 "$P_SRV debug_level=1 auth_mode=required" \
4695 "$O_CLI -key data_files/server5.key \
4696 -cert data_files/server5.eku-cs.crt" \
4698 -s "bad certificate (usage extensions)" \
4699 -s "Processing of the Certificate handshake message failed"
4701 # Tests for DHM parameters loading
4703 run_test "DHM parameters: reference" \
4705 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4708 -c "value of 'DHM: P ' (2048 bits)" \
4709 -c "value of 'DHM: G ' (2 bits)"
4711 run_test "DHM parameters: other parameters" \
4712 "$P_SRV dhm_file=data_files/dhparams.pem" \
4713 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4716 -c "value of 'DHM: P ' (1024 bits)" \
4717 -c "value of 'DHM: G ' (2 bits)"
4719 # Tests for DHM client-side size checking
4721 run_test "DHM size: server default, client default, OK" \
4723 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4726 -C "DHM prime too short:"
4728 run_test "DHM size: server default, client 2048, OK" \
4730 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4731 debug_level=1 dhmlen=2048" \
4733 -C "DHM prime too short:"
4735 run_test "DHM size: server 1024, client default, OK" \
4736 "$P_SRV dhm_file=data_files/dhparams.pem" \
4737 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4740 -C "DHM prime too short:"
4742 run_test "DHM size: server 1000, client default, rejected" \
4743 "$P_SRV dhm_file=data_files/dh.1000.pem" \
4744 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4747 -c "DHM prime too short:"
4749 run_test "DHM size: server default, client 2049, rejected" \
4751 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
4752 debug_level=1 dhmlen=2049" \
4754 -c "DHM prime too short:"
4756 # Tests for PSK callback
4758 run_test "PSK callback: psk, no callback" \
4759 "$P_SRV psk=abc123 psk_identity=foo" \
4760 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4761 psk_identity=foo psk=abc123" \
4763 -S "SSL - None of the common ciphersuites is usable" \
4764 -S "SSL - Unknown identity received" \
4765 -S "SSL - Verification of the message MAC failed"
4767 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4768 run_test "PSK callback: opaque psk on client, no callback" \
4769 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
4770 "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4771 psk_identity=foo psk=abc123 psk_opaque=1" \
4773 -c "skip PMS generation for opaque PSK"\
4774 -S "skip PMS generation for opaque PSK"\
4775 -C "using extended master secret"\
4776 -S "using extended master secret"\
4777 -S "SSL - None of the common ciphersuites is usable" \
4778 -S "SSL - Unknown identity received" \
4779 -S "SSL - Verification of the message MAC failed"
4781 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4782 run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
4783 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \
4784 "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4785 psk_identity=foo psk=abc123 psk_opaque=1" \
4787 -c "skip PMS generation for opaque PSK"\
4788 -S "skip PMS generation for opaque PSK"\
4789 -C "using extended master secret"\
4790 -S "using extended master secret"\
4791 -S "SSL - None of the common ciphersuites is usable" \
4792 -S "SSL - Unknown identity received" \
4793 -S "SSL - Verification of the message MAC failed"
4795 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4796 run_test "PSK callback: opaque psk on client, no callback, EMS" \
4797 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
4798 "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4799 psk_identity=foo psk=abc123 psk_opaque=1" \
4801 -c "skip PMS generation for opaque PSK"\
4802 -S "skip PMS generation for opaque PSK"\
4803 -c "using extended master secret"\
4804 -s "using extended master secret"\
4805 -S "SSL - None of the common ciphersuites is usable" \
4806 -S "SSL - Unknown identity received" \
4807 -S "SSL - Verification of the message MAC failed"
4809 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4810 run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
4811 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \
4812 "$P_CLI extended_ms=1 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4813 psk_identity=foo psk=abc123 psk_opaque=1" \
4815 -c "skip PMS generation for opaque PSK"\
4816 -S "skip PMS generation for opaque PSK"\
4817 -c "using extended master secret"\
4818 -s "using extended master secret"\
4819 -S "SSL - None of the common ciphersuites is usable" \
4820 -S "SSL - Unknown identity received" \
4821 -S "SSL - Verification of the message MAC failed"
4823 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4824 run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
4825 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4826 "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4827 psk_identity=foo psk=abc123" \
4829 -C "skip PMS generation for opaque PSK"\
4830 -s "skip PMS generation for opaque PSK"\
4831 -C "using extended master secret"\
4832 -S "using extended master secret"\
4833 -S "SSL - None of the common ciphersuites is usable" \
4834 -S "SSL - Unknown identity received" \
4835 -S "SSL - Verification of the message MAC failed"
4837 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4838 run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
4839 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
4840 "$P_CLI extended_ms=0 debug_level=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4841 psk_identity=foo psk=abc123" \
4843 -C "skip PMS generation for opaque PSK"\
4844 -s "skip PMS generation for opaque PSK"\
4845 -C "using extended master secret"\
4846 -S "using extended master secret"\
4847 -S "SSL - None of the common ciphersuites is usable" \
4848 -S "SSL - Unknown identity received" \
4849 -S "SSL - Verification of the message MAC failed"
4851 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4852 run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
4853 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
4854 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
4855 "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4856 psk_identity=foo psk=abc123 extended_ms=1" \
4858 -c "using extended master secret"\
4859 -s "using extended master secret"\
4860 -C "skip PMS generation for opaque PSK"\
4861 -s "skip PMS generation for opaque PSK"\
4862 -S "SSL - None of the common ciphersuites is usable" \
4863 -S "SSL - Unknown identity received" \
4864 -S "SSL - Verification of the message MAC failed"
4866 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4867 run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
4868 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls1_2 \
4869 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
4870 "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4871 psk_identity=foo psk=abc123 extended_ms=1" \
4873 -c "using extended master secret"\
4874 -s "using extended master secret"\
4875 -C "skip PMS generation for opaque PSK"\
4876 -s "skip PMS generation for opaque PSK"\
4877 -S "SSL - None of the common ciphersuites is usable" \
4878 -S "SSL - Unknown identity received" \
4879 -S "SSL - Verification of the message MAC failed"
4881 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4882 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
4883 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4884 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4885 psk_identity=def psk=beef" \
4887 -C "skip PMS generation for opaque PSK"\
4888 -s "skip PMS generation for opaque PSK"\
4889 -C "using extended master secret"\
4890 -S "using extended master secret"\
4891 -S "SSL - None of the common ciphersuites is usable" \
4892 -S "SSL - Unknown identity received" \
4893 -S "SSL - Verification of the message MAC failed"
4895 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4896 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
4897 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
4898 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4899 psk_identity=def psk=beef" \
4901 -C "skip PMS generation for opaque PSK"\
4902 -s "skip PMS generation for opaque PSK"\
4903 -C "using extended master secret"\
4904 -S "using extended master secret"\
4905 -S "SSL - None of the common ciphersuites is usable" \
4906 -S "SSL - Unknown identity received" \
4907 -S "SSL - Verification of the message MAC failed"
4909 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4910 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
4911 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
4912 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
4913 "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4914 psk_identity=abc psk=dead extended_ms=1" \
4916 -c "using extended master secret"\
4917 -s "using extended master secret"\
4918 -C "skip PMS generation for opaque PSK"\
4919 -s "skip PMS generation for opaque PSK"\
4920 -S "SSL - None of the common ciphersuites is usable" \
4921 -S "SSL - Unknown identity received" \
4922 -S "SSL - Verification of the message MAC failed"
4924 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4925 run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
4926 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 \
4927 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
4928 "$P_CLI debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
4929 psk_identity=abc psk=dead extended_ms=1" \
4931 -c "using extended master secret"\
4932 -s "using extended master secret"\
4933 -C "skip PMS generation for opaque PSK"\
4934 -s "skip PMS generation for opaque PSK"\
4935 -S "SSL - None of the common ciphersuites is usable" \
4936 -S "SSL - Unknown identity received" \
4937 -S "SSL - Verification of the message MAC failed"
4939 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4940 run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
4941 "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4942 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4943 psk_identity=def psk=beef" \
4945 -C "skip PMS generation for opaque PSK"\
4946 -s "skip PMS generation for opaque PSK"\
4947 -C "using extended master secret"\
4948 -S "using extended master secret"\
4949 -S "SSL - None of the common ciphersuites is usable" \
4950 -S "SSL - Unknown identity received" \
4951 -S "SSL - Verification of the message MAC failed"
4953 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4954 run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
4955 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4956 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4957 psk_identity=def psk=beef" \
4959 -C "skip PMS generation for opaque PSK"\
4960 -s "skip PMS generation for opaque PSK"\
4961 -C "using extended master secret"\
4962 -S "using extended master secret"\
4963 -S "SSL - None of the common ciphersuites is usable" \
4964 -S "SSL - Unknown identity received" \
4965 -S "SSL - Verification of the message MAC failed"
4967 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4968 run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
4969 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4970 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4971 psk_identity=def psk=beef" \
4973 -C "skip PMS generation for opaque PSK"\
4974 -C "using extended master secret"\
4975 -S "using extended master secret"\
4976 -S "SSL - None of the common ciphersuites is usable" \
4977 -S "SSL - Unknown identity received" \
4978 -S "SSL - Verification of the message MAC failed"
4980 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4981 run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
4982 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4983 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4984 psk_identity=def psk=beef" \
4986 -C "skip PMS generation for opaque PSK"\
4987 -C "using extended master secret"\
4988 -S "using extended master secret"\
4989 -S "SSL - None of the common ciphersuites is usable" \
4990 -S "SSL - Unknown identity received" \
4991 -S "SSL - Verification of the message MAC failed"
4993 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO
4994 run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
4995 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
4996 "$P_CLI extended_ms=0 debug_level=3 min_version=tls1_2 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
4997 psk_identity=def psk=beef" \
4999 -s "SSL - Verification of the message MAC failed"
5001 run_test "PSK callback: no psk, no callback" \
5003 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5004 psk_identity=foo psk=abc123" \
5006 -s "SSL - None of the common ciphersuites is usable" \
5007 -S "SSL - Unknown identity received" \
5008 -S "SSL - Verification of the message MAC failed"
5010 run_test "PSK callback: callback overrides other settings" \
5011 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
5012 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5013 psk_identity=foo psk=abc123" \
5015 -S "SSL - None of the common ciphersuites is usable" \
5016 -s "SSL - Unknown identity received" \
5017 -S "SSL - Verification of the message MAC failed"
5019 run_test "PSK callback: first id matches" \
5020 "$P_SRV psk_list=abc,dead,def,beef" \
5021 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5022 psk_identity=abc psk=dead" \
5024 -S "SSL - None of the common ciphersuites is usable" \
5025 -S "SSL - Unknown identity received" \
5026 -S "SSL - Verification of the message MAC failed"
5028 run_test "PSK callback: second id matches" \
5029 "$P_SRV psk_list=abc,dead,def,beef" \
5030 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5031 psk_identity=def psk=beef" \
5033 -S "SSL - None of the common ciphersuites is usable" \
5034 -S "SSL - Unknown identity received" \
5035 -S "SSL - Verification of the message MAC failed"
5037 run_test "PSK callback: no match" \
5038 "$P_SRV psk_list=abc,dead,def,beef" \
5039 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5040 psk_identity=ghi psk=beef" \
5042 -S "SSL - None of the common ciphersuites is usable" \
5043 -s "SSL - Unknown identity received" \
5044 -S "SSL - Verification of the message MAC failed"
5046 run_test "PSK callback: wrong key" \
5047 "$P_SRV psk_list=abc,dead,def,beef" \
5048 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
5049 psk_identity=abc psk=beef" \
5051 -S "SSL - None of the common ciphersuites is usable" \
5052 -S "SSL - Unknown identity received" \
5053 -s "SSL - Verification of the message MAC failed"
5055 # Tests for EC J-PAKE
5057 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5058 run_test "ECJPAKE: client not configured" \
5059 "$P_SRV debug_level=3" \
5060 "$P_CLI debug_level=3" \
5062 -C "add ciphersuite: c0ff" \
5063 -C "adding ecjpake_kkpp extension" \
5064 -S "found ecjpake kkpp extension" \
5065 -S "skip ecjpake kkpp extension" \
5066 -S "ciphersuite mismatch: ecjpake not configured" \
5067 -S "server hello, ecjpake kkpp extension" \
5068 -C "found ecjpake_kkpp extension" \
5069 -S "None of the common ciphersuites is usable"
5071 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5072 run_test "ECJPAKE: server not configured" \
5073 "$P_SRV debug_level=3" \
5074 "$P_CLI debug_level=3 ecjpake_pw=bla \
5075 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5077 -c "add ciphersuite: c0ff" \
5078 -c "adding ecjpake_kkpp extension" \
5079 -s "found ecjpake kkpp extension" \
5080 -s "skip ecjpake kkpp extension" \
5081 -s "ciphersuite mismatch: ecjpake not configured" \
5082 -S "server hello, ecjpake kkpp extension" \
5083 -C "found ecjpake_kkpp extension" \
5084 -s "None of the common ciphersuites is usable"
5086 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5087 run_test "ECJPAKE: working, TLS" \
5088 "$P_SRV debug_level=3 ecjpake_pw=bla" \
5089 "$P_CLI debug_level=3 ecjpake_pw=bla \
5090 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5092 -c "add ciphersuite: c0ff" \
5093 -c "adding ecjpake_kkpp extension" \
5094 -C "re-using cached ecjpake parameters" \
5095 -s "found ecjpake kkpp extension" \
5096 -S "skip ecjpake kkpp extension" \
5097 -S "ciphersuite mismatch: ecjpake not configured" \
5098 -s "server hello, ecjpake kkpp extension" \
5099 -c "found ecjpake_kkpp extension" \
5100 -S "None of the common ciphersuites is usable" \
5101 -S "SSL - Verification of the message MAC failed"
5103 server_needs_more_time 1
5104 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5105 run_test "ECJPAKE: password mismatch, TLS" \
5106 "$P_SRV debug_level=3 ecjpake_pw=bla" \
5107 "$P_CLI debug_level=3 ecjpake_pw=bad \
5108 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5110 -C "re-using cached ecjpake parameters" \
5111 -s "SSL - Verification of the message MAC failed"
5113 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5114 run_test "ECJPAKE: working, DTLS" \
5115 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
5116 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
5117 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5119 -c "re-using cached ecjpake parameters" \
5120 -S "SSL - Verification of the message MAC failed"
5122 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5123 run_test "ECJPAKE: working, DTLS, no cookie" \
5124 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
5125 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
5126 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5128 -C "re-using cached ecjpake parameters" \
5129 -S "SSL - Verification of the message MAC failed"
5131 server_needs_more_time 1
5132 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5133 run_test "ECJPAKE: password mismatch, DTLS" \
5134 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
5135 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
5136 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5138 -c "re-using cached ecjpake parameters" \
5139 -s "SSL - Verification of the message MAC failed"
5141 # for tests with configs/config-thread.h
5142 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE
5143 run_test "ECJPAKE: working, DTLS, nolog" \
5144 "$P_SRV dtls=1 ecjpake_pw=bla" \
5145 "$P_CLI dtls=1 ecjpake_pw=bla \
5146 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
5149 # Tests for ciphersuites per version
5151 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5152 requires_config_enabled MBEDTLS_CAMELLIA_C
5153 requires_config_enabled MBEDTLS_AES_C
5154 run_test "Per-version suites: SSL3" \
5155 "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
5156 "$P_CLI force_version=ssl3" \
5158 -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA"
5160 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1
5161 requires_config_enabled MBEDTLS_CAMELLIA_C
5162 requires_config_enabled MBEDTLS_AES_C
5163 run_test "Per-version suites: TLS 1.0" \
5164 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
5165 "$P_CLI force_version=tls1 arc4=1" \
5167 -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA"
5169 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
5170 requires_config_enabled MBEDTLS_CAMELLIA_C
5171 requires_config_enabled MBEDTLS_AES_C
5172 run_test "Per-version suites: TLS 1.1" \
5173 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
5174 "$P_CLI force_version=tls1_1" \
5176 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
5178 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
5179 requires_config_enabled MBEDTLS_CAMELLIA_C
5180 requires_config_enabled MBEDTLS_AES_C
5181 run_test "Per-version suites: TLS 1.2" \
5182 "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
5183 "$P_CLI force_version=tls1_2" \
5185 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
5187 # Test for ClientHello without extensions
5190 run_test "ClientHello without extensions, SHA-1 allowed" \
5191 "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
5192 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
5194 -s "dumping 'client hello extensions' (0 bytes)"
5197 run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
5198 "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
5199 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
5201 -s "dumping 'client hello extensions' (0 bytes)"
5203 # Tests for mbedtls_ssl_get_bytes_avail()
5205 run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
5207 "$P_CLI request_size=100" \
5209 -s "Read from client: 100 bytes read$"
5211 run_test "mbedtls_ssl_get_bytes_avail: extra data" \
5213 "$P_CLI request_size=500" \
5215 -s "Read from client: 500 bytes read (.*+.*)"
5217 # Tests for small client packets
5219 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5220 run_test "Small client packet SSLv3 BlockCipher" \
5221 "$P_SRV min_version=ssl3" \
5222 "$P_CLI request_size=1 force_version=ssl3 \
5223 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5225 -s "Read from client: 1 bytes read"
5227 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5228 run_test "Small client packet SSLv3 StreamCipher" \
5229 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5230 "$P_CLI request_size=1 force_version=ssl3 \
5231 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5233 -s "Read from client: 1 bytes read"
5235 run_test "Small client packet TLS 1.0 BlockCipher" \
5237 "$P_CLI request_size=1 force_version=tls1 \
5238 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5240 -s "Read from client: 1 bytes read"
