blob: 9a6b5bfd92e8c7c2083f1eb1f6a0113761950845 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001#!/bin/sh
2
Simon Butcher58eddef2016-05-19 23:43:11 +01003# ssl-opt.sh
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01004#
Bence Szépkúti1e148272020-08-07 13:07:28 +02005# Copyright The Mbed TLS Contributors
Dave Rodgman16799db2023-11-02 19:47:20 +00006# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later
Bence Szépkútic7da1fe2020-05-26 01:54:15 +02007#
Simon Butcher58eddef2016-05-19 23:43:11 +01008# Purpose
9#
10# Executes tests to prove various TLS/SSL options and extensions.
11#
12# The goal is not to cover every ciphersuite/version, but instead to cover
13# specific options (max fragment length, truncated hmac, etc) or procedures
14# (session resumption from cache or ticket, renego, etc).
15#
16# The tests assume a build with default options, with exceptions expressed
17# with a dependency. The tests focus on functionality and do not consider
18# performance.
19#
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010020
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +010021set -u
22
Jaeden Amero6e70eb22019-07-03 13:51:04 +010023# Limit the size of each log to 10 GiB, in case of failures with this script
24# where it may output seemingly unlimited length error logs.
25ulimit -f 20971520
26
Gilles Peskine560280b2019-09-16 15:17:38 +020027ORIGINAL_PWD=$PWD
28if ! cd "$(dirname "$0")"; then
29 exit 125
Angus Grattonc4dd0732018-04-11 16:28:39 +100030fi
31
David Horstmann184c4f02024-07-01 17:01:28 +010032DATA_FILES_PATH=../framework/data_files
33
Antonin Décimo36e89b52019-01-23 15:24:37 +010034# default values, can be overridden by the environment
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +010035: ${P_SRV:=../programs/ssl/ssl_server2}
36: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +020037: ${P_PXY:=../programs/test/udp_proxy}
Jerry Yud04fd352021-12-06 16:52:57 +080038: ${P_QUERY:=../programs/test/query_compile_time_config}
Manuel Pégourié-Gonnardc5722462022-12-19 11:42:12 +010039: ${OPENSSL:=openssl}
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +020040: ${GNUTLS_CLI:=gnutls-cli}
41: ${GNUTLS_SERV:=gnutls-serv}
Gilles Peskined50177f2017-05-16 17:53:03 +020042: ${PERL:=perl}
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010043
Manuel Pégourié-Gonnardc5722462022-12-19 11:42:12 +010044# The OPENSSL variable used to be OPENSSL_CMD for historical reasons.
45# To help the migration, error out if the old variable is set,
46# but only if it has a different value than the new one.
47if [ "${OPENSSL_CMD+set}" = set ]; then
48 # the variable is set, we can now check its value
49 if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then
50 echo "Please use OPENSSL instead of OPENSSL_CMD." >&2
51 exit 125
52 fi
53fi
54
Gilles Peskine560280b2019-09-16 15:17:38 +020055guess_config_name() {
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +020056 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then
Gilles Peskine560280b2019-09-16 15:17:38 +020057 echo "default"
58 else
59 echo "unknown"
60 fi
61}
62: ${MBEDTLS_TEST_OUTCOME_FILE=}
63: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
64: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
David Horstmann184c4f02024-07-01 17:01:28 +010065: ${EARLY_DATA_INPUT:="$DATA_FILES_PATH/tls13_early_data.txt"}
Gilles Peskine560280b2019-09-16 15:17:38 +020066
David Horstmann184c4f02024-07-01 17:01:28 +010067O_SRV="$OPENSSL s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
Manuel Pégourié-Gonnardc5722462022-12-19 11:42:12 +010068O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client"
David Horstmann184c4f02024-07-01 17:01:28 +010069G_SRV="$GNUTLS_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key"
70G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt"
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +010071
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020072# alternative versions of OpenSSL and GnuTLS (no default path)
73
Gilles Peskinedd782f42024-04-29 17:46:24 +020074# If $OPENSSL is at least 1.1.1, use it as OPENSSL_NEXT as well.
75if [ -z "${OPENSSL_NEXT:-}" ]; then
76 case $($OPENSSL version) in
77 OpenSSL\ 1.1.[1-9]*) OPENSSL_NEXT=$OPENSSL;;
78 OpenSSL\ [3-9]*) OPENSSL_NEXT=$OPENSSL;;
79 esac
80fi
81
82# If $GNUTLS_CLI is at least 3.7, use it as GNUTLS_NEXT_CLI as well.
83if [ -z "${GNUTLS_NEXT_CLI:-}" ]; then
84 case $($GNUTLS_CLI --version) in
85 gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
86 gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
87 gnutls-cli\ [4-9]*) GNUTLS_NEXT_CLI=$GNUTLS_CLI;;
88 esac
89fi
90
91# If $GNUTLS_SERV is at least 3.7, use it as GNUTLS_NEXT_SERV as well.
92if [ -z "${GNUTLS_NEXT_SERV:-}" ]; then
93 case $($GNUTLS_SERV --version) in
94 gnutls-cli\ 3.[1-9][0-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
95 gnutls-cli\ 3.[7-9].*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
96 gnutls-cli\ [4-9]*) GNUTLS_NEXT_SERV=$GNUTLS_SERV;;
97 esac
98fi
99
Jerry Yu04029792021-08-10 16:45:37 +0800100if [ -n "${OPENSSL_NEXT:-}" ]; then
David Horstmann184c4f02024-07-01 17:01:28 +0100101 O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
102 O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
Jerry Yu305bfc32021-11-24 16:04:47 +0800103 O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www "
David Horstmann184c4f02024-07-01 17:01:28 +0100104 O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile $DATA_FILES_PATH/test-ca_cat12.crt"
XiaokangQiand5d5b602022-05-23 09:16:20 +0000105 O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client"
Minos Galanakisa8f14382025-03-11 17:29:33 +0000106 O_NEXT_CLI_RENEGOTIATE="echo 'R' | $OPENSSL_NEXT s_client -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key"
Jerry Yu04029792021-08-10 16:45:37 +0800107else
108 O_NEXT_SRV=false
Jerry Yu305bfc32021-11-24 16:04:47 +0800109 O_NEXT_SRV_NO_CERT=false
Xiaokang Qianb0c32d82022-11-02 10:51:13 +0000110 O_NEXT_SRV_EARLY_DATA=false
XiaokangQianb1847a22022-06-08 07:49:31 +0000111 O_NEXT_CLI_NO_CERT=false
Jerry Yu04029792021-08-10 16:45:37 +0800112 O_NEXT_CLI=false
Minos Galanakis5aaa6e02025-02-12 18:23:09 +0000113 O_NEXT_CLI_RENEGOTIATE=false
Jerry Yu04029792021-08-10 16:45:37 +0800114fi
115
Hanno Becker58e9dc32018-08-17 15:53:21 +0100116if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
David Horstmann184c4f02024-07-01 17:01:28 +0100117 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key"
Jerry Yu305bfc32021-11-24 16:04:47 +0800118 G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV"
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +0200119else
120 G_NEXT_SRV=false
Jerry Yu305bfc32021-11-24 16:04:47 +0800121 G_NEXT_SRV_NO_CERT=false
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +0200122fi
123
Hanno Becker58e9dc32018-08-17 15:53:21 +0100124if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
David Horstmann184c4f02024-07-01 17:01:28 +0100125 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt"
XiaokangQiand5d5b602022-05-23 09:16:20 +0000126 G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI"
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +0200127else
128 G_NEXT_CLI=false
XiaokangQianfb1a3fe2022-06-09 06:37:33 +0000129 G_NEXT_CLI_NO_CERT=false
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +0200130fi
131
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100132TESTS=0
133FAILS=0
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200134SKIPS=0
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100135
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +0200136CONFIG_H='../include/mbedtls/mbedtls_config.h'
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200137
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100138MEMCHECK=0
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100139FILTER='.*'
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200140EXCLUDE='^$'
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100141
Paul Bakkere20310a2016-05-10 11:18:17 +0100142SHOW_TEST_NUMBER=0
Tomás González24552ff2023-08-17 15:10:03 +0100143LIST_TESTS=0
Paul Bakkerb7584a52016-05-10 10:50:43 +0100144RUN_TEST_NUMBER=''
Jerry Yu50d07bd2023-11-06 10:49:01 +0800145RUN_TEST_SUITE=''
Paul Bakkerb7584a52016-05-10 10:50:43 +0100146
Gilles Peskine39c52072024-05-17 11:55:15 +0200147MIN_TESTS=1
Paul Bakkeracaac852016-05-10 11:47:13 +0100148PRESERVE_LOGS=0
149
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200150# Pick a "unique" server port in the range 10000-19999, and a proxy
151# port which is this plus 10000. Each port number may be independently
152# overridden by a command line option.
153SRV_PORT=$(($$ % 10000 + 10000))
154PXY_PORT=$((SRV_PORT + 10000))
155
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100156print_usage() {
157 echo "Usage: $0 [options]"
Manuel Pégourié-Gonnardf46f1282014-12-11 11:51:28 +0100158 printf " -h|--help\tPrint this help.\n"
159 printf " -m|--memcheck\tCheck memory leaks and errors.\n"
Gilles Peskine9fa4ed62020-08-26 22:35:46 +0200160 printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n"
161 printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n"
Paul Bakkerb7584a52016-05-10 10:50:43 +0100162 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
Paul Bakkere20310a2016-05-10 11:18:17 +0100163 printf " -s|--show-numbers\tShow test numbers in front of test names\n"
Paul Bakkeracaac852016-05-10 11:47:13 +0100164 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
Tomás González12787c92023-09-04 10:26:00 +0100165 printf " --list-test-cases\tList all potential test cases (No Execution)\n"
Gilles Peskine39c52072024-05-17 11:55:15 +0200166 printf " --min \tMinimum number of non-skipped tests (default 1)\n"
Gilles Peskine560280b2019-09-16 15:17:38 +0200167 printf " --outcome-file\tFile where test outcomes are written\n"
168 printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
169 printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n"
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200170 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n"
Gilles Peskine560280b2019-09-16 15:17:38 +0200171 printf " --seed \tInteger seed value to use for this test run\n"
Jerry Yu50d07bd2023-11-06 10:49:01 +0800172 printf " --test-suite\tOnly matching test suites are executed\n"
173 printf " \t(comma-separated, e.g. 'ssl-opt,tls13-compat')\n\n"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100174}
175
176get_options() {
177 while [ $# -gt 0 ]; do
178 case "$1" in
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100179 -f|--filter)
180 shift; FILTER=$1
181 ;;
182 -e|--exclude)
183 shift; EXCLUDE=$1
184 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100185 -m|--memcheck)
186 MEMCHECK=1
187 ;;
Paul Bakkerb7584a52016-05-10 10:50:43 +0100188 -n|--number)
189 shift; RUN_TEST_NUMBER=$1
190 ;;
Paul Bakkere20310a2016-05-10 11:18:17 +0100191 -s|--show-numbers)
192 SHOW_TEST_NUMBER=1
193 ;;
Tomás González4a86da22023-09-01 17:41:16 +0100194 -l|--list-test-cases)
Tomás González24552ff2023-08-17 15:10:03 +0100195 LIST_TESTS=1
196 ;;
Paul Bakkeracaac852016-05-10 11:47:13 +0100197 -p|--preserve-logs)
198 PRESERVE_LOGS=1
199 ;;
Gilles Peskine39c52072024-05-17 11:55:15 +0200200 --min)
201 shift; MIN_TESTS=$1
202 ;;
Yanray Wang5b33f642023-02-28 11:56:59 +0800203 --outcome-file)
204 shift; MBEDTLS_TEST_OUTCOME_FILE=$1
205 ;;
Gilles Peskinef93c7d32017-04-14 17:55:28 +0200206 --port)
207 shift; SRV_PORT=$1
208 ;;
209 --proxy-port)
210 shift; PXY_PORT=$1
211 ;;
Andres AGf04f54d2016-10-10 15:46:20 +0100212 --seed)
213 shift; SEED="$1"
214 ;;
Jerry Yu50d07bd2023-11-06 10:49:01 +0800215 --test-suite)
216 shift; RUN_TEST_SUITE="$1"
217 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100218 -h|--help)
219 print_usage
220 exit 0
221 ;;
222 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200223 echo "Unknown argument: '$1'"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100224 print_usage
225 exit 1
226 ;;
227 esac
228 shift
229 done
230}
231
Tomás González0e8a08a2023-08-23 15:29:57 +0100232get_options "$@"
233
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +0200234# Read boolean configuration options from mbedtls_config.h for easy and quick
Gilles Peskine64457492020-08-26 21:53:33 +0200235# testing. Skip non-boolean options (with something other than spaces
236# and a comment after "#define SYMBOL"). The variable contains a
Minos Galanakis4ce27cb2024-12-02 15:51:07 +0000237# space-separated list of symbols. The list should always be
238# terminated by a single whitespace character, otherwise the last entry
239# will not get matched by the parsing regex.
Tomás Gonzálezf162b4f2023-08-23 15:31:12 +0100240if [ "$LIST_TESTS" -eq 0 ];then
Minos Galanakis4ce27cb2024-12-02 15:51:07 +0000241 CONFIGS_ENABLED=" $(echo `$P_QUERY -l` ) "
Tomás Gonzálezf162b4f2023-08-23 15:31:12 +0100242else
Tomás Gonzálezbe2c66e2023-09-01 10:34:49 +0100243 P_QUERY=":"
Tomás Gonzálezf162b4f2023-08-23 15:31:12 +0100244 CONFIGS_ENABLED=""
245fi
Hanno Becker3b8b40c2018-08-28 10:25:41 +0100246# Skip next test; use this macro to skip tests which are legitimate
247# in theory and expected to be re-introduced at some point, but
248# aren't expected to succeed at the moment due to problems outside
249# our control (such as bugs in other TLS implementations).
250skip_next_test() {
251 SKIP_NEXT="YES"
252}
253
Valerio Settid1f991c2023-02-22 12:54:13 +0100254# Check if the required configuration ($1) is enabled
255is_config_enabled()
256{
257 case $CONFIGS_ENABLED in
258 *" $1"[\ =]*) return 0;;
259 *) return 1;;
260 esac
261}
262
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +0200263# skip next test if the flag is not enabled in mbedtls_config.h
Manuel Pégourié-Gonnard988209f2015-03-24 10:43:55 +0100264requires_config_enabled() {
Gilles Peskine64457492020-08-26 21:53:33 +0200265 case $CONFIGS_ENABLED in
Jerry Yu2e8b0012021-12-10 20:29:02 +0800266 *" $1"[\ =]*) :;;
Gilles Peskine64457492020-08-26 21:53:33 +0200267 *) SKIP_NEXT="YES";;
268 esac
Manuel Pégourié-Gonnard988209f2015-03-24 10:43:55 +0100269}
270
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +0200271# skip next test if the flag is enabled in mbedtls_config.h
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200272requires_config_disabled() {
Gilles Peskine64457492020-08-26 21:53:33 +0200273 case $CONFIGS_ENABLED in
Jerry Yu2e8b0012021-12-10 20:29:02 +0800274 *" $1"[\ =]*) SKIP_NEXT="YES";;
Gilles Peskine64457492020-08-26 21:53:33 +0200275 esac
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +0200276}
277
Jerry Yu2fcb0562022-07-27 17:30:49 +0800278requires_all_configs_enabled() {
Gilles Peskine94041692024-09-06 14:43:17 +0200279 for x in "$@"; do
280 if ! is_config_enabled "$x"; then
281 SKIP_NEXT="YES"
282 return
283 fi
284 done
Jerry Yu2fcb0562022-07-27 17:30:49 +0800285}
286
287requires_all_configs_disabled() {
Gilles Peskine94041692024-09-06 14:43:17 +0200288 for x in "$@"; do
289 if is_config_enabled "$x"; then
290 SKIP_NEXT="YES"
291 return
292 fi
293 done
Jerry Yu2fcb0562022-07-27 17:30:49 +0800294}
295
296requires_any_configs_enabled() {
Gilles Peskine94041692024-09-06 14:43:17 +0200297 for x in "$@"; do
298 if is_config_enabled "$x"; then
299 return
300 fi
301 done
302 SKIP_NEXT="YES"
Jerry Yu2fcb0562022-07-27 17:30:49 +0800303}
304
305requires_any_configs_disabled() {
Gilles Peskine94041692024-09-06 14:43:17 +0200306 for x in "$@"; do
307 if ! is_config_enabled "$x"; then
308 return
309 fi
310 done
311 SKIP_NEXT="YES"
Jerry Yu2fcb0562022-07-27 17:30:49 +0800312}
313
Gabor Mezeie1e27302025-02-26 18:06:05 +0100314TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
Ben Taylor15f1d7f2025-07-10 09:41:09 +0100315 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
Ronald Cronbc5adf42022-10-04 11:06:14 +0200316
Ben Taylor15f1d7f2025-07-10 09:41:09 +0100317TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
Valerio Settid1f991c2023-02-22 12:54:13 +0100318
Gabor Mezeie1e27302025-02-26 18:06:05 +0100319TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \
320 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED"
Valerio Setti6ba247c2023-03-14 17:13:43 +0100321
Gilles Peskine9d3b2072024-09-06 15:38:47 +0200322requires_certificate_authentication () {
Gilles Peskinee3eab322024-09-10 12:24:23 +0200323 if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron928cbd32022-10-04 16:14:26 +0200324 then
Gilles Peskinee3eab322024-09-10 12:24:23 +0200325 # TLS 1.3 is negotiated by default, so check whether it supports
326 # certificate-based authentication.
