TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-crypto / 480905d5635d0dc50ead27529aaf4f36a46a604d / . / tests / ssl-opt.sh
blob: b183fc14b94b9cad709b84374d6389d7e2248493 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]11set -u
12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]13# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]16: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]17: ${GNUTLS_CLI:=gnutls-cli}
18: ${GNUTLS_SERV:=gnutls-serv}
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]19
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]20O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
21O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]22G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
23G_CLI="$GNUTLS_CLI"
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]24
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]25TESTS=0
26FAILS=0
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]27SKIPS=0
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]28
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]29CONFIG_H='../include/polarssl/config.h'
30
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]31MEMCHECK=0
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]32FILTER='.*'
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]33EXCLUDE='^$'
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]34
35print_usage() {
36 echo "Usage: $0 [options]"
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]37 echo -e " -h|--help\tPrint this help."
38 echo -e " -m|--memcheck\tCheck memory leaks and errors."
39 echo -e " -f|--filter\tOnly matching tests are executed (default: '$FILTER')"
40 echo -e " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]41}
42
43get_options() {
44 while [ $# -gt 0 ]; do
45 case "$1" in
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]46 -f|--filter)
47 shift; FILTER=$1
48 ;;
49 -e|--exclude)
50 shift; EXCLUDE=$1
51 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]52 -m|--memcheck)
53 MEMCHECK=1
54 ;;
55 -h|--help)
56 print_usage
57 exit 0
58 ;;
59 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]60 echo "Unknown argument: '$1'"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]61 print_usage
62 exit 1
63 ;;
64 esac
65 shift
66 done
67}
68
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]69# skip next test if OpenSSL can't send SSLv2 ClientHello
70requires_openssl_with_sslv2() {
71 if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then
72 if openssl ciphers -ssl2 >/dev/null 2>&1; then
73 OPENSSL_HAS_SSL2="YES"
74 else
75 OPENSSL_HAS_SSL2="NO"
76 fi
77 fi
78 if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then
79 SKIP_NEXT="YES"
80 fi
81}
82
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]83# skip next test if GnuTLS isn't available
84requires_gnutls() {
85 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
86 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null; then
87 GNUTLS_AVAILABLE="YES"
88 else
89 GNUTLS_AVAILABLE="NO"
90 fi
91 fi
92 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
93 SKIP_NEXT="YES"
94 fi
95}
96
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]97# print_name <name>
98print_name() {
99 echo -n "$1 "
100 LEN=`echo "$1" | wc -c`
101 LEN=`echo 72 - $LEN | bc`
102 for i in `seq 1 $LEN`; do echo -n '.'; done
103 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]104
105 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]106}
107
108# fail <message>
109fail() {
110 echo "FAIL"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]111 echo " ! $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]112
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]113 cp $SRV_OUT o-srv-${TESTS}.log
114 cp $CLI_OUT o-cli-${TESTS}.log
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]115 echo " ! outputs saved to o-srv-${TESTS}.log and o-cli-${TESTS}.log"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]116
117 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]118}
119
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]120# is_polar <cmd_line>
121is_polar() {
122 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
123}
124
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]125# has_mem_err <log_file_name>
126has_mem_err() {
127 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
128 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
129 then
130 return 1 # false: does not have errors
131 else
132 return 0 # true: has errors
133 fi
134}
135
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]136# wait for server to start: two versions depending on lsof availability
137wait_server_start() {
138 if which lsof >/dev/null; then
139 # make sure we don't loop forever
140 ( sleep "$DOG_DELAY"; echo "SERVERSTART TIMEOUT"; kill $MAIN_PID ) &
141 WATCHDOG_PID=$!
142
143 # make a tight loop, server usually takes less than 1 sec to start
144 until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
145
146 kill $WATCHDOG_PID
147 wait $WATCHDOG_PID
148 else
149 sleep "$START_DELAY"
150 fi
151}
152
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]153# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]154# Options: -s pattern pattern that must be present in server output
155# -c pattern pattern that must be present in client output
156# -S pattern pattern that must be absent in server output
157# -C pattern pattern that must be absent in client output
158run_test() {
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]159 NAME="$1"
160 SRV_CMD="$2"
161 CLI_CMD="$3"
162 CLI_EXPECT="$4"
163 shift 4
164
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]165 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
166 else
167 return
168 fi
169
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]170 print_name "$NAME"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]171
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]172 # should we skip?
173 if [ "X$SKIP_NEXT" = "XYES" ]; then
174 SKIP_NEXT="NO"
175 echo "SKIP"
176 SKIPS=`echo $SKIPS + 1 | bc`
177 return
178 fi
179
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]180 # prepend valgrind to our commands if active
181 if [ "$MEMCHECK" -gt 0 ]; then
182 if is_polar "$SRV_CMD"; then
183 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
184 fi
185 if is_polar "$CLI_CMD"; then
186 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
187 fi
188 fi
189
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]190 # run the commands
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]191 echo "$SRV_CMD" > $SRV_OUT
192 $SRV_CMD >> $SRV_OUT 2>&1 &
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]193 SRV_PID=$!
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]194 wait_server_start
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]195 echo "$CLI_CMD" > $CLI_OUT
196 eval "$CLI_CMD" >> $CLI_OUT 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]197 CLI_EXIT=$?
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]198 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100[diff] [blame]199
Manuel Pégourié-Gonnard74b11702014-08-14 15:47:33 +0200[diff] [blame]200 # kill the server
201 kill $SRV_PID
202 wait $SRV_PID
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]203
204 # check if the client and server went at least to the handshake stage
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]205 # (useful to avoid tests with only negative assertions and non-zero
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]206 # expected client exit to incorrectly succeed in case of catastrophic
207 # failure)
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]208 if is_polar "$SRV_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]209 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]210 else
211 fail "server failed to start"
212 return
213 fi
214 fi
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]215 if is_polar "$CLI_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]216 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]217 else
218 fail "client failed to start"
219 return
220 fi
221 fi
222
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]223 # check server exit code
224 if [ $? != 0 ]; then
225 fail "server fail"
226 return
227 fi
228
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]229 # check client exit code
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]230 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
231 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]232 then
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]233 fail "bad client exit code"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]234 return
235 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]236
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]237 # check other assertions
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]238 # lines beginning with == are added by valgrind, ignore them
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]239 while [ $# -gt 0 ]
240 do
241 case $1 in
242 "-s")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]243 if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]244 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]245 return
246 fi
247 ;;
248
249 "-c")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]250 if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]251 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]252 return
253 fi
254 ;;
255
256 "-S")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]257 if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]258 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]259 return
260 fi
261 ;;
262
263 "-C")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]264 if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]265 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]266 return
267 fi
268 ;;
269
270 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]271 echo "Unknown test: $1" >&2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]272 exit 1
273 esac
274 shift 2
275 done
276
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]277 # check valgrind's results
278 if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]279 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]280 fail "Server has memory errors"
281 return
282 fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]283 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]284 fail "Client has memory errors"
285 return
286 fi
287 fi
288
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]289 # if we're here, everything is ok
290 echo "PASS"
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]291 rm -f $SRV_OUT $CLI_OUT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]292}
293
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]294cleanup() {
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]295 rm -f $CLI_OUT $SRV_OUT $SESSION
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]296 kill $SRV_PID >/dev/null 2>&1
297 kill $WATCHDOG_PID >/dev/null 2>&1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]298 exit 1
299}
300
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]301#
302# MAIN
303#
304
Manuel Pégourié-Gonnard913030c2014-03-28 10:12:38 +0100[diff] [blame]305get_options "$@"
306
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]307# sanity checks, avoid an avalanche of errors
308if [ ! -x "$P_SRV" ]; then
309 echo "Command '$P_SRV' is not an executable file"
310 exit 1
311fi
312if [ ! -x "$P_CLI" ]; then
313 echo "Command '$P_CLI' is not an executable file"
314 exit 1
315fi
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]316if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
317 echo "Command '$OPENSSL_CMD' not found"
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]318 exit 1
319fi
320
Manuel Pégourié-Gonnard32f8f4d2014-05-29 11:31:20 +0200[diff] [blame]321# used by watchdog
322MAIN_PID="$$"
323
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]324# be more patient with valgrind
325if [ "$MEMCHECK" -gt 0 ]; then
326 START_DELAY=3
327 DOG_DELAY=30
328else
329 START_DELAY=1
330 DOG_DELAY=10
331fi
332
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]333# Pick a "unique" port in the range 10000-19999.