5242 run_test "Small client packet TLS 1.0 BlockCipher, without EtM" \
5244 "$P_CLI request_size=1 force_version=tls1 etm=0 \
5245 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5247 -s "Read from client: 1 bytes read"
5249 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5250 run_test "Small client packet TLS 1.0 BlockCipher, truncated MAC" \
5251 "$P_SRV trunc_hmac=1" \
5252 "$P_CLI request_size=1 force_version=tls1 \
5253 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5255 -s "Read from client: 1 bytes read"
5257 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5258 run_test "Small client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
5259 "$P_SRV trunc_hmac=1" \
5260 "$P_CLI request_size=1 force_version=tls1 \
5261 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5263 -s "Read from client: 1 bytes read"
5265 run_test "Small client packet TLS 1.0 StreamCipher" \
5266 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5267 "$P_CLI request_size=1 force_version=tls1 \
5268 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5270 -s "Read from client: 1 bytes read"
5272 run_test "Small client packet TLS 1.0 StreamCipher, without EtM" \
5273 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5274 "$P_CLI request_size=1 force_version=tls1 \
5275 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5277 -s "Read from client: 1 bytes read"
5279 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5280 run_test "Small client packet TLS 1.0 StreamCipher, truncated MAC" \
5281 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5282 "$P_CLI request_size=1 force_version=tls1 \
5283 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5285 -s "Read from client: 1 bytes read"
5287 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5288 run_test "Small client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
5289 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5290 "$P_CLI request_size=1 force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
5291 trunc_hmac=1 etm=0" \
5293 -s "Read from client: 1 bytes read"
5295 run_test "Small client packet TLS 1.1 BlockCipher" \
5297 "$P_CLI request_size=1 force_version=tls1_1 \
5298 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5300 -s "Read from client: 1 bytes read"
5302 run_test "Small client packet TLS 1.1 BlockCipher, without EtM" \
5304 "$P_CLI request_size=1 force_version=tls1_1 \
5305 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
5307 -s "Read from client: 1 bytes read"
5309 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5310 run_test "Small client packet TLS 1.1 BlockCipher, truncated MAC" \
5311 "$P_SRV trunc_hmac=1" \
5312 "$P_CLI request_size=1 force_version=tls1_1 \
5313 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5315 -s "Read from client: 1 bytes read"
5317 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5318 run_test "Small client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
5319 "$P_SRV trunc_hmac=1" \
5320 "$P_CLI request_size=1 force_version=tls1_1 \
5321 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5323 -s "Read from client: 1 bytes read"
5325 run_test "Small client packet TLS 1.1 StreamCipher" \
5326 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5327 "$P_CLI request_size=1 force_version=tls1_1 \
5328 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5330 -s "Read from client: 1 bytes read"
5332 run_test "Small client packet TLS 1.1 StreamCipher, without EtM" \
5333 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5334 "$P_CLI request_size=1 force_version=tls1_1 \
5335 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5337 -s "Read from client: 1 bytes read"
5339 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5340 run_test "Small client packet TLS 1.1 StreamCipher, truncated MAC" \
5341 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5342 "$P_CLI request_size=1 force_version=tls1_1 \
5343 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5345 -s "Read from client: 1 bytes read"
5347 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5348 run_test "Small client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
5349 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5350 "$P_CLI request_size=1 force_version=tls1_1 \
5351 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5353 -s "Read from client: 1 bytes read"
5355 run_test "Small client packet TLS 1.2 BlockCipher" \
5357 "$P_CLI request_size=1 force_version=tls1_2 \
5358 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5360 -s "Read from client: 1 bytes read"
5362 run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
5364 "$P_CLI request_size=1 force_version=tls1_2 \
5365 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
5367 -s "Read from client: 1 bytes read"
5369 run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
5371 "$P_CLI request_size=1 force_version=tls1_2 \
5372 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
5374 -s "Read from client: 1 bytes read"
5376 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5377 run_test "Small client packet TLS 1.2 BlockCipher, truncated MAC" \
5378 "$P_SRV trunc_hmac=1" \
5379 "$P_CLI request_size=1 force_version=tls1_2 \
5380 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5382 -s "Read from client: 1 bytes read"
5384 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5385 run_test "Small client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
5386 "$P_SRV trunc_hmac=1" \
5387 "$P_CLI request_size=1 force_version=tls1_2 \
5388 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5390 -s "Read from client: 1 bytes read"
5392 run_test "Small client packet TLS 1.2 StreamCipher" \
5393 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5394 "$P_CLI request_size=1 force_version=tls1_2 \
5395 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5397 -s "Read from client: 1 bytes read"
5399 run_test "Small client packet TLS 1.2 StreamCipher, without EtM" \
5400 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5401 "$P_CLI request_size=1 force_version=tls1_2 \
5402 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5404 -s "Read from client: 1 bytes read"
5406 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5407 run_test "Small client packet TLS 1.2 StreamCipher, truncated MAC" \
5408 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5409 "$P_CLI request_size=1 force_version=tls1_2 \
5410 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5412 -s "Read from client: 1 bytes read"
5414 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5415 run_test "Small client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
5416 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5417 "$P_CLI request_size=1 force_version=tls1_2 \
5418 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5420 -s "Read from client: 1 bytes read"
5422 run_test "Small client packet TLS 1.2 AEAD" \
5424 "$P_CLI request_size=1 force_version=tls1_2 \
5425 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
5427 -s "Read from client: 1 bytes read"
5429 run_test "Small client packet TLS 1.2 AEAD shorter tag" \
5431 "$P_CLI request_size=1 force_version=tls1_2 \
5432 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
5434 -s "Read from client: 1 bytes read"
5436 # Tests for small client packets in DTLS
5438 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5439 run_test "Small client packet DTLS 1.0" \
5440 "$P_SRV dtls=1 force_version=dtls1" \
5441 "$P_CLI dtls=1 request_size=1 \
5442 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5444 -s "Read from client: 1 bytes read"
5446 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5447 run_test "Small client packet DTLS 1.0, without EtM" \
5448 "$P_SRV dtls=1 force_version=dtls1 etm=0" \
5449 "$P_CLI dtls=1 request_size=1 \
5450 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5452 -s "Read from client: 1 bytes read"
5454 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5455 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5456 run_test "Small client packet DTLS 1.0, truncated hmac" \
5457 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1" \
5458 "$P_CLI dtls=1 request_size=1 trunc_hmac=1 \
5459 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5461 -s "Read from client: 1 bytes read"
5463 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5464 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5465 run_test "Small client packet DTLS 1.0, without EtM, truncated MAC" \
5466 "$P_SRV dtls=1 force_version=dtls1 trunc_hmac=1 etm=0" \
5467 "$P_CLI dtls=1 request_size=1 \
5468 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
5470 -s "Read from client: 1 bytes read"
5472 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5473 run_test "Small client packet DTLS 1.2" \
5474 "$P_SRV dtls=1 force_version=dtls1_2" \
5475 "$P_CLI dtls=1 request_size=1 \
5476 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5478 -s "Read from client: 1 bytes read"
5480 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5481 run_test "Small client packet DTLS 1.2, without EtM" \
5482 "$P_SRV dtls=1 force_version=dtls1_2 etm=0" \
5483 "$P_CLI dtls=1 request_size=1 \
5484 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5486 -s "Read from client: 1 bytes read"
5488 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5489 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5490 run_test "Small client packet DTLS 1.2, truncated hmac" \
5491 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1" \
5492 "$P_CLI dtls=1 request_size=1 \
5493 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5495 -s "Read from client: 1 bytes read"
5497 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5498 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5499 run_test "Small client packet DTLS 1.2, without EtM, truncated MAC" \
5500 "$P_SRV dtls=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
5501 "$P_CLI dtls=1 request_size=1 \
5502 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
5504 -s "Read from client: 1 bytes read"
5506 # Tests for small server packets
5508 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5509 run_test "Small server packet SSLv3 BlockCipher" \
5510 "$P_SRV response_size=1 min_version=ssl3" \
5511 "$P_CLI force_version=ssl3 \
5512 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5514 -c "Read from server: 1 bytes read"
5516 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5517 run_test "Small server packet SSLv3 StreamCipher" \
5518 "$P_SRV response_size=1 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5519 "$P_CLI force_version=ssl3 \
5520 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5522 -c "Read from server: 1 bytes read"
5524 run_test "Small server packet TLS 1.0 BlockCipher" \
5525 "$P_SRV response_size=1" \
5526 "$P_CLI force_version=tls1 \
5527 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5529 -c "Read from server: 1 bytes read"
5531 run_test "Small server packet TLS 1.0 BlockCipher, without EtM" \
5532 "$P_SRV response_size=1" \
5533 "$P_CLI force_version=tls1 etm=0 \
5534 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5536 -c "Read from server: 1 bytes read"
5538 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5539 run_test "Small server packet TLS 1.0 BlockCipher, truncated MAC" \
5540 "$P_SRV response_size=1 trunc_hmac=1" \
5541 "$P_CLI force_version=tls1 \
5542 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5544 -c "Read from server: 1 bytes read"
5546 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5547 run_test "Small server packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
5548 "$P_SRV response_size=1 trunc_hmac=1" \
5549 "$P_CLI force_version=tls1 \
5550 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5552 -c "Read from server: 1 bytes read"
5554 run_test "Small server packet TLS 1.0 StreamCipher" \
5555 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5556 "$P_CLI force_version=tls1 \
5557 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5559 -c "Read from server: 1 bytes read"
5561 run_test "Small server packet TLS 1.0 StreamCipher, without EtM" \
5562 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5563 "$P_CLI force_version=tls1 \
5564 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5566 -c "Read from server: 1 bytes read"
5568 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5569 run_test "Small server packet TLS 1.0 StreamCipher, truncated MAC" \
5570 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5571 "$P_CLI force_version=tls1 \
5572 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5574 -c "Read from server: 1 bytes read"
5576 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5577 run_test "Small server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
5578 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5579 "$P_CLI force_version=tls1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
5580 trunc_hmac=1 etm=0" \
5582 -c "Read from server: 1 bytes read"
5584 run_test "Small server packet TLS 1.1 BlockCipher" \
5585 "$P_SRV response_size=1" \
5586 "$P_CLI force_version=tls1_1 \
5587 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5589 -c "Read from server: 1 bytes read"
5591 run_test "Small server packet TLS 1.1 BlockCipher, without EtM" \
5592 "$P_SRV response_size=1" \
5593 "$P_CLI force_version=tls1_1 \
5594 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
5596 -c "Read from server: 1 bytes read"
5598 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5599 run_test "Small server packet TLS 1.1 BlockCipher, truncated MAC" \
5600 "$P_SRV response_size=1 trunc_hmac=1" \
5601 "$P_CLI force_version=tls1_1 \
5602 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5604 -c "Read from server: 1 bytes read"
5606 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5607 run_test "Small server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
5608 "$P_SRV response_size=1 trunc_hmac=1" \
5609 "$P_CLI force_version=tls1_1 \
5610 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5612 -c "Read from server: 1 bytes read"
5614 run_test "Small server packet TLS 1.1 StreamCipher" \
5615 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5616 "$P_CLI force_version=tls1_1 \
5617 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5619 -c "Read from server: 1 bytes read"
5621 run_test "Small server packet TLS 1.1 StreamCipher, without EtM" \
5622 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5623 "$P_CLI force_version=tls1_1 \
5624 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5626 -c "Read from server: 1 bytes read"
5628 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5629 run_test "Small server packet TLS 1.1 StreamCipher, truncated MAC" \
5630 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5631 "$P_CLI force_version=tls1_1 \
5632 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5634 -c "Read from server: 1 bytes read"
5636 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5637 run_test "Small server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
5638 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5639 "$P_CLI force_version=tls1_1 \
5640 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5642 -c "Read from server: 1 bytes read"
5644 run_test "Small server packet TLS 1.2 BlockCipher" \
5645 "$P_SRV response_size=1" \
5646 "$P_CLI force_version=tls1_2 \
5647 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5649 -c "Read from server: 1 bytes read"
5651 run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
5652 "$P_SRV response_size=1" \
5653 "$P_CLI force_version=tls1_2 \
5654 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \
5656 -c "Read from server: 1 bytes read"
5658 run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
5659 "$P_SRV response_size=1" \
5660 "$P_CLI force_version=tls1_2 \
5661 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
5663 -c "Read from server: 1 bytes read"
5665 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5666 run_test "Small server packet TLS 1.2 BlockCipher, truncated MAC" \
5667 "$P_SRV response_size=1 trunc_hmac=1" \
5668 "$P_CLI force_version=tls1_2 \
5669 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5671 -c "Read from server: 1 bytes read"
5673 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5674 run_test "Small server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
5675 "$P_SRV response_size=1 trunc_hmac=1" \
5676 "$P_CLI force_version=tls1_2 \
5677 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5679 -c "Read from server: 1 bytes read"
5681 run_test "Small server packet TLS 1.2 StreamCipher" \
5682 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5683 "$P_CLI force_version=tls1_2 \
5684 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5686 -c "Read from server: 1 bytes read"
5688 run_test "Small server packet TLS 1.2 StreamCipher, without EtM" \
5689 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5690 "$P_CLI force_version=tls1_2 \
5691 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5693 -c "Read from server: 1 bytes read"
5695 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5696 run_test "Small server packet TLS 1.2 StreamCipher, truncated MAC" \
5697 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5698 "$P_CLI force_version=tls1_2 \
5699 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5701 -c "Read from server: 1 bytes read"
5703 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5704 run_test "Small server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
5705 "$P_SRV response_size=1 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5706 "$P_CLI force_version=tls1_2 \
5707 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5709 -c "Read from server: 1 bytes read"
5711 run_test "Small server packet TLS 1.2 AEAD" \
5712 "$P_SRV response_size=1" \
5713 "$P_CLI force_version=tls1_2 \
5714 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
5716 -c "Read from server: 1 bytes read"
5718 run_test "Small server packet TLS 1.2 AEAD shorter tag" \
5719 "$P_SRV response_size=1" \
5720 "$P_CLI force_version=tls1_2 \
5721 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
5723 -c "Read from server: 1 bytes read"
5725 # Tests for small server packets in DTLS
5727 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5728 run_test "Small server packet DTLS 1.0" \
5729 "$P_SRV dtls=1 response_size=1 force_version=dtls1" \
5731 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5733 -c "Read from server: 1 bytes read"
5735 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5736 run_test "Small server packet DTLS 1.0, without EtM" \
5737 "$P_SRV dtls=1 response_size=1 force_version=dtls1 etm=0" \
5739 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5741 -c "Read from server: 1 bytes read"
5743 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5744 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5745 run_test "Small server packet DTLS 1.0, truncated hmac" \
5746 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1" \
5747 "$P_CLI dtls=1 trunc_hmac=1 \
5748 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5750 -c "Read from server: 1 bytes read"
5752 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5753 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5754 run_test "Small server packet DTLS 1.0, without EtM, truncated MAC" \
5755 "$P_SRV dtls=1 response_size=1 force_version=dtls1 trunc_hmac=1 etm=0" \
5757 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
5759 -c "Read from server: 1 bytes read"
5761 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5762 run_test "Small server packet DTLS 1.2" \
5763 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2" \
5765 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5767 -c "Read from server: 1 bytes read"
5769 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5770 run_test "Small server packet DTLS 1.2, without EtM" \
5771 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 etm=0" \
5773 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5775 -c "Read from server: 1 bytes read"
5777 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5778 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5779 run_test "Small server packet DTLS 1.2, truncated hmac" \
5780 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1" \
5782 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5784 -c "Read from server: 1 bytes read"
5786 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
5787 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5788 run_test "Small server packet DTLS 1.2, without EtM, truncated MAC" \
5789 "$P_SRV dtls=1 response_size=1 force_version=dtls1_2 trunc_hmac=1 etm=0" \
5791 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1"\
5793 -c "Read from server: 1 bytes read"
5795 # A test for extensions in SSLv3
5797 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5798 run_test "SSLv3 with extensions, server side" \
5799 "$P_SRV min_version=ssl3 debug_level=3" \
5800 "$P_CLI force_version=ssl3 tickets=1 max_frag_len=4096 alpn=abc,1234" \
5802 -S "dumping 'client hello extensions'" \
5803 -S "server hello, total extension length:"
5805 # Test for large client packets
5807 # How many fragments do we expect to write $1 bytes?