327 requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
328 else # Only TLS 1.2 is enabled.
Valerio Settie7f896d2023-03-13 13:55:28 +0100329 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron928cbd32022-10-04 16:14:26 +0200330 fi
Ronald Cronbc5adf42022-10-04 11:06:14 +0200331}
332
Hanno Becker7c48dd12018-08-28 16:09:22 +0100333get_config_value_or_default() {
Andres Amaya Garcia3169dc02018-10-16 21:29:07 +0100334 # This function uses the query_config command line option to query the
335 # required Mbed TLS compile time configuration from the ssl_server2
336 # program. The command will always return a success value if the
337 # configuration is defined and the value will be printed to stdout.
338 #
339 # Note that if the configuration is not defined or is defined to nothing,
340 # the output of this function will be an empty string.
Tomás González06956a12023-08-23 15:46:20 +0100341 if [ "$LIST_TESTS" -eq 0 ];then
342 ${P_SRV} "query_config=${1}"
343 else
344 echo "1"
345 fi
346
Hanno Becker7c48dd12018-08-28 16:09:22 +0100347}
348
349requires_config_value_at_least() {
Andres Amaya Garcia3169dc02018-10-16 21:29:07 +0100350 VAL="$( get_config_value_or_default "$1" )"
351 if [ -z "$VAL" ]; then
352 # Should never happen
353 echo "Mbed TLS configuration $1 is not defined"
354 exit 1
355 elif [ "$VAL" -lt "$2" ]; then
Hanno Becker5cd017f2018-08-24 14:40:12 +0100356 SKIP_NEXT="YES"
357 fi
358}
359
360requires_config_value_at_most() {
Hanno Becker7c48dd12018-08-28 16:09:22 +0100361 VAL=$( get_config_value_or_default "$1" )
Andres Amaya Garcia3169dc02018-10-16 21:29:07 +0100362 if [ -z "$VAL" ]; then
363 # Should never happen
364 echo "Mbed TLS configuration $1 is not defined"
365 exit 1
366 elif [ "$VAL" -gt "$2" ]; then
Hanno Becker5cd017f2018-08-24 14:40:12 +0100367 SKIP_NEXT="YES"
368 fi
369}
370
Yuto Takano6f657432021-07-02 13:10:41 +0100371requires_config_value_equals() {
372 VAL=$( get_config_value_or_default "$1" )
373 if [ -z "$VAL" ]; then
374 # Should never happen
375 echo "Mbed TLS configuration $1 is not defined"
376 exit 1
377 elif [ "$VAL" -ne "$2" ]; then
378 SKIP_NEXT="YES"
379 fi
380}
381
Gilles Peskinec9126732022-04-08 19:33:07 +0200382# Require Mbed TLS to support the given protocol version.
383#
384# Inputs:
385# * $1: protocol version in mbedtls syntax (argument to force_version=)
386requires_protocol_version() {
387 # Support for DTLS is detected separately in detect_dtls().
388 case "$1" in
389 tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;;
390 tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;;
391 *) echo "Unknown required protocol version: $1"; exit 1;;
392 esac
393}
394
Gilles Peskine64457492020-08-26 21:53:33 +0200395# Space-separated list of ciphersuites supported by this build of
396# Mbed TLS.
Ronald Cron5b73de82023-11-28 15:49:25 +0100397P_CIPHERSUITES=""
398if [ "$LIST_TESTS" -eq 0 ]; then
399 P_CIPHERSUITES=" $($P_CLI help_ciphersuites 2>/dev/null |
400 grep 'TLS-\|TLS1-3' |
401 tr -s ' \n' ' ')"
402
403 if [ -z "${P_CIPHERSUITES# }" ]; then
404 echo >&2 "$0: fatal error: no cipher suites found!"
405 exit 125
406 fi
407fi
408
Hanno Becker9d76d562018-11-16 17:27:29 +0000409requires_ciphersuite_enabled() {
Gilles Peskine64457492020-08-26 21:53:33 +0200410 case $P_CIPHERSUITES in
411 *" $1 "*) :;;
412 *) SKIP_NEXT="YES";;
413 esac
Hanno Becker9d76d562018-11-16 17:27:29 +0000414}
415
Valerio Setti73d05312023-11-09 16:53:59 +0100416requires_cipher_enabled() {
417 KEY_TYPE=$1
418 MODE=${2:-}
Gilles Peskinefb31ebd2024-10-24 20:14:16 +0200419 case "$KEY_TYPE" in
420 CHACHA20)
421 requires_config_enabled PSA_WANT_ALG_CHACHA20_POLY1305
422 requires_config_enabled PSA_WANT_KEY_TYPE_CHACHA20
423 ;;
424 *)
425 requires_config_enabled PSA_WANT_ALG_${MODE}
426 requires_config_enabled PSA_WANT_KEY_TYPE_${KEY_TYPE}
427 ;;
428 esac
Valerio Setti73d05312023-11-09 16:53:59 +0100429}
430
Valerio Setti1af76d12023-02-23 15:55:10 +0100431# Automatically detect required features based on command line parameters.
432# Parameters are:
433# - $1 = command line (call to a TLS client or server program)
434# - $2 = client/server
435# - $3 = TLS version (TLS12 or TLS13)
Ben Taylor39280a42025-07-30 13:43:21 +0100436# - $4 = run test options
Gilles Peskineb898b3d2022-04-08 19:26:26 +0200437detect_required_features() {
Valerio Setti6ba247c2023-03-14 17:13:43 +0100438 CMD_LINE=$1
439 ROLE=$2
440 TLS_VERSION=$3
Ben Taylor39280a42025-07-30 13:43:21 +0100441 TEST_OPTIONS=${4:-}
Valerio Setti6ba247c2023-03-14 17:13:43 +0100442
443 case "$CMD_LINE" in
Gilles Peskinec9126732022-04-08 19:33:07 +0200444 *\ force_version=*)
Valerio Setti6ba247c2023-03-14 17:13:43 +0100445 tmp="${CMD_LINE##*\ force_version=}"
Gilles Peskinec9126732022-04-08 19:33:07 +0200446 tmp="${tmp%%[!-0-9A-Z_a-z]*}"
447 requires_protocol_version "$tmp";;
Gilles Peskine0d721652020-06-26 23:35:53 +0200448 esac
Gilles Peskine0d721652020-06-26 23:35:53 +0200449
Valerio Setti6ba247c2023-03-14 17:13:43 +0100450 case "$CMD_LINE" in
Gilles Peskineb898b3d2022-04-08 19:26:26 +0200451 *\ force_ciphersuite=*)
Valerio Setti6ba247c2023-03-14 17:13:43 +0100452 tmp="${CMD_LINE##*\ force_ciphersuite=}"
Gilles Peskineb898b3d2022-04-08 19:26:26 +0200453 tmp="${tmp%%[!-0-9A-Z_a-z]*}"
454 requires_ciphersuite_enabled "$tmp";;
Gilles Peskine0d721652020-06-26 23:35:53 +0200455 esac
Gilles Peskine0d721652020-06-26 23:35:53 +0200456
Valerio Setti6ba247c2023-03-14 17:13:43 +0100457 case " $CMD_LINE " in
Gilles Peskine740b7342022-04-08 19:29:27 +0200458 *[-_\ =]tickets=[^0]*)
459 requires_config_enabled MBEDTLS_SSL_TICKET_C;;
460 esac
Valerio Setti6ba247c2023-03-14 17:13:43 +0100461 case " $CMD_LINE " in
Gilles Peskine740b7342022-04-08 19:29:27 +0200462 *[-_\ =]alpn=*)
463 requires_config_enabled MBEDTLS_SSL_ALPN;;
464 esac
465
Gilles Peskineae3dc172024-09-06 15:34:59 +0200466 case " $CMD_LINE " in
467 *\ auth_mode=*|*[-_\ =]crt[_=]*)
Gilles Peskine6e85e352024-09-10 12:06:33 +0200468 # The test case involves certificates (crt), or a relevant
469 # aspect of it is the (certificate-based) authentication mode.
Gilles Peskineae3dc172024-09-06 15:34:59 +0200470 requires_certificate_authentication;;
471 esac
472
Gilles Peskine7985d452024-09-04 16:06:10 +0200473 case " $CMD_LINE " in
Gilles Peskine58b399e2025-02-13 21:23:22 +0100474 *\ ca_callback=1\ *)
475 requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK;;
476 esac
477
478 case " $CMD_LINE " in
Gilles Peskineae710c82024-09-04 16:07:56 +0200479 *"programs/ssl/dtls_client "*|\
Gilles Peskine7985d452024-09-04 16:06:10 +0200480 *"programs/ssl/ssl_client1 "*)
481 requires_config_enabled MBEDTLS_CTR_DRBG_C
Minos Galanakisa1e86792025-08-18 10:31:31 +0100482 requires_config_enabled MBEDTLS_PSA_CRYPTO_C
Ronald Cron8fc000e2025-08-25 15:19:59 +0200483 requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Gilles Peskine7985d452024-09-04 16:06:10 +0200484 requires_config_enabled MBEDTLS_PEM_PARSE_C
485 requires_config_enabled MBEDTLS_SSL_CLI_C
486 requires_certificate_authentication
487 ;;
Gilles Peskine6b4d6932024-09-04 16:51:50 +0200488 *"programs/ssl/dtls_server "*|\
Gilles Peskinec83e56c2024-09-04 17:47:14 +0200489 *"programs/ssl/ssl_fork_server "*|\
Gilles Peskine3abca952024-09-04 16:31:06 +0200490 *"programs/ssl/ssl_pthread_server "*|\
Gilles Peskinea21e8932024-09-04 16:30:32 +0200491 *"programs/ssl/ssl_server "*)
492 requires_config_enabled MBEDTLS_CTR_DRBG_C
Minos Galanakisa1e86792025-08-18 10:31:31 +0100493 requires_config_enabled MBEDTLS_PSA_CRYPTO_C
Ronald Cron8fc000e2025-08-25 15:19:59 +0200494 requires_config_disabled MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG
Gilles Peskinea21e8932024-09-04 16:30:32 +0200495 requires_config_enabled MBEDTLS_PEM_PARSE_C
496 requires_config_enabled MBEDTLS_SSL_SRV_C
497 requires_certificate_authentication
Gilles Peskinef9ad8302024-09-13 23:08:48 +0200498 # The actual minimum depends on the configuration since it's
499 # mostly about the certificate size.
500 # In config-suite-b.h, for the test certificates (server5.crt),
501 # 1024 is not enough.
502 requires_config_value_at_least MBEDTLS_SSL_OUT_CONTENT_LEN 2000
Gilles Peskinea21e8932024-09-04 16:30:32 +0200503 ;;
Gilles Peskine7985d452024-09-04 16:06:10 +0200504 esac
505
Gilles Peskine3abca952024-09-04 16:31:06 +0200506 case " $CMD_LINE " in
507 *"programs/ssl/ssl_pthread_server "*)
508 requires_config_enabled MBEDTLS_THREADING_PTHREAD;;
509 esac
510
Valerio Setti6ba247c2023-03-14 17:13:43 +0100511 case "$CMD_LINE" in
Gilles Peskine4f098642024-09-06 15:35:58 +0200512 *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
Gilles Peskinee8553172024-04-26 21:28:49 +0200513 */server5*|\
514 */server7*|\
515 */dir-maxpath*)
Gilles Peskineae3dc172024-09-06 15:34:59 +0200516 requires_certificate_authentication
Valerio Setti6ba247c2023-03-14 17:13:43 +0100517 if [ "$TLS_VERSION" = "TLS13" ]; then
Valerio Setti1af76d12023-02-23 15:55:10 +0100518 # In case of TLS13 the support for ECDSA is enough
519 requires_pk_alg "ECDSA"
520 else
521 # For TLS12 requirements are different between server and client
Valerio Setti6ba247c2023-03-14 17:13:43 +0100522 if [ "$ROLE" = "server" ]; then
Ben Taylor39280a42025-07-30 13:43:21 +0100523 requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Valerio Setti6ba247c2023-03-14 17:13:43 +0100524 elif [ "$ROLE" = "client" ]; then
Ben Taylor39280a42025-07-30 13:43:21 +0100525 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH
Valerio Setti1af76d12023-02-23 15:55:10 +0100526 requires_pk_alg "ECDSA"
527 fi
528 fi
529 ;;
530 esac
531
Valerio Setti4f577f32023-07-31 18:58:25 +0200532 case "$CMD_LINE" in
Gilles Peskine4f098642024-09-06 15:35:58 +0200533 *[-_\ =]psk*|*[-_\ =]PSK*) :;; # No certificate requirement with PSK
Gilles Peskined00b93b2024-04-29 16:03:02 +0200534 */server1*|\
Gilles Peskinee8553172024-04-26 21:28:49 +0200535 */server2*|\
536 */server7*)
Gilles Peskineae3dc172024-09-06 15:34:59 +0200537 requires_certificate_authentication
Gilles Peskined00b93b2024-04-29 16:03:02 +0200538 # Certificates with an RSA key. The algorithm requirement is
539 # some subset of {PKCS#1v1.5 encryption, PKCS#1v1.5 signature,
540 # PSS signature}. We can't easily tell which subset works, and
541 # we aren't currently running ssl-opt.sh in configurations
542 # where partial RSA support is a problem, so generically, we
543 # just require RSA and it works out for our tests so far.
Ronald Cron68ba7f72025-06-30 07:45:17 +0200544 requires_config_enabled "PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC"
Valerio Setti4f577f32023-07-31 18:58:25 +0200545 esac
546
Gilles Peskineb898b3d2022-04-08 19:26:26 +0200547 unset tmp
Gilles Peskine0d721652020-06-26 23:35:53 +0200548}
549
Gilles Peskine6e86e542022-02-25 19:52:52 +0100550adapt_cmd_for_psk () {
551 case "$2" in
Gilles Peskine77c13e62024-04-29 16:09:52 +0200552 *openssl*s_server*) s='-psk 73776f726466697368 -nocert';;
553 *openssl*) s='-psk 73776f726466697368';;
Gilles Peskine6f9952a2024-09-06 15:27:57 +0200554 *gnutls-cli*) s='--pskusername=Client_identity --pskkey=73776f726466697368';;
555 *gnutls-serv*) s='--pskpasswd=../framework/data_files/simplepass.psk';;
Gilles Peskine77c13e62024-04-29 16:09:52 +0200556 *) s='psk=73776f726466697368';;
Gilles Peskine6e86e542022-02-25 19:52:52 +0100557 esac
558 eval $1='"$2 $s"'
559 unset s
560}
561
562# maybe_adapt_for_psk [RUN_TEST_OPTION...]
563# If running in a PSK-only build, maybe adapt the test to use a pre-shared key.
564#
565# If not running in a PSK-only build, do nothing.
566# If the test looks like it doesn't use a pre-shared key but can run with a
567# pre-shared key, pass a pre-shared key. If the test looks like it can't run
568# with a pre-shared key, skip it. If the test looks like it's already using
569# a pre-shared key, do nothing.
570#
Gilles Peskine7dfe7c92024-09-20 18:16:41 +0200571# This code does not consider builds with ECDHE-PSK.
Gilles Peskine6e86e542022-02-25 19:52:52 +0100572#
573# Inputs:
574# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands.
575# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges).
576# * "$@": options passed to run_test.
577#
578# Outputs:
579# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments.
580# * $SKIP_NEXT: set to YES if the test can't run with PSK.
581maybe_adapt_for_psk() {
582 if [ "$PSK_ONLY" != "YES" ]; then
583 return
584 fi
585 if [ "$SKIP_NEXT" = "YES" ]; then
586 return
587 fi
588 case "$CLI_CMD $SRV_CMD" in
589 *[-_\ =]psk*|*[-_\ =]PSK*)
590 return;;
591 *force_ciphersuite*)
592 # The test case forces a non-PSK cipher suite. In some cases, a
593 # PSK cipher suite could be substituted, but we're not ready for
594 # that yet.
595 SKIP_NEXT="YES"
596 return;;
597 *\ auth_mode=*|*[-_\ =]crt[_=]*)
598 # The test case involves certificates. PSK won't do.