334PORT="0000$$"
Manuel Pégourié-Gonnardfab2a3c2014-06-16 16:54:36 +0200[diff] [blame]335PORT="1$(echo $PORT | tail -c 5)"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]336
337# fix commands to use this port
338P_SRV="$P_SRV server_port=$PORT"
339P_CLI="$P_CLI server_port=$PORT"
340O_SRV="$O_SRV -accept $PORT"
341O_CLI="$O_CLI -connect localhost:$PORT"
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]342G_SRV="$G_SRV -p $PORT"
343G_CLI="$G_CLI -p $PORT"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]344
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]345# Also pick a unique name for intermediate files
346SRV_OUT="srv_out.$$"
347CLI_OUT="cli_out.$$"
348SESSION="session.$$"
349
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]350SKIP_NEXT="NO"
351
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]352trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]353
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]354# Basic test
355
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]356# Checks that:
357# - things work with all ciphersuites active (used with config-full in all.sh)
358# - the expected (highest security) parameters are selected
359# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]360run_test "Default" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]361 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]362 "$P_CLI" \
363 0 \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame^]364 -s "Protocol is TLSv1.2" \
365 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
366 -s "client hello v3, signature_algorithm ext: 6" \
367 -s "ECDHE curve: secp521r1" \
368 -S "error" \
369 -C "error"
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]370
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]371# Test for SSLv2 ClientHello
372
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]373requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]374run_test "SSLv2 ClientHello #0 (reference)" \
375 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]376 "$O_CLI -no_ssl2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]377 0 \
378 -S "parse client hello v2" \
379 -S "ssl_handshake returned"
380
381# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]382requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]383run_test "SSLv2 ClientHello #1 (actual test)" \
384 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]385 "$O_CLI -cipher 'DES-CBC-MD5:ALL'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]386 0 \
387 -s "parse client hello v2" \
388 -S "ssl_handshake returned"
389
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]390# Tests for Truncated HMAC extension
391
392run_test "Truncated HMAC #0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]393 "$P_SRV debug_level=5" \
394 "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]395 0 \
396 -s "dumping 'computed mac' (20 bytes)"
397
398run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]399 "$P_SRV debug_level=5" \
400 "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]401 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]402 -s "dumping 'computed mac' (10 bytes)"
403
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]404# Tests for Session Tickets
405
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]406run_test "Session resume using tickets #1 (basic)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]407 "$P_SRV debug_level=4 tickets=1" \
408 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]409 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]410 -c "client hello, adding session ticket extension" \
411 -s "found session ticket extension" \
412 -s "server hello, adding session ticket extension" \
413 -c "found session_ticket extension" \
414 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]415 -S "session successfully restored from cache" \
416 -s "session successfully restored from ticket" \
417 -s "a session has been resumed" \
418 -c "a session has been resumed"
419
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]420run_test "Session resume using tickets #2 (cache disabled)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]421 "$P_SRV debug_level=4 tickets=1 cache_max=0" \
422 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]423 0 \
424 -c "client hello, adding session ticket extension" \
425 -s "found session ticket extension" \
426 -s "server hello, adding session ticket extension" \
427 -c "found session_ticket extension" \
428 -c "parse new session ticket" \
429 -S "session successfully restored from cache" \
430 -s "session successfully restored from ticket" \
431 -s "a session has been resumed" \
432 -c "a session has been resumed"
433
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]434run_test "Session resume using tickets #3 (timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]435 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
436 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]437 0 \
438 -c "client hello, adding session ticket extension" \
439 -s "found session ticket extension" \
440 -s "server hello, adding session ticket extension" \
441 -c "found session_ticket extension" \
442 -c "parse new session ticket" \
443 -S "session successfully restored from cache" \
444 -S "session successfully restored from ticket" \
445 -S "a session has been resumed" \
446 -C "a session has been resumed"
447
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]448run_test "Session resume using tickets #4 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]449 "$O_SRV" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]450 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
451 0 \
452 -c "client hello, adding session ticket extension" \
453 -c "found session_ticket extension" \
454 -c "parse new session ticket" \
455 -c "a session has been resumed"
456
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]457run_test "Session resume using tickets #5 (openssl client)" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]458 "$P_SRV debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]459 "( $O_CLI -sess_out $SESSION; \
460 $O_CLI -sess_in $SESSION; \
461 rm -f $SESSION )" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]462 0 \
463 -s "found session ticket extension" \
464 -s "server hello, adding session ticket extension" \
465 -S "session successfully restored from cache" \
466 -s "session successfully restored from ticket" \
467 -s "a session has been resumed"
468
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]469# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]470
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]471run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]472 "$P_SRV debug_level=4 tickets=0" \
473 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]474 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]475 -c "client hello, adding session ticket extension" \
476 -s "found session ticket extension" \
477 -S "server hello, adding session ticket extension" \
478 -C "found session_ticket extension" \
479 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]480 -s "session successfully restored from cache" \
481 -S "session successfully restored from ticket" \
482 -s "a session has been resumed" \
483 -c "a session has been resumed"
484
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]485run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]486 "$P_SRV debug_level=4 tickets=1" \
487 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]488 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]489 -C "client hello, adding session ticket extension" \
490 -S "found session ticket extension" \
491 -S "server hello, adding session ticket extension" \
492 -C "found session_ticket extension" \
493 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]494 -s "session successfully restored from cache" \
495 -S "session successfully restored from ticket" \
496 -s "a session has been resumed" \
497 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]498
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]499run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]500 "$P_SRV debug_level=4 tickets=0 cache_max=0" \
501 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]502 0 \
503 -S "session successfully restored from cache" \
504 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]505 -S "a session has been resumed" \
506 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]507
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]508run_test "Session resume using cache #4 (cache_max=1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]509 "$P_SRV debug_level=4 tickets=0 cache_max=1" \