5808 fragments_for_write() {
5809 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
5812 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5813 run_test "Large client packet SSLv3 BlockCipher" \
5814 "$P_SRV min_version=ssl3" \
5815 "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \
5816 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5818 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5819 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5821 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
5822 run_test "Large client packet SSLv3 StreamCipher" \
5823 "$P_SRV min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5824 "$P_CLI request_size=16384 force_version=ssl3 \
5825 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5827 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5828 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5830 run_test "Large client packet TLS 1.0 BlockCipher" \
5832 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
5833 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5835 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5836 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5838 run_test "Large client packet TLS 1.0 BlockCipher, without EtM" \
5840 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
5841 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5843 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5845 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5846 run_test "Large client packet TLS 1.0 BlockCipher, truncated MAC" \
5847 "$P_SRV trunc_hmac=1" \
5848 "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \
5849 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5851 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5852 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5854 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5855 run_test "Large client packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
5856 "$P_SRV trunc_hmac=1" \
5857 "$P_CLI request_size=16384 force_version=tls1 etm=0 recsplit=0 \
5858 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5860 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5862 run_test "Large client packet TLS 1.0 StreamCipher" \
5863 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5864 "$P_CLI request_size=16384 force_version=tls1 \
5865 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5867 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5869 run_test "Large client packet TLS 1.0 StreamCipher, without EtM" \
5870 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5871 "$P_CLI request_size=16384 force_version=tls1 \
5872 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5874 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5876 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5877 run_test "Large client packet TLS 1.0 StreamCipher, truncated MAC" \
5878 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5879 "$P_CLI request_size=16384 force_version=tls1 \
5880 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5882 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5884 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5885 run_test "Large client packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
5886 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5887 "$P_CLI request_size=16384 force_version=tls1 \
5888 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5890 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5891 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5893 run_test "Large client packet TLS 1.1 BlockCipher" \
5895 "$P_CLI request_size=16384 force_version=tls1_1 \
5896 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5898 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5899 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5901 run_test "Large client packet TLS 1.1 BlockCipher, without EtM" \
5903 "$P_CLI request_size=16384 force_version=tls1_1 etm=0 \
5904 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5906 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5908 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5909 run_test "Large client packet TLS 1.1 BlockCipher, truncated MAC" \
5910 "$P_SRV trunc_hmac=1" \
5911 "$P_CLI request_size=16384 force_version=tls1_1 \
5912 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5914 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5916 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5917 run_test "Large client packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
5918 "$P_SRV trunc_hmac=1" \
5919 "$P_CLI request_size=16384 force_version=tls1_1 \
5920 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5922 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5924 run_test "Large client packet TLS 1.1 StreamCipher" \
5925 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5926 "$P_CLI request_size=16384 force_version=tls1_1 \
5927 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5929 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5930 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5932 run_test "Large client packet TLS 1.1 StreamCipher, without EtM" \
5933 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5934 "$P_CLI request_size=16384 force_version=tls1_1 \
5935 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
5937 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5938 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5940 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5941 run_test "Large client packet TLS 1.1 StreamCipher, truncated MAC" \
5942 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5943 "$P_CLI request_size=16384 force_version=tls1_1 \
5944 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5946 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5948 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5949 run_test "Large client packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
5950 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
5951 "$P_CLI request_size=16384 force_version=tls1_1 \
5952 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
5954 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5955 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5957 run_test "Large client packet TLS 1.2 BlockCipher" \
5959 "$P_CLI request_size=16384 force_version=tls1_2 \
5960 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5962 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5963 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5965 run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
5967 "$P_CLI request_size=16384 force_version=tls1_2 etm=0 \
5968 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
5970 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5972 run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
5974 "$P_CLI request_size=16384 force_version=tls1_2 \
5975 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
5977 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5978 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5980 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5981 run_test "Large client packet TLS 1.2 BlockCipher, truncated MAC" \
5982 "$P_SRV trunc_hmac=1" \
5983 "$P_CLI request_size=16384 force_version=tls1_2 \
5984 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1" \
5986 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5988 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
5989 run_test "Large client packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
5990 "$P_SRV trunc_hmac=1" \
5991 "$P_CLI request_size=16384 force_version=tls1_2 \
5992 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
5994 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
5995 -s "Read from client: $MAX_CONTENT_LEN bytes read"
5997 run_test "Large client packet TLS 1.2 StreamCipher" \
5998 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
5999 "$P_CLI request_size=16384 force_version=tls1_2 \
6000 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6002 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
6003 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6005 run_test "Large client packet TLS 1.2 StreamCipher, without EtM" \
6006 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6007 "$P_CLI request_size=16384 force_version=tls1_2 \
6008 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
6010 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6012 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6013 run_test "Large client packet TLS 1.2 StreamCipher, truncated MAC" \
6014 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6015 "$P_CLI request_size=16384 force_version=tls1_2 \
6016 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6018 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6020 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6021 run_test "Large client packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
6022 "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6023 "$P_CLI request_size=16384 force_version=tls1_2 \
6024 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
6026 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
6027 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6029 run_test "Large client packet TLS 1.2 AEAD" \
6031 "$P_CLI request_size=16384 force_version=tls1_2 \
6032 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
6034 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
6035 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6037 run_test "Large client packet TLS 1.2 AEAD shorter tag" \
6039 "$P_CLI request_size=16384 force_version=tls1_2 \
6040 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
6042 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
6043 -s "Read from client: $MAX_CONTENT_LEN bytes read"
6045 # Test for large server packets
6046 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
6047 run_test "Large server packet SSLv3 StreamCipher" \
6048 "$P_SRV response_size=16384 min_version=ssl3 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6049 "$P_CLI force_version=ssl3 \
6050 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6052 -c "Read from server: 16384 bytes read"
6054 # Checking next 4 tests logs for 1n-1 split against BEAST too
6055 requires_config_enabled MBEDTLS_SSL_PROTO_SSL3
6056 run_test "Large server packet SSLv3 BlockCipher" \
6057 "$P_SRV response_size=16384 min_version=ssl3" \
6058 "$P_CLI force_version=ssl3 recsplit=0 \
6059 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6061 -c "Read from server: 1 bytes read"\
6062 -c "16383 bytes read"\
6063 -C "Read from server: 16384 bytes read"
6065 run_test "Large server packet TLS 1.0 BlockCipher" \
6066 "$P_SRV response_size=16384" \
6067 "$P_CLI force_version=tls1 recsplit=0 \
6068 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6070 -c "Read from server: 1 bytes read"\
6071 -c "16383 bytes read"\
6072 -C "Read from server: 16384 bytes read"
6074 run_test "Large server packet TLS 1.0 BlockCipher, without EtM" \
6075 "$P_SRV response_size=16384" \
6076 "$P_CLI force_version=tls1 etm=0 recsplit=0 \
6077 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6079 -c "Read from server: 1 bytes read"\
6080 -c "16383 bytes read"\
6081 -C "Read from server: 16384 bytes read"
6083 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6084 run_test "Large server packet TLS 1.0 BlockCipher truncated MAC" \
6085 "$P_SRV response_size=16384" \
6086 "$P_CLI force_version=tls1 recsplit=0 \
6087 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
6090 -c "Read from server: 1 bytes read"\
6091 -c "16383 bytes read"\
6092 -C "Read from server: 16384 bytes read"
6094 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6095 run_test "Large server packet TLS 1.0 StreamCipher truncated MAC" \
6096 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6097 "$P_CLI force_version=tls1 \
6098 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
6101 -s "16384 bytes written in 1 fragments" \
6102 -c "Read from server: 16384 bytes read"
6104 run_test "Large server packet TLS 1.0 StreamCipher" \
6105 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6106 "$P_CLI force_version=tls1 \
6107 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6109 -s "16384 bytes written in 1 fragments" \
6110 -c "Read from server: 16384 bytes read"
6112 run_test "Large server packet TLS 1.0 StreamCipher, without EtM" \
6113 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6114 "$P_CLI force_version=tls1 \
6115 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
6117 -s "16384 bytes written in 1 fragments" \
6118 -c "Read from server: 16384 bytes read"
6120 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6121 run_test "Large server packet TLS 1.0 StreamCipher, truncated MAC" \
6122 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6123 "$P_CLI force_version=tls1 \
6124 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6126 -s "16384 bytes written in 1 fragments" \
6127 -c "Read from server: 16384 bytes read"
6129 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6130 run_test "Large server packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
6131 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6132 "$P_CLI force_version=tls1 \
6133 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
6135 -s "16384 bytes written in 1 fragments" \
6136 -c "Read from server: 16384 bytes read"
6138 run_test "Large server packet TLS 1.1 BlockCipher" \
6139 "$P_SRV response_size=16384" \
6140 "$P_CLI force_version=tls1_1 \
6141 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6143 -c "Read from server: 16384 bytes read"
6145 run_test "Large server packet TLS 1.1 BlockCipher, without EtM" \
6146 "$P_SRV response_size=16384" \
6147 "$P_CLI force_version=tls1_1 etm=0 \
6148 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6150 -s "16384 bytes written in 1 fragments" \
6151 -c "Read from server: 16384 bytes read"
6153 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6154 run_test "Large server packet TLS 1.1 BlockCipher truncated MAC" \
6155 "$P_SRV response_size=16384" \
6156 "$P_CLI force_version=tls1_1 \
6157 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
6160 -c "Read from server: 16384 bytes read"
6162 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6163 run_test "Large server packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
6164 "$P_SRV response_size=16384 trunc_hmac=1" \
6165 "$P_CLI force_version=tls1_1 \
6166 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
6168 -s "16384 bytes written in 1 fragments" \
6169 -c "Read from server: 16384 bytes read"
6171 run_test "Large server packet TLS 1.1 StreamCipher" \
6172 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6173 "$P_CLI force_version=tls1_1 \
6174 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6176 -c "Read from server: 16384 bytes read"
6178 run_test "Large server packet TLS 1.1 StreamCipher, without EtM" \
6179 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6180 "$P_CLI force_version=tls1_1 \
6181 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
6183 -s "16384 bytes written in 1 fragments" \
6184 -c "Read from server: 16384 bytes read"
6186 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6187 run_test "Large server packet TLS 1.1 StreamCipher truncated MAC" \
6188 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6189 "$P_CLI force_version=tls1_1 \
6190 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
6193 -c "Read from server: 16384 bytes read"
6195 run_test "Large server packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
6196 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6197 "$P_CLI force_version=tls1_1 \