599 SKIP_NEXT="YES"
600 return;;
601 esac
602 adapt_cmd_for_psk CLI_CMD "$CLI_CMD"
603 adapt_cmd_for_psk SRV_CMD "$SRV_CMD"
604}
605
Gilles Peskinedb264062024-09-06 19:08:41 +0200606# PSK_PRESENT="YES" if at least one protocol versions supports at least
607# one PSK key exchange mode.
Gilles Peskine24b43032024-09-06 15:38:20 +0200608PSK_PRESENT="NO"
Gilles Peskinedb264062024-09-06 19:08:41 +0200609# PSK_ONLY="YES" if all the available key exchange modes are PSK-based
610# (pure-PSK or PSK-ephemeral, possibly both).
Gilles Peskine24b43032024-09-06 15:38:20 +0200611PSK_ONLY=""
612for c in $CONFIGS_ENABLED; do
613 case $c in
614 MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) PSK_PRESENT="YES";;
Gilles Peskine2dd43952024-09-09 11:24:17 +0200615 MBEDTLS_KEY_EXCHANGE_*_PSK_ENABLED) PSK_PRESENT="YES";;
Gilles Peskine24b43032024-09-06 15:38:20 +0200616 MBEDTLS_KEY_EXCHANGE_*_ENABLED) PSK_ONLY="NO";;
617 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED) PSK_PRESENT="YES";;
Gilles Peskinedb264062024-09-06 19:08:41 +0200618 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_*_ENABLED) PSK_PRESENT="YES";;
Gilles Peskine24b43032024-09-06 15:38:20 +0200619 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*_ENABLED) PSK_ONLY="NO";;
620 esac
621done
Gilles Peskine7f453bf2024-09-09 10:57:01 +0200622# At this stage, $PSK_ONLY is empty if we haven't detected a non-PSK
623# key exchange, i.e. if we're in a PSK-only build or a build with no
624# key exchanges at all. We avoid triggering PSK-only adaptation code in
Gilles Peskine6e85e352024-09-10 12:06:33 +0200625# the edge case of no key exchanges.
Gilles Peskine24b43032024-09-06 15:38:20 +0200626: ${PSK_ONLY:=$PSK_PRESENT}
627unset c
Gilles Peskine6e86e542022-02-25 19:52:52 +0100628
Sam Berryd50e8432024-06-19 11:43:03 +0100629HAS_ALG_MD5="NO"
Andrzej Kurek9c061a22022-09-05 10:51:19 -0400630HAS_ALG_SHA_1="NO"
631HAS_ALG_SHA_224="NO"
632HAS_ALG_SHA_256="NO"
633HAS_ALG_SHA_384="NO"
634HAS_ALG_SHA_512="NO"
635
636check_for_hash_alg()
637{
638 CURR_ALG="INVALID";
Gilles Peskinefb31ebd2024-10-24 20:14:16 +0200639 CURR_ALG=PSA_WANT_ALG_${1}
Andrzej Kurek9c061a22022-09-05 10:51:19 -0400640
641 case $CONFIGS_ENABLED in
642 *" $CURR_ALG"[\ =]*)
643 return 0
644 ;;
645 *) :;;
646 esac
647 return 1
648}
649
650populate_enabled_hash_algs()
651{
Sam Berryd50e8432024-06-19 11:43:03 +0100652 for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512 MD5; do
Andrzej Kurek9c061a22022-09-05 10:51:19 -0400653 if check_for_hash_alg "$hash_alg"; then
654 hash_alg_variable=HAS_ALG_${hash_alg}
655 eval ${hash_alg_variable}=YES
656 fi
Valerio Settie7f896d2023-03-13 13:55:28 +0100657 done
Andrzej Kurek9c061a22022-09-05 10:51:19 -0400658}
659
660# skip next test if the given hash alg is not supported
661requires_hash_alg() {
662 HASH_DEFINE="Invalid"
663 HAS_HASH_ALG="NO"
664 case $1 in
Sam Berryd50e8432024-06-19 11:43:03 +0100665 MD5):;;
Andrzej Kurek9c061a22022-09-05 10:51:19 -0400666 SHA_1):;;
667 SHA_224):;;
668 SHA_256):;;
669 SHA_384):;;
670 SHA_512):;;
671 *)
672 echo "Unsupported hash alg - $1"
673 exit 1
674 ;;
675 esac
676
677 HASH_DEFINE=HAS_ALG_${1}
678 eval "HAS_HASH_ALG=\${${HASH_DEFINE}}"
679 if [ "$HAS_HASH_ALG" = "NO" ]
680 then
681 SKIP_NEXT="YES"
682 fi
683}
684
Valerio Settid1f991c2023-02-22 12:54:13 +0100685# Skip next test if the given pk alg is not enabled
686requires_pk_alg() {
687 case $1 in
688 ECDSA)
Gilles Peskinefb31ebd2024-10-24 20:14:16 +0200689 requires_config_enabled PSA_WANT_ALG_ECDSA
Valerio Settid1f991c2023-02-22 12:54:13 +0100690 ;;
691 *)
692 echo "Unknown/unimplemented case $1 in requires_pk_alg"
693 exit 1
694 ;;
695 esac
696}
697
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200698# skip next test if OpenSSL doesn't support FALLBACK_SCSV
699requires_openssl_with_fallback_scsv() {
700 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then
Manuel Pégourié-Gonnardc5722462022-12-19 11:42:12 +0100701 if $OPENSSL s_client -help 2>&1 | grep fallback_scsv >/dev/null
Manuel Pégourié-Gonnard1cbd39d2014-10-20 13:34:59 +0200702 then
703 OPENSSL_HAS_FBSCSV="YES"
704 else
705 OPENSSL_HAS_FBSCSV="NO"
706 fi
707 fi
708 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then
709 SKIP_NEXT="YES"
710 fi
711}
712
Yuto Takanob0a1c5b2021-07-02 10:10:49 +0100713# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value
714requires_max_content_len() {
715 requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1
716 requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1
717}
718
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200719# skip next test if GnuTLS isn't available
720requires_gnutls() {
721 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
Manuel Pégourié-Gonnard03db6b02015-06-26 15:45:30 +0200722 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200723 GNUTLS_AVAILABLE="YES"
724 else
725 GNUTLS_AVAILABLE="NO"
726 fi
727 fi
728 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
729 SKIP_NEXT="YES"
730 fi
731}
732
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +0200733# skip next test if GnuTLS-next isn't available
734requires_gnutls_next() {
735 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then
736 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then
737 GNUTLS_NEXT_AVAILABLE="YES"
738 else
739 GNUTLS_NEXT_AVAILABLE="NO"
740 fi
741 fi
742 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
743 SKIP_NEXT="YES"
744 fi
745}
746
Jerry Yu04029792021-08-10 16:45:37 +0800747requires_openssl_next() {
748 if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then
749 if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then
750 OPENSSL_NEXT_AVAILABLE="YES"
751 else
752 OPENSSL_NEXT_AVAILABLE="NO"
753 fi
754 fi
755 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
756 SKIP_NEXT="YES"
757 fi
758}
759
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200760# skip next test if openssl version is lower than 3.0
761requires_openssl_3_x() {
762 requires_openssl_next
763 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
764 OPENSSL_3_X_AVAILABLE="NO"
765 fi
766 if [ -z "${OPENSSL_3_X_AVAILABLE:-}" ]; then
Przemek Stekiela53dca12023-06-14 20:53:09 +0200767 if $OPENSSL_NEXT version 2>&1 | grep "OpenSSL 3." >/dev/null
Przemek Stekiel422ab1f2023-06-14 11:04:28 +0200768 then
769 OPENSSL_3_X_AVAILABLE="YES"
770 else
771 OPENSSL_3_X_AVAILABLE="NO"
772 fi
773 fi
774 if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then
775 SKIP_NEXT="YES"
776 fi
777}
778
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200779# skip next test if openssl does not support ffdh keys
780requires_openssl_tls1_3_with_ffdh() {
781 requires_openssl_3_x
782}
783
Przemek Stekiel7dda2712023-06-27 14:43:33 +0200784# skip next test if openssl cannot handle ephemeral key exchange
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200785requires_openssl_tls1_3_with_compatible_ephemeral() {
786 requires_openssl_next
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200787}
788
Jerry Yu04029792021-08-10 16:45:37 +0800789# skip next test if tls1_3 is not available
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200790requires_openssl_tls1_3() {
Przemek Stekiel8bfe8972023-06-26 12:59:45 +0200791 requires_openssl_next
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200792 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then
793 OPENSSL_TLS1_3_AVAILABLE="NO"
794 fi
795 if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then
796 if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null
797 then
798 OPENSSL_TLS1_3_AVAILABLE="YES"
799 else
800 OPENSSL_TLS1_3_AVAILABLE="NO"
801 fi
802 fi
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200803 if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then
804 SKIP_NEXT="YES"
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200805 fi
806}
807
Gilles Peskine7f453bf2024-09-09 10:57:01 +0200808# OpenSSL servers forbid client renegotiation by default since OpenSSL 3.0.
809# Older versions always allow it and have no command-line option.
Gilles Peskine56ee69d2024-09-06 13:52:14 +0200810OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=
811case $($OPENSSL s_server -help 2>&1) in
812 *-client_renegotiation*)
813 OPENSSL_S_SERVER_CLIENT_RENEGOTIATION=-client_renegotiation;;
814esac
815
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +0200816# skip next test if tls1_3 is not available
Jerry Yu04029792021-08-10 16:45:37 +0800817requires_gnutls_tls1_3() {
818 requires_gnutls_next
819 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
820 GNUTLS_TLS1_3_AVAILABLE="NO"
821 fi
822 if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then
823 if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null
824 then
825 GNUTLS_TLS1_3_AVAILABLE="YES"
826 else
827 GNUTLS_TLS1_3_AVAILABLE="NO"
828 fi
829 fi
830 if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then
831 SKIP_NEXT="YES"
832 fi
833}
834
Jerry Yu75261df2021-09-02 17:40:08 +0800835# Check %NO_TICKETS option
Jerry Yub12d81d2021-08-17 10:56:08 +0800836requires_gnutls_next_no_ticket() {
837 requires_gnutls_next
838 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
839 GNUTLS_NO_TICKETS_AVAILABLE="NO"
840 fi
841 if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then
842 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null
843 then
844 GNUTLS_NO_TICKETS_AVAILABLE="YES"
845 else
846 GNUTLS_NO_TICKETS_AVAILABLE="NO"
847 fi
848 fi
849 if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then
850 SKIP_NEXT="YES"
851 fi
852}
853
Jerry Yu75261df2021-09-02 17:40:08 +0800854# Check %DISABLE_TLS13_COMPAT_MODE option
Jerry Yub12d81d2021-08-17 10:56:08 +0800855requires_gnutls_next_disable_tls13_compat() {
856 requires_gnutls_next
857 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
858 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
859 fi
860 if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then
861 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null
862 then
863 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES"
864 else
865 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO"
866 fi
867 fi
868 if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then
869 SKIP_NEXT="YES"
870 fi
871}
872
Jan Bruckneraa31b192023-02-06 12:54:29 +0100873# skip next test if GnuTLS does not support the record size limit extension
874requires_gnutls_record_size_limit() {
875 requires_gnutls_next
876 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then
877 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO"
878 else
879 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES"
880 fi
881 if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then
882 SKIP_NEXT="YES"
883 fi
884}
885
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +0200886# skip next test if IPv6 isn't available on this host
887requires_ipv6() {
888 if [ -z "${HAS_IPV6:-}" ]; then
889 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 &
890 SRV_PID=$!
891 sleep 1
892 kill $SRV_PID >/dev/null 2>&1
893 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then
894 HAS_IPV6="NO"
895 else
896 HAS_IPV6="YES"
897 fi
898 rm -r $SRV_OUT
899 fi
900
901 if [ "$HAS_IPV6" = "NO" ]; then
902 SKIP_NEXT="YES"
903 fi
904}
905
Andrzej Kurekb4593462018-10-11 08:43:30 -0400906# skip next test if it's i686 or uname is not available
907requires_not_i686() {
908 if [ -z "${IS_I686:-}" ]; then
909 IS_I686="YES"
910 if which "uname" >/dev/null 2>&1; then
911 if [ -z "$(uname -a | grep i686)" ]; then
912 IS_I686="NO"
913 fi
914 fi
915 fi
916 if [ "$IS_I686" = "YES" ]; then
917 SKIP_NEXT="YES"
918 fi
919}
920
David Horstmann95d516f2021-05-04 18:36:56 +0100921MAX_CONTENT_LEN=16384
Yuto Takano2be6f1a2021-06-22 07:16:40 +0100922MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" )
923MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" )
Tomás González06956a12023-08-23 15:46:20 +0100924if [ "$LIST_TESTS" -eq 0 ];then
925 # Calculate the input & output maximum content lengths set in the config
Angus Grattonc4dd0732018-04-11 16:28:39 +1000926
Tomás González06956a12023-08-23 15:46:20 +0100927 # Calculate the maximum content length that fits both
928 if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then
929 MAX_CONTENT_LEN="$MAX_IN_LEN"
930 fi
931 if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then
932 MAX_CONTENT_LEN="$MAX_OUT_LEN"
933 fi
Angus Grattonc4dd0732018-04-11 16:28:39 +1000934fi
Angus Grattonc4dd0732018-04-11 16:28:39 +1000935# skip the next test if the SSL output buffer is less than 16KB
936requires_full_size_output_buffer() {
937 if [ "$MAX_OUT_LEN" -ne 16384 ]; then
938 SKIP_NEXT="YES"
939 fi
940}
941
Gilles Peskine05030d42024-10-31 18:52:40 +0100942# Skip the next test if called by all.sh in a component with MSan
943# (which we also call MemSan) or Valgrind.
944not_with_msan_or_valgrind() {
945 case "_${MBEDTLS_TEST_CONFIGURATION:-}_" in
946 *_msan_*|*_memsan_*|*_valgrind_*) SKIP_NEXT="YES";;
947 esac
948}
949
Manuel Pégourié-Gonnard76fe9e42014-09-24 15:17:31 +0200950# skip the next test if valgrind is in use
951not_with_valgrind() {
952 if [ "$MEMCHECK" -gt 0 ]; then
953 SKIP_NEXT="YES"
954 fi
955}
956
Paul Bakker362689d2016-05-13 10:33:25 +0100957# skip the next test if valgrind is NOT in use
958only_with_valgrind() {
959 if [ "$MEMCHECK" -eq 0 ]; then
960 SKIP_NEXT="YES"
961 fi
962}
963
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200964# multiply the client timeout delay by the given factor for the next test
Janos Follath74537a62016-09-02 13:45:28 +0100965client_needs_more_time() {
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +0200966 CLI_DELAY_FACTOR=$1
967}
968
Janos Follath74537a62016-09-02 13:45:28 +0100969# wait for the given seconds after the client finished in the next test
970server_needs_more_time() {
971 SRV_DELAY_SECONDS=$1
972}
973
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100974# print_name <name>
975print_name() {
Paul Bakkere20310a2016-05-10 11:18:17 +0100976 TESTS=$(( $TESTS + 1 ))
977 LINE=""
978
979 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then
980 LINE="$TESTS "
981 fi
982
983 LINE="$LINE$1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100984
Tomás González378e3642023-09-04 10:41:37 +0100985 printf "%s " "$LINE"
986 LEN=$(( 72 - `echo "$LINE" | wc -c` ))
987 for i in `seq 1 $LEN`; do printf '.'; done
988 printf ' '
989
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100990}
991
Gilles Peskine560280b2019-09-16 15:17:38 +0200992# record_outcome <outcome> [<failure-reason>]
993# The test name must be in $NAME.
Gilles Peskine5eb2b022022-01-07 15:47:02 +0100994# Use $TEST_SUITE_NAME as the test suite name if set.
Gilles Peskine560280b2019-09-16 15:17:38 +0200995record_outcome() {
996 echo "$1"
997 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
998 printf '%s;%s;%s;%s;%s;%s\n' \
999 "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \
Jerry Yu9e47b262023-11-06 10:52:01 +08001000 "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \
Gilles Peskine560280b2019-09-16 15:17:38 +02001001 "$1" "${2-}" \
1002 >>"$MBEDTLS_TEST_OUTCOME_FILE"
1003 fi
1004}
Gilles Peskine5eb2b022022-01-07 15:47:02 +01001005unset TEST_SUITE_NAME
Gilles Peskine560280b2019-09-16 15:17:38 +02001006
Gilles Peskine788ad332021-10-20 14:17:02 +02001007# True if the presence of the given pattern in a log definitely indicates
1008# that the test has failed. False if the presence is inconclusive.
1009#
1010# Inputs:
1011# * $1: pattern found in the logs
1012# * $TIMES_LEFT: >0 if retrying is an option
1013#
1014# Outputs:
1015# * $outcome: set to a retry reason if the pattern is inconclusive,
1016# unchanged otherwise.
1017# * Return value: 1 if the pattern is inconclusive,
1018# 0 if the failure is definitive.
1019log_pattern_presence_is_conclusive() {
1020 # If we've run out of attempts, then don't retry no matter what.
