Extend small packet tests for TLS
This commit ensures that there is a small packet test for at least any
combination of
- SSL/TLS version: SSLv3, TLS 1.0, TLS 1.1 or TLS 1.2
- Stream cipher (RC4) or Block cipher (AES)
- Usage of Encrypt then MAC extension [TLS only]
- Usage of truncated HMAC extension [TLS only]
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 93fa3c4..558f6da 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -3285,7 +3285,7 @@
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.0 BlockCipher without EtM" \
+run_test "Small packet TLS 1.0 BlockCipher, without EtM" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 etm=0 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
@@ -3293,7 +3293,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
+run_test "Small packet TLS 1.0 BlockCipher, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
@@ -3302,7 +3302,32 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
+run_test "Small packet TLS 1.0 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1 \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.0 StreamCipher" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+run_test "Small packet TLS 1.0 StreamCipher, without EtM" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.0 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
@@ -3310,6 +3335,16 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.0 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1 \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
run_test "Small packet TLS 1.1 BlockCipher" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_1 \
@@ -3317,10 +3352,30 @@
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.1 BlockCipher without EtM" \
+run_test "Small packet TLS 1.1 BlockCipher, without EtM" \
"$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_1 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.1 BlockCipher, truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.1 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1 \
+ etm=0" \
0 \
-s "Read from client: 1 bytes read"
@@ -3331,21 +3386,30 @@
0 \
-s "Read from client: 1 bytes read"
-requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
- "$P_SRV" \
+run_test "Small packet TLS 1.1 StreamCipher, without EtM" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.1 StreamCipher, truncated MAC" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1_1 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
trunc_hmac=1" \
0 \
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
+run_test "Small packet TLS 1.1 StreamCipher, without EtM, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_1 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
- trunc_hmac=1" \
+ trunc_hmac=1 \
+ etm=0" \
0 \
-s "Read from client: 1 bytes read"
@@ -3356,10 +3420,11 @@
0 \
-s "Read from client: 1 bytes read"
-run_test "Small packet TLS 1.2 BlockCipher without EtM" \
+run_test "Small packet TLS 1.2 BlockCipher, without EtM" \
"$P_SRV" \
- "$P_CLI request_size=1 force_version=tls1_2 etm=0 \
- force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ etm=0" \
0 \
-s "Read from client: 1 bytes read"
@@ -3371,7 +3436,7 @@
-s "Read from client: 1 bytes read"
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
+run_test "Small packet TLS 1.2 BlockCipher, truncated MAC" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
@@ -3379,6 +3444,16 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
+ "$P_SRV" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
+ trunc_hmac=1 \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
run_test "Small packet TLS 1.2 StreamCipher" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
@@ -3386,8 +3461,16 @@
0 \
-s "Read from client: 1 bytes read"
+run_test "Small packet TLS 1.2 StreamCipher, without EtM" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
-run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
+run_test "Small packet TLS 1.2 StreamCipher, truncated MAC" \
"$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
"$P_CLI request_size=1 force_version=tls1_2 \
force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
@@ -3395,6 +3478,16 @@
0 \
-s "Read from client: 1 bytes read"
+requires_config_enabled MBEDTLS_SSL_TRUNCATED_HMAC
+run_test "Small packet TLS 1.2 StreamCipher, without EtM, truncated MAC" \
+ "$P_SRV arc4=1 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
+ "$P_CLI request_size=1 force_version=tls1_2 \
+ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
+ trunc_hmac=1 \
+ etm=0" \
+ 0 \
+ -s "Read from client: 1 bytes read"
+
run_test "Small packet TLS 1.2 AEAD" \
"$P_SRV" \
"$P_CLI request_size=1 force_version=tls1_2 \