6198 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
6200 -s "16384 bytes written in 1 fragments" \
6201 -c "Read from server: 16384 bytes read"
6203 run_test "Large server packet TLS 1.2 BlockCipher" \
6204 "$P_SRV response_size=16384" \
6205 "$P_CLI force_version=tls1_2 \
6206 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6208 -c "Read from server: 16384 bytes read"
6210 run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
6211 "$P_SRV response_size=16384" \
6212 "$P_CLI force_version=tls1_2 etm=0 \
6213 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
6215 -s "16384 bytes written in 1 fragments" \
6216 -c "Read from server: 16384 bytes read"
6218 run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
6219 "$P_SRV response_size=16384" \
6220 "$P_CLI force_version=tls1_2 \
6221 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
6223 -c "Read from server: 16384 bytes read"
6225 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6226 run_test "Large server packet TLS 1.2 BlockCipher truncated MAC" \
6227 "$P_SRV response_size=16384" \
6228 "$P_CLI force_version=tls1_2 \
6229 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
6232 -c "Read from server: 16384 bytes read"
6234 run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
6235 "$P_SRV response_size=16384 trunc_hmac=1" \
6236 "$P_CLI force_version=tls1_2 \
6237 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
6239 -s "16384 bytes written in 1 fragments" \
6240 -c "Read from server: 16384 bytes read"
6242 run_test "Large server packet TLS 1.2 StreamCipher" \
6243 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6244 "$P_CLI force_version=tls1_2 \
6245 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6247 -s "16384 bytes written in 1 fragments" \
6248 -c "Read from server: 16384 bytes read"
6250 run_test "Large server packet TLS 1.2 StreamCipher, without EtM" \
6251 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6252 "$P_CLI force_version=tls1_2 \
6253 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA etm=0" \
6255 -s "16384 bytes written in 1 fragments" \
6256 -c "Read from server: 16384 bytes read"
6258 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6259 run_test "Large server packet TLS 1.2 StreamCipher truncated MAC" \
6260 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
6261 "$P_CLI force_version=tls1_2 \
6262 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
6265 -c "Read from server: 16384 bytes read"
6267 requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
6268 run_test "Large server packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
6269 "$P_SRV response_size=16384 arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1" \
6270 "$P_CLI force_version=tls1_2 \
6271 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA trunc_hmac=1 etm=0" \
6273 -s "16384 bytes written in 1 fragments" \
6274 -c "Read from server: 16384 bytes read"
6276 run_test "Large server packet TLS 1.2 AEAD" \
6277 "$P_SRV response_size=16384" \
6278 "$P_CLI force_version=tls1_2 \
6279 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
6281 -c "Read from server: 16384 bytes read"
6283 run_test "Large server packet TLS 1.2 AEAD shorter tag" \
6284 "$P_SRV response_size=16384" \
6285 "$P_CLI force_version=tls1_2 \
6286 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
6288 -c "Read from server: 16384 bytes read"
6290 # Tests for restartable ECC
6292 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6293 run_test "EC restart: TLS, default" \
6294 "$P_SRV auth_mode=required" \
6295 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6296 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6299 -C "x509_verify_cert.*4b00" \
6300 -C "mbedtls_pk_verify.*4b00" \
6301 -C "mbedtls_ecdh_make_public.*4b00" \
6302 -C "mbedtls_pk_sign.*4b00"
6304 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6305 run_test "EC restart: TLS, max_ops=0" \
6306 "$P_SRV auth_mode=required" \
6307 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6308 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6309 debug_level=1 ec_max_ops=0" \
6311 -C "x509_verify_cert.*4b00" \
6312 -C "mbedtls_pk_verify.*4b00" \
6313 -C "mbedtls_ecdh_make_public.*4b00" \
6314 -C "mbedtls_pk_sign.*4b00"
6316 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6317 run_test "EC restart: TLS, max_ops=65535" \
6318 "$P_SRV auth_mode=required" \
6319 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6320 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6321 debug_level=1 ec_max_ops=65535" \
6323 -C "x509_verify_cert.*4b00" \
6324 -C "mbedtls_pk_verify.*4b00" \
6325 -C "mbedtls_ecdh_make_public.*4b00" \
6326 -C "mbedtls_pk_sign.*4b00"
6328 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6329 run_test "EC restart: TLS, max_ops=1000" \
6330 "$P_SRV auth_mode=required" \
6331 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6332 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6333 debug_level=1 ec_max_ops=1000" \
6335 -c "x509_verify_cert.*4b00" \
6336 -c "mbedtls_pk_verify.*4b00" \
6337 -c "mbedtls_ecdh_make_public.*4b00" \
6338 -c "mbedtls_pk_sign.*4b00"
6340 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6341 run_test "EC restart: TLS, max_ops=1000, badsign" \
6342 "$P_SRV auth_mode=required \
6343 crt_file=data_files/server5-badsign.crt \
6344 key_file=data_files/server5.key" \
6345 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6346 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6347 debug_level=1 ec_max_ops=1000" \
6349 -c "x509_verify_cert.*4b00" \
6350 -C "mbedtls_pk_verify.*4b00" \
6351 -C "mbedtls_ecdh_make_public.*4b00" \
6352 -C "mbedtls_pk_sign.*4b00" \
6353 -c "! The certificate is not correctly signed by the trusted CA" \
6354 -c "! mbedtls_ssl_handshake returned" \
6355 -c "X509 - Certificate verification failed"
6357 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6358 run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign" \
6359 "$P_SRV auth_mode=required \
6360 crt_file=data_files/server5-badsign.crt \
6361 key_file=data_files/server5.key" \
6362 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6363 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6364 debug_level=1 ec_max_ops=1000 auth_mode=optional" \
6366 -c "x509_verify_cert.*4b00" \
6367 -c "mbedtls_pk_verify.*4b00" \
6368 -c "mbedtls_ecdh_make_public.*4b00" \
6369 -c "mbedtls_pk_sign.*4b00" \
6370 -c "! The certificate is not correctly signed by the trusted CA" \
6371 -C "! mbedtls_ssl_handshake returned" \
6372 -C "X509 - Certificate verification failed"
6374 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6375 run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign" \
6376 "$P_SRV auth_mode=required \
6377 crt_file=data_files/server5-badsign.crt \
6378 key_file=data_files/server5.key" \
6379 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6380 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6381 debug_level=1 ec_max_ops=1000 auth_mode=none" \
6383 -C "x509_verify_cert.*4b00" \
6384 -c "mbedtls_pk_verify.*4b00" \
6385 -c "mbedtls_ecdh_make_public.*4b00" \
6386 -c "mbedtls_pk_sign.*4b00" \
6387 -C "! The certificate is not correctly signed by the trusted CA" \
6388 -C "! mbedtls_ssl_handshake returned" \
6389 -C "X509 - Certificate verification failed"
6391 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6392 run_test "EC restart: DTLS, max_ops=1000" \
6393 "$P_SRV auth_mode=required dtls=1" \
6394 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6395 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6396 dtls=1 debug_level=1 ec_max_ops=1000" \
6398 -c "x509_verify_cert.*4b00" \
6399 -c "mbedtls_pk_verify.*4b00" \
6400 -c "mbedtls_ecdh_make_public.*4b00" \
6401 -c "mbedtls_pk_sign.*4b00"
6403 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6404 run_test "EC restart: TLS, max_ops=1000 no client auth" \
6406 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
6407 debug_level=1 ec_max_ops=1000" \
6409 -c "x509_verify_cert.*4b00" \
6410 -c "mbedtls_pk_verify.*4b00" \
6411 -c "mbedtls_ecdh_make_public.*4b00" \
6412 -C "mbedtls_pk_sign.*4b00"
6414 requires_config_enabled MBEDTLS_ECP_RESTARTABLE
6415 run_test "EC restart: TLS, max_ops=1000, ECDHE-PSK" \
6416 "$P_SRV psk=abc123" \
6417 "$P_CLI force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
6418 psk=abc123 debug_level=1 ec_max_ops=1000" \
6420 -C "x509_verify_cert.*4b00" \
6421 -C "mbedtls_pk_verify.*4b00" \
6422 -C "mbedtls_ecdh_make_public.*4b00" \
6423 -C "mbedtls_pk_sign.*4b00"
6425 # Tests of asynchronous private key support in SSL
6427 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6428 run_test "SSL async private: sign, delay=0" \
6430 async_operations=s async_private_delay1=0 async_private_delay2=0" \
6433 -s "Async sign callback: using key slot " \
6434 -s "Async resume (slot [0-9]): sign done, status=0"
6436 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6437 run_test "SSL async private: sign, delay=1" \
6439 async_operations=s async_private_delay1=1 async_private_delay2=1" \
6442 -s "Async sign callback: using key slot " \
6443 -s "Async resume (slot [0-9]): call 0 more times." \
6444 -s "Async resume (slot [0-9]): sign done, status=0"
6446 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6447 run_test "SSL async private: sign, delay=2" \
6449 async_operations=s async_private_delay1=2 async_private_delay2=2" \
6452 -s "Async sign callback: using key slot " \
6453 -U "Async sign callback: using key slot " \
6454 -s "Async resume (slot [0-9]): call 1 more times." \
6455 -s "Async resume (slot [0-9]): call 0 more times." \
6456 -s "Async resume (slot [0-9]): sign done, status=0"
6458 # Test that the async callback correctly signs the 36-byte hash of TLS 1.0/1.1
6459 # with RSA PKCS#1v1.5 as used in TLS 1.0/1.1.
6460 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6461 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
6462 run_test "SSL async private: sign, RSA, TLS 1.1" \
6463 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt \
6464 async_operations=s async_private_delay1=0 async_private_delay2=0" \
6465 "$P_CLI force_version=tls1_1" \
6467 -s "Async sign callback: using key slot " \
6468 -s "Async resume (slot [0-9]): sign done, status=0"
6470 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6471 run_test "SSL async private: sign, SNI" \
6472 "$P_SRV debug_level=3 \
6473 async_operations=s async_private_delay1=0 async_private_delay2=0 \
6474 crt_file=data_files/server5.crt key_file=data_files/server5.key \
6475 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \
6476 "$P_CLI server_name=polarssl.example" \
6478 -s "Async sign callback: using key slot " \
6479 -s "Async resume (slot [0-9]): sign done, status=0" \
6480 -s "parse ServerName extension" \
6481 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
6482 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
6484 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6485 run_test "SSL async private: decrypt, delay=0" \
6487 async_operations=d async_private_delay1=0 async_private_delay2=0" \
6488 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6490 -s "Async decrypt callback: using key slot " \
6491 -s "Async resume (slot [0-9]): decrypt done, status=0"
6493 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6494 run_test "SSL async private: decrypt, delay=1" \
6496 async_operations=d async_private_delay1=1 async_private_delay2=1" \
6497 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6499 -s "Async decrypt callback: using key slot " \
6500 -s "Async resume (slot [0-9]): call 0 more times." \
6501 -s "Async resume (slot [0-9]): decrypt done, status=0"
6503 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6504 run_test "SSL async private: decrypt RSA-PSK, delay=0" \
6505 "$P_SRV psk=abc123 \
6506 async_operations=d async_private_delay1=0 async_private_delay2=0" \
6507 "$P_CLI psk=abc123 \
6508 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
6510 -s "Async decrypt callback: using key slot " \
6511 -s "Async resume (slot [0-9]): decrypt done, status=0"
6513 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6514 run_test "SSL async private: decrypt RSA-PSK, delay=1" \
6515 "$P_SRV psk=abc123 \
6516 async_operations=d async_private_delay1=1 async_private_delay2=1" \
6517 "$P_CLI psk=abc123 \
6518 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \
6520 -s "Async decrypt callback: using key slot " \
6521 -s "Async resume (slot [0-9]): call 0 more times." \
6522 -s "Async resume (slot [0-9]): decrypt done, status=0"
6524 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6525 run_test "SSL async private: sign callback not present" \
6527 async_operations=d async_private_delay1=1 async_private_delay2=1" \
6528 "$P_CLI; [ \$? -eq 1 ] &&
6529 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6531 -S "Async sign callback" \
6532 -s "! mbedtls_ssl_handshake returned" \
6533 -s "The own private key or pre-shared key is not set, but needed" \
6534 -s "Async resume (slot [0-9]): decrypt done, status=0" \
6535 -s "Successful connection"
6537 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6538 run_test "SSL async private: decrypt callback not present" \
6539 "$P_SRV debug_level=1 \
6540 async_operations=s async_private_delay1=1 async_private_delay2=1" \
6541 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA;
6542 [ \$? -eq 1 ] && $P_CLI" \
6544 -S "Async decrypt callback" \
6545 -s "! mbedtls_ssl_handshake returned" \
6546 -s "got no RSA private key" \
6547 -s "Async resume (slot [0-9]): sign done, status=0" \
6548 -s "Successful connection"
6550 # key1: ECDSA, key2: RSA; use key1 from slot 0
6551 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6552 run_test "SSL async private: slot 0 used with key1" \
6554 async_operations=s async_private_delay1=1 \
6555 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6556 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
6557 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
6559 -s "Async sign callback: using key slot 0," \
6560 -s "Async resume (slot 0): call 0 more times." \
6561 -s "Async resume (slot 0): sign done, status=0"
6563 # key1: ECDSA, key2: RSA; use key2 from slot 0
6564 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6565 run_test "SSL async private: slot 0 used with key2" \
6567 async_operations=s async_private_delay2=1 \
6568 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6569 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
6570 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
6572 -s "Async sign callback: using key slot 0," \
6573 -s "Async resume (slot 0): call 0 more times." \
6574 -s "Async resume (slot 0): sign done, status=0"
6576 # key1: ECDSA, key2: RSA; use key2 from slot 1
6577 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6578 run_test "SSL async private: slot 1 used with key2" \
6580 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6581 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6582 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
6583 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
6585 -s "Async sign callback: using key slot 1," \
6586 -s "Async resume (slot 1): call 0 more times." \
6587 -s "Async resume (slot 1): sign done, status=0"
6589 # key1: ECDSA, key2: RSA; use key2 directly
6590 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6591 run_test "SSL async private: fall back to transparent key" \
6593 async_operations=s async_private_delay1=1 \
6594 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6595 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \
6596 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
6598 -s "Async sign callback: no key matches this certificate."