1021 if [ $TIMES_LEFT -eq 0 ]; then
1022 return 0
1023 fi
1024 case $1 in
1025 "resend")
1026 # An undesired resend may have been caused by the OS dropping or
1027 # delaying a packet at an inopportune time.
1028 outcome="RETRY(resend)"
1029 return 1;;
1030 esac
1031}
1032
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +01001033# fail <message>
1034fail() {
Gilles Peskine560280b2019-09-16 15:17:38 +02001035 record_outcome "FAIL" "$1"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +01001036 echo " ! $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +01001037
Manuel Pégourié-Gonnardc2b00922014-08-31 16:46:04 +02001038 mv $SRV_OUT o-srv-${TESTS}.log
1039 mv $CLI_OUT o-cli-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001040 if [ -n "$PXY_CMD" ]; then
1041 mv $PXY_OUT o-pxy-${TESTS}.log
1042 fi
1043 echo " ! outputs saved to o-XXX-${TESTS}.log"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +01001044
Manuel Pégourié-Gonnard3f3302f2020-06-08 11:49:05 +02001045 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +02001046 echo " ! server output:"
1047 cat o-srv-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001048 echo " ! ========================================================"
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +02001049 echo " ! client output:"
1050 cat o-cli-${TESTS}.log
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001051 if [ -n "$PXY_CMD" ]; then
1052 echo " ! ========================================================"
1053 echo " ! proxy output:"
1054 cat o-pxy-${TESTS}.log
1055 fi
1056 echo ""
Manuel Pégourié-Gonnard7fa67722014-08-31 17:42:53 +02001057 fi
1058
Manuel Pégourié-Gonnard72e51ee2014-08-31 10:22:11 +02001059 FAILS=$(( $FAILS + 1 ))
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +01001060}
1061
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001062# is_polar <cmd_line>
1063is_polar() {
Gilles Peskine64457492020-08-26 21:53:33 +02001064 case "$1" in
1065 *ssl_client2*) true;;
1066 *ssl_server2*) true;;
1067 *) false;;
1068 esac
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001069}
1070
Manuel Pégourié-Gonnardfa60f122014-09-26 16:07:29 +02001071# openssl s_server doesn't have -www with DTLS
1072check_osrv_dtls() {
Gilles Peskine64457492020-08-26 21:53:33 +02001073 case "$SRV_CMD" in
1074 *s_server*-dtls*)
1075 NEEDS_INPUT=1
1076 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";;
1077 *) NEEDS_INPUT=0;;
1078 esac
Manuel Pégourié-Gonnardfa60f122014-09-26 16:07:29 +02001079}
1080
1081# provide input to commands that need it
1082provide_input() {
1083 if [ $NEEDS_INPUT -eq 0 ]; then
1084 return
1085 fi
1086
1087 while true; do
1088 echo "HTTP/1.0 200 OK"
1089 sleep 1
1090 done
1091}
1092
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001093# has_mem_err <log_file_name>
1094has_mem_err() {
1095 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
1096 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
1097 then
1098 return 1 # false: does not have errors
1099 else
1100 return 0 # true: has errors
1101 fi
1102}
1103
Unknownd364f4c2019-09-02 10:42:57 -04001104# Wait for process $2 named $3 to be listening on port $1. Print error to $4.
Gilles Peskine418b5362017-12-14 18:58:42 +01001105if type lsof >/dev/null 2>/dev/null; then
Unknownd364f4c2019-09-02 10:42:57 -04001106 wait_app_start() {
Paul Elliotte05e1262021-10-20 15:59:33 +01001107 newline='
1108'
Gilles Peskine418b5362017-12-14 18:58:42 +01001109 START_TIME=$(date +%s)
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02001110 if [ "$DTLS" -eq 1 ]; then
Gilles Peskine418b5362017-12-14 18:58:42 +01001111 proto=UDP
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02001112 else
Gilles Peskine418b5362017-12-14 18:58:42 +01001113 proto=TCP
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02001114 fi
Gilles Peskine418b5362017-12-14 18:58:42 +01001115 # Make a tight loop, server normally takes less than 1s to start.
Paul Elliott58ed8a72021-10-19 17:56:39 +01001116 while true; do
Gilles Peskine5bd0b512022-04-15 22:53:18 +02001117 SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t)
Paul Elliotte05e1262021-10-20 15:59:33 +01001118 # When we use a proxy, it will be listening on the same port we
1119 # are checking for as well as the server and lsof will list both.
Paul Elliotte05e1262021-10-20 15:59:33 +01001120 case ${newline}${SERVER_PIDS}${newline} in
Gilles Peskine5bd0b512022-04-15 22:53:18 +02001121 *${newline}${2}${newline}*) break;;
Paul Elliotte05e1262021-10-20 15:59:33 +01001122 esac
Gilles Peskine418b5362017-12-14 18:58:42 +01001123 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
Unknownd364f4c2019-09-02 10:42:57 -04001124 echo "$3 START TIMEOUT"
1125 echo "$3 START TIMEOUT" >> $4
Gilles Peskine418b5362017-12-14 18:58:42 +01001126 break
1127 fi
1128 # Linux and *BSD support decimal arguments to sleep. On other
1129 # OSes this may be a tight loop.
1130 sleep 0.1 2>/dev/null || true
1131 done
1132 }
1133else
Unknownd364f4c2019-09-02 10:42:57 -04001134 echo "Warning: lsof not available, wait_app_start = sleep"
1135 wait_app_start() {
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +02001136 sleep "$START_DELAY"
Gilles Peskine418b5362017-12-14 18:58:42 +01001137 }
1138fi
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +02001139
Unknownd364f4c2019-09-02 10:42:57 -04001140# Wait for server process $2 to be listening on port $1.
1141wait_server_start() {
1142 wait_app_start $1 $2 "SERVER" $SRV_OUT
1143}
1144
1145# Wait for proxy process $2 to be listening on port $1.
1146wait_proxy_start() {
1147 wait_app_start $1 $2 "PROXY" $PXY_OUT
1148}
1149
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +01001150# Given the client or server debug output, parse the unix timestamp that is
Andres Amaya Garcia3b1bdff2017-09-14 12:41:29 +01001151# included in the first 4 bytes of the random bytes and check that it's within
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +01001152# acceptable bounds
1153check_server_hello_time() {
1154 # Extract the time from the debug (lvl 3) output of the client
Andres Amaya Garcia67d8da52017-09-15 15:49:24 +01001155 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")"
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +01001156 # Get the Unix timestamp for now
1157 CUR_TIME=$(date +'%s')
1158 THRESHOLD_IN_SECS=300
1159
1160 # Check if the ServerHello time was printed
1161 if [ -z "$SERVER_HELLO_TIME" ]; then
1162 return 1
1163 fi
1164
1165 # Check the time in ServerHello is within acceptable bounds
1166 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then
1167 # The time in ServerHello is at least 5 minutes before now
1168 return 1
1169 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then
Andres Amaya Garcia3b1bdff2017-09-14 12:41:29 +01001170 # The time in ServerHello is at least 5 minutes later than now
Andres Amaya Garciab84c40b2017-09-06 15:44:01 +01001171 return 1
1172 else
1173 return 0
1174 fi
1175}
1176
Max Fillinger92b7a7e2024-11-11 17:50:34 +01001177# Extract the exported key from the output.
1178get_exported_key() {
1179 OUTPUT="$1"
1180 EXPORTED_KEY1=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT)
1181}
1182
1183# Check that the exported key from the output matches the one obtained in get_exported_key().
1184check_exported_key() {
1185 OUTPUT="$1"
1186 EXPORTED_KEY2=$(sed -n '/Exporting key of length 20 with label ".*": /s/.*: //p' $OUTPUT)
1187 test "$EXPORTED_KEY1" = "$EXPORTED_KEY2"
1188}
1189
1190# Check that the exported key from the output matches the one obtained in get_exported_key().
1191check_exported_key_openssl() {
1192 OUTPUT="$1"
1193 EXPORTED_KEY2=0x$(sed -n '/Keying material: /s/.*: //p' $OUTPUT)
1194 test "$EXPORTED_KEY1" = "$EXPORTED_KEY2"
1195}
1196
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001197# Get handshake memory usage from server or client output and put it into the variable specified by the first argument
1198handshake_memory_get() {
1199 OUTPUT_VARIABLE="$1"
1200 OUTPUT_FILE="$2"
1201
1202 # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112"
1203 MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1)
1204
1205 # Check if memory usage was read
1206 if [ -z "$MEM_USAGE" ]; then
1207 echo "Error: Can not read the value of handshake memory usage"
1208 return 1
1209 else
1210 eval "$OUTPUT_VARIABLE=$MEM_USAGE"
1211 return 0
1212 fi
1213}
1214
1215# Get handshake memory usage from server or client output and check if this value
1216# is not higher than the maximum given by the first argument
1217handshake_memory_check() {
1218 MAX_MEMORY="$1"
1219 OUTPUT_FILE="$2"
1220
1221 # Get memory usage
1222 if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then
1223 return 1
1224 fi
1225
1226 # Check if memory usage is below max value
1227 if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then
1228 echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \
1229 "but should be below $MAX_MEMORY bytes"
1230 return 1
1231 else
1232 return 0
1233 fi
1234}
1235
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +02001236# wait for client to terminate and set CLI_EXIT
1237# must be called right after starting the client
1238wait_client_done() {
1239 CLI_PID=$!
1240
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +02001241 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR ))
1242 CLI_DELAY_FACTOR=1
1243
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +02001244 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) &
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +02001245 DOG_PID=$!
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +02001246
Jerry Yud2d41102022-07-26 17:34:42 +08001247 # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
1248 # To remove it from stdout, redirect stdout/stderr to CLI_OUT
1249 wait $CLI_PID >> $CLI_OUT 2>&1
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +02001250 CLI_EXIT=$?
1251
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +02001252 kill $DOG_PID >/dev/null 2>&1
Jerry Yufe52e552022-07-09 04:23:43 +00001253 wait $DOG_PID >> $CLI_OUT 2>&1
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +02001254
1255 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
Janos Follath74537a62016-09-02 13:45:28 +01001256
1257 sleep $SRV_DELAY_SECONDS
1258 SRV_DELAY_SECONDS=0
Manuel Pégourié-Gonnardc0f6a692014-08-30 22:41:47 +02001259}
1260
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02001261# check if the given command uses dtls and sets global variable DTLS
1262detect_dtls() {
Gilles Peskine64457492020-08-26 21:53:33 +02001263 case "$1" in
Gilles Peskine6b4d6932024-09-04 16:51:50 +02001264 *dtls=1*|*-dtls*|*-u*|*/dtls_*) DTLS=1;;
Gilles Peskine64457492020-08-26 21:53:33 +02001265 *) DTLS=0;;
1266 esac
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02001267}
1268
Dave Rodgman0279c2f2021-02-10 12:45:41 +00001269# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS
1270is_gnutls() {
1271 case "$1" in
1272 *gnutls-cli*)
1273 CMD_IS_GNUTLS=1
1274 ;;
1275 *gnutls-serv*)
1276 CMD_IS_GNUTLS=1
1277 ;;
1278 *)
1279 CMD_IS_GNUTLS=0
1280 ;;
1281 esac
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001282}
1283
Jerry Yuf467d462022-11-07 13:12:44 +08001284# Generate random psk_list argument for ssl_server2
1285get_srv_psk_list ()
1286{
1287 case $(( TESTS % 3 )) in
1288 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";;
1289 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";;
1290 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";;
1291 esac
1292}
1293
Gilles Peskine309ca652022-03-14 17:55:04 +01001294# Determine what calc_verify trace is to be expected, if any.
1295#
1296# calc_verify is only called for two things: to calculate the
1297# extended master secret, and to process client authentication.
1298#
1299# Warning: the current implementation assumes that extended_ms is not
1300# disabled on the client or on the server.
1301#
1302# Inputs:
Gilles Peskinec8d242f2022-04-06 22:23:45 +02001303# * $1: the value of the server auth_mode parameter.
1304# 'required' if client authentication is expected,
1305# 'none' or absent if not.
Gilles Peskine309ca652022-03-14 17:55:04 +01001306# * $CONFIGS_ENABLED
1307#
1308# Outputs:
1309# * $maybe_calc_verify: set to a trace expected in the debug logs
1310set_maybe_calc_verify() {
1311 maybe_calc_verify=
1312 case $CONFIGS_ENABLED in
1313 *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;;
1314 *)
1315 case ${1-} in
Gilles Peskinec8d242f2022-04-06 22:23:45 +02001316 ''|none) return;;
1317 required) :;;
Gilles Peskine309ca652022-03-14 17:55:04 +01001318 *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;;
1319 esac
1320 esac
Gilles Peskinefb31ebd2024-10-24 20:14:16 +02001321 maybe_calc_verify="PSA calc verify"
Gilles Peskine309ca652022-03-14 17:55:04 +01001322}
1323
Johan Pascal9bc50b02020-09-24 12:01:13 +02001324# Compare file content
1325# Usage: find_in_both pattern file1 file2
1326# extract from file1 the first line matching the pattern
1327# check in file2 that the same line can be found
1328find_in_both() {
1329 srv_pattern=$(grep -m 1 "$1" "$2");
1330 if [ -z "$srv_pattern" ]; then
1331 return 1;
1332 fi
1333
1334 if grep "$srv_pattern" $3 >/dev/null; then :
Johan Pascal10403152020-10-09 20:43:51 +02001335 return 0;
Johan Pascal9bc50b02020-09-24 12:01:13 +02001336 else
1337 return 1;
1338 fi
1339}
1340
Jerry Yuc46e9b42021-08-06 11:22:24 +08001341SKIP_HANDSHAKE_CHECK="NO"
1342skip_handshake_stage_check() {
1343 SKIP_HANDSHAKE_CHECK="YES"
1344}
1345
Gilles Peskine236bf982021-10-19 16:25:10 +02001346# Analyze the commands that will be used in a test.
1347#
1348# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass
1349# extra arguments or go through wrappers.
Gilles Peskine59601d72022-04-05 22:00:17 +02001350#
1351# Inputs:
1352# * $@: supplemental options to run_test() (after the mandatory arguments).
1353# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands.
1354# * $DTLS: 1 if DTLS, otherwise 0.
1355#
1356# Outputs:
1357# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked.
Gilles Peskine236bf982021-10-19 16:25:10 +02001358analyze_test_commands() {
Gilles Peskineae710c82024-09-04 16:07:56 +02001359 # If the test uses DTLS, does not force a specific port, and does not
1360 # specify a custom proxy, add a simple proxy.
1361 # It provides timing info that's useful to debug failures.
1362 if [ "$DTLS" -eq 1 ] &&
1363 [ "$THIS_SRV_PORT" = "$SRV_PORT" ] &&
1364 [ -z "$PXY_CMD" ]
1365 then
Manuel Pégourié-Gonnardf4557862020-06-08 11:40:06 +02001366 PXY_CMD="$P_PXY"
Manuel Pégourié-Gonnard8779e9a2020-07-16 10:19:32 +02001367 case " $SRV_CMD " in
1368 *' server_addr=::1 '*)
1369 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";;
1370 esac
Manuel Pégourié-Gonnardf4557862020-06-08 11:40:06 +02001371 fi
1372
Dave Rodgman0279c2f2021-02-10 12:45:41 +00001373 # update CMD_IS_GNUTLS variable
1374 is_gnutls "$SRV_CMD"
1375
1376 # if the server uses gnutls but doesn't set priority, explicitly
1377 # set the default priority
1378 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
1379 case "$SRV_CMD" in
1380 *--priority*) :;;
1381 *) SRV_CMD="$SRV_CMD --priority=NORMAL";;
1382 esac
1383 fi
1384
1385 # update CMD_IS_GNUTLS variable
1386 is_gnutls "$CLI_CMD"
1387
1388 # if the client uses gnutls but doesn't set priority, explicitly
1389 # set the default priority
1390 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then
1391 case "$CLI_CMD" in
1392 *--priority*) :;;
1393 *) CLI_CMD="$CLI_CMD --priority=NORMAL";;
1394 esac
1395 fi
1396
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001397 # fix client port
1398 if [ -n "$PXY_CMD" ]; then
1399 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g )
1400 else
Gilles Peskine2bc5c802024-09-04 16:05:11 +02001401 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$THIS_SRV_PORT/g )
1402 fi
1403
1404 # If the test forces a specific port and the server is OpenSSL or
1405 # GnuTLS, override its port specification.