510 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]511 0 \
512 -s "session successfully restored from cache" \
513 -S "session successfully restored from ticket" \
514 -s "a session has been resumed" \
515 -c "a session has been resumed"
516
517run_test "Session resume using cache #5 (timemout > delay)" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]518 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]519 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]520 0 \
521 -s "session successfully restored from cache" \
522 -S "session successfully restored from ticket" \
523 -s "a session has been resumed" \
524 -c "a session has been resumed"
525
526run_test "Session resume using cache #6 (timeout < delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]527 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
528 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]529 0 \
530 -S "session successfully restored from cache" \
531 -S "session successfully restored from ticket" \
532 -S "a session has been resumed" \
533 -C "a session has been resumed"
534
535run_test "Session resume using cache #7 (no timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]536 "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
537 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]538 0 \
539 -s "session successfully restored from cache" \
540 -S "session successfully restored from ticket" \
541 -s "a session has been resumed" \
542 -c "a session has been resumed"
543
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]544run_test "Session resume using cache #8 (openssl client)" \
545 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]546 "( $O_CLI -sess_out $SESSION; \
547 $O_CLI -sess_in $SESSION; \
548 rm -f $SESSION )" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]549 0 \
550 -s "found session ticket extension" \
551 -S "server hello, adding session ticket extension" \
552 -s "session successfully restored from cache" \
553 -S "session successfully restored from ticket" \
554 -s "a session has been resumed"
555
556run_test "Session resume using cache #9 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]557 "$O_SRV" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]558 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
559 0 \
560 -C "found session_ticket extension" \
561 -C "parse new session ticket" \
562 -c "a session has been resumed"
563
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]564# Tests for Max Fragment Length extension
565
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]566run_test "Max fragment length #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]567 "$P_SRV debug_level=4" \
568 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]569 0 \
570 -C "client hello, adding max_fragment_length extension" \
571 -S "found max fragment length extension" \
572 -S "server hello, max_fragment_length extension" \
573 -C "found max_fragment_length extension"
574
575run_test "Max fragment length #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]576 "$P_SRV debug_level=4" \
577 "$P_CLI debug_level=4 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]578 0 \
579 -c "client hello, adding max_fragment_length extension" \
580 -s "found max fragment length extension" \
581 -s "server hello, max_fragment_length extension" \
582 -c "found max_fragment_length extension"
583
584run_test "Max fragment length #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]585 "$P_SRV debug_level=4 max_frag_len=4096" \
586 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]587 0 \
588 -C "client hello, adding max_fragment_length extension" \
589 -S "found max fragment length extension" \
590 -S "server hello, max_fragment_length extension" \
591 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]592
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]593run_test "Max fragment length #4 (GnuTLS server)" \
594 "$G_SRV" \
595 "$P_CLI debug_level=4 max_frag_len=4096" \
596 0 \
597 -c "client hello, adding max_fragment_length extension" \
598 -c "found max_fragment_length extension"
599
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]600# Tests for renegotiation
601
602run_test "Renegotiation #0 (none)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]603 "$P_SRV debug_level=4 exchanges=2" \
604 "$P_CLI debug_level=4 exchanges=2" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]605 0 \
606 -C "client hello, adding renegotiation extension" \
607 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
608 -S "found renegotiation extension" \
609 -s "server hello, secure renegotiation extension" \
610 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]611 -C "=> renegotiate" \
612 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]613 -S "write hello request"
614
615run_test "Renegotiation #1 (enabled, client-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]616 "$P_SRV debug_level=4 exchanges=2 renegotiation=1" \
617 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]618 0 \
619 -c "client hello, adding renegotiation extension" \
620 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
621 -s "found renegotiation extension" \
622 -s "server hello, secure renegotiation extension" \
623 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]624 -c "=> renegotiate" \
625 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]626 -S "write hello request"
627
628run_test "Renegotiation #2 (enabled, server-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]629 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
630 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]631 0 \
632 -c "client hello, adding renegotiation extension" \
633 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
634 -s "found renegotiation extension" \
635 -s "server hello, secure renegotiation extension" \
636 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]637 -c "=> renegotiate" \
638 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]639 -s "write hello request"
640
641run_test "Renegotiation #3 (enabled, double)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]642 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
643 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]644 0 \
645 -c "client hello, adding renegotiation extension" \
646 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
647 -s "found renegotiation extension" \
648 -s "server hello, secure renegotiation extension" \
649 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]650 -c "=> renegotiate" \
651 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]652 -s "write hello request"
653
654run_test "Renegotiation #4 (client-initiated, server-rejected)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]655 "$P_SRV debug_level=4 exchanges=2 renegotiation=0" \
656 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]657 1 \
658 -c "client hello, adding renegotiation extension" \
659 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
660 -S "found renegotiation extension" \
661 -s "server hello, secure renegotiation extension" \
662 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]663 -c "=> renegotiate" \
664 -S "=> renegotiate" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]665 -S "write hello request" \
Manuel Pégourié-Gonnard65919622014-08-19 12:50:30 +0200[diff] [blame]666 -c "SSL - Unexpected message at ServerHello in renegotiation" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]667 -c "failed"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]668
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]669run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]670 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
671 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]672 0 \
673 -C "client hello, adding renegotiation extension" \
674 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
675 -S "found renegotiation extension" \
676 -s "server hello, secure renegotiation extension" \
677 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]678 -C "=> renegotiate" \
679 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]680 -s "write hello request" \
Manuel Pégourié-Gonnarda9964db2014-07-03 19:29:16 +0200[diff] [blame]681 -S "SSL - An unexpected message was received from our peer" \
682 -S "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]683
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]684run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]685 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]686 renego_delay=-1" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]687 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]688 0 \