6600 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6601 run_test "SSL async private: sign, error in start" \
6603 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6604 async_private_error=1" \
6607 -s "Async sign callback: injected error" \
6610 -s "! mbedtls_ssl_handshake returned"
6612 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6613 run_test "SSL async private: sign, cancel after start" \
6615 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6616 async_private_error=2" \
6619 -s "Async sign callback: using key slot " \
6623 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6624 run_test "SSL async private: sign, error in resume" \
6626 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6627 async_private_error=3" \
6630 -s "Async sign callback: using key slot " \
6631 -s "Async resume callback: sign done but injected error" \
6633 -s "! mbedtls_ssl_handshake returned"
6635 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6636 run_test "SSL async private: decrypt, error in start" \
6638 async_operations=d async_private_delay1=1 async_private_delay2=1 \
6639 async_private_error=1" \
6640 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6642 -s "Async decrypt callback: injected error" \
6645 -s "! mbedtls_ssl_handshake returned"
6647 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6648 run_test "SSL async private: decrypt, cancel after start" \
6650 async_operations=d async_private_delay1=1 async_private_delay2=1 \
6651 async_private_error=2" \
6652 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6654 -s "Async decrypt callback: using key slot " \
6658 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6659 run_test "SSL async private: decrypt, error in resume" \
6661 async_operations=d async_private_delay1=1 async_private_delay2=1 \
6662 async_private_error=3" \
6663 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6665 -s "Async decrypt callback: using key slot " \
6666 -s "Async resume callback: decrypt done but injected error" \
6668 -s "! mbedtls_ssl_handshake returned"
6670 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6671 run_test "SSL async private: cancel after start then operate correctly" \
6673 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6674 async_private_error=-2" \
6675 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
6678 -s "! mbedtls_ssl_handshake returned" \
6680 -s "Successful connection"
6682 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6683 run_test "SSL async private: error in resume then operate correctly" \
6685 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6686 async_private_error=-3" \
6687 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
6689 -s "! mbedtls_ssl_handshake returned" \
6691 -s "Successful connection"
6693 # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
6694 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6695 run_test "SSL async private: cancel after start then fall back to transparent key" \
6697 async_operations=s async_private_delay1=1 async_private_error=-2 \
6698 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6699 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
6700 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
6702 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
6704 -s "Async sign callback: using key slot 0" \
6707 -s "! mbedtls_ssl_handshake returned" \
6708 -s "Async sign callback: no key matches this certificate." \
6709 -s "Successful connection"
6711 # key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
6712 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6713 run_test "SSL async private: sign, error in resume then fall back to transparent key" \
6715 async_operations=s async_private_delay1=1 async_private_error=-3 \
6716 key_file=data_files/server5.key crt_file=data_files/server5.crt \
6717 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \
6718 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
6720 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
6723 -s "! mbedtls_ssl_handshake returned" \
6724 -s "Async sign callback: no key matches this certificate." \
6725 -s "Successful connection"
6727 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6728 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
6729 run_test "SSL async private: renegotiation: client-initiated; sign" \
6731 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6732 exchanges=2 renegotiation=1" \
6733 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
6735 -s "Async sign callback: using key slot " \
6736 -s "Async resume (slot [0-9]): sign done, status=0"
6738 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6739 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
6740 run_test "SSL async private: renegotiation: server-initiated; sign" \
6742 async_operations=s async_private_delay1=1 async_private_delay2=1 \
6743 exchanges=2 renegotiation=1 renegotiate=1" \
6744 "$P_CLI exchanges=2 renegotiation=1" \
6746 -s "Async sign callback: using key slot " \
6747 -s "Async resume (slot [0-9]): sign done, status=0"
6749 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6750 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
6751 run_test "SSL async private: renegotiation: client-initiated; decrypt" \
6753 async_operations=d async_private_delay1=1 async_private_delay2=1 \
6754 exchanges=2 renegotiation=1" \
6755 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \
6756 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6758 -s "Async decrypt callback: using key slot " \
6759 -s "Async resume (slot [0-9]): decrypt done, status=0"
6761 requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
6762 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
6763 run_test "SSL async private: renegotiation: server-initiated; decrypt" \
6765 async_operations=d async_private_delay1=1 async_private_delay2=1 \
6766 exchanges=2 renegotiation=1 renegotiate=1" \
6767 "$P_CLI exchanges=2 renegotiation=1 \
6768 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
6770 -s "Async decrypt callback: using key slot " \
6771 -s "Async resume (slot [0-9]): decrypt done, status=0"
6773 # Tests for ECC extensions (rfc 4492)
6775 requires_config_enabled MBEDTLS_AES_C
6776 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
6777 requires_config_enabled MBEDTLS_SHA256_C
6778 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
6779 run_test "Force a non ECC ciphersuite in the client side" \
6780 "$P_SRV debug_level=3" \
6781 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
6783 -C "client hello, adding supported_elliptic_curves extension" \
6784 -C "client hello, adding supported_point_formats extension" \
6785 -S "found supported elliptic curves extension" \
6786 -S "found supported point formats extension"
6788 requires_config_enabled MBEDTLS_AES_C
6789 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
6790 requires_config_enabled MBEDTLS_SHA256_C
6791 requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
6792 run_test "Force a non ECC ciphersuite in the server side" \
6793 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \
6794 "$P_CLI debug_level=3" \
6796 -C "found supported_point_formats extension" \
6797 -S "server hello, supported_point_formats extension"
6799 requires_config_enabled MBEDTLS_AES_C
6800 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
6801 requires_config_enabled MBEDTLS_SHA256_C
6802 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
6803 run_test "Force an ECC ciphersuite in the client side" \
6804 "$P_SRV debug_level=3" \
6805 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
6807 -c "client hello, adding supported_elliptic_curves extension" \
6808 -c "client hello, adding supported_point_formats extension" \
6809 -s "found supported elliptic curves extension" \
6810 -s "found supported point formats extension"
6812 requires_config_enabled MBEDTLS_AES_C
6813 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
6814 requires_config_enabled MBEDTLS_SHA256_C
6815 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
6816 run_test "Force an ECC ciphersuite in the server side" \
6817 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
6818 "$P_CLI debug_level=3" \
6820 -c "found supported_point_formats extension" \
6821 -s "server hello, supported_point_formats extension"
6823 # Tests for DTLS HelloVerifyRequest
6825 run_test "DTLS cookie: enabled" \
6826 "$P_SRV dtls=1 debug_level=2" \
6827 "$P_CLI dtls=1 debug_level=2" \
6829 -s "cookie verification failed" \
6830 -s "cookie verification passed" \
6831 -S "cookie verification skipped" \
6832 -c "received hello verify request" \
6833 -s "hello verification requested" \
6834 -S "SSL - The requested feature is not available"
6836 run_test "DTLS cookie: disabled" \
6837 "$P_SRV dtls=1 debug_level=2 cookies=0" \
6838 "$P_CLI dtls=1 debug_level=2" \
6840 -S "cookie verification failed" \
6841 -S "cookie verification passed" \
6842 -s "cookie verification skipped" \
6843 -C "received hello verify request" \
6844 -S "hello verification requested" \
6845 -S "SSL - The requested feature is not available"
6847 run_test "DTLS cookie: default (failing)" \
6848 "$P_SRV dtls=1 debug_level=2 cookies=-1" \
6849 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
6851 -s "cookie verification failed" \
6852 -S "cookie verification passed" \
6853 -S "cookie verification skipped" \
6854 -C "received hello verify request" \
6855 -S "hello verification requested" \
6856 -s "SSL - The requested feature is not available"
6859 run_test "DTLS cookie: enabled, IPv6" \
6860 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
6861 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
6863 -s "cookie verification failed" \
6864 -s "cookie verification passed" \
6865 -S "cookie verification skipped" \
6866 -c "received hello verify request" \
6867 -s "hello verification requested" \
6868 -S "SSL - The requested feature is not available"
6870 run_test "DTLS cookie: enabled, nbio" \
6871 "$P_SRV dtls=1 nbio=2 debug_level=2" \
6872 "$P_CLI dtls=1 nbio=2 debug_level=2" \
6874 -s "cookie verification failed" \
6875 -s "cookie verification passed" \
6876 -S "cookie verification skipped" \
6877 -c "received hello verify request" \
6878 -s "hello verification requested" \
6879 -S "SSL - The requested feature is not available"
6881 # Tests for client reconnecting from the same port with DTLS
6883 not_with_valgrind # spurious resend
6884 run_test "DTLS client reconnect from same port: reference" \
6885 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
6886 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000" \
6889 -S "The operation timed out" \
6890 -S "Client initiated reconnection from same port"
6892 not_with_valgrind # spurious resend
6893 run_test "DTLS client reconnect from same port: reconnect" \
6894 "$P_SRV dtls=1 exchanges=2 read_timeout=1000" \
6895 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
6898 -S "The operation timed out" \
6899 -s "Client initiated reconnection from same port"
6901 not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
6902 run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
6903 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
6904 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
6906 -S "The operation timed out" \
6907 -s "Client initiated reconnection from same port"
6909 only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
6910 run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
6911 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
6912 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
6914 -S "The operation timed out" \
6915 -s "Client initiated reconnection from same port"
6917 run_test "DTLS client reconnect from same port: no cookies" \
6918 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
6919 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
6921 -s "The operation timed out" \
6922 -S "Client initiated reconnection from same port"
6924 # Tests for various cases of client authentication with DTLS
6925 # (focused on handshake flows and message parsing)
6927 run_test "DTLS client auth: required" \
6928 "$P_SRV dtls=1 auth_mode=required" \
6931 -s "Verifying peer X.509 certificate... ok"
6933 run_test "DTLS client auth: optional, client has no cert" \
6934 "$P_SRV dtls=1 auth_mode=optional" \
6935 "$P_CLI dtls=1 crt_file=none key_file=none" \
6937 -s "! Certificate was missing"
6939 run_test "DTLS client auth: none, client has no cert" \
6940 "$P_SRV dtls=1 auth_mode=none" \
6941 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
6943 -c "skip write certificate$" \
6944 -s "! Certificate verification was skipped"
6946 run_test "DTLS wrong PSK: badmac alert" \
6947 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
6948 "$P_CLI dtls=1 psk=abc124" \
6950 -s "SSL - Verification of the message MAC failed" \
6951 -c "SSL - A fatal alert message was received from our peer"
6953 # Tests for receiving fragmented handshake messages with DTLS
6956 run_test "DTLS reassembly: no fragmentation (gnutls server)" \
6957 "$G_SRV -u --mtu 2048 -a" \
6958 "$P_CLI dtls=1 debug_level=2" \
6960 -C "found fragmented DTLS handshake message" \
6964 run_test "DTLS reassembly: some fragmentation (gnutls server)" \
6965 "$G_SRV -u --mtu 512" \
6966 "$P_CLI dtls=1 debug_level=2" \
6968 -c "found fragmented DTLS handshake message" \
6972 run_test "DTLS reassembly: more fragmentation (gnutls server)" \
6973 "$G_SRV -u --mtu 128" \
6974 "$P_CLI dtls=1 debug_level=2" \
6976 -c "found fragmented DTLS handshake message" \
6980 run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
6981 "$G_SRV -u --mtu 128" \
6982 "$P_CLI dtls=1 nbio=2 debug_level=2" \
6984 -c "found fragmented DTLS handshake message" \
6988 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
6989 run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
6990 "$G_SRV -u --mtu 256" \
6991 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
6993 -c "found fragmented DTLS handshake message" \
6994 -c "client hello, adding renegotiation extension" \
6995 -c "found renegotiation extension" \
6996 -c "=> renegotiate" \
6997 -C "mbedtls_ssl_handshake returned" \
7002 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7003 run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
7004 "$G_SRV -u --mtu 256" \
7005 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
7007 -c "found fragmented DTLS handshake message" \
7008 -c "client hello, adding renegotiation extension" \
7009 -c "found renegotiation extension" \
7010 -c "=> renegotiate" \
7011 -C "mbedtls_ssl_handshake returned" \
7015 run_test "DTLS reassembly: no fragmentation (openssl server)" \
7016 "$O_SRV -dtls1 -mtu 2048" \
7017 "$P_CLI dtls=1 debug_level=2" \
7019 -C "found fragmented DTLS handshake message" \
7022 run_test "DTLS reassembly: some fragmentation (openssl server)" \
7023 "$O_SRV -dtls1 -mtu 768" \
7024 "$P_CLI dtls=1 debug_level=2" \
7026 -c "found fragmented DTLS handshake message" \
7029 run_test "DTLS reassembly: more fragmentation (openssl server)" \
7030 "$O_SRV -dtls1 -mtu 256" \
7031 "$P_CLI dtls=1 debug_level=2" \
7033 -c "found fragmented DTLS handshake message" \
7036 run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
7037 "$O_SRV -dtls1 -mtu 256" \
7038 "$P_CLI dtls=1 nbio=2 debug_level=2" \
7040 -c "found fragmented DTLS handshake message" \
7043 # Tests for sending fragmented handshake messages with DTLS
7045 # Use client auth when we need the client to send large messages,
7046 # and use large cert chains on both sides too (the long chains we have all use
7047 # both RSA and ECDSA, but ideally we should have long chains with either).
7048 # Sizes reached (UDP payload):
7049 # - 2037B for server certificate
7050 # - 1542B for client certificate
7051 # - 1013B for newsessionticket
7052 # - all others below 512B
7053 # All those tests assume MAX_CONTENT_LEN is at least 2048
7055 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7056 requires_config_enabled MBEDTLS_RSA_C
7057 requires_config_enabled MBEDTLS_ECDSA_C
7058 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7059 run_test "DTLS fragmenting: none (for reference)" \
7060 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7061 crt_file=data_files/server7_int-ca.crt \
7062 key_file=data_files/server7.key \
7063 hs_timeout=2500-60000 \
7064 max_frag_len=4096" \
7065 "$P_CLI dtls=1 debug_level=2 \
7066 crt_file=data_files/server8_int-ca2.crt \
7067 key_file=data_files/server8.key \
7068 hs_timeout=2500-60000 \
7069 max_frag_len=4096" \
7071 -S "found fragmented DTLS handshake message" \
7072 -C "found fragmented DTLS handshake message" \
7075 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7076 requires_config_enabled MBEDTLS_RSA_C
7077 requires_config_enabled MBEDTLS_ECDSA_C
7078 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7079 run_test "DTLS fragmenting: server only (max_frag_len)" \
7080 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7081 crt_file=data_files/server7_int-ca.crt \
7082 key_file=data_files/server7.key \
7083 hs_timeout=2500-60000 \
7084 max_frag_len=1024" \
7085 "$P_CLI dtls=1 debug_level=2 \
7086 crt_file=data_files/server8_int-ca2.crt \
7087 key_file=data_files/server8.key \
7088 hs_timeout=2500-60000 \
7089 max_frag_len=2048" \
7091 -S "found fragmented DTLS handshake message" \
7092 -c "found fragmented DTLS handshake message" \
7095 # With the MFL extension, the server has no way of forcing
7096 # the client to not exceed a certain MTU; hence, the following
7097 # test can't be replicated with an MTU proxy such as the one
7098 # `client-initiated, server only (max_frag_len)` below.
7099 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7100 requires_config_enabled MBEDTLS_RSA_C
7101 requires_config_enabled MBEDTLS_ECDSA_C
7102 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7103 run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
7104 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7105 crt_file=data_files/server7_int-ca.crt \
7106 key_file=data_files/server7.key \
7107 hs_timeout=2500-60000 \
7109 "$P_CLI dtls=1 debug_level=2 \
7110 crt_file=data_files/server8_int-ca2.crt \
7111 key_file=data_files/server8.key \
7112 hs_timeout=2500-60000 \
7113 max_frag_len=4096" \
7115 -S "found fragmented DTLS handshake message" \
7116 -c "found fragmented DTLS handshake message" \
7119 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7120 requires_config_enabled MBEDTLS_RSA_C
7121 requires_config_enabled MBEDTLS_ECDSA_C
7122 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7123 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
7124 "$P_SRV dtls=1 debug_level=2 auth_mode=none \
7125 crt_file=data_files/server7_int-ca.crt \
7126 key_file=data_files/server7.key \
7127 hs_timeout=2500-60000 \
7128 max_frag_len=2048" \
7129 "$P_CLI dtls=1 debug_level=2 \
7130 crt_file=data_files/server8_int-ca2.crt \
7131 key_file=data_files/server8.key \
7132 hs_timeout=2500-60000 \
7133 max_frag_len=1024" \
7135 -S "found fragmented DTLS handshake message" \
7136 -c "found fragmented DTLS handshake message" \
7139 # While not required by the standard defining the MFL extension
7140 # (according to which it only applies to records, not to datagrams),
7141 # Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
7142 # as otherwise there wouldn't be any means to communicate MTU restrictions
7144 # The next test checks that no datagrams significantly larger than the
7145 # negotiated MFL are sent.
7146 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7147 requires_config_enabled MBEDTLS_RSA_C
7148 requires_config_enabled MBEDTLS_ECDSA_C
7149 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7150 run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
7151 -p "$P_PXY mtu=1110" \
7152 "$P_SRV dtls=1 debug_level=2 auth_mode=none \
7153 crt_file=data_files/server7_int-ca.crt \
7154 key_file=data_files/server7.key \
7155 hs_timeout=2500-60000 \
7156 max_frag_len=2048" \
7157 "$P_CLI dtls=1 debug_level=2 \
7158 crt_file=data_files/server8_int-ca2.crt \
7159 key_file=data_files/server8.key \
7160 hs_timeout=2500-60000 \
7161 max_frag_len=1024" \
7163 -S "found fragmented DTLS handshake message" \
7164 -c "found fragmented DTLS handshake message" \
7167 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7168 requires_config_enabled MBEDTLS_RSA_C
7169 requires_config_enabled MBEDTLS_ECDSA_C
7170 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7171 run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
7172 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7173 crt_file=data_files/server7_int-ca.crt \
7174 key_file=data_files/server7.key \
7175 hs_timeout=2500-60000 \
7176 max_frag_len=2048" \
7177 "$P_CLI dtls=1 debug_level=2 \
7178 crt_file=data_files/server8_int-ca2.crt \
7179 key_file=data_files/server8.key \
7180 hs_timeout=2500-60000 \
7181 max_frag_len=1024" \
7183 -s "found fragmented DTLS handshake message" \
7184 -c "found fragmented DTLS handshake message" \
7187 # While not required by the standard defining the MFL extension
7188 # (according to which it only applies to records, not to datagrams),
7189 # Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
7190 # as otherwise there wouldn't be any means to communicate MTU restrictions
7192 # The next test checks that no datagrams significantly larger than the
7193 # negotiated MFL are sent.