1406 if [ "$THIS_SRV_PORT" != "$SRV_PORT" ]; then
1407 case "$SRV_CMD" in
Gilles Peskine6ef52392024-09-04 23:33:36 +02001408 "$G_SRV"*|"$G_NEXT_SRV"*)
1409 SRV_CMD=$(
1410 printf %s "$SRV_CMD " |
1411 sed -e "s/ -p $SRV_PORT / -p $THIS_SRV_PORT /"
1412 );;
Gilles Peskine2bc5c802024-09-04 16:05:11 +02001413 "$O_SRV"*|"$O_NEXT_SRV"*) SRV_CMD="$SRV_CMD -accept $THIS_SRV_PORT";;
1414 esac
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001415 fi
1416
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001417 # prepend valgrind to our commands if active
1418 if [ "$MEMCHECK" -gt 0 ]; then
1419 if is_polar "$SRV_CMD"; then
1420 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
1421 fi
1422 if is_polar "$CLI_CMD"; then
1423 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
1424 fi
1425 fi
Gilles Peskine236bf982021-10-19 16:25:10 +02001426}
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001427
Gilles Peskine236bf982021-10-19 16:25:10 +02001428# Check for failure conditions after a test case.
1429#
1430# Inputs from run_test:
1431# * positional parameters: test options (see run_test documentation)
1432# * $CLI_EXIT: client return code
1433# * $CLI_EXPECT: expected client return code
1434# * $SRV_RET: server return code
1435# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001436# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed
Gilles Peskine236bf982021-10-19 16:25:10 +02001437#
1438# Outputs:
Gilles Peskinef11d30e2021-10-19 18:00:10 +02001439# * $outcome: one of PASS/RETRY*/FAIL
Gilles Peskine236bf982021-10-19 16:25:10 +02001440check_test_failure() {
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001441 outcome=FAIL
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +02001442
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001443 if [ $TIMES_LEFT -gt 0 ] &&
1444 grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null
1445 then
Gilles Peskinef11d30e2021-10-19 18:00:10 +02001446 outcome="RETRY(client-timeout)"
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001447 return
1448 fi
Manuel Pégourié-Gonnarda365add2015-08-04 20:57:59 +02001449
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001450 # check if the client and server went at least to the handshake stage
Paul Bakker1ebc0c52014-05-22 15:47:58 +02001451 # (useful to avoid tests with only negative assertions and non-zero
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001452 # expected client exit to incorrectly succeed in case of catastrophic
1453 # failure)
Jerry Yuc46e9b42021-08-06 11:22:24 +08001454 if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ]
1455 then
1456 if is_polar "$SRV_CMD"; then
1457 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
1458 else
1459 fail "server or client failed to reach handshake stage"
1460 return
1461 fi
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001462 fi
Jerry Yuc46e9b42021-08-06 11:22:24 +08001463 if is_polar "$CLI_CMD"; then
1464 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
1465 else
1466 fail "server or client failed to reach handshake stage"
1467 return
1468 fi
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +01001469 fi
1470 fi
1471
Jerry Yuc46e9b42021-08-06 11:22:24 +08001472 SKIP_HANDSHAKE_CHECK="NO"
Gilles Peskineaaf866e2021-02-09 21:01:33 +01001473 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't
1474 # exit with status 0 when interrupted by a signal, and we don't really
1475 # care anyway), in case e.g. the server reports a memory leak.
1476 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then
Gilles Peskine7f919de2021-02-02 23:29:03 +01001477 fail "Server exited with status $SRV_RET"
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +01001478 return
1479 fi
1480
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001481 # check client exit code
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +01001482 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
1483 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01001484 then
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001485 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001486 return
1487 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001488
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001489 # check other assertions
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02001490 # lines beginning with == are added by valgrind, ignore them
Paul Bakker1f650922016-05-13 10:16:46 +01001491 # lines with 'Serious error when reading debug info', are valgrind issues as well
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001492 while [ $# -gt 0 ]
1493 do
1494 case $1 in
1495 "-s")
Paul Bakker1f650922016-05-13 10:16:46 +01001496 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
Simon Butcher8e004102016-10-14 00:48:33 +01001497 fail "pattern '$2' MUST be present in the Server output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001498 return
1499 fi
1500 ;;
1501
1502 "-c")
Paul Bakker1f650922016-05-13 10:16:46 +01001503 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else
Simon Butcher8e004102016-10-14 00:48:33 +01001504 fail "pattern '$2' MUST be present in the Client output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001505 return
1506 fi
1507 ;;
1508
1509 "-S")
Paul Bakker1f650922016-05-13 10:16:46 +01001510 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
Gilles Peskine788ad332021-10-20 14:17:02 +02001511 if log_pattern_presence_is_conclusive "$2"; then
Gilles Peskinef11d30e2021-10-19 18:00:10 +02001512 fail "pattern '$2' MUST NOT be present in the Server output"
1513 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001514 return
1515 fi
1516 ;;
1517
1518 "-C")
Paul Bakker1f650922016-05-13 10:16:46 +01001519 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then
Gilles Peskine788ad332021-10-20 14:17:02 +02001520 if log_pattern_presence_is_conclusive "$2"; then
Gilles Peskinef11d30e2021-10-19 18:00:10 +02001521 fail "pattern '$2' MUST NOT be present in the Client output"
1522 fi
Simon Butcher8e004102016-10-14 00:48:33 +01001523 return
1524 fi
1525 ;;
1526
1527 # The filtering in the following two options (-u and -U) do the following
1528 # - ignore valgrind output
Antonin Décimo36e89b52019-01-23 15:24:37 +01001529 # - filter out everything but lines right after the pattern occurrences
Simon Butcher8e004102016-10-14 00:48:33 +01001530 # - keep one of each non-unique line
1531 # - count how many lines remain
1532 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1
1533 # if there were no duplicates.
1534 "-U")
1535 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
1536 fail "lines following pattern '$2' must be unique in Server output"
1537 return
1538 fi
1539 ;;
1540
1541 "-u")
1542 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then
1543 fail "lines following pattern '$2' must be unique in Client output"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001544 return
1545 fi
1546 ;;
Andres Amaya Garcia93993de2017-09-06 15:38:07 +01001547 "-F")
1548 if ! $2 "$SRV_OUT"; then
1549 fail "function call to '$2' failed on Server output"
1550 return
1551 fi
1552 ;;
1553 "-f")
1554 if ! $2 "$CLI_OUT"; then
1555 fail "function call to '$2' failed on Client output"
1556 return
1557 fi
1558 ;;
Johan Pascal9bc50b02020-09-24 12:01:13 +02001559 "-g")
1560 if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then
1561 fail "function call to '$2' failed on Server and Client output"
1562 return
1563 fi
1564 ;;
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001565
1566 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +02001567 echo "Unknown test: $1" >&2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001568 exit 1
1569 esac
1570 shift 2
1571 done
1572
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001573 # check valgrind's results
1574 if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02001575 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001576 fail "Server has memory errors"
1577 return
1578 fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02001579 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01001580 fail "Client has memory errors"
1581 return
1582 fi
1583 fi
1584
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001585 # if we're here, everything is ok
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001586 outcome=PASS
Gilles Peskine236bf982021-10-19 16:25:10 +02001587}
1588
Gilles Peskine196d73b2021-10-19 16:35:35 +02001589# Run the current test case: start the server and if applicable the proxy, run
1590# the client, wait for all processes to finish or time out.
1591#
1592# Inputs:
1593# * $NAME: test case name
1594# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run
1595# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs
1596#
1597# Outputs:
1598# * $CLI_EXIT: client return code
1599# * $SRV_RET: server return code
1600do_run_test_once() {
1601 # run the commands
1602 if [ -n "$PXY_CMD" ]; then
1603 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT
1604 $PXY_CMD >> $PXY_OUT 2>&1 &
1605 PXY_PID=$!
1606 wait_proxy_start "$PXY_PORT" "$PXY_PID"
1607 fi
1608
1609 check_osrv_dtls
1610 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT
1611 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 &
1612 SRV_PID=$!
Gilles Peskine2bc5c802024-09-04 16:05:11 +02001613 wait_server_start "$THIS_SRV_PORT" "$SRV_PID"
Gilles Peskine196d73b2021-10-19 16:35:35 +02001614
1615 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT
Andrzej Kurek140b5892022-05-27 06:44:19 -04001616 # The client must be a subprocess of the script in order for killing it to
1617 # work properly, that's why the ampersand is placed inside the eval command,
1618 # not at the end of the line: the latter approach will spawn eval as a
1619 # subprocess, and the $CLI_CMD as a grandchild.
1620 eval "$CLI_CMD &" >> $CLI_OUT 2>&1
Gilles Peskine196d73b2021-10-19 16:35:35 +02001621 wait_client_done
1622
1623 sleep 0.05
1624
1625 # terminate the server (and the proxy)
1626 kill $SRV_PID
Jerry Yud2d41102022-07-26 17:34:42 +08001627 # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
Jerry Yu27d80922022-08-02 21:28:55 +08001628 # To remove it from stdout, redirect stdout/stderr to SRV_OUT
Jerry Yud2d41102022-07-26 17:34:42 +08001629 wait $SRV_PID >> $SRV_OUT 2>&1
Gilles Peskine196d73b2021-10-19 16:35:35 +02001630 SRV_RET=$?
1631
1632 if [ -n "$PXY_CMD" ]; then
1633 kill $PXY_PID >/dev/null 2>&1
Jerry Yu6969eee2022-10-10 10:25:26 +08001634 wait $PXY_PID >> $PXY_OUT 2>&1
Gilles Peskine196d73b2021-10-19 16:35:35 +02001635 fi
1636}
1637
Ronald Cron097ba142023-03-08 16:18:00 +01001638# Detect if the current test is going to use TLS 1.3 or TLS 1.2.
Valerio Setti194e2bd2023-03-02 17:18:10 +01001639# $1 and $2 contain the server and client command lines, respectively.
Valerio Setti213c4ea2023-03-07 19:29:57 +01001640#
1641# Note: this function only provides some guess about TLS version by simply
Yanray Wang7b320fa2023-11-08 10:33:30 +08001642# looking at the server/client command lines. Even though this works
Valerio Setti213c4ea2023-03-07 19:29:57 +01001643# for the sake of tests' filtering (especially in conjunction with the
1644# detect_required_features() function), it does NOT guarantee that the
1645# result is accurate. It does not check other conditions, such as:
Valerio Setti213c4ea2023-03-07 19:29:57 +01001646# - we can force a ciphersuite which contains "WITH" in its name, meaning
1647# that we are going to use TLS 1.2
1648# - etc etc
Valerio Setti1af76d12023-02-23 15:55:10 +01001649get_tls_version() {
Ronald Cron097ba142023-03-08 16:18:00 +01001650 # First check if the version is forced on an Mbed TLS peer
Valerio Setti1af76d12023-02-23 15:55:10 +01001651 case $1 in
Ronald Cron097ba142023-03-08 16:18:00 +01001652 *tls12*)
1653 echo "TLS12"
1654 return;;
1655 *tls13*)
Valerio Setti1af76d12023-02-23 15:55:10 +01001656 echo "TLS13"
1657 return;;
1658 esac
1659 case $2 in
Ronald Cron097ba142023-03-08 16:18:00 +01001660 *tls12*)
1661 echo "TLS12"
1662 return;;
1663 *tls13*)
Valerio Setti1af76d12023-02-23 15:55:10 +01001664 echo "TLS13"
1665 return;;
1666 esac
Ronald Cron097ba142023-03-08 16:18:00 +01001667 # Second check if the version is forced on an OpenSSL or GnuTLS peer
1668 case $1 in
1669 tls1_2*)
1670 echo "TLS12"
1671 return;;
1672 *tls1_3)
1673 echo "TLS13"
1674 return;;
1675 esac
1676 case $2 in
1677 *tls1_2)
1678 echo "TLS12"
1679 return;;
1680 *tls1_3)
1681 echo "TLS13"
1682 return;;
1683 esac
1684 # Third if the version is not forced, if TLS 1.3 is enabled then the test
1685 # is aimed to run a TLS 1.3 handshake.
Gilles Peskine94041692024-09-06 14:43:17 +02001686 if is_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron097ba142023-03-08 16:18:00 +01001687 then
1688 echo "TLS13"
1689 else
1690 echo "TLS12"
1691 fi
Valerio Setti1af76d12023-02-23 15:55:10 +01001692}
1693
Gilles Peskine236bf982021-10-19 16:25:10 +02001694# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
1695# Options: -s pattern pattern that must be present in server output
1696# -c pattern pattern that must be present in client output
1697# -u pattern lines after pattern must be unique in client output
1698# -f call shell function on client output
1699# -S pattern pattern that must be absent in server output
1700# -C pattern pattern that must be absent in client output
1701# -U pattern lines after pattern must be unique in server output
1702# -F call shell function on server output
1703# -g call shell function on server and client output
1704run_test() {
1705 NAME="$1"
1706 shift 1
1707
Tomás González787428a2023-08-23 15:27:19 +01001708 if is_excluded "$NAME"; then
1709 SKIP_NEXT="NO"
1710 # There was no request to run the test, so don't record its outcome.
1711 return
1712 fi
1713
Tomás González37a87392023-09-01 11:25:44 +01001714 if [ "$LIST_TESTS" -gt 0 ]; then
Pengyu Lv3c170d32023-11-29 13:53:34 +08001715 printf "%s\n" "${TEST_SUITE_NAME:-ssl-opt};$NAME"
Tomás González37a87392023-09-01 11:25:44 +01001716 return
1717 fi
1718
Jerry Yu50d07bd2023-11-06 10:49:01 +08001719 # Use ssl-opt as default test suite name. Also see record_outcome function
1720 if is_excluded_test_suite "${TEST_SUITE_NAME:-ssl-opt}"; then
1721 # Do not skip next test and skip current test.
1722 SKIP_NEXT="NO"
1723 return
1724 fi
1725
Tomás González51cb7042023-09-07 10:21:19 +01001726 print_name "$NAME"
1727
Gilles Peskine236bf982021-10-19 16:25:10 +02001728 # Do we only run numbered tests?
1729 if [ -n "$RUN_TEST_NUMBER" ]; then
1730 case ",$RUN_TEST_NUMBER," in
1731 *",$TESTS,"*) :;;
1732 *) SKIP_NEXT="YES";;
1733 esac
1734 fi
1735
Gilles Peskineae710c82024-09-04 16:07:56 +02001736 # Does this test specify a proxy?
Gilles Peskine236bf982021-10-19 16:25:10 +02001737 if [ "X$1" = "X-p" ]; then
1738 PXY_CMD="$2"
1739 shift 2
1740 else
1741 PXY_CMD=""
1742 fi
1743
Gilles Peskine2bc5c802024-09-04 16:05:11 +02001744 # Does this test force a specific port?
1745 if [ "$1" = "-P" ]; then
1746 THIS_SRV_PORT="$2"
1747 shift 2
1748 else
1749 THIS_SRV_PORT="$SRV_PORT"
1750 fi
1751
Gilles Peskine236bf982021-10-19 16:25:10 +02001752 # get commands and client output
1753 SRV_CMD="$1"
1754 CLI_CMD="$2"
1755 CLI_EXPECT="$3"
1756 shift 3
1757
1758 # Check if test uses files
1759 case "$SRV_CMD $CLI_CMD" in
David Horstmann184c4f02024-07-01 17:01:28 +01001760 *$DATA_FILES_PATH/*)
Gilles Peskine236bf982021-10-19 16:25:10 +02001761 requires_config_enabled MBEDTLS_FS_IO;;
1762 esac
1763
Gilles Peskine82a4ab22022-02-25 19:46:30 +01001764 # Check if the test uses DTLS.
1765 detect_dtls "$SRV_CMD"
1766 if [ "$DTLS" -eq 1 ]; then
1767 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
1768 fi
1769
Valerio Setti6ba247c2023-03-14 17:13:43 +01001770
Gilles Peskinecc7d6ae2024-09-11 21:03:05 +02001771 # Guess the TLS version which is going to be used.
1772 # Note that this detection is wrong in some cases, which causes unduly
1773 # skipped test cases in builds with TLS 1.3 but not TLS 1.2.
1774 # https://github.com/Mbed-TLS/mbedtls/issues/9560
Ben Taylor39280a42025-07-30 13:43:21 +01001775 TLS_VERSION="TLS12"
Valerio Setti726ffbf2023-08-02 20:02:44 +02001776
Gilles Peskine4f098642024-09-06 15:35:58 +02001777 # If we're in a PSK-only build and the test can be adapted to PSK, do that.
1778 maybe_adapt_for_psk "$@"
1779
Valerio Setti726ffbf2023-08-02 20:02:44 +02001780 # If the client or server requires certain features that can be detected
Manuel Pégourié-Gonnardf299efd2023-09-18 11:19:04 +02001781 # from their command-line arguments, check whether they're enabled.
Ben Taylor39280a42025-07-30 13:43:21 +01001782 detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$@"
1783 detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$@"
Gilles Peskine236bf982021-10-19 16:25:10 +02001784
1785 # should we skip?