689 -C "client hello, adding renegotiation extension" \
690 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
691 -S "found renegotiation extension" \
692 -s "server hello, secure renegotiation extension" \
693 -c "found renegotiation extension" \
694 -C "=> renegotiate" \
695 -S "=> renegotiate" \
696 -s "write hello request" \
697 -S "SSL - An unexpected message was received from our peer" \
698 -S "failed"
699
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]700# delay 2 for 1 alert record + 1 application data record
701run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \
702 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
703 renego_delay=2" \
704 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]705 0 \
706 -C "client hello, adding renegotiation extension" \
707 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
708 -S "found renegotiation extension" \
709 -s "server hello, secure renegotiation extension" \
710 -c "found renegotiation extension" \
711 -C "=> renegotiate" \
712 -S "=> renegotiate" \
713 -s "write hello request" \
714 -S "SSL - An unexpected message was received from our peer" \
715 -S "failed"
716
717run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]718 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]719 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]720 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]721 0 \
722 -C "client hello, adding renegotiation extension" \
723 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
724 -S "found renegotiation extension" \
725 -s "server hello, secure renegotiation extension" \
726 -c "found renegotiation extension" \
727 -C "=> renegotiate" \
728 -S "=> renegotiate" \
729 -s "write hello request" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]730 -s "SSL - An unexpected message was received from our peer"
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]731
732run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]733 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]734 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]735 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]736 0 \
737 -c "client hello, adding renegotiation extension" \
738 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
739 -s "found renegotiation extension" \
740 -s "server hello, secure renegotiation extension" \
741 -c "found renegotiation extension" \
742 -c "=> renegotiate" \
743 -s "=> renegotiate" \
744 -s "write hello request" \
745 -S "SSL - An unexpected message was received from our peer" \
746 -S "failed"
747
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +0200[diff] [blame]748run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
749 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
750 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
751 0 \
752 -c "client hello, adding renegotiation extension" \
753 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
754 -s "found renegotiation extension" \
755 -s "server hello, secure renegotiation extension" \
756 -c "found renegotiation extension" \
757 -c "=> renegotiate" \
758 -s "=> renegotiate" \
759 -S "write hello request"
760
761run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
762 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
763 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
764 0 \
765 -c "client hello, adding renegotiation extension" \
766 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
767 -s "found renegotiation extension" \
768 -s "server hello, secure renegotiation extension" \
769 -c "found renegotiation extension" \
770 -c "=> renegotiate" \
771 -s "=> renegotiate" \
772 -s "write hello request"
773
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]774# Tests for auth_mode
775
776run_test "Authentication #1 (server badcert, client required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]777 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]778 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]779 "$P_CLI debug_level=2 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]780 1 \
781 -c "x509_verify_cert() returned" \
782 -c "! self-signed or not signed by a trusted CA" \
783 -c "! ssl_handshake returned" \
784 -c "X509 - Certificate verification failed"
785
786run_test "Authentication #2 (server badcert, client optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]787 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]788 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]789 "$P_CLI debug_level=2 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]790 0 \
791 -c "x509_verify_cert() returned" \
792 -c "! self-signed or not signed by a trusted CA" \
793 -C "! ssl_handshake returned" \
794 -C "X509 - Certificate verification failed"
795
796run_test "Authentication #3 (server badcert, client none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]797 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]798 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]799 "$P_CLI debug_level=2 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]800 0 \
801 -C "x509_verify_cert() returned" \
802 -C "! self-signed or not signed by a trusted CA" \
803 -C "! ssl_handshake returned" \
804 -C "X509 - Certificate verification failed"
805
806run_test "Authentication #4 (client badcert, server required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]807 "$P_SRV debug_level=4 auth_mode=required" \
808 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]809 key_file=data_files/server5.key" \
810 1 \
811 -S "skip write certificate request" \
812 -C "skip parse certificate request" \
813 -c "got a certificate request" \
814 -C "skip write certificate" \
815 -C "skip write certificate verify" \
816 -S "skip parse certificate verify" \
817 -s "x509_verify_cert() returned" \
818 -S "! self-signed or not signed by a trusted CA" \
819 -s "! ssl_handshake returned" \
820 -c "! ssl_handshake returned" \
821 -s "X509 - Certificate verification failed"
822
823run_test "Authentication #5 (client badcert, server optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]824 "$P_SRV debug_level=4 auth_mode=optional" \
825 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]826 key_file=data_files/server5.key" \
827 0 \
828 -S "skip write certificate request" \
829 -C "skip parse certificate request" \
830 -c "got a certificate request" \
831 -C "skip write certificate" \
832 -C "skip write certificate verify" \
833 -S "skip parse certificate verify" \
834 -s "x509_verify_cert() returned" \
835 -s "! self-signed or not signed by a trusted CA" \
836 -S "! ssl_handshake returned" \
837 -C "! ssl_handshake returned" \
838 -S "X509 - Certificate verification failed"
839
840run_test "Authentication #6 (client badcert, server none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]841 "$P_SRV debug_level=4 auth_mode=none" \
842 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]843 key_file=data_files/server5.key" \
844 0 \
845 -s "skip write certificate request" \
846 -C "skip parse certificate request" \
847 -c "got no certificate request" \
848 -c "skip write certificate" \
849 -c "skip write certificate verify" \
850 -s "skip parse certificate verify" \
851 -S "x509_verify_cert() returned" \
852 -S "! self-signed or not signed by a trusted CA" \
853 -S "! ssl_handshake returned" \
854 -C "! ssl_handshake returned" \
855 -S "X509 - Certificate verification failed"
856
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]857run_test "Authentication #7 (client no cert, server optional)" \
858 "$P_SRV debug_level=4 auth_mode=optional" \
859 "$P_CLI debug_level=4 crt_file=none key_file=none" \
860 0 \
861 -S "skip write certificate request" \
862 -C "skip parse certificate request" \
863 -c "got a certificate request" \
864 -C "skip write certificate$" \
865 -C "got no certificate to send" \
866 -S "SSLv3 client has no certificate" \
867 -c "skip write certificate verify" \
868 -s "skip parse certificate verify" \
869 -s "! no client certificate sent" \
870 -S "! ssl_handshake returned" \
871 -C "! ssl_handshake returned" \
872 -S "X509 - Certificate verification failed"
873
874run_test "Authentication #8 (openssl client no cert, server optional)" \
875 "$P_SRV debug_level=4 auth_mode=optional" \
876 "$O_CLI" \
877 0 \
878 -S "skip write certificate request" \
879 -s "skip parse certificate verify" \
880 -s "! no client certificate sent" \
881 -S "! ssl_handshake returned" \
882 -S "X509 - Certificate verification failed"
883
884run_test "Authentication #9 (client no cert, openssl server optional)" \
885 "$O_SRV -verify 10" \
886 "$P_CLI debug_level=4 crt_file=none key_file=none" \
887 0 \
888 -C "skip parse certificate request" \