7194 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7195 requires_config_enabled MBEDTLS_RSA_C
7196 requires_config_enabled MBEDTLS_ECDSA_C
7197 requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
7198 run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
7199 -p "$P_PXY mtu=1110" \
7200 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7201 crt_file=data_files/server7_int-ca.crt \
7202 key_file=data_files/server7.key \
7203 hs_timeout=2500-60000 \
7204 max_frag_len=2048" \
7205 "$P_CLI dtls=1 debug_level=2 \
7206 crt_file=data_files/server8_int-ca2.crt \
7207 key_file=data_files/server8.key \
7208 hs_timeout=2500-60000 \
7209 max_frag_len=1024" \
7211 -s "found fragmented DTLS handshake message" \
7212 -c "found fragmented DTLS handshake message" \
7215 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7216 requires_config_enabled MBEDTLS_RSA_C
7217 requires_config_enabled MBEDTLS_ECDSA_C
7218 run_test "DTLS fragmenting: none (for reference) (MTU)" \
7219 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7220 crt_file=data_files/server7_int-ca.crt \
7221 key_file=data_files/server7.key \
7222 hs_timeout=2500-60000 \
7224 "$P_CLI dtls=1 debug_level=2 \
7225 crt_file=data_files/server8_int-ca2.crt \
7226 key_file=data_files/server8.key \
7227 hs_timeout=2500-60000 \
7230 -S "found fragmented DTLS handshake message" \
7231 -C "found fragmented DTLS handshake message" \
7234 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7235 requires_config_enabled MBEDTLS_RSA_C
7236 requires_config_enabled MBEDTLS_ECDSA_C
7237 run_test "DTLS fragmenting: client (MTU)" \
7238 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7239 crt_file=data_files/server7_int-ca.crt \
7240 key_file=data_files/server7.key \
7241 hs_timeout=3500-60000 \
7243 "$P_CLI dtls=1 debug_level=2 \
7244 crt_file=data_files/server8_int-ca2.crt \
7245 key_file=data_files/server8.key \
7246 hs_timeout=3500-60000 \
7249 -s "found fragmented DTLS handshake message" \
7250 -C "found fragmented DTLS handshake message" \
7253 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7254 requires_config_enabled MBEDTLS_RSA_C
7255 requires_config_enabled MBEDTLS_ECDSA_C
7256 run_test "DTLS fragmenting: server (MTU)" \
7257 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7258 crt_file=data_files/server7_int-ca.crt \
7259 key_file=data_files/server7.key \
7260 hs_timeout=2500-60000 \
7262 "$P_CLI dtls=1 debug_level=2 \
7263 crt_file=data_files/server8_int-ca2.crt \
7264 key_file=data_files/server8.key \
7265 hs_timeout=2500-60000 \
7268 -S "found fragmented DTLS handshake message" \
7269 -c "found fragmented DTLS handshake message" \
7272 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7273 requires_config_enabled MBEDTLS_RSA_C
7274 requires_config_enabled MBEDTLS_ECDSA_C
7275 run_test "DTLS fragmenting: both (MTU=1024)" \
7276 -p "$P_PXY mtu=1024" \
7277 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7278 crt_file=data_files/server7_int-ca.crt \
7279 key_file=data_files/server7.key \
7280 hs_timeout=2500-60000 \
7282 "$P_CLI dtls=1 debug_level=2 \
7283 crt_file=data_files/server8_int-ca2.crt \
7284 key_file=data_files/server8.key \
7285 hs_timeout=2500-60000 \
7288 -s "found fragmented DTLS handshake message" \
7289 -c "found fragmented DTLS handshake message" \
7292 # Forcing ciphersuite for this test to fit the MTU of 512 with full config.
7293 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7294 requires_config_enabled MBEDTLS_RSA_C
7295 requires_config_enabled MBEDTLS_ECDSA_C
7296 requires_config_enabled MBEDTLS_SHA256_C
7297 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7298 requires_config_enabled MBEDTLS_AES_C
7299 requires_config_enabled MBEDTLS_GCM_C
7300 run_test "DTLS fragmenting: both (MTU=512)" \
7301 -p "$P_PXY mtu=512" \
7302 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7303 crt_file=data_files/server7_int-ca.crt \
7304 key_file=data_files/server7.key \
7305 hs_timeout=2500-60000 \
7307 "$P_CLI dtls=1 debug_level=2 \
7308 crt_file=data_files/server8_int-ca2.crt \
7309 key_file=data_files/server8.key \
7310 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7311 hs_timeout=2500-60000 \
7314 -s "found fragmented DTLS handshake message" \
7315 -c "found fragmented DTLS handshake message" \
7318 # Test for automatic MTU reduction on repeated resend.
7319 # Forcing ciphersuite for this test to fit the MTU of 508 with full config.
7320 # The ratio of max/min timeout should ideally equal 4 to accept two
7321 # retransmissions, but in some cases (like both the server and client using
7322 # fragmentation and auto-reduction) an extra retransmission might occur,
7323 # hence the ratio of 8.
7325 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7326 requires_config_enabled MBEDTLS_RSA_C
7327 requires_config_enabled MBEDTLS_ECDSA_C
7328 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7329 requires_config_enabled MBEDTLS_AES_C
7330 requires_config_enabled MBEDTLS_GCM_C
7331 run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
7332 -p "$P_PXY mtu=508" \
7333 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7334 crt_file=data_files/server7_int-ca.crt \
7335 key_file=data_files/server7.key \
7336 hs_timeout=400-3200" \
7337 "$P_CLI dtls=1 debug_level=2 \
7338 crt_file=data_files/server8_int-ca2.crt \
7339 key_file=data_files/server8.key \
7340 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7341 hs_timeout=400-3200" \
7343 -s "found fragmented DTLS handshake message" \
7344 -c "found fragmented DTLS handshake message" \
7347 # Forcing ciphersuite for this test to fit the MTU of 508 with full config.
7349 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7350 requires_config_enabled MBEDTLS_RSA_C
7351 requires_config_enabled MBEDTLS_ECDSA_C
7352 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7353 requires_config_enabled MBEDTLS_AES_C
7354 requires_config_enabled MBEDTLS_GCM_C
7355 run_test "DTLS fragmenting: proxy MTU: auto-reduction" \
7356 -p "$P_PXY mtu=508" \
7357 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7358 crt_file=data_files/server7_int-ca.crt \
7359 key_file=data_files/server7.key \
7360 hs_timeout=250-10000" \
7361 "$P_CLI dtls=1 debug_level=2 \
7362 crt_file=data_files/server8_int-ca2.crt \
7363 key_file=data_files/server8.key \
7364 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7365 hs_timeout=250-10000" \
7367 -s "found fragmented DTLS handshake message" \
7368 -c "found fragmented DTLS handshake message" \
7371 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
7372 # OTOH the client might resend if the server is to slow to reset after sending
7373 # a HelloVerifyRequest, so only check for no retransmission server-side
7374 not_with_valgrind # spurious autoreduction due to timeout
7375 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7376 requires_config_enabled MBEDTLS_RSA_C
7377 requires_config_enabled MBEDTLS_ECDSA_C
7378 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
7379 -p "$P_PXY mtu=1024" \
7380 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7381 crt_file=data_files/server7_int-ca.crt \
7382 key_file=data_files/server7.key \
7383 hs_timeout=10000-60000 \
7385 "$P_CLI dtls=1 debug_level=2 \
7386 crt_file=data_files/server8_int-ca2.crt \
7387 key_file=data_files/server8.key \
7388 hs_timeout=10000-60000 \
7391 -S "autoreduction" \
7392 -s "found fragmented DTLS handshake message" \
7393 -c "found fragmented DTLS handshake message" \
7396 # Forcing ciphersuite for this test to fit the MTU of 512 with full config.
7397 # the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
7398 # OTOH the client might resend if the server is to slow to reset after sending
7399 # a HelloVerifyRequest, so only check for no retransmission server-side
7400 not_with_valgrind # spurious autoreduction due to timeout
7401 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7402 requires_config_enabled MBEDTLS_RSA_C
7403 requires_config_enabled MBEDTLS_ECDSA_C
7404 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7405 requires_config_enabled MBEDTLS_AES_C
7406 requires_config_enabled MBEDTLS_GCM_C
7407 run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
7408 -p "$P_PXY mtu=512" \
7409 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7410 crt_file=data_files/server7_int-ca.crt \
7411 key_file=data_files/server7.key \
7412 hs_timeout=10000-60000 \
7414 "$P_CLI dtls=1 debug_level=2 \
7415 crt_file=data_files/server8_int-ca2.crt \
7416 key_file=data_files/server8.key \
7417 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7418 hs_timeout=10000-60000 \
7421 -S "autoreduction" \
7422 -s "found fragmented DTLS handshake message" \
7423 -c "found fragmented DTLS handshake message" \
7426 not_with_valgrind # spurious autoreduction due to timeout
7427 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7428 requires_config_enabled MBEDTLS_RSA_C
7429 requires_config_enabled MBEDTLS_ECDSA_C
7430 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
7431 -p "$P_PXY mtu=1024" \
7432 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7433 crt_file=data_files/server7_int-ca.crt \
7434 key_file=data_files/server7.key \
7435 hs_timeout=10000-60000 \
7437 "$P_CLI dtls=1 debug_level=2 \
7438 crt_file=data_files/server8_int-ca2.crt \
7439 key_file=data_files/server8.key \
7440 hs_timeout=10000-60000 \
7443 -S "autoreduction" \
7444 -s "found fragmented DTLS handshake message" \
7445 -c "found fragmented DTLS handshake message" \
7448 # Forcing ciphersuite for this test to fit the MTU of 512 with full config.
7449 not_with_valgrind # spurious autoreduction due to timeout
7450 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7451 requires_config_enabled MBEDTLS_RSA_C
7452 requires_config_enabled MBEDTLS_ECDSA_C
7453 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7454 requires_config_enabled MBEDTLS_AES_C
7455 requires_config_enabled MBEDTLS_GCM_C
7456 run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
7457 -p "$P_PXY mtu=512" \
7458 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7459 crt_file=data_files/server7_int-ca.crt \
7460 key_file=data_files/server7.key \
7461 hs_timeout=10000-60000 \
7463 "$P_CLI dtls=1 debug_level=2 \
7464 crt_file=data_files/server8_int-ca2.crt \
7465 key_file=data_files/server8.key \
7466 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7467 hs_timeout=10000-60000 \
7470 -S "autoreduction" \
7471 -s "found fragmented DTLS handshake message" \
7472 -c "found fragmented DTLS handshake message" \
7475 # Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
7476 # This ensures things still work after session_reset().
7477 # It also exercises the "resumed handshake" flow.
7478 # Since we don't support reading fragmented ClientHello yet,
7479 # up the MTU to 1450 (larger than ClientHello with session ticket,
7480 # but still smaller than client's Certificate to ensure fragmentation).
7481 # An autoreduction on the client-side might happen if the server is
7482 # slow to reset, therefore omitting '-C "autoreduction"' below.
7483 # reco_delay avoids races where the client reconnects before the server has
7484 # resumed listening, which would result in a spurious autoreduction.
7485 not_with_valgrind # spurious autoreduction due to timeout
7486 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7487 requires_config_enabled MBEDTLS_RSA_C
7488 requires_config_enabled MBEDTLS_ECDSA_C
7489 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7490 requires_config_enabled MBEDTLS_AES_C
7491 requires_config_enabled MBEDTLS_GCM_C
7492 run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
7493 -p "$P_PXY mtu=1450" \
7494 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7495 crt_file=data_files/server7_int-ca.crt \
7496 key_file=data_files/server7.key \
7497 hs_timeout=10000-60000 \
7499 "$P_CLI dtls=1 debug_level=2 \
7500 crt_file=data_files/server8_int-ca2.crt \
7501 key_file=data_files/server8.key \
7502 hs_timeout=10000-60000 \
7503 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7504 mtu=1450 reconnect=1 reco_delay=1" \
7506 -S "autoreduction" \
7507 -s "found fragmented DTLS handshake message" \
7508 -c "found fragmented DTLS handshake message" \
7511 # An autoreduction on the client-side might happen if the server is
7512 # slow to reset, therefore omitting '-C "autoreduction"' below.
7513 not_with_valgrind # spurious autoreduction due to timeout
7514 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7515 requires_config_enabled MBEDTLS_RSA_C
7516 requires_config_enabled MBEDTLS_ECDSA_C
7517 requires_config_enabled MBEDTLS_SHA256_C
7518 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7519 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7520 requires_config_enabled MBEDTLS_CHACHAPOLY_C
7521 run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
7522 -p "$P_PXY mtu=512" \
7523 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7524 crt_file=data_files/server7_int-ca.crt \
7525 key_file=data_files/server7.key \
7526 exchanges=2 renegotiation=1 \
7527 hs_timeout=10000-60000 \
7529 "$P_CLI dtls=1 debug_level=2 \
7530 crt_file=data_files/server8_int-ca2.crt \
7531 key_file=data_files/server8.key \
7532 exchanges=2 renegotiation=1 renegotiate=1 \
7533 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7534 hs_timeout=10000-60000 \
7537 -S "autoreduction" \
7538 -s "found fragmented DTLS handshake message" \
7539 -c "found fragmented DTLS handshake message" \
7542 # An autoreduction on the client-side might happen if the server is
7543 # slow to reset, therefore omitting '-C "autoreduction"' below.
7544 not_with_valgrind # spurious autoreduction due to timeout
7545 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7546 requires_config_enabled MBEDTLS_RSA_C
7547 requires_config_enabled MBEDTLS_ECDSA_C
7548 requires_config_enabled MBEDTLS_SHA256_C
7549 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7550 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7551 requires_config_enabled MBEDTLS_AES_C
7552 requires_config_enabled MBEDTLS_GCM_C
7553 run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
7554 -p "$P_PXY mtu=512" \
7555 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7556 crt_file=data_files/server7_int-ca.crt \
7557 key_file=data_files/server7.key \
7558 exchanges=2 renegotiation=1 \
7559 hs_timeout=10000-60000 \
7561 "$P_CLI dtls=1 debug_level=2 \
7562 crt_file=data_files/server8_int-ca2.crt \
7563 key_file=data_files/server8.key \
7564 exchanges=2 renegotiation=1 renegotiate=1 \
7565 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7566 hs_timeout=10000-60000 \
7569 -S "autoreduction" \
7570 -s "found fragmented DTLS handshake message" \
7571 -c "found fragmented DTLS handshake message" \
7574 # An autoreduction on the client-side might happen if the server is
7575 # slow to reset, therefore omitting '-C "autoreduction"' below.