1786 if [ "X$SKIP_NEXT" = "XYES" ]; then
1787 SKIP_NEXT="NO"
1788 record_outcome "SKIP"
1789 SKIPS=$(( $SKIPS + 1 ))
1790 return
1791 fi
1792
1793 analyze_test_commands "$@"
1794
Andrzej Kurek8db7c0e2022-04-01 08:52:06 -04001795 # One regular run and two retries
1796 TIMES_LEFT=3
Gilles Peskine236bf982021-10-19 16:25:10 +02001797 while [ $TIMES_LEFT -gt 0 ]; do
1798 TIMES_LEFT=$(( $TIMES_LEFT - 1 ))
1799
Gilles Peskine196d73b2021-10-19 16:35:35 +02001800 do_run_test_once
Gilles Peskine236bf982021-10-19 16:25:10 +02001801
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001802 check_test_failure "$@"
1803 case $outcome in
1804 PASS) break;;
Gilles Peskinef11d30e2021-10-19 18:00:10 +02001805 RETRY*) printf "$outcome ";;
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001806 FAIL) return;;
1807 esac
Gilles Peskine236bf982021-10-19 16:25:10 +02001808 done
1809
Gilles Peskine0e3534c2021-10-19 17:23:25 +02001810 # If we get this far, the test case passed.
Gilles Peskine560280b2019-09-16 15:17:38 +02001811 record_outcome "PASS"
Paul Bakkeracaac852016-05-10 11:47:13 +01001812 if [ "$PRESERVE_LOGS" -gt 0 ]; then
1813 mv $SRV_OUT o-srv-${TESTS}.log
1814 mv $CLI_OUT o-cli-${TESTS}.log
Hanno Becker7be2e5b2018-08-20 12:21:35 +01001815 if [ -n "$PXY_CMD" ]; then
1816 mv $PXY_OUT o-pxy-${TESTS}.log
1817 fi
Paul Bakkeracaac852016-05-10 11:47:13 +01001818 fi
1819
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001820 rm -f $SRV_OUT $CLI_OUT $PXY_OUT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001821}
1822
Hanno Becker9b5853c2018-11-16 17:28:40 +00001823run_test_psa() {
Gilles Peskine309ca652022-03-14 17:55:04 +01001824 set_maybe_calc_verify none
Hanno Beckere9420c22018-11-20 11:37:34 +00001825 run_test "PSA-supported ciphersuite: $1" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00001826 "$P_SRV debug_level=3 force_version=tls12" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01001827 "$P_CLI debug_level=3 force_ciphersuite=$1" \
Hanno Becker9b5853c2018-11-16 17:28:40 +00001828 0 \
Gilles Peskine309ca652022-03-14 17:55:04 +01001829 -c "$maybe_calc_verify" \
Andrzej Kurek92dd4d02019-01-30 04:10:19 -05001830 -c "calc PSA finished" \
Gilles Peskine309ca652022-03-14 17:55:04 +01001831 -s "$maybe_calc_verify" \
Andrzej Kurek92dd4d02019-01-30 04:10:19 -05001832 -s "calc PSA finished" \
Hanno Becker9b5853c2018-11-16 17:28:40 +00001833 -s "Protocol is TLSv1.2" \
Hanno Becker28f78442019-02-18 16:47:50 +00001834 -c "Perform PSA-based ECDH computation."\
Andrzej Kureke85414e2019-01-15 05:23:59 -05001835 -c "Perform PSA-based computation of digest of ServerKeyExchange" \
Hanno Becker9b5853c2018-11-16 17:28:40 +00001836 -S "error" \
1837 -C "error"
Gilles Peskine309ca652022-03-14 17:55:04 +01001838 unset maybe_calc_verify
Hanno Becker9b5853c2018-11-16 17:28:40 +00001839}
1840
Hanno Becker354e2482019-01-08 11:40:25 +00001841run_test_psa_force_curve() {
Gilles Peskine309ca652022-03-14 17:55:04 +01001842 set_maybe_calc_verify none
Hanno Becker354e2482019-01-08 11:40:25 +00001843 run_test "PSA - ECDH with $1" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02001844 "$P_SRV debug_level=4 force_version=tls12 groups=$1" \
1845 "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \
Hanno Becker354e2482019-01-08 11:40:25 +00001846 0 \
Gilles Peskine309ca652022-03-14 17:55:04 +01001847 -c "$maybe_calc_verify" \
Hanno Becker28f78442019-02-18 16:47:50 +00001848 -c "calc PSA finished" \
Gilles Peskine309ca652022-03-14 17:55:04 +01001849 -s "$maybe_calc_verify" \
Hanno Becker28f78442019-02-18 16:47:50 +00001850 -s "calc PSA finished" \
Hanno Becker354e2482019-01-08 11:40:25 +00001851 -s "Protocol is TLSv1.2" \
Hanno Becker28f78442019-02-18 16:47:50 +00001852 -c "Perform PSA-based ECDH computation."\
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +01001853 -c "Perform PSA-based computation of digest of ServerKeyExchange" \
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02001854 -S "error" \
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +02001855 -C "error"
Gilles Peskine309ca652022-03-14 17:55:04 +01001856 unset maybe_calc_verify
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001857}
1858
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001859# Test that the server's memory usage after a handshake is reduced when a client specifies
1860# a maximum fragment length.
1861# first argument ($1) is MFL for SSL client
1862# second argument ($2) is memory usage for SSL client with default MFL (16k)
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001863run_test_memory_after_handshake_with_mfl()
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001864{
1865 # The test passes if the difference is around 2*(16k-MFL)
Gilles Peskine5b428d72020-08-26 21:52:23 +02001866 MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))"
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001867
1868 # Leave some margin for robustness
1869 MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))"
1870
1871 run_test "Handshake memory usage (MFL $1)" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00001872 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01001873 "$P_CLI debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01001874 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001875 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \
1876 0 \
1877 -F "handshake_memory_check $MEMORY_USAGE_LIMIT"
1878}
1879
1880
1881# Test that the server's memory usage after a handshake is reduced when a client specifies
1882# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001883run_tests_memory_after_handshake()
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001884{
1885 # all tests in this sequence requires the same configuration (see requires_config_enabled())
1886 SKIP_THIS_TESTS="$SKIP_NEXT"
1887
1888 # first test with default MFU is to get reference memory usage
1889 MEMORY_USAGE_MFL_16K=0
1890 run_test "Handshake memory usage initial (MFL 16384 - default)" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00001891 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01001892 "$P_CLI debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01001893 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001894 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \
1895 0 \
1896 -F "handshake_memory_get MEMORY_USAGE_MFL_16K"
1897
1898 SKIP_NEXT="$SKIP_THIS_TESTS"
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001899 run_test_memory_after_handshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K"
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001900
1901 SKIP_NEXT="$SKIP_THIS_TESTS"
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001902 run_test_memory_after_handshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K"
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001903
1904 SKIP_NEXT="$SKIP_THIS_TESTS"
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001905 run_test_memory_after_handshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K"
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001906
1907 SKIP_NEXT="$SKIP_THIS_TESTS"
Wenxing Houb4d03cc2024-06-19 11:04:13 +08001908 run_test_memory_after_handshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K"
Piotr Nowicki0937ed22019-11-26 16:32:40 +01001909}
1910
Max Fillinger92b7a7e2024-11-11 17:50:34 +01001911run_test_export_keying_material() {
1912 unset EXPORTED_KEY1
1913 unset EXPORTED_KEY2
1914 TLS_VERSION="$1"
Max Fillingerf8059db2024-11-13 15:27:23 +01001915
1916 case $TLS_VERSION in
1917 tls12) TLS_VERSION_PRINT="TLS 1.2";;
1918 tls13) TLS_VERSION_PRINT="TLS 1.3";;
1919 esac
1920
1921 run_test "$TLS_VERSION_PRINT: Export keying material" \
Max Fillinger92b7a7e2024-11-11 17:50:34 +01001922 "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
1923 "$P_CLI debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
1924 0 \
1925 -s "Exporting key of length 20 with label \".*\": 0x" \
1926 -c "Exporting key of length 20 with label \".*\": 0x" \
1927 -f get_exported_key \
1928 -F check_exported_key
1929}
1930
1931run_test_export_keying_material_openssl_compat() {
1932 unset EXPORTED_KEY1
1933 unset EXPORTED_KEY2
1934 TLS_VERSION="$1"
Max Fillingerf8059db2024-11-13 15:27:23 +01001935
Max Fillinger4e217032024-11-14 17:50:42 +01001936 case $TLS_VERSION in
1937 tls12) TLS_VERSION_PRINT="TLS 1.2"; OPENSSL_CLIENT="$O_CLI";;
1938 tls13) TLS_VERSION_PRINT="TLS 1.3"; OPENSSL_CLIENT="$O_NEXT_CLI";;
Max Fillingerf8059db2024-11-13 15:27:23 +01001939 esac
1940
1941 run_test "$TLS_VERSION_PRINT: Export keying material (OpenSSL compatibility)" \
Max Fillinger92b7a7e2024-11-11 17:50:34 +01001942 "$P_SRV debug_level=4 force_version=$TLS_VERSION exp_label=test-label" \
Max Fillinger4e217032024-11-14 17:50:42 +01001943 "$OPENSSL_CLIENT -keymatexport test-label" \
Max Fillinger92b7a7e2024-11-11 17:50:34 +01001944 0 \
1945 -s "Exporting key of length 20 with label \".*\": 0x" \
1946 -c "Keying material exporter:" \
1947 -F get_exported_key \
1948 -f check_exported_key_openssl
1949}
1950
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +01001951cleanup() {
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02001952 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION
Piotr Nowicki3de298f2020-04-16 14:35:19 +02001953 rm -f context_srv.txt
1954 rm -f context_cli.txt
Manuel Pégourié-Gonnarda6189f02014-09-20 13:15:43 +02001955 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1
1956 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1
1957 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1
1958 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +01001959 exit 1
1960}
1961
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +01001962#
1963# MAIN
1964#
1965
Yanray Wang5b33f642023-02-28 11:56:59 +08001966# Make the outcome file path relative to the original directory, not
1967# to .../tests
1968case "$MBEDTLS_TEST_OUTCOME_FILE" in
1969 [!/]*)
1970 MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE"
1971 ;;
1972esac
1973
Andrzej Kurek9c061a22022-09-05 10:51:19 -04001974populate_enabled_hash_algs
1975
Gilles Peskine9fa4ed62020-08-26 22:35:46 +02001976# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
1977# patterns rather than regular expressions, use a case statement instead
1978# of calling grep. To keep the optimizer simple, it is incomplete and only
1979# detects simple cases: plain substring, everything, nothing.
1980#
1981# As an exception, the character '.' is treated as an ordinary character
1982# if it is the only special character in the string. This is because it's
1983# rare to need "any one character", but needing a literal '.' is common
1984# (e.g. '-f "DTLS 1.2"').
1985need_grep=
1986case "$FILTER" in
1987 '^$') simple_filter=;;
1988 '.*') simple_filter='*';;
Gilles Peskineb09e0012020-09-29 23:48:39 +02001989 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
Gilles Peskine9fa4ed62020-08-26 22:35:46 +02001990 need_grep=1;;
1991 *) # No regexp or shell-pattern special character
1992 simple_filter="*$FILTER*";;
1993esac
1994case "$EXCLUDE" in
1995 '^$') simple_exclude=;;
1996 '.*') simple_exclude='*';;
Gilles Peskineb09e0012020-09-29 23:48:39 +02001997 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
Gilles Peskine9fa4ed62020-08-26 22:35:46 +02001998 need_grep=1;;
1999 *) # No regexp or shell-pattern special character
2000 simple_exclude="*$EXCLUDE*";;
2001esac
2002if [ -n "$need_grep" ]; then
2003 is_excluded () {
2004 ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE"
2005 }
2006else
2007 is_excluded () {
2008 case "$1" in
2009 $simple_exclude) true;;
2010 $simple_filter) false;;
2011 *) true;;
2012 esac
2013 }
2014fi
2015
Jerry Yu50d07bd2023-11-06 10:49:01 +08002016# Filter tests according to TEST_SUITE_NAME
2017is_excluded_test_suite () {
2018 if [ -n "$RUN_TEST_SUITE" ]
2019 then
2020 case ",$RUN_TEST_SUITE," in
2021 *",$1,"*) false;;
2022 *) true;;
2023 esac
2024 else
2025 false
2026 fi
2027
2028}
2029
2030
Tomás González06956a12023-08-23 15:46:20 +01002031if [ "$LIST_TESTS" -eq 0 ];then
2032
2033 # sanity checks, avoid an avalanche of errors
2034 P_SRV_BIN="${P_SRV%%[ ]*}"
2035 P_CLI_BIN="${P_CLI%%[ ]*}"
2036 P_PXY_BIN="${P_PXY%%[ ]*}"
2037 if [ ! -x "$P_SRV_BIN" ]; then
2038 echo "Command '$P_SRV_BIN' is not an executable file"
Simon Butcher3c0d7b82016-05-23 11:13:17 +01002039 exit 1
2040 fi
Tomás González06956a12023-08-23 15:46:20 +01002041 if [ ! -x "$P_CLI_BIN" ]; then
2042 echo "Command '$P_CLI_BIN' is not an executable file"
2043 exit 1
2044 fi
2045 if [ ! -x "$P_PXY_BIN" ]; then
2046 echo "Command '$P_PXY_BIN' is not an executable file"
2047 exit 1
2048 fi
2049 if [ "$MEMCHECK" -gt 0 ]; then
2050 if which valgrind >/dev/null 2>&1; then :; else
2051 echo "Memcheck not possible. Valgrind not found"
2052 exit 1
2053 fi
2054 fi
2055 if which $OPENSSL >/dev/null 2>&1; then :; else
2056 echo "Command '$OPENSSL' not found"
2057 exit 1
2058 fi
2059
2060 # used by watchdog
2061 MAIN_PID="$$"
2062
2063 # We use somewhat arbitrary delays for tests:
2064 # - how long do we wait for the server to start (when lsof not available)?
2065 # - how long do we allow for the client to finish?
2066 # (not to check performance, just to avoid waiting indefinitely)
2067 # Things are slower with valgrind, so give extra time here.
2068 #
2069 # Note: without lsof, there is a trade-off between the running time of this
2070 # script and the risk of spurious errors because we didn't wait long enough.
2071 # The watchdog delay on the other hand doesn't affect normal running time of
2072 # the script, only the case where a client or server gets stuck.
2073 if [ "$MEMCHECK" -gt 0 ]; then
2074 START_DELAY=6
2075 DOG_DELAY=60
2076 else
2077 START_DELAY=2
2078 DOG_DELAY=20
2079 fi
2080
2081 # some particular tests need more time:
2082 # - for the client, we multiply the usual watchdog limit by a factor
2083 # - for the server, we sleep for a number of seconds after the client exits
2084 # see client_need_more_time() and server_needs_more_time()
2085 CLI_DELAY_FACTOR=1
2086 SRV_DELAY_SECONDS=0
2087
2088 # fix commands to use this port, force IPv4 while at it
2089 # +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later
2090 # Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many
2091 # machines that will resolve to ::1, and we don't want ipv6 here.
2092 P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT"
2093 P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT"
2094 P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}"
2095 O_SRV="$O_SRV -accept $SRV_PORT"
2096 O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT"
2097 G_SRV="$G_SRV -p $SRV_PORT"
2098 G_CLI="$G_CLI -p +SRV_PORT"
2099
2100 # Newer versions of OpenSSL have a syntax to enable all "ciphers", even
2101 # low-security ones. This covers not just cipher suites but also protocol
2102 # versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on
2103 # OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in
2104 # OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find
2105 # a way to discover it from -help, so check the openssl version.