889 -c "got a certificate request" \
890 -C "skip write certificate$" \
891 -c "skip write certificate verify" \
892 -C "! ssl_handshake returned"
893
894run_test "Authentication #10 (client no cert, ssl3)" \
895 "$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \
896 "$P_CLI debug_level=4 crt_file=none key_file=none" \
897 0 \
898 -S "skip write certificate request" \
899 -C "skip parse certificate request" \
900 -c "got a certificate request" \
901 -C "skip write certificate$" \
902 -c "skip write certificate verify" \
903 -c "got no certificate to send" \
904 -s "SSLv3 client has no certificate" \
905 -s "skip parse certificate verify" \
906 -s "! no client certificate sent" \
907 -S "! ssl_handshake returned" \
908 -C "! ssl_handshake returned" \
909 -S "X509 - Certificate verification failed"
910
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]911# tests for SNI
912
913run_test "SNI #0 (no SNI callback)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]914 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]915 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]916 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]917 server_name=localhost" \
918 0 \
919 -S "parse ServerName extension" \
920 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
921 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
922
923run_test "SNI #1 (matching cert 1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]924 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]925 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]926 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]927 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]928 server_name=localhost" \
929 0 \
930 -s "parse ServerName extension" \
931 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
932 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
933
934run_test "SNI #2 (matching cert 2)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]935 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]936 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]937 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]938 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]939 server_name=polarssl.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]940 0 \
941 -s "parse ServerName extension" \
942 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]943 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]944
945run_test "SNI #3 (no matching cert)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]946 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]947 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]948 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]949 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]950 server_name=nonesuch.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]951 1 \
952 -s "parse ServerName extension" \
953 -s "ssl_sni_wrapper() returned" \
954 -s "ssl_handshake returned" \
955 -c "ssl_handshake returned" \
956 -c "SSL - A fatal alert message was received from our peer"
957
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]958# Tests for non-blocking I/O: exercise a variety of handshake flows
959
960run_test "Non-blocking I/O #1 (basic handshake)" \
961 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
962 "$P_CLI nbio=2 tickets=0" \
963 0 \
964 -S "ssl_handshake returned" \
965 -C "ssl_handshake returned" \
966 -c "Read from server: .* bytes read"
967
968run_test "Non-blocking I/O #2 (client auth)" \
969 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
970 "$P_CLI nbio=2 tickets=0" \
971 0 \
972 -S "ssl_handshake returned" \
973 -C "ssl_handshake returned" \
974 -c "Read from server: .* bytes read"
975
976run_test "Non-blocking I/O #3 (ticket)" \
977 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
978 "$P_CLI nbio=2 tickets=1" \
979 0 \
980 -S "ssl_handshake returned" \
981 -C "ssl_handshake returned" \
982 -c "Read from server: .* bytes read"
983
984run_test "Non-blocking I/O #4 (ticket + client auth)" \
985 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
986 "$P_CLI nbio=2 tickets=1" \
987 0 \
988 -S "ssl_handshake returned" \
989 -C "ssl_handshake returned" \
990 -c "Read from server: .* bytes read"
991
992run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \
993 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
994 "$P_CLI nbio=2 tickets=1 reconnect=1" \
995 0 \
996 -S "ssl_handshake returned" \
997 -C "ssl_handshake returned" \
998 -c "Read from server: .* bytes read"
999
1000run_test "Non-blocking I/O #6 (ticket + resume)" \
1001 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
1002 "$P_CLI nbio=2 tickets=1 reconnect=1" \
1003 0 \
1004 -S "ssl_handshake returned" \
1005 -C "ssl_handshake returned" \
1006 -c "Read from server: .* bytes read"
1007
1008run_test "Non-blocking I/O #7 (session-id resume)" \
1009 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
1010 "$P_CLI nbio=2 tickets=0 reconnect=1" \
1011 0 \
1012 -S "ssl_handshake returned" \
1013 -C "ssl_handshake returned" \
1014 -c "Read from server: .* bytes read"
1015
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1016# Tests for version negotiation
1017
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]1018run_test "Version check #1 (all -> 1.2)" \
1019 "$P_SRV" \
1020 "$P_CLI" \
1021 0 \
1022 -S "ssl_handshake returned" \
1023 -C "ssl_handshake returned" \
1024 -s "Protocol is TLSv1.2" \
1025 -c "Protocol is TLSv1.2"
1026
1027run_test "Version check #2 (cli max 1.1 -> 1.1)" \
1028 "$P_SRV" \
1029 "$P_CLI max_version=tls1_1" \
1030 0 \
1031 -S "ssl_handshake returned" \
1032 -C "ssl_handshake returned" \
1033 -s "Protocol is TLSv1.1" \
1034 -c "Protocol is TLSv1.1"
1035
1036run_test "Version check #3 (srv max 1.1 -> 1.1)" \
1037 "$P_SRV max_version=tls1_1" \
1038 "$P_CLI" \
1039 0 \
1040 -S "ssl_handshake returned" \
1041 -C "ssl_handshake returned" \
1042 -s "Protocol is TLSv1.1" \
1043 -c "Protocol is TLSv1.1"
1044
1045run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \
1046 "$P_SRV max_version=tls1_1" \
1047 "$P_CLI max_version=tls1_1" \
1048 0 \
1049 -S "ssl_handshake returned" \
1050 -C "ssl_handshake returned" \
1051 -s "Protocol is TLSv1.1" \
1052 -c "Protocol is TLSv1.1"
1053
1054run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \
1055 "$P_SRV min_version=tls1_1" \
1056 "$P_CLI max_version=tls1_1" \
1057 0 \
1058 -S "ssl_handshake returned" \
1059 -C "ssl_handshake returned" \
1060 -s "Protocol is TLSv1.1" \
1061 -c "Protocol is TLSv1.1"
1062
1063run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \
1064 "$P_SRV max_version=tls1_1" \
1065 "$P_CLI min_version=tls1_1" \
1066 0 \
1067 -S "ssl_handshake returned" \
1068 -C "ssl_handshake returned" \
1069 -s "Protocol is TLSv1.1" \
1070 -c "Protocol is TLSv1.1"
1071
1072run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \
1073 "$P_SRV max_version=tls1_1" \
1074 "$P_CLI min_version=tls1_2" \
1075 1 \
1076 -s "ssl_handshake returned" \
1077 -c "ssl_handshake returned" \
1078 -c "SSL - Handshake protocol not within min/max boundaries"
1079
1080run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \
1081 "$P_SRV min_version=tls1_2" \
1082 "$P_CLI max_version=tls1_1" \
1083 1 \
1084 -s "ssl_handshake returned" \
1085 -c "ssl_handshake returned" \
1086 -s "SSL - Handshake protocol not within min/max boundaries"
1087
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1088# Tests for ALPN extension
1089
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]1090if grep '^#define POLARSSL_SSL_ALPN' $CONFIG_H >/dev/null; then
1091
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1092run_test "ALPN #0 (none)" \
1093 "$P_SRV debug_level=4" \
1094 "$P_CLI debug_level=4" \
1095 0 \
1096 -C "client hello, adding alpn extension" \
1097 -S "found alpn extension" \
1098 -C "got an alert message, type: \\[2:120]" \
1099 -S "server hello, adding alpn extension" \
1100 -C "found alpn extension " \
1101 -C "Application Layer Protocol is" \
1102 -S "Application Layer Protocol is"
1103
1104run_test "ALPN #1 (client only)" \
1105 "$P_SRV debug_level=4" \
1106 "$P_CLI debug_level=4 alpn=abc,1234" \
1107 0 \
1108 -c "client hello, adding alpn extension" \
1109 -s "found alpn extension" \
1110 -C "got an alert message, type: \\[2:120]" \
1111 -S "server hello, adding alpn extension" \
1112 -C "found alpn extension " \
1113 -c "Application Layer Protocol is (none)" \
1114 -S "Application Layer Protocol is"
1115
1116run_test "ALPN #2 (server only)" \
1117 "$P_SRV debug_level=4 alpn=abc,1234" \
1118 "$P_CLI debug_level=4" \
1119 0 \
1120 -C "client hello, adding alpn extension" \
1121 -S "found alpn extension" \
1122 -C "got an alert message, type: \\[2:120]" \