7576 not_with_valgrind # spurious autoreduction due to timeout
7577 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7578 requires_config_enabled MBEDTLS_RSA_C
7579 requires_config_enabled MBEDTLS_ECDSA_C
7580 requires_config_enabled MBEDTLS_SHA256_C
7581 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7582 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7583 requires_config_enabled MBEDTLS_AES_C
7584 requires_config_enabled MBEDTLS_CCM_C
7585 run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
7586 -p "$P_PXY mtu=1024" \
7587 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7588 crt_file=data_files/server7_int-ca.crt \
7589 key_file=data_files/server7.key \
7590 exchanges=2 renegotiation=1 \
7591 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
7592 hs_timeout=10000-60000 \
7594 "$P_CLI dtls=1 debug_level=2 \
7595 crt_file=data_files/server8_int-ca2.crt \
7596 key_file=data_files/server8.key \
7597 exchanges=2 renegotiation=1 renegotiate=1 \
7598 hs_timeout=10000-60000 \
7601 -S "autoreduction" \
7602 -s "found fragmented DTLS handshake message" \
7603 -c "found fragmented DTLS handshake message" \
7606 # An autoreduction on the client-side might happen if the server is
7607 # slow to reset, therefore omitting '-C "autoreduction"' below.
7608 not_with_valgrind # spurious autoreduction due to timeout
7609 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7610 requires_config_enabled MBEDTLS_RSA_C
7611 requires_config_enabled MBEDTLS_ECDSA_C
7612 requires_config_enabled MBEDTLS_SHA256_C
7613 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7614 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7615 requires_config_enabled MBEDTLS_AES_C
7616 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
7617 requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
7618 run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
7619 -p "$P_PXY mtu=1024" \
7620 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7621 crt_file=data_files/server7_int-ca.crt \
7622 key_file=data_files/server7.key \
7623 exchanges=2 renegotiation=1 \
7624 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
7625 hs_timeout=10000-60000 \
7627 "$P_CLI dtls=1 debug_level=2 \
7628 crt_file=data_files/server8_int-ca2.crt \
7629 key_file=data_files/server8.key \
7630 exchanges=2 renegotiation=1 renegotiate=1 \
7631 hs_timeout=10000-60000 \
7634 -S "autoreduction" \
7635 -s "found fragmented DTLS handshake message" \
7636 -c "found fragmented DTLS handshake message" \
7639 # An autoreduction on the client-side might happen if the server is
7640 # slow to reset, therefore omitting '-C "autoreduction"' below.
7641 not_with_valgrind # spurious autoreduction due to timeout
7642 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7643 requires_config_enabled MBEDTLS_RSA_C
7644 requires_config_enabled MBEDTLS_ECDSA_C
7645 requires_config_enabled MBEDTLS_SHA256_C
7646 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7647 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
7648 requires_config_enabled MBEDTLS_AES_C
7649 requires_config_enabled MBEDTLS_CIPHER_MODE_CBC
7650 run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
7651 -p "$P_PXY mtu=1024" \
7652 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7653 crt_file=data_files/server7_int-ca.crt \
7654 key_file=data_files/server7.key \
7655 exchanges=2 renegotiation=1 \
7656 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
7657 hs_timeout=10000-60000 \
7659 "$P_CLI dtls=1 debug_level=2 \
7660 crt_file=data_files/server8_int-ca2.crt \
7661 key_file=data_files/server8.key \
7662 exchanges=2 renegotiation=1 renegotiate=1 \
7663 hs_timeout=10000-60000 \
7666 -S "autoreduction" \
7667 -s "found fragmented DTLS handshake message" \
7668 -c "found fragmented DTLS handshake message" \
7671 # Forcing ciphersuite for this test to fit the MTU of 512 with full config.
7672 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7673 requires_config_enabled MBEDTLS_RSA_C
7674 requires_config_enabled MBEDTLS_ECDSA_C
7675 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7676 requires_config_enabled MBEDTLS_AES_C
7677 requires_config_enabled MBEDTLS_GCM_C
7678 client_needs_more_time 2
7679 run_test "DTLS fragmenting: proxy MTU + 3d" \
7680 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
7681 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
7682 crt_file=data_files/server7_int-ca.crt \
7683 key_file=data_files/server7.key \
7684 hs_timeout=250-10000 mtu=512" \
7685 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
7686 crt_file=data_files/server8_int-ca2.crt \
7687 key_file=data_files/server8.key \
7688 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7689 hs_timeout=250-10000 mtu=512" \
7691 -s "found fragmented DTLS handshake message" \
7692 -c "found fragmented DTLS handshake message" \
7695 # Forcing ciphersuite for this test to fit the MTU of 512 with full config.
7696 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7697 requires_config_enabled MBEDTLS_RSA_C
7698 requires_config_enabled MBEDTLS_ECDSA_C
7699 requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA
7700 requires_config_enabled MBEDTLS_AES_C
7701 requires_config_enabled MBEDTLS_GCM_C
7702 client_needs_more_time 2
7703 run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
7704 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
7705 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
7706 crt_file=data_files/server7_int-ca.crt \
7707 key_file=data_files/server7.key \
7708 hs_timeout=250-10000 mtu=512 nbio=2" \
7709 "$P_CLI dtls=1 debug_level=2 \
7710 crt_file=data_files/server8_int-ca2.crt \
7711 key_file=data_files/server8.key \
7712 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
7713 hs_timeout=250-10000 mtu=512 nbio=2" \
7715 -s "found fragmented DTLS handshake message" \
7716 -c "found fragmented DTLS handshake message" \
7719 # interop tests for DTLS fragmentating with reliable connection
7721 # here and below we just want to test that the we fragment in a way that
7722 # pleases other implementations, so we don't need the peer to fragment
7723 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7724 requires_config_enabled MBEDTLS_RSA_C
7725 requires_config_enabled MBEDTLS_ECDSA_C
7726 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7728 run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
7730 "$P_CLI dtls=1 debug_level=2 \
7731 crt_file=data_files/server8_int-ca2.crt \
7732 key_file=data_files/server8.key \
7733 mtu=512 force_version=dtls1_2" \
7735 -c "fragmenting handshake message" \
7738 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7739 requires_config_enabled MBEDTLS_RSA_C
7740 requires_config_enabled MBEDTLS_ECDSA_C
7741 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7743 run_test "DTLS fragmenting: gnutls server, DTLS 1.0" \
7745 "$P_CLI dtls=1 debug_level=2 \
7746 crt_file=data_files/server8_int-ca2.crt \
7747 key_file=data_files/server8.key \
7748 mtu=512 force_version=dtls1" \
7750 -c "fragmenting handshake message" \
7753 # We use --insecure for the GnuTLS client because it expects
7754 # the hostname / IP it connects to to be the name used in the
7755 # certificate obtained from the server. Here, however, it
7756 # connects to 127.0.0.1 while our test certificates use 'localhost'
7757 # as the server name in the certificate. This will make the
7758 # certifiate validation fail, but passing --insecure makes
7759 # GnuTLS continue the connection nonetheless.
7760 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7761 requires_config_enabled MBEDTLS_RSA_C
7762 requires_config_enabled MBEDTLS_ECDSA_C
7763 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7766 run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
7767 "$P_SRV dtls=1 debug_level=2 \
7768 crt_file=data_files/server7_int-ca.crt \
7769 key_file=data_files/server7.key \
7770 mtu=512 force_version=dtls1_2" \
7771 "$G_CLI -u --insecure 127.0.0.1" \
7773 -s "fragmenting handshake message"
7775 # See previous test for the reason to use --insecure
7776 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7777 requires_config_enabled MBEDTLS_RSA_C
7778 requires_config_enabled MBEDTLS_ECDSA_C
7779 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7782 run_test "DTLS fragmenting: gnutls client, DTLS 1.0" \
7783 "$P_SRV dtls=1 debug_level=2 \
7784 crt_file=data_files/server7_int-ca.crt \
7785 key_file=data_files/server7.key \
7786 mtu=512 force_version=dtls1" \
7787 "$G_CLI -u --insecure 127.0.0.1" \
7789 -s "fragmenting handshake message"
7791 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7792 requires_config_enabled MBEDTLS_RSA_C
7793 requires_config_enabled MBEDTLS_ECDSA_C
7794 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7795 run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
7796 "$O_SRV -dtls1_2 -verify 10" \
7797 "$P_CLI dtls=1 debug_level=2 \
7798 crt_file=data_files/server8_int-ca2.crt \
7799 key_file=data_files/server8.key \
7800 mtu=512 force_version=dtls1_2" \
7802 -c "fragmenting handshake message" \
7805 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7806 requires_config_enabled MBEDTLS_RSA_C
7807 requires_config_enabled MBEDTLS_ECDSA_C
7808 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7809 run_test "DTLS fragmenting: openssl server, DTLS 1.0" \
7810 "$O_SRV -dtls1 -verify 10" \
7811 "$P_CLI dtls=1 debug_level=2 \
7812 crt_file=data_files/server8_int-ca2.crt \
7813 key_file=data_files/server8.key \
7814 mtu=512 force_version=dtls1" \
7816 -c "fragmenting handshake message" \
7819 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7820 requires_config_enabled MBEDTLS_RSA_C
7821 requires_config_enabled MBEDTLS_ECDSA_C
7822 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7823 run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
7824 "$P_SRV dtls=1 debug_level=2 \
7825 crt_file=data_files/server7_int-ca.crt \
7826 key_file=data_files/server7.key \
7827 mtu=512 force_version=dtls1_2" \
7830 -s "fragmenting handshake message"
7832 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7833 requires_config_enabled MBEDTLS_RSA_C
7834 requires_config_enabled MBEDTLS_ECDSA_C
7835 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7836 run_test "DTLS fragmenting: openssl client, DTLS 1.0" \
7837 "$P_SRV dtls=1 debug_level=2 \
7838 crt_file=data_files/server7_int-ca.crt \
7839 key_file=data_files/server7.key \
7840 mtu=512 force_version=dtls1" \
7843 -s "fragmenting handshake message"
7845 # interop tests for DTLS fragmentating with unreliable connection
7847 # again we just want to test that the we fragment in a way that
7848 # pleases other implementations, so we don't need the peer to fragment
7849 requires_gnutls_next
7850 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7851 requires_config_enabled MBEDTLS_RSA_C
7852 requires_config_enabled MBEDTLS_ECDSA_C
7853 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7854 client_needs_more_time 4
7855 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
7856 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7858 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
7859 crt_file=data_files/server8_int-ca2.crt \
7860 key_file=data_files/server8.key \
7861 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
7863 -c "fragmenting handshake message" \
7866 requires_gnutls_next
7867 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7868 requires_config_enabled MBEDTLS_RSA_C
7869 requires_config_enabled MBEDTLS_ECDSA_C
7870 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7871 client_needs_more_time 4
7872 run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \
7873 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7875 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
7876 crt_file=data_files/server8_int-ca2.crt \
7877 key_file=data_files/server8.key \
7878 hs_timeout=250-60000 mtu=512 force_version=dtls1" \
7880 -c "fragmenting handshake message" \
7883 requires_gnutls_next
7884 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7885 requires_config_enabled MBEDTLS_RSA_C
7886 requires_config_enabled MBEDTLS_ECDSA_C
7887 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7888 client_needs_more_time 4
7889 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
7890 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7891 "$P_SRV dtls=1 debug_level=2 \
7892 crt_file=data_files/server7_int-ca.crt \
7893 key_file=data_files/server7.key \
7894 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
7895 "$G_NEXT_CLI -u --insecure 127.0.0.1" \
7897 -s "fragmenting handshake message"
7899 requires_gnutls_next
7900 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7901 requires_config_enabled MBEDTLS_RSA_C
7902 requires_config_enabled MBEDTLS_ECDSA_C
7903 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7904 client_needs_more_time 4
7905 run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \
7906 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7907 "$P_SRV dtls=1 debug_level=2 \
7908 crt_file=data_files/server7_int-ca.crt \
7909 key_file=data_files/server7.key \
7910 hs_timeout=250-60000 mtu=512 force_version=dtls1" \
7911 "$G_NEXT_CLI -u --insecure 127.0.0.1" \
7913 -s "fragmenting handshake message"
7915 ## Interop test with OpenSSL might trigger a bug in recent versions (including
7916 ## all versions installed on the CI machines), reported here:
7917 ## Bug report: https://github.com/openssl/openssl/issues/6902
7918 ## They should be re-enabled once a fixed version of OpenSSL is available
7919 ## (this should happen in some 1.1.1_ release according to the ticket).