2106 case $($OPENSSL version) in
2107 "OpenSSL 0"*|"OpenSSL 1.0"*) :;;
2108 *)
2109 O_CLI="$O_CLI -cipher ALL@SECLEVEL=0"
2110 O_SRV="$O_SRV -cipher ALL@SECLEVEL=0"
2111 ;;
2112 esac
2113
2114 if [ -n "${OPENSSL_NEXT:-}" ]; then
2115 O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT"
2116 O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT"
2117 O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT"
2118 O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT"
2119 O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT"
2120 fi
2121
2122 if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then
2123 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT"
2124 G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT"
2125 fi
2126
2127 if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then
2128 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT"
2129 G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost"
2130 fi
2131
2132 # Allow SHA-1, because many of our test certificates use it
2133 P_SRV="$P_SRV allow_sha1=1"
2134 P_CLI="$P_CLI allow_sha1=1"
2135
Simon Butcher3c0d7b82016-05-23 11:13:17 +01002136fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02002137# Also pick a unique name for intermediate files
2138SRV_OUT="srv_out.$$"
2139CLI_OUT="cli_out.$$"
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +02002140PXY_OUT="pxy_out.$$"
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02002141SESSION="session.$$"
2142
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +02002143SKIP_NEXT="NO"
2144
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +01002145trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01002146
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +02002147# Basic test
2148
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02002149# Checks that:
2150# - things work with all ciphersuites active (used with config-full in all.sh)
Gilles Peskine799eee62021-06-02 22:14:15 +02002151# - the expected parameters are selected
Gilles Peskine35615262022-02-25 19:50:38 +01002152requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002153requires_hash_alg SHA_512 # "signature_algorithm ext: 6"
Ronald Cronfbd51572025-07-10 13:19:31 +02002154requires_config_enabled PSA_WANT_ECC_MONTGOMERY_255
Ronald Cronf95d1692023-03-14 17:19:42 +01002155run_test "Default, TLS 1.2" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02002156 "$P_SRV debug_level=3" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002157 "$P_CLI force_version=tls12" \
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +02002158 0 \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02002159 -s "Protocol is TLSv1.2" \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +02002160 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02002161 -s "client hello v3, signature_algorithm ext: 6" \
Gilles Peskine799eee62021-06-02 22:14:15 +02002162 -s "ECDHE curve: x25519" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +02002163 -S "error" \
2164 -C "error"
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +02002165
Jerry Yuab082902021-12-23 18:02:22 +08002166requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine35615262022-02-25 19:50:38 +01002167requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256
Manuel Pégourié-Gonnard3bb08012015-01-22 13:34:21 +00002168run_test "Default, DTLS" \
2169 "$P_SRV dtls=1" \
2170 "$P_CLI dtls=1" \
2171 0 \
2172 -s "Protocol is DTLSv1.2" \
Manuel Pégourié-Gonnardce66d5e2018-06-14 11:11:15 +02002173 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256"
Manuel Pégourié-Gonnard3bb08012015-01-22 13:34:21 +00002174
Hanno Becker721f7c12020-08-17 12:17:32 +01002175run_test "TLS client auth: required" \
2176 "$P_SRV auth_mode=required" \
2177 "$P_CLI" \
2178 0 \
2179 -s "Verifying peer X.509 certificate... ok"
2180
Glenn Strauss6eef5632022-01-23 08:37:02 -05002181run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2182 "$P_SRV" \
2183 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2184 0 \
2185 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2186 -c "Key size is 256"
2187
2188run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2189 "$P_SRV" \
2190 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2191 0 \
2192 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2193 -c "Key size is 128"
2194
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002195requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settidd43d7b2023-11-09 14:10:51 +01002196# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
Ronald Cronbd28acf2025-07-10 09:53:50 +02002197# module does not support PSA dispatching so we need builtin support. With the
2198# removal of the legacy cryptography configuration options, there is currently
2199# no way to express this dependency. This test fails if run in a configuration
2200# where the built-in implementation of CBC or AES is not present.
Sam Berryd50e8432024-06-19 11:43:03 +01002201requires_hash_alg MD5
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002202requires_hash_alg SHA_256
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002203run_test "TLS: password protected client key" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002204 "$P_SRV force_version=tls12 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01002205 "$P_CLI crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002206 0
2207
2208requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settidd43d7b2023-11-09 14:10:51 +01002209# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
Ronald Cronbd28acf2025-07-10 09:53:50 +02002210# module does not support PSA dispatching so we need builtin support. With the
2211# removal of the legacy cryptography configuration options, there is currently
2212# no way to express this dependency. This test fails if run in a configuration
2213# where the built-in implementation of CBC or AES is not present.
Sam Berryd50e8432024-06-19 11:43:03 +01002214requires_hash_alg MD5
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002215requires_hash_alg SHA_256
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002216run_test "TLS: password protected server key" \
David Horstmann184c4f02024-07-01 17:01:28 +01002217 "$P_SRV crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002218 "$P_CLI force_version=tls12" \
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002219 0
2220
2221requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002222requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Valerio Settidd43d7b2023-11-09 14:10:51 +01002223# server5.key.enc is in PEM format and AES-256-CBC crypted. Unfortunately PEM
Ronald Cronbd28acf2025-07-10 09:53:50 +02002224# module does not support PSA dispatching so we need builtin support. With the
2225# removal of the legacy cryptography configuration options, there is currently
2226# no way to express this dependency. This test fails if run in a configuration
2227# where the built-in implementation of CBC or AES is not present.
Sam Berryd50e8432024-06-19 11:43:03 +01002228requires_hash_alg MD5
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002229requires_hash_alg SHA_256
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002230run_test "TLS: password protected server key, two certificates" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002231 "$P_SRV force_version=tls12\
David Horstmann184c4f02024-07-01 17:01:28 +01002232 key_file=$DATA_FILES_PATH/server5.key.enc key_pwd=PolarSSLTest crt_file=$DATA_FILES_PATH/server5.crt \
2233 key_file2=$DATA_FILES_PATH/server2.key.enc key_pwd2=PolarSSLTest crt_file2=$DATA_FILES_PATH/server2.crt" \
Hanno Becker2f54a3c2020-08-17 12:14:06 +01002234 "$P_CLI" \
2235 0
2236
Hanno Becker746aaf32019-03-28 15:25:23 +00002237run_test "CA callback on client" \
2238 "$P_SRV debug_level=3" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02002239 "$P_CLI ca_callback=1 debug_level=3 " \
Hanno Becker746aaf32019-03-28 15:25:23 +00002240 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01002241 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00002242 -S "error" \
2243 -C "error"
2244
Hanno Becker746aaf32019-03-28 15:25:23 +00002245requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002246requires_hash_alg SHA_256
Hanno Becker746aaf32019-03-28 15:25:23 +00002247run_test "CA callback on server" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02002248 "$P_SRV auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01002249 "$P_CLI ca_callback=1 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt \
2250 key_file=$DATA_FILES_PATH/server5.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00002251 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01002252 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00002253 -s "Verifying peer X.509 certificate... ok" \
2254 -S "error" \
2255 -C "error"
2256
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002257# Test using an EC opaque private key for client authentication
Manuel Pégourié-Gonnardcfdf8f42018-11-08 09:52:25 +01002258requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settid1f991c2023-02-22 12:54:13 +01002259requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002260requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002261run_test "Opaque key for client authentication: ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002262 "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt \
2263 key_file=$DATA_FILES_PATH/server5.key" \
2264 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2265 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
Manuel Pégourié-Gonnardcfdf8f42018-11-08 09:52:25 +01002266 0 \
2267 -c "key type: Opaque" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002268 -c "Ciphersuite is TLS-ECDHE-ECDSA" \
Manuel Pégourié-Gonnardcfdf8f42018-11-08 09:52:25 +01002269 -s "Verifying peer X.509 certificate... ok" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002270 -s "Ciphersuite is TLS-ECDHE-ECDSA" \
Manuel Pégourié-Gonnardcfdf8f42018-11-08 09:52:25 +01002271 -S "error" \
2272 -C "error"
2273
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002274# Test using a RSA opaque private key for client authentication
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002275requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002276requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
valeriof27472b2023-03-09 16:19:35 +01002277requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002278requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002279run_test "Opaque key for client authentication: ECDHE-RSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002280 "$P_SRV force_version=tls12 auth_mode=required crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2281 key_file=$DATA_FILES_PATH/server2.key" \
2282 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2283 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002284 0 \
2285 -c "key type: Opaque" \
2286 -c "Ciphersuite is TLS-ECDHE-RSA" \
2287 -s "Verifying peer X.509 certificate... ok" \
2288 -s "Ciphersuite is TLS-ECDHE-RSA" \
2289 -S "error" \
2290 -C "error"
2291
2292# Test using an EC opaque private key for server authentication
Przemyslaw Stekiel0483e3d2021-10-04 11:13:22 +02002293requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settid1f991c2023-02-22 12:54:13 +01002294requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002295requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002296run_test "Opaque key for server authentication: ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002297 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2298 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002299 "$P_CLI force_version=tls12" \
Przemyslaw Stekiel0483e3d2021-10-04 11:13:22 +02002300 0 \
2301 -c "Verifying peer X.509 certificate... ok" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002302 -c "Ciphersuite is TLS-ECDHE-ECDSA" \
Gilles Peskine05bf89d2022-01-25 17:50:25 +01002303 -s "key types: Opaque, none" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002304 -s "Ciphersuite is TLS-ECDHE-ECDSA" \
Przemyslaw Stekiel0483e3d2021-10-04 11:13:22 +02002305 -S "error" \
2306 -C "error"
2307
Neil Armstrong023bf8d2022-03-23 14:04:04 +01002308requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002309requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002310run_test "Opaque key for server authentication: ECDH-" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002311 "$P_SRV auth_mode=required key_opaque=1\
David Horstmann184c4f02024-07-01 17:01:28 +01002312 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt\
2313 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002314 "$P_CLI force_version=tls12" \
Neil Armstrong023bf8d2022-03-23 14:04:04 +01002315 0 \
2316 -c "Verifying peer X.509 certificate... ok" \
2317 -c "Ciphersuite is TLS-ECDH-" \
2318 -s "key types: Opaque, none" \
2319 -s "Ciphersuite is TLS-ECDH-" \
2320 -S "error" \
2321 -C "error"
2322
Neil Armstrong1948a202022-06-30 18:05:57 +02002323requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron5df9d9d2025-08-18 15:04:22 +02002324requires_config_enabled PSA_WANT_ALG_ECDSA
Ronald Cron68ba7f72025-06-30 07:45:17 +02002325requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurekd6817462022-09-06 14:32:00 -04002326requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE
2327requires_hash_alg SHA_256
2328run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \
David Horstmann184c4f02024-07-01 17:01:28 +01002329 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2330 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
Andrzej Kurekd6817462022-09-06 14:32:00 -04002331 debug_level=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002332 "$P_CLI force_version=tls12" \
Andrzej Kurekd6817462022-09-06 14:32:00 -04002333 1 \
2334 -s "key types: Opaque, none" \
2335 -s "error" \
2336 -c "error" \
2337 -c "Public key type mismatch"
2338
Andrzej Kurekd6817462022-09-06 14:32:00 -04002339requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002340requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurekd6817462022-09-06 14:32:00 -04002341requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002342requires_hash_alg SHA_256
Andrzej Kurekd6817462022-09-06 14:32:00 -04002343run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \
David Horstmann184c4f02024-07-01 17:01:28 +01002344 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2345 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=ecdh,none \
Neil Armstrongeb4390b2022-05-27 10:26:02 +02002346 debug_level=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002347 "$P_CLI force_version=tls12" \
Neil Armstrongeb4390b2022-05-27 10:26:02 +02002348 1 \
2349 -s "key types: Opaque, none" \
2350 -s "got ciphersuites in common, but none of them usable" \
2351 -s "error" \
2352 -c "error"
2353
Neil Armstrongeb4390b2022-05-27 10:26:02 +02002354requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002355requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002356run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \
David Horstmann184c4f02024-07-01 17:01:28 +01002357 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2358 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdh,none \
Neil Armstrong36b02232022-06-30 11:16:53 +02002359 debug_level=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002360 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Neil Armstrong36b02232022-06-30 11:16:53 +02002361 1 \
2362 -s "key types: Opaque, none" \
2363 -s "got ciphersuites in common, but none of them usable" \
2364 -s "error" \
2365 -c "error"
2366
Neil Armstrong167d82c2022-06-30 11:32:00 +02002367requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settid1f991c2023-02-22 12:54:13 +01002368requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002369requires_hash_alg SHA_256
Neil Armstrongc67e6e92022-07-01 15:48:10 +02002370requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Neil Armstrong4b102092022-07-01 09:42:29 +02002371run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002372 "$P_SRV force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \
2373 key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdh,none \
2374 crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002375 key_opaque_algs2=ecdsa-sign,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002376 "$P_CLI force_version=tls12" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002377 0 \
2378 -c "Verifying peer X.509 certificate... ok" \
2379 -c "Ciphersuite is TLS-ECDHE-ECDSA" \
Neil Armstrong4b102092022-07-01 09:42:29 +02002380 -c "CN=Polarssl Test EC CA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002381 -s "key types: Opaque, Opaque" \
2382 -s "Ciphersuite is TLS-ECDHE-ECDSA" \
2383 -S "error" \
2384 -C "error"
2385
Neil Armstrong167d82c2022-06-30 11:32:00 +02002386requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002387requires_hash_alg SHA_384
Neil Armstrongc67e6e92022-07-01 15:48:10 +02002388requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Neil Armstrong4b102092022-07-01 09:42:29 +02002389run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002390 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server7.crt \
2391 key_file=$DATA_FILES_PATH/server7.key key_opaque_algs=ecdsa-sign,none \
2392 crt_file2=$DATA_FILES_PATH/server5.crt key_file2=$DATA_FILES_PATH/server5.key \
Neil Armstrong4b102092022-07-01 09:42:29 +02002393 key_opaque_algs2=ecdh,none debug_level=3" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002394 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \
Neil Armstrong4b102092022-07-01 09:42:29 +02002395 0 \
2396 -c "Verifying peer X.509 certificate... ok" \
2397 -c "Ciphersuite is TLS-ECDH-ECDSA" \
2398 -c "CN=Polarssl Test EC CA" \
2399 -s "key types: Opaque, Opaque" \
2400 -s "Ciphersuite is TLS-ECDH-ECDSA" \
2401 -S "error" \
2402 -C "error"
2403
Neil Armstrong4b102092022-07-01 09:42:29 +02002404requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002405requires_hash_alg SHA_384
Neil Armstrongc67e6e92022-07-01 15:48:10 +02002406requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Neil Armstrong1948a202022-06-30 18:05:57 +02002407run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002408 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2409 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \
2410 crt_file2=$DATA_FILES_PATH/server2-sha256.crt \
2411 key_file2=$DATA_FILES_PATH/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002412 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002413 0 \
2414 -c "Verifying peer X.509 certificate... ok" \
2415 -c "Ciphersuite is TLS-ECDHE-ECDSA" \
Neil Armstrong4b102092022-07-01 09:42:29 +02002416 -c "CN=Polarssl Test EC CA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002417 -s "key types: Opaque, Opaque" \
2418 -s "Ciphersuite is TLS-ECDHE-ECDSA" \
2419 -S "error" \
2420 -C "error"
2421
Przemek Stekielc454aba2022-07-07 09:56:13 +02002422requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron68ba7f72025-06-30 07:45:17 +02002423requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Jerry Yuddda0502022-12-01 19:43:12 +08002424requires_config_enabled MBEDTLS_SSL_SRV_C
2425requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6ec21232022-09-16 16:41:53 +02002426run_test "TLS 1.3 opaque key: no suitable algorithm found" \
Gabor Mezei3ead04a2025-02-27 14:30:35 +01002427 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,none" \
2428 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002429 1 \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002430 -c "key type: Opaque" \
2431 -s "key types: Opaque, Opaque" \
2432 -c "error" \
Ronald Cron067a1e72022-09-16 13:44:49 +02002433 -s "no suitable signature algorithm"
Przemek Stekielc454aba2022-07-07 09:56:13 +02002434
2435requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron68ba7f72025-06-30 07:45:17 +02002436requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Jerry Yuddda0502022-12-01 19:43:12 +08002437requires_config_enabled MBEDTLS_SSL_SRV_C
2438requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6ec21232022-09-16 16:41:53 +02002439run_test "TLS 1.3 opaque key: suitable algorithm found" \
Gabor Mezei3ead04a2025-02-27 14:30:35 +01002440 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
2441 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002442 0 \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002443 -c "key type: Opaque" \
2444 -s "key types: Opaque, Opaque" \
2445 -C "error" \
Jerry Yuddda0502022-12-01 19:43:12 +08002446 -S "error"
Przemek Stekielc454aba2022-07-07 09:56:13 +02002447
2448requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron68ba7f72025-06-30 07:45:17 +02002449requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Jerry Yuddda0502022-12-01 19:43:12 +08002450requires_config_enabled MBEDTLS_SSL_SRV_C