1123 -S "server hello, adding alpn extension" \
1124 -C "found alpn extension " \
1125 -C "Application Layer Protocol is" \
1126 -s "Application Layer Protocol is (none)"
1127
1128run_test "ALPN #3 (both, common cli1-srv1)" \
1129 "$P_SRV debug_level=4 alpn=abc,1234" \
1130 "$P_CLI debug_level=4 alpn=abc,1234" \
1131 0 \
1132 -c "client hello, adding alpn extension" \
1133 -s "found alpn extension" \
1134 -C "got an alert message, type: \\[2:120]" \
1135 -s "server hello, adding alpn extension" \
1136 -c "found alpn extension" \
1137 -c "Application Layer Protocol is abc" \
1138 -s "Application Layer Protocol is abc"
1139
1140run_test "ALPN #4 (both, common cli2-srv1)" \
1141 "$P_SRV debug_level=4 alpn=abc,1234" \
1142 "$P_CLI debug_level=4 alpn=1234,abc" \
1143 0 \
1144 -c "client hello, adding alpn extension" \
1145 -s "found alpn extension" \
1146 -C "got an alert message, type: \\[2:120]" \
1147 -s "server hello, adding alpn extension" \
1148 -c "found alpn extension" \
1149 -c "Application Layer Protocol is abc" \
1150 -s "Application Layer Protocol is abc"
1151
1152run_test "ALPN #5 (both, common cli1-srv2)" \
1153 "$P_SRV debug_level=4 alpn=abc,1234" \
1154 "$P_CLI debug_level=4 alpn=1234,abcde" \
1155 0 \
1156 -c "client hello, adding alpn extension" \
1157 -s "found alpn extension" \
1158 -C "got an alert message, type: \\[2:120]" \
1159 -s "server hello, adding alpn extension" \
1160 -c "found alpn extension" \
1161 -c "Application Layer Protocol is 1234" \
1162 -s "Application Layer Protocol is 1234"
1163
1164run_test "ALPN #6 (both, no common)" \
1165 "$P_SRV debug_level=4 alpn=abc,123" \
1166 "$P_CLI debug_level=4 alpn=1234,abcde" \
1167 1 \
1168 -c "client hello, adding alpn extension" \
1169 -s "found alpn extension" \
1170 -c "got an alert message, type: \\[2:120]" \
1171 -S "server hello, adding alpn extension" \
1172 -C "found alpn extension" \
1173 -C "Application Layer Protocol is 1234" \
1174 -S "Application Layer Protocol is 1234"
1175
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]1176fi
1177
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1178# Tests for keyUsage in leaf certificates, part 1:
1179# server-side certificate/suite selection
1180
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +0200[diff] [blame]1181run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1182 "$P_SRV key_file=data_files/server2.key \
1183 crt_file=data_files/server2.ku-ds.crt" \
1184 "$P_CLI" \
1185 0 \
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +0200[diff] [blame]1186 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1187
1188
1189run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \
1190 "$P_SRV key_file=data_files/server2.key \
1191 crt_file=data_files/server2.ku-ke.crt" \
1192 "$P_CLI" \
1193 0 \
1194 -c "Ciphersuite is TLS-RSA-WITH-"
1195
1196# add psk to leave an option for client to send SERVERQUIT
1197run_test "keyUsage srv #3 (RSA, keyAgreement -> fail)" \
1198 "$P_SRV psk=abc123 key_file=data_files/server2.key \
1199 crt_file=data_files/server2.ku-ka.crt" \
1200 "$P_CLI psk=badbad" \
1201 1 \
1202 -C "Ciphersuite is "
1203
1204run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \
1205 "$P_SRV key_file=data_files/server5.key \
1206 crt_file=data_files/server5.ku-ds.crt" \
1207 "$P_CLI" \
1208 0 \
1209 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
1210
1211
1212run_test "keyUsage srv #5 (ECDSA, keyAgreement -> ECDH-)" \
1213 "$P_SRV key_file=data_files/server5.key \
1214 crt_file=data_files/server5.ku-ka.crt" \
1215 "$P_CLI" \
1216 0 \
1217 -c "Ciphersuite is TLS-ECDH-"
1218
1219# add psk to leave an option for client to send SERVERQUIT
1220run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
1221 "$P_SRV psk=abc123 key_file=data_files/server5.key \
1222 crt_file=data_files/server5.ku-ke.crt" \
1223 "$P_CLI psk=badbad" \
1224 1 \
1225 -C "Ciphersuite is "
1226
1227# Tests for keyUsage in leaf certificates, part 2:
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1228# client-side checking of server cert
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1229
1230run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
1231 "$O_SRV -key data_files/server2.key \
1232 -cert data_files/server2.ku-ds_ke.crt" \
1233 "$P_CLI debug_level=2 \
1234 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1235 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1236 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1237 -C "Processing of the Certificate handshake message failed" \
1238 -c "Ciphersuite is TLS-"
1239
1240run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
1241 "$O_SRV -key data_files/server2.key \
1242 -cert data_files/server2.ku-ds_ke.crt" \
1243 "$P_CLI debug_level=2 \
1244 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1245 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1246 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1247 -C "Processing of the Certificate handshake message failed" \
1248 -c "Ciphersuite is TLS-"
1249
1250run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
1251 "$O_SRV -key data_files/server2.key \
1252 -cert data_files/server2.ku-ke.crt" \
1253 "$P_CLI debug_level=2 \
1254 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1255 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1256 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1257 -C "Processing of the Certificate handshake message failed" \
1258 -c "Ciphersuite is TLS-"
1259
1260run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
1261 "$O_SRV -key data_files/server2.key \
1262 -cert data_files/server2.ku-ke.crt" \
1263 "$P_CLI debug_level=2 \
1264 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1265 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1266 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1267 -c "Processing of the Certificate handshake message failed" \
1268 -C "Ciphersuite is TLS-"
1269
1270run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
1271 "$O_SRV -key data_files/server2.key \
1272 -cert data_files/server2.ku-ds.crt" \
1273 "$P_CLI debug_level=2 \
1274 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1275 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1276 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1277 -C "Processing of the Certificate handshake message failed" \
1278 -c "Ciphersuite is TLS-"
1279
1280run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
1281 "$O_SRV -key data_files/server2.key \
1282 -cert data_files/server2.ku-ds.crt" \
1283 "$P_CLI debug_level=2 \
1284 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1285 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1286 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1287 -c "Processing of the Certificate handshake message failed" \
1288 -C "Ciphersuite is TLS-"
1289
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1290# Tests for keyUsage in leaf certificates, part 3:
1291# server-side checking of client cert
1292
1293run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
1294 "$P_SRV debug_level=2 auth_mode=optional" \
1295 "$O_CLI -key data_files/server2.key \
1296 -cert data_files/server2.ku-ds.crt" \
1297 0 \
1298 -S "bad certificate (usage extensions)" \
1299 -S "Processing of the Certificate handshake message failed"
1300
1301run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
1302 "$P_SRV debug_level=2 auth_mode=optional" \
1303 "$O_CLI -key data_files/server2.key \
1304 -cert data_files/server2.ku-ke.crt" \
1305 0 \
1306 -s "bad certificate (usage extensions)" \
1307 -S "Processing of the Certificate handshake message failed"
1308
1309run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
1310 "$P_SRV debug_level=2 auth_mode=required" \
1311 "$O_CLI -key data_files/server2.key \
1312 -cert data_files/server2.ku-ke.crt" \
1313 1 \
1314 -s "bad certificate (usage extensions)" \
1315 -s "Processing of the Certificate handshake message failed"
1316
1317run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
1318 "$P_SRV debug_level=2 auth_mode=optional" \
1319 "$O_CLI -key data_files/server5.key \
1320 -cert data_files/server5.ku-ds.crt" \
1321 0 \
1322 -S "bad certificate (usage extensions)" \
1323 -S "Processing of the Certificate handshake message failed"
1324
1325run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
1326 "$P_SRV debug_level=2 auth_mode=optional" \
1327 "$O_CLI -key data_files/server5.key \
1328 -cert data_files/server5.ku-ka.crt" \
1329 0 \
1330 -s "bad certificate (usage extensions)" \
1331 -S "Processing of the Certificate handshake message failed"
1332
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]1333# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
1334