7921 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7922 requires_config_enabled MBEDTLS_RSA_C
7923 requires_config_enabled MBEDTLS_ECDSA_C
7924 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7925 client_needs_more_time 4
7926 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
7927 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7928 "$O_SRV -dtls1_2 -verify 10" \
7929 "$P_CLI dtls=1 debug_level=2 \
7930 crt_file=data_files/server8_int-ca2.crt \
7931 key_file=data_files/server8.key \
7932 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
7934 -c "fragmenting handshake message" \
7938 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7939 requires_config_enabled MBEDTLS_RSA_C
7940 requires_config_enabled MBEDTLS_ECDSA_C
7941 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7942 client_needs_more_time 4
7943 run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.0" \
7944 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7945 "$O_SRV -dtls1 -verify 10" \
7946 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
7947 crt_file=data_files/server8_int-ca2.crt \
7948 key_file=data_files/server8.key \
7949 hs_timeout=250-60000 mtu=512 force_version=dtls1" \
7951 -c "fragmenting handshake message" \
7955 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7956 requires_config_enabled MBEDTLS_RSA_C
7957 requires_config_enabled MBEDTLS_ECDSA_C
7958 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7959 client_needs_more_time 4
7960 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
7961 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7962 "$P_SRV dtls=1 debug_level=2 \
7963 crt_file=data_files/server7_int-ca.crt \
7964 key_file=data_files/server7.key \
7965 hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \
7968 -s "fragmenting handshake message"
7970 # -nbio is added to prevent s_client from blocking in case of duplicated
7971 # messages at the end of the handshake
7973 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
7974 requires_config_enabled MBEDTLS_RSA_C
7975 requires_config_enabled MBEDTLS_ECDSA_C
7976 requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1
7977 client_needs_more_time 4
7978 run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.0" \
7979 -p "$P_PXY drop=8 delay=8 duplicate=8" \
7980 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 \
7981 crt_file=data_files/server7_int-ca.crt \
7982 key_file=data_files/server7.key \
7983 hs_timeout=250-60000 mtu=512 force_version=dtls1" \
7984 "$O_CLI -nbio -dtls1" \
7986 -s "fragmenting handshake message"
7988 # Tests for specific things with "unreliable" UDP connection
7990 not_with_valgrind # spurious resend due to timeout
7991 run_test "DTLS proxy: reference" \
7993 "$P_SRV dtls=1 debug_level=2" \
7994 "$P_CLI dtls=1 debug_level=2" \
7996 -C "replayed record" \
7997 -S "replayed record" \
7998 -C "record from another epoch" \
7999 -S "record from another epoch" \
8000 -C "discarding invalid record" \
8001 -S "discarding invalid record" \
8003 -s "Extra-header:" \
8004 -c "HTTP/1.0 200 OK"
8006 not_with_valgrind # spurious resend due to timeout
8007 run_test "DTLS proxy: duplicate every packet" \
8008 -p "$P_PXY duplicate=1" \
8009 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
8010 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
8012 -c "replayed record" \
8013 -s "replayed record" \
8014 -c "record from another epoch" \
8015 -s "record from another epoch" \
8017 -s "Extra-header:" \
8018 -c "HTTP/1.0 200 OK"
8020 run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
8021 -p "$P_PXY duplicate=1" \
8022 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
8023 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
8025 -c "replayed record" \
8026 -S "replayed record" \
8027 -c "record from another epoch" \
8028 -s "record from another epoch" \
8031 -s "Extra-header:" \
8032 -c "HTTP/1.0 200 OK"
8034 run_test "DTLS proxy: multiple records in same datagram" \
8035 -p "$P_PXY pack=50" \
8036 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
8037 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
8039 -c "next record in same datagram" \
8040 -s "next record in same datagram"
8042 run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
8043 -p "$P_PXY pack=50 duplicate=1" \
8044 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
8045 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
8047 -c "next record in same datagram" \
8048 -s "next record in same datagram"
8050 run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
8051 -p "$P_PXY bad_ad=1" \
8052 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
8053 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
8055 -c "discarding invalid record (mac)" \
8056 -s "discarding invalid record (mac)" \
8057 -s "Extra-header:" \
8058 -c "HTTP/1.0 200 OK" \
8059 -S "too many records with bad MAC" \
8060 -S "Verification of the message MAC failed"
8062 run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
8063 -p "$P_PXY bad_ad=1" \
8064 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
8065 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
8067 -C "discarding invalid record (mac)" \
8068 -S "discarding invalid record (mac)" \
8069 -S "Extra-header:" \
8070 -C "HTTP/1.0 200 OK" \
8071 -s "too many records with bad MAC" \
8072 -s "Verification of the message MAC failed"
8074 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
8075 -p "$P_PXY bad_ad=1" \
8076 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
8077 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
8079 -c "discarding invalid record (mac)" \
8080 -s "discarding invalid record (mac)" \
8081 -s "Extra-header:" \
8082 -c "HTTP/1.0 200 OK" \
8083 -S "too many records with bad MAC" \
8084 -S "Verification of the message MAC failed"
8086 run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
8087 -p "$P_PXY bad_ad=1" \
8088 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
8089 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
8091 -c "discarding invalid record (mac)" \
8092 -s "discarding invalid record (mac)" \
8093 -s "Extra-header:" \
8094 -c "HTTP/1.0 200 OK" \
8095 -s "too many records with bad MAC" \
8096 -s "Verification of the message MAC failed"
8098 run_test "DTLS proxy: delay ChangeCipherSpec" \
8099 -p "$P_PXY delay_ccs=1" \
8100 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
8101 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
8103 -c "record from another epoch" \
8104 -s "record from another epoch" \
8105 -s "Extra-header:" \
8106 -c "HTTP/1.0 200 OK"
8108 # Tests for reordering support with DTLS
8110 run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
8111 -p "$P_PXY delay_srv=ServerHello" \
8112 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8113 hs_timeout=2500-60000" \
8114 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8115 hs_timeout=2500-60000" \
8117 -c "Buffering HS message" \
8118 -c "Next handshake message has been buffered - load"\
8119 -S "Buffering HS message" \
8120 -S "Next handshake message has been buffered - load"\
8121 -C "Injecting buffered CCS message" \
8122 -C "Remember CCS message" \
8123 -S "Injecting buffered CCS message" \
8124 -S "Remember CCS message"
8126 run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
8127 -p "$P_PXY delay_srv=ServerHello" \
8128 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8129 hs_timeout=2500-60000" \
8130 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8131 hs_timeout=2500-60000" \
8133 -c "Buffering HS message" \
8134 -c "found fragmented DTLS handshake message"\
8135 -c "Next handshake message 1 not or only partially bufffered" \
8136 -c "Next handshake message has been buffered - load"\
8137 -S "Buffering HS message" \
8138 -S "Next handshake message has been buffered - load"\
8139 -C "Injecting buffered CCS message" \
8140 -C "Remember CCS message" \
8141 -S "Injecting buffered CCS message" \
8142 -S "Remember CCS message"
8144 # The client buffers the ServerKeyExchange before receiving the fragmented
8145 # Certificate message; at the time of writing, together these are aroudn 1200b
8146 # in size, so that the bound below ensures that the certificate can be reassembled
8147 # while keeping the ServerKeyExchange.
8148 requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
8149 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
8150 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
8151 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8152 hs_timeout=2500-60000" \
8153 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8154 hs_timeout=2500-60000" \
8156 -c "Buffering HS message" \
8157 -c "Next handshake message has been buffered - load"\
8158 -C "attempt to make space by freeing buffered messages" \
8159 -S "Buffering HS message" \
8160 -S "Next handshake message has been buffered - load"\
8161 -C "Injecting buffered CCS message" \
8162 -C "Remember CCS message" \
8163 -S "Injecting buffered CCS message" \
8164 -S "Remember CCS message"
8166 # The size constraints ensure that the delayed certificate message can't
8167 # be reassembled while keeping the ServerKeyExchange message, but it can
8168 # when dropping it first.
8169 requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
8170 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
8171 run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
8172 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
8173 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8174 hs_timeout=2500-60000" \
8175 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8176 hs_timeout=2500-60000" \
8178 -c "Buffering HS message" \
8179 -c "attempt to make space by freeing buffered future messages" \
8180 -c "Enough space available after freeing buffered HS messages" \
8181 -S "Buffering HS message" \
8182 -S "Next handshake message has been buffered - load"\
8183 -C "Injecting buffered CCS message" \
8184 -C "Remember CCS message" \
8185 -S "Injecting buffered CCS message" \
8186 -S "Remember CCS message"
8188 run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
8189 -p "$P_PXY delay_cli=Certificate" \
8190 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
8191 hs_timeout=2500-60000" \
8192 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8193 hs_timeout=2500-60000" \
8195 -C "Buffering HS message" \
8196 -C "Next handshake message has been buffered - load"\
8197 -s "Buffering HS message" \
8198 -s "Next handshake message has been buffered - load" \
8199 -C "Injecting buffered CCS message" \
8200 -C "Remember CCS message" \
8201 -S "Injecting buffered CCS message" \
8202 -S "Remember CCS message"
8204 run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
8205 -p "$P_PXY delay_srv=NewSessionTicket" \
8206 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8207 hs_timeout=2500-60000" \
8208 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8209 hs_timeout=2500-60000" \
8211 -C "Buffering HS message" \
8212 -C "Next handshake message has been buffered - load"\
8213 -S "Buffering HS message" \
8214 -S "Next handshake message has been buffered - load" \
8215 -c "Injecting buffered CCS message" \
8216 -c "Remember CCS message" \
8217 -S "Injecting buffered CCS message" \
8218 -S "Remember CCS message"
8220 run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
8221 -p "$P_PXY delay_cli=ClientKeyExchange" \
8222 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8223 hs_timeout=2500-60000" \
8224 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8225 hs_timeout=2500-60000" \
8227 -C "Buffering HS message" \
8228 -C "Next handshake message has been buffered - load"\
8229 -S "Buffering HS message" \
8230 -S "Next handshake message has been buffered - load" \
8231 -C "Injecting buffered CCS message" \
8232 -C "Remember CCS message" \
8233 -s "Injecting buffered CCS message" \
8234 -s "Remember CCS message"
8236 run_test "DTLS reordering: Buffer encrypted Finished message" \
8237 -p "$P_PXY delay_ccs=1" \
8238 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
8239 hs_timeout=2500-60000" \
8240 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
8241 hs_timeout=2500-60000" \
8243 -s "Buffer record from epoch 1" \
8244 -s "Found buffered record from current epoch - load" \
8245 -c "Buffer record from epoch 1" \
8246 -c "Found buffered record from current epoch - load"
8248 # In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
8249 # from the server are delayed, so that the encrypted Finished message
8250 # is received and buffered. When the fragmented NewSessionTicket comes
8251 # in afterwards, the encrypted Finished message must be freed in order
8252 # to make space for the NewSessionTicket to be reassembled.
8253 # This works only in very particular circumstances:
8254 # - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
8255 # of the NewSessionTicket, but small enough to also allow buffering of
8256 # the encrypted Finished message.
8257 # - The MTU setting on the server must be so small that the NewSessionTicket
8258 # needs to be fragmented.
8259 # - All messages sent by the server must be small enough to be either sent
8260 # without fragmentation or be reassembled within the bounds of
8261 # MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
8262 # handshake, omitting CRTs.
8263 requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 240
8264 requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 280
8265 run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
8266 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
8267 "$P_SRV mtu=190 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
8268 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \
8270 -s "Buffer record from epoch 1" \
8271 -s "Found buffered record from current epoch - load" \
8272 -c "Buffer record from epoch 1" \
8273 -C "Found buffered record from current epoch - load" \
8274 -c "Enough space available after freeing future epoch record"
8276 # Tests for "randomly unreliable connection": try a variety of flows and peers
8278 client_needs_more_time 2
8279 run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
8280 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8281 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8283 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8284 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8286 -s "Extra-header:" \
8287 -c "HTTP/1.0 200 OK"
8289 client_needs_more_time 2
8290 run_test "DTLS proxy: 3d, \"short\" RSA handshake" \
8291 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8292 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
8293 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
8294 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
8296 -s "Extra-header:" \
8297 -c "HTTP/1.0 200 OK"
8299 client_needs_more_time 2
8300 run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
8301 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8302 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
8303 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
8305 -s "Extra-header:" \
8306 -c "HTTP/1.0 200 OK"
8308 client_needs_more_time 2
8309 run_test "DTLS proxy: 3d, FS, client auth" \
8310 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8311 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
8312 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
8314 -s "Extra-header:" \
8315 -c "HTTP/1.0 200 OK"
8317 client_needs_more_time 2
8318 run_test "DTLS proxy: 3d, FS, ticket" \
8319 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8320 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
8321 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
8323 -s "Extra-header:" \
8324 -c "HTTP/1.0 200 OK"
8326 client_needs_more_time 2
8327 run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
8328 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8329 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
8330 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
8332 -s "Extra-header:" \
8333 -c "HTTP/1.0 200 OK"
8335 client_needs_more_time 2
8336 run_test "DTLS proxy: 3d, max handshake, nbio" \
8337 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8338 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
8339 auth_mode=required" \
8340 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
8342 -s "Extra-header:" \
8343 -c "HTTP/1.0 200 OK"
8345 client_needs_more_time 4
8346 run_test "DTLS proxy: 3d, min handshake, resumption" \
8347 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8348 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8349 psk=abc123 debug_level=3" \
8350 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8351 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
8352 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8354 -s "a session has been resumed" \
8355 -c "a session has been resumed" \
8356 -s "Extra-header:" \
8357 -c "HTTP/1.0 200 OK"
8359 client_needs_more_time 4
8360 run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
8361 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8362 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8363 psk=abc123 debug_level=3 nbio=2" \
8364 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8365 debug_level=3 reconnect=1 read_timeout=1000 max_resend=10 \
8366 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
8368 -s "a session has been resumed" \
8369 -c "a session has been resumed" \
8370 -s "Extra-header:" \
8371 -c "HTTP/1.0 200 OK"
8373 client_needs_more_time 4
8374 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
8375 run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
8376 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8377 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8378 psk=abc123 renegotiation=1 debug_level=2" \
8379 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8380 renegotiate=1 debug_level=2 \
8381 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8383 -c "=> renegotiate" \
8384 -s "=> renegotiate" \
8385 -s "Extra-header:" \
8386 -c "HTTP/1.0 200 OK"
8388 client_needs_more_time 4
8389 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
8390 run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
8391 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8392 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8393 psk=abc123 renegotiation=1 debug_level=2" \
8394 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8395 renegotiate=1 debug_level=2 \
8396 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8398 -c "=> renegotiate" \
8399 -s "=> renegotiate" \
8400 -s "Extra-header:" \
8401 -c "HTTP/1.0 200 OK"
8403 client_needs_more_time 4
8404 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
8405 run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
8406 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8407 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8408 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
8410 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8411 renegotiation=1 exchanges=4 debug_level=2 \
8412 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8414 -c "=> renegotiate" \
8415 -s "=> renegotiate" \
8416 -s "Extra-header:" \
8417 -c "HTTP/1.0 200 OK"
8419 client_needs_more_time 4
8420 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
8421 run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
8422 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8423 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
8424 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \
8425 debug_level=2 nbio=2" \
8426 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \
8427 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
8428 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
8430 -c "=> renegotiate" \
8431 -s "=> renegotiate" \
8432 -s "Extra-header:" \
8433 -c "HTTP/1.0 200 OK"
8435 ## Interop tests with OpenSSL might trigger a bug in recent versions (including
8436 ## all versions installed on the CI machines), reported here:
8437 ## Bug report: https://github.com/openssl/openssl/issues/6902
8438 ## They should be re-enabled once a fixed version of OpenSSL is available
8439 ## (this should happen in some 1.1.1_ release according to the ticket).
8441 client_needs_more_time 6
8442 not_with_valgrind # risk of non-mbedtls peer timing out
8443 run_test "DTLS proxy: 3d, openssl server" \
8444 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
8445 "$O_SRV -dtls1 -mtu 2048" \
8446 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
8448 -c "HTTP/1.0 200 OK"
8450 skip_next_test # see above
8451 client_needs_more_time 8
8452 not_with_valgrind # risk of non-mbedtls peer timing out
8453 run_test "DTLS proxy: 3d, openssl server, fragmentation" \
8454 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
8455 "$O_SRV -dtls1 -mtu 768" \
8456 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
8458 -c "HTTP/1.0 200 OK"
8460 skip_next_test # see above
8461 client_needs_more_time 8
8462 not_with_valgrind # risk of non-mbedtls peer timing out
8463 run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
8464 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
8465 "$O_SRV -dtls1 -mtu 768" \
8466 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
8468 -c "HTTP/1.0 200 OK"
8471 client_needs_more_time 6
8472 not_with_valgrind # risk of non-mbedtls peer timing out
8473 run_test "DTLS proxy: 3d, gnutls server" \
8474 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8475 "$G_SRV -u --mtu 2048 -a" \
8476 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
8478 -s "Extra-header:" \
8481 requires_gnutls_next
8482 client_needs_more_time 8
8483 not_with_valgrind # risk of non-mbedtls peer timing out
8484 run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
8485 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8486 "$G_NEXT_SRV -u --mtu 512" \
8487 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
8489 -s "Extra-header:" \
8492 requires_gnutls_next
8493 client_needs_more_time 8
8494 not_with_valgrind # risk of non-mbedtls peer timing out
8495 run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
8496 -p "$P_PXY drop=5 delay=5 duplicate=5" \
8497 "$G_NEXT_SRV -u --mtu 512" \
8498 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
8500 -s "Extra-header:" \
8503 requires_config_enabled MBEDTLS_SSL_EXPORT_KEYS
8504 run_test "export keys functionality" \
8505 "$P_SRV eap_tls=1 debug_level=3" \
8506 "$P_CLI eap_tls=1 debug_level=3" \
8508 -s "exported maclen is " \
8509 -s "exported keylen is " \
8510 -s "exported ivlen is " \
8511 -c "exported maclen is " \
8512 -c "exported keylen is " \
8513 -c "exported ivlen is "
8517 echo "------------------------------------------------------------------------"
8519 if [ $FAILS = 0 ]; then
8524 PASSES=$(( $TESTS - $FAILS ))
8525 echo " ($PASSES / $TESTS tests ($SKIPS skipped))"