1335run_test "extKeyUsage srv #1 (serverAuth -> OK)" \
1336 "$P_SRV key_file=data_files/server5.key \
1337 crt_file=data_files/server5.eku-srv.crt" \
1338 "$P_CLI" \
1339 0
1340
1341run_test "extKeyUsage srv #2 (serverAuth,clientAuth -> OK)" \
1342 "$P_SRV key_file=data_files/server5.key \
1343 crt_file=data_files/server5.eku-srv.crt" \
1344 "$P_CLI" \
1345 0
1346
1347run_test "extKeyUsage srv #3 (codeSign,anyEKU -> OK)" \
1348 "$P_SRV key_file=data_files/server5.key \
1349 crt_file=data_files/server5.eku-cs_any.crt" \
1350 "$P_CLI" \
1351 0
1352
1353# add psk to leave an option for client to send SERVERQUIT
1354run_test "extKeyUsage srv #4 (codeSign -> fail)" \
1355 "$P_SRV psk=abc123 key_file=data_files/server5.key \
1356 crt_file=data_files/server5.eku-cli.crt" \
1357 "$P_CLI psk=badbad" \
1358 1
1359
1360# Tests for extendedKeyUsage, part 2: client-side checking of server cert
1361
1362run_test "extKeyUsage cli #1 (serverAuth -> OK)" \
1363 "$O_SRV -key data_files/server5.key \
1364 -cert data_files/server5.eku-srv.crt" \
1365 "$P_CLI debug_level=2" \
1366 0 \
1367 -C "bad certificate (usage extensions)" \
1368 -C "Processing of the Certificate handshake message failed" \
1369 -c "Ciphersuite is TLS-"
1370
1371run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \
1372 "$O_SRV -key data_files/server5.key \
1373 -cert data_files/server5.eku-srv_cli.crt" \
1374 "$P_CLI debug_level=2" \
1375 0 \
1376 -C "bad certificate (usage extensions)" \
1377 -C "Processing of the Certificate handshake message failed" \
1378 -c "Ciphersuite is TLS-"
1379
1380run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \
1381 "$O_SRV -key data_files/server5.key \
1382 -cert data_files/server5.eku-cs_any.crt" \
1383 "$P_CLI debug_level=2" \
1384 0 \
1385 -C "bad certificate (usage extensions)" \
1386 -C "Processing of the Certificate handshake message failed" \
1387 -c "Ciphersuite is TLS-"
1388
1389run_test "extKeyUsage cli #4 (codeSign -> fail)" \
1390 "$O_SRV -key data_files/server5.key \
1391 -cert data_files/server5.eku-cs.crt" \
1392 "$P_CLI debug_level=2" \
1393 1 \
1394 -c "bad certificate (usage extensions)" \
1395 -c "Processing of the Certificate handshake message failed" \
1396 -C "Ciphersuite is TLS-"
1397
1398# Tests for extendedKeyUsage, part 3: server-side checking of client cert
1399
1400run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \
1401 "$P_SRV debug_level=2 auth_mode=optional" \
1402 "$O_CLI -key data_files/server5.key \
1403 -cert data_files/server5.eku-cli.crt" \
1404 0 \
1405 -S "bad certificate (usage extensions)" \
1406 -S "Processing of the Certificate handshake message failed"
1407
1408run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \
1409 "$P_SRV debug_level=2 auth_mode=optional" \
1410 "$O_CLI -key data_files/server5.key \
1411 -cert data_files/server5.eku-srv_cli.crt" \
1412 0 \
1413 -S "bad certificate (usage extensions)" \
1414 -S "Processing of the Certificate handshake message failed"
1415
1416run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \
1417 "$P_SRV debug_level=2 auth_mode=optional" \
1418 "$O_CLI -key data_files/server5.key \
1419 -cert data_files/server5.eku-cs_any.crt" \
1420 0 \
1421 -S "bad certificate (usage extensions)" \
1422 -S "Processing of the Certificate handshake message failed"
1423
1424run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \
1425 "$P_SRV debug_level=2 auth_mode=optional" \
1426 "$O_CLI -key data_files/server5.key \
1427 -cert data_files/server5.eku-cs.crt" \
1428 0 \
1429 -s "bad certificate (usage extensions)" \
1430 -S "Processing of the Certificate handshake message failed"
1431
1432run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \
1433 "$P_SRV debug_level=2 auth_mode=required" \
1434 "$O_CLI -key data_files/server5.key \
1435 -cert data_files/server5.eku-cs.crt" \
1436 1 \
1437 -s "bad certificate (usage extensions)" \
1438 -s "Processing of the Certificate handshake message failed"
1439
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]1440# Tests for DHM parameters loading
1441
1442run_test "DHM parameters #0 (reference)" \
1443 "$P_SRV" \
1444 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1445 debug_level=3" \
1446 0 \
1447 -c "value of 'DHM: P ' (2048 bits)" \
1448 -c "value of 'DHM: G ' (2048 bits)"
1449
1450run_test "DHM parameters #1 (other parameters)" \
1451 "$P_SRV dhm_file=data_files/dhparams.pem" \
1452 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1453 debug_level=3" \
1454 0 \
1455 -c "value of 'DHM: P ' (1024 bits)" \
1456 -c "value of 'DHM: G ' (2 bits)"
1457
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1458# Tests for PSK callback
1459
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1460run_test "PSK callback #0a (psk, no callback)" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1461 "$P_SRV psk=abc123 psk_identity=foo" \
1462 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1463 psk_identity=foo psk=abc123" \
1464 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1465 -S "SSL - The server has no ciphersuites in common" \
1466 -S "SSL - Unknown identity received" \
1467 -S "SSL - Verification of the message MAC failed"
1468
1469run_test "PSK callback #0b (no psk, no callback)" \
1470 "$P_SRV" \
1471 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1472 psk_identity=foo psk=abc123" \
1473 1 \
1474 -s "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1475 -S "SSL - Unknown identity received" \
1476 -S "SSL - Verification of the message MAC failed"
1477
1478run_test "PSK callback #1 (callback overrides other settings)" \
1479 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
1480 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1481 psk_identity=foo psk=abc123" \
1482 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1483 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1484 -s "SSL - Unknown identity received" \
1485 -S "SSL - Verification of the message MAC failed"
1486
1487run_test "PSK callback #2 (first id matches)" \
1488 "$P_SRV psk_list=abc,dead,def,beef" \
1489 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1490 psk_identity=abc psk=dead" \
1491 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1492 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1493 -S "SSL - Unknown identity received" \
1494 -S "SSL - Verification of the message MAC failed"
1495
1496run_test "PSK callback #3 (second id matches)" \
1497 "$P_SRV psk_list=abc,dead,def,beef" \
1498 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1499 psk_identity=def psk=beef" \
1500 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1501 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1502 -S "SSL - Unknown identity received" \
1503 -S "SSL - Verification of the message MAC failed"
1504
1505run_test "PSK callback #4 (no match)" \
1506 "$P_SRV psk_list=abc,dead,def,beef" \
1507 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1508 psk_identity=ghi psk=beef" \
1509 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1510 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1511 -s "SSL - Unknown identity received" \
1512 -S "SSL - Verification of the message MAC failed"
1513
1514run_test "PSK callback #5 (wrong key)" \
1515 "$P_SRV psk_list=abc,dead,def,beef" \
1516 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1517 psk_identity=abc psk=beef" \
1518 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1519 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1520 -S "SSL - Unknown identity received" \
1521 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]1522
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]1523# Tests for ciphersuites per version
1524
1525run_test "Per-version suites #1" \
1526 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1527 "$P_CLI force_version=ssl3" \
1528 0 \
1529 -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
1530
1531run_test "Per-version suites #2" \
1532 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1533 "$P_CLI force_version=tls1" \
1534 0 \
1535 -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
1536
1537run_test "Per-version suites #3" \
1538 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1539 "$P_CLI force_version=tls1_1" \
1540 0 \
1541 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
1542
1543run_test "Per-version suites #4" \
1544 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1545 "$P_CLI force_version=tls1_2" \
1546 0 \
1547 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
1548
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200[diff] [blame]1549# Tests for ssl_get_bytes_avail()
1550
1551run_test "ssl_get_bytes_avail #1 (no extra data)" \
1552 "$P_SRV" \
1553 "$P_CLI request_size=100" \
1554 0 \
1555 -s "Read from client: 100 bytes read$"
1556
1557run_test "ssl_get_bytes_avail #2 (extra data)" \
1558 "$P_SRV" \
1559 "$P_CLI request_size=500" \
1560 0 \
1561 -s "Read from client: 500 bytes read (.*+.*)"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]1562
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]1563# Tests for small packets
1564
1565run_test "Small packet SSLv3 BlockCipher" \
1566 "$P_SRV" \
1567 "$P_CLI request_size=1 force_version=ssl3 \
1568 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1569 0 \
1570 -s "Read from client: 1 bytes read"
1571
1572run_test "Small packet SSLv3 StreamCipher" \
1573 "$P_SRV" \
1574 "$P_CLI request_size=1 force_version=ssl3 \
1575 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1576 0 \
1577 -s "Read from client: 1 bytes read"
1578
1579run_test "Small packet TLS 1.0 BlockCipher" \
1580 "$P_SRV" \
1581 "$P_CLI request_size=1 force_version=tls1 \
1582 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1583 0 \
1584 -s "Read from client: 1 bytes read"
1585
1586run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
1587 "$P_SRV" \
1588 "$P_CLI request_size=1 force_version=tls1 \
1589 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1590 trunc_hmac=1" \
1591 0 \
1592 -s "Read from client: 1 bytes read"
1593
1594run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
1595 "$P_SRV" \
1596 "$P_CLI request_size=1 force_version=tls1 \
1597 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1598 trunc_hmac=1" \
1599 0 \
1600 -s "Read from client: 1 bytes read"
1601
1602run_test "Small packet TLS 1.1 BlockCipher" \
1603 "$P_SRV" \
1604 "$P_CLI request_size=1 force_version=tls1_1 \
1605 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1606 0 \
1607 -s "Read from client: 1 bytes read"
1608
1609run_test "Small packet TLS 1.1 StreamCipher" \
1610 "$P_SRV" \
1611 "$P_CLI request_size=1 force_version=tls1_1 \
1612 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1613 0 \
1614 -s "Read from client: 1 bytes read"
1615
1616run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
1617 "$P_SRV" \
1618 "$P_CLI request_size=1 force_version=tls1_1 \
1619 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1620 trunc_hmac=1" \
1621 0 \
1622 -s "Read from client: 1 bytes read"
1623
1624run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
1625 "$P_SRV" \
1626 "$P_CLI request_size=1 force_version=tls1_1 \
1627 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1628 trunc_hmac=1" \
1629 0 \
1630 -s "Read from client: 1 bytes read"
1631
1632run_test "Small packet TLS 1.2 BlockCipher" \
1633 "$P_SRV" \
1634 "$P_CLI request_size=1 force_version=tls1_2 \
1635 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1636 0 \
1637 -s "Read from client: 1 bytes read"
1638
1639run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
1640 "$P_SRV" \
1641 "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1642 0 \
1643 -s "Read from client: 1 bytes read"
1644
1645run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
1646 "$P_SRV" \
1647 "$P_CLI request_size=1 force_version=tls1_2 \
1648 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1649 trunc_hmac=1" \
1650 0 \
1651 -s "Read from client: 1 bytes read"
1652
1653run_test "Small packet TLS 1.2 StreamCipher" \
1654 "$P_SRV" \
1655 "$P_CLI request_size=1 force_version=tls1_2 \
1656 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1657 0 \
1658 -s "Read from client: 1 bytes read"
1659
1660run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
1661 "$P_SRV" \
1662 "$P_CLI request_size=1 force_version=tls1_2 \
1663 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1664 trunc_hmac=1" \
1665 0 \
1666 -s "Read from client: 1 bytes read"
1667
1668run_test "Small packet TLS 1.2 AEAD" \
1669 "$P_SRV" \
1670 "$P_CLI request_size=1 force_version=tls1_2 \
1671 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1672 0 \
1673 -s "Read from client: 1 bytes read"
1674
1675run_test "Small packet TLS 1.2 AEAD shorter tag" \
1676 "$P_SRV" \
1677 "$P_CLI request_size=1 force_version=tls1_2 \
1678 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1679 0 \
1680 -s "Read from client: 1 bytes read"
1681
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]1682# Test for large packets
1683
1684run_test "Large packet SSLv3 BlockCipher" \
1685 "$P_SRV" \
1686 "$P_CLI request_size=16384 force_version=ssl3 \
1687 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1688 0 \
1689 -s "Read from client: 16384 bytes read"
1690
1691run_test "Large packet SSLv3 StreamCipher" \
1692 "$P_SRV" \
1693 "$P_CLI request_size=16384 force_version=ssl3 \
1694 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1695 0 \
1696 -s "Read from client: 16384 bytes read"
1697
1698run_test "Large packet TLS 1.0 BlockCipher" \
1699 "$P_SRV" \
1700 "$P_CLI request_size=16384 force_version=tls1 \
1701 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1702 0 \
1703 -s "Read from client: 16384 bytes read"
1704
1705run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
1706 "$P_SRV" \
1707 "$P_CLI request_size=16384 force_version=tls1 \
1708 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1709 trunc_hmac=1" \
1710 0 \
1711 -s "Read from client: 16384 bytes read"
1712
1713run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
1714 "$P_SRV" \
1715 "$P_CLI request_size=16384 force_version=tls1 \
1716 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1717 trunc_hmac=1" \
1718 0 \
1719 -s "Read from client: 16384 bytes read"
1720
1721run_test "Large packet TLS 1.1 BlockCipher" \
1722 "$P_SRV" \
1723 "$P_CLI request_size=16384 force_version=tls1_1 \
1724 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1725 0 \
1726 -s "Read from client: 16384 bytes read"
1727
1728run_test "Large packet TLS 1.1 StreamCipher" \
1729 "$P_SRV" \
1730 "$P_CLI request_size=16384 force_version=tls1_1 \
1731 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1732 0 \
1733 -s "Read from client: 16384 bytes read"
1734
1735run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
1736 "$P_SRV" \
1737 "$P_CLI request_size=16384 force_version=tls1_1 \
1738 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1739 trunc_hmac=1" \
1740 0 \
1741 -s "Read from client: 16384 bytes read"
1742
1743run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
1744 "$P_SRV" \
1745 "$P_CLI request_size=16384 force_version=tls1_1 \
1746 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1747 trunc_hmac=1" \
1748 0 \
1749 -s "Read from client: 16384 bytes read"
1750
1751run_test "Large packet TLS 1.2 BlockCipher" \
1752 "$P_SRV" \
1753 "$P_CLI request_size=16384 force_version=tls1_2 \
1754 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1755 0 \
1756 -s "Read from client: 16384 bytes read"
1757
1758run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
1759 "$P_SRV" \
1760 "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1761 0 \
1762 -s "Read from client: 16384 bytes read"
1763
1764run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
1765 "$P_SRV" \
1766 "$P_CLI request_size=16384 force_version=tls1_2 \
1767 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1768 trunc_hmac=1" \
1769 0 \
1770 -s "Read from client: 16384 bytes read"
1771
1772run_test "Large packet TLS 1.2 StreamCipher" \
1773 "$P_SRV" \
1774 "$P_CLI request_size=16384 force_version=tls1_2 \
1775 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1776 0 \
1777 -s "Read from client: 16384 bytes read"
1778
1779run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
1780 "$P_SRV" \
1781 "$P_CLI request_size=16384 force_version=tls1_2 \
1782 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1783 trunc_hmac=1" \
1784 0 \
1785 -s "Read from client: 16384 bytes read"
1786
1787run_test "Large packet TLS 1.2 AEAD" \
1788 "$P_SRV" \
1789 "$P_CLI request_size=16384 force_version=tls1_2 \
1790 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1791 0 \
1792 -s "Read from client: 16384 bytes read"
1793
1794run_test "Large packet TLS 1.2 AEAD shorter tag" \
1795 "$P_SRV" \
1796 "$P_CLI request_size=16384 force_version=tls1_2 \
1797 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1798 0 \
1799 -s "Read from client: 16384 bytes read"
1800
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]1801# Final report
1802
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]1803echo "------------------------------------------------------------------------"
1804
1805if [ $FAILS = 0 ]; then
1806 echo -n "PASSED"
1807else
1808 echo -n "FAILED"
1809fi
1810PASSES=`echo $TESTS - $FAILS | bc`
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]1811echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]1812
1813exit $FAILS