2451requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron50969e32022-09-16 15:54:33 +02002452run_test "TLS 1.3 opaque key: first client sig alg not suitable" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01002453 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \
Ronald Cron50969e32022-09-16 15:54:33 +02002454 "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \
2455 0 \
Ronald Cron50969e32022-09-16 15:54:33 +02002456 -s "key types: Opaque, Opaque" \
2457 -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \
2458 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
2459 -C "error" \
2460 -S "error" \
2461
2462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron68ba7f72025-06-30 07:45:17 +02002463requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Jerry Yuddda0502022-12-01 19:43:12 +08002464requires_config_enabled MBEDTLS_SSL_SRV_C
2465requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron6ec21232022-09-16 16:41:53 +02002466run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \
Gabor Mezei1ac784c2025-03-20 09:15:47 +01002467 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
Gabor Mezei3ead04a2025-02-27 14:30:35 +01002468 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-sign-pkcs1,rsa-sign-pss" \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002469 0 \
Przemek Stekielc454aba2022-07-07 09:56:13 +02002470 -c "key type: Opaque" \
2471 -s "key types: Opaque, Opaque" \
2472 -C "error" \
2473 -S "error" \
2474
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002475# Test using a RSA opaque private key for server authentication
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002476requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002477requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
valeriof27472b2023-03-09 16:19:35 +01002478requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002479requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002480run_test "Opaque key for server authentication: ECDHE-RSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002481 "$P_SRV key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2482 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002483 "$P_CLI force_version=tls12" \
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002484 0 \
2485 -c "Verifying peer X.509 certificate... ok" \
2486 -c "Ciphersuite is TLS-ECDHE-RSA" \
2487 -s "key types: Opaque, none" \
2488 -s "Ciphersuite is TLS-ECDHE-RSA" \
2489 -S "error" \
2490 -C "error"
2491
Neil Armstronga4dbfdd2022-03-21 10:11:07 +01002492requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002493requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002494requires_hash_alg SHA_256
Valerio Setti309a7ec2025-01-20 13:07:39 +01002495requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
2496run_test "Opaque key for server authentication: ECDHE-RSA, PSS instead of PKCS1" \
David Horstmann184c4f02024-07-01 17:01:28 +01002497 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2498 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \
2499 "$P_CLI crt_file=$DATA_FILES_PATH/server2-sha256.crt \
Valerio Setti309a7ec2025-01-20 13:07:39 +01002500 key_file=$DATA_FILES_PATH/server2.key force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Neil Armstrong36b02232022-06-30 11:16:53 +02002501 1 \
2502 -s "key types: Opaque, none" \
2503 -s "got ciphersuites in common, but none of them usable" \
2504 -s "error" \
2505 -c "error"
2506
Neil Armstrong167d82c2022-06-30 11:32:00 +02002507requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002508requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002509requires_hash_alg SHA_256
Neil Armstrongc67e6e92022-07-01 15:48:10 +02002510requires_config_disabled MBEDTLS_X509_REMOVE_INFO
valeriof27472b2023-03-09 16:19:35 +01002511requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Neil Armstrong1948a202022-06-30 18:05:57 +02002512run_test "Opaque keys for server authentication: RSA keys with different algs" \
David Horstmann184c4f02024-07-01 17:01:28 +01002513 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2514 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pss,none \
2515 crt_file2=$DATA_FILES_PATH/server4.crt \
2516 key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002517 "$P_CLI force_version=tls12" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002518 0 \
2519 -c "Verifying peer X.509 certificate... ok" \
2520 -c "Ciphersuite is TLS-ECDHE-RSA" \
Neil Armstrong4b102092022-07-01 09:42:29 +02002521 -c "CN=Polarssl Test EC CA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002522 -s "key types: Opaque, Opaque" \
2523 -s "Ciphersuite is TLS-ECDHE-RSA" \
2524 -S "error" \
2525 -C "error"
2526
Neil Armstrong167d82c2022-06-30 11:32:00 +02002527requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002528requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Valerio Setti309a7ec2025-01-20 13:07:39 +01002529requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002530requires_hash_alg SHA_384
Neil Armstrongc67e6e92022-07-01 15:48:10 +02002531requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Valerio Setti309a7ec2025-01-20 13:07:39 +01002532run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-RSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002533 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2534 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none \
2535 crt_file2=$DATA_FILES_PATH/server4.crt \
2536 key_file2=$DATA_FILES_PATH/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \
Valerio Setti309a7ec2025-01-20 13:07:39 +01002537 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002538 0 \
2539 -c "Verifying peer X.509 certificate... ok" \
Valerio Setti309a7ec2025-01-20 13:07:39 +01002540 -c "Ciphersuite is TLS-ECDHE-RSA" \
Neil Armstrong4b102092022-07-01 09:42:29 +02002541 -c "CN=Polarssl Test EC CA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002542 -s "key types: Opaque, Opaque" \
Valerio Setti309a7ec2025-01-20 13:07:39 +01002543 -s "Ciphersuite is TLS-ECDHE-RSA" \
Neil Armstrong167d82c2022-06-30 11:32:00 +02002544 -S "error" \
2545 -C "error"
2546
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002547# Test using an EC opaque private key for client/server authentication
Przemyslaw Stekiel575f23c2021-10-06 11:31:49 +02002548requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Valerio Settid1f991c2023-02-22 12:54:13 +01002549requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002550requires_hash_alg SHA_256
Neil Armstrong1948a202022-06-30 18:05:57 +02002551run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002552 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2553 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
2554 "$P_CLI key_opaque=1 crt_file=$DATA_FILES_PATH/server5.crt \
2555 key_file=$DATA_FILES_PATH/server5.key key_opaque_algs=ecdsa-sign,none" \
Przemyslaw Stekiel575f23c2021-10-06 11:31:49 +02002556 0 \
2557 -c "key type: Opaque" \
2558 -c "Verifying peer X.509 certificate... ok" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002559 -c "Ciphersuite is TLS-ECDHE-ECDSA" \
Gilles Peskine05bf89d2022-01-25 17:50:25 +01002560 -s "key types: Opaque, none" \
Przemyslaw Stekiel575f23c2021-10-06 11:31:49 +02002561 -s "Verifying peer X.509 certificate... ok" \
Przemyslaw Stekielbb5d4832021-10-26 12:25:27 +02002562 -s "Ciphersuite is TLS-ECDHE-ECDSA" \
Simon Butcher8e004102016-10-14 00:48:33 +01002563 -S "error" \
2564 -C "error"
2565
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002566# Test using a RSA opaque private key for client/server authentication
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002567requires_config_enabled MBEDTLS_X509_CRT_PARSE_C
Ronald Cron68ba7f72025-06-30 07:45:17 +02002568requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04002569requires_hash_alg SHA_256
valeriof27472b2023-03-09 16:19:35 +01002570requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED
Neil Armstrong1948a202022-06-30 18:05:57 +02002571run_test "Opaque key for client/server authentication: ECDHE-RSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01002572 "$P_SRV auth_mode=required key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2573 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
2574 "$P_CLI force_version=tls12 key_opaque=1 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
2575 key_file=$DATA_FILES_PATH/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \
Neil Armstrong3e9a1422022-03-21 10:03:46 +01002576 0 \
2577 -c "key type: Opaque" \
2578 -c "Verifying peer X.509 certificate... ok" \
2579 -c "Ciphersuite is TLS-ECDHE-RSA" \
2580 -s "key types: Opaque, none" \
2581 -s "Verifying peer X.509 certificate... ok" \
2582 -s "Ciphersuite is TLS-ECDHE-RSA" \
2583 -S "error" \
2584 -C "error"
2585
Hanno Becker9b5853c2018-11-16 17:28:40 +00002586# Test ciphersuites which we expect to be fully supported by PSA Crypto
2587# and check that we don't fall back to Mbed TLS' internal crypto primitives.
2588run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM
2589run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8
2590run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM
2591run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8
2592run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
2593run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
2594run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA
2595run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256
2596run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384
2597
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002598requires_config_enabled PSA_WANT_ECC_SECP_R1_521
Hanno Becker354e2482019-01-08 11:40:25 +00002599run_test_psa_force_curve "secp521r1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002600requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_512
Hanno Becker354e2482019-01-08 11:40:25 +00002601run_test_psa_force_curve "brainpoolP512r1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002602requires_config_enabled PSA_WANT_ECC_SECP_R1_384
Hanno Becker354e2482019-01-08 11:40:25 +00002603run_test_psa_force_curve "secp384r1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002604requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_384
Hanno Becker354e2482019-01-08 11:40:25 +00002605run_test_psa_force_curve "brainpoolP384r1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002606requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Hanno Becker354e2482019-01-08 11:40:25 +00002607run_test_psa_force_curve "secp256r1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002608requires_config_enabled PSA_WANT_ECC_SECP_K1_256
Hanno Becker354e2482019-01-08 11:40:25 +00002609run_test_psa_force_curve "secp256k1"
Manuel Pégourié-Gonnard22334a22023-10-19 11:27:33 +02002610requires_config_enabled PSA_WANT_ECC_BRAINPOOL_P_R1_256
Hanno Becker354e2482019-01-08 11:40:25 +00002611run_test_psa_force_curve "brainpoolP256r1"
Hanno Becker354e2482019-01-08 11:40:25 +00002612
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +01002613# Test current time in ServerHello
2614requires_config_enabled MBEDTLS_HAVE_TIME
2615run_test "ServerHello contains gmt_unix_time" \
2616 "$P_SRV debug_level=3" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002617 "$P_CLI force_version=tls12 debug_level=3" \
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +01002618 0 \
2619 -f "check_server_hello_time" \
Manuel Pégourié-Gonnard51d81662015-01-14 17:20:46 +01002620 -F "check_server_hello_time"
Manuel Pégourié-Gonnardbd47a582015-01-12 13:43:29 +01002621
2622# Test for uniqueness of IVs in AEAD ciphersuites
Gilles Peskinebc70a182017-05-09 15:59:24 +02002623run_test "Unique IV in GCM" \
2624 "$P_SRV exchanges=20 debug_level=4" \
Manuel Pégourié-Gonnardaf63c212017-06-08 17:51:08 +02002625 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002626 0 \
2627 -u "IV used" \
2628 -U "IV used"
2629
Andrzej Kurekec71b092022-11-15 10:21:50 -05002630# Test for correctness of sent single supported algorithm
Ronald Cronfbd51572025-07-10 13:19:31 +02002631requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Andrzej Kurekec71b092022-11-15 10:21:50 -05002632requires_config_enabled MBEDTLS_DEBUG_C
2633requires_config_enabled MBEDTLS_SSL_CLI_C
Paul Elliott3b4ceda2022-11-17 12:47:10 +00002634requires_config_enabled MBEDTLS_SSL_SRV_C
Valerio Settid1f991c2023-02-22 12:54:13 +01002635requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
2636requires_pk_alg "ECDSA"
Andrzej Kurekec71b092022-11-15 10:21:50 -05002637requires_hash_alg SHA_256
Paul Elliottf6e342c2022-11-17 12:50:29 +00002638run_test "Single supported algorithm sending: mbedtls client" \
Andrzej Kurekec71b092022-11-15 10:21:50 -05002639 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002640 "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \
Andrzej Kurekec71b092022-11-15 10:21:50 -05002641 0 \
2642 -c "Supported Signature Algorithm found: 04 03"
2643
Paul Elliottf6e342c2022-11-17 12:50:29 +00002644requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
2645requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cronfbd51572025-07-10 13:19:31 +02002646requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Paul Elliottf6e342c2022-11-17 12:50:29 +00002647requires_hash_alg SHA_256
2648run_test "Single supported algorithm sending: openssl client" \
2649 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01002650 "$O_CLI -cert $DATA_FILES_PATH/server6.crt \
2651 -key $DATA_FILES_PATH/server6.key" \
Paul Elliottf6e342c2022-11-17 12:50:29 +00002652 0
2653
Janos Follathee11be62019-04-04 12:03:30 +01002654# Tests for certificate verification callback
2655run_test "Configuration-specific CRT verification callback" \
2656 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnard843a00d2024-08-16 09:53:41 +02002657 "$P_CLI context_crt_cb=0 debug_level=3" \
Janos Follathee11be62019-04-04 12:03:30 +01002658 0 \
Janos Follathee11be62019-04-04 12:03:30 +01002659 -S "error" \
2660 -c "Verify requested for " \
2661 -c "Use configuration-specific verification callback" \
2662 -C "Use context-specific verification callback" \
2663 -C "error"
2664
Hanno Beckerefb440a2019-04-03 13:04:33 +01002665run_test "Context-specific CRT verification callback" \
2666 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnard843a00d2024-08-16 09:53:41 +02002667 "$P_CLI context_crt_cb=1 debug_level=3" \
Hanno Beckerefb440a2019-04-03 13:04:33 +01002668 0 \
Hanno Beckerefb440a2019-04-03 13:04:33 +01002669 -S "error" \
Janos Follathee11be62019-04-04 12:03:30 +01002670 -c "Verify requested for " \
2671 -c "Use context-specific verification callback" \
2672 -C "Use configuration-specific verification callback" \
Hanno Beckerefb440a2019-04-03 13:04:33 +01002673 -C "error"
2674
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +01002675# Tests for SHA-1 support
Gilles Peskine3b81ea12024-04-29 17:42:52 +02002676requires_hash_alg SHA_1
Gilles Peskinebc70a182017-05-09 15:59:24 +02002677run_test "SHA-1 forbidden by default in server certificate" \
David Horstmann184c4f02024-07-01 17:01:28 +01002678 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002679 "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002680 1 \
2681 -c "The certificate is signed with an unacceptable hash"
2682
Gilles Peskine3b81ea12024-04-29 17:42:52 +02002683requires_hash_alg SHA_1
Gilles Peskinebc70a182017-05-09 15:59:24 +02002684run_test "SHA-1 explicitly allowed in server certificate" \
David Horstmann184c4f02024-07-01 17:01:28 +01002685 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2.crt" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002686 "$P_CLI force_version=tls12 allow_sha1=1" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002687 0
2688
2689run_test "SHA-256 allowed by default in server certificate" \
David Horstmann184c4f02024-07-01 17:01:28 +01002690 "$P_SRV key_file=$DATA_FILES_PATH/server2.key crt_file=$DATA_FILES_PATH/server2-sha256.crt" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002691 "$P_CLI force_version=tls12 allow_sha1=0" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002692 0
2693
Gilles Peskine3b81ea12024-04-29 17:42:52 +02002694requires_hash_alg SHA_1
Ronald Cron68ba7f72025-06-30 07:45:17 +02002695requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskinebc70a182017-05-09 15:59:24 +02002696run_test "SHA-1 forbidden by default in client certificate" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002697 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
David Horstmann184c4f02024-07-01 17:01:28 +01002698 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002699 1 \
2700 -s "The certificate is signed with an unacceptable hash"
2701
Gilles Peskine3b81ea12024-04-29 17:42:52 +02002702requires_hash_alg SHA_1
Ronald Cron68ba7f72025-06-30 07:45:17 +02002703requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskinebc70a182017-05-09 15:59:24 +02002704run_test "SHA-1 explicitly allowed in client certificate" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002705 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \
David Horstmann184c4f02024-07-01 17:01:28 +01002706 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha1.crt" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002707 0
2708
Ronald Cron68ba7f72025-06-30 07:45:17 +02002709requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine3b81ea12024-04-29 17:42:52 +02002710requires_hash_alg SHA_256
Gilles Peskinebc70a182017-05-09 15:59:24 +02002711run_test "SHA-256 allowed by default in client certificate" \
Ronald Cronf95d1692023-03-14 17:19:42 +01002712 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \
David Horstmann184c4f02024-07-01 17:01:28 +01002713 "$P_CLI key_file=$DATA_FILES_PATH/cli-rsa.key crt_file=$DATA_FILES_PATH/cli-rsa-sha256.crt" \
Gilles Peskinebc70a182017-05-09 15:59:24 +02002714 0
2715
Hanno Becker7ae8a762018-08-14 15:43:35 +01002716# Tests for datagram packing
Jerry Yuab082902021-12-23 18:02:22 +08002717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker7ae8a762018-08-14 15:43:35 +01002718run_test "DTLS: multiple records in same datagram, client and server" \
2719 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
2720 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
2721 0 \
2722 -c "next record in same datagram" \
2723 -s "next record in same datagram"
2724
Jerry Yuab082902021-12-23 18:02:22 +08002725requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker7ae8a762018-08-14 15:43:35 +01002726run_test "DTLS: multiple records in same datagram, client only" \
2727 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
2728 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \
2729 0 \
2730 -s "next record in same datagram" \
2731 -C "next record in same datagram"
2732
Jerry Yuab082902021-12-23 18:02:22 +08002733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker7ae8a762018-08-14 15:43:35 +01002734run_test "DTLS: multiple records in same datagram, server only" \
2735 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \
2736 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
2737 0 \
2738 -S "next record in same datagram" \
2739 -c "next record in same datagram"
2740
Jerry Yuab082902021-12-23 18:02:22 +08002741requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker7ae8a762018-08-14 15:43:35 +01002742run_test "DTLS: multiple records in same datagram, neither client nor server" \
2743 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
2744 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
2745 0 \
2746 -S "next record in same datagram" \
2747 -C "next record in same datagram"
2748
Jarno Lamsa2937d812019-06-04 11:33:23 +03002749# Tests for Context serialization
2750
2751requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002752run_test "Context serialization, client serializes, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002753 "$P_SRV dtls=1 serialize=0 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002754 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2755 0 \
2756 -c "Deserializing connection..." \
2757 -S "Deserializing connection..."
2758
2759requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2760run_test "Context serialization, client serializes, ChaChaPoly" \
2761 "$P_SRV dtls=1 serialize=0 exchanges=2" \
2762 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2763 0 \
2764 -c "Deserializing connection..." \
2765 -S "Deserializing connection..."
2766
2767requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2768run_test "Context serialization, client serializes, GCM" \
2769 "$P_SRV dtls=1 serialize=0 exchanges=2" \
2770 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002771 0 \
Jarno Lamsacbee1b32019-06-04 15:18:19 +03002772 -c "Deserializing connection..." \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002773 -S "Deserializing connection..."
2774
Jerry Yuab082902021-12-23 18:02:22 +08002775requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Jarno Lamsa2937d812019-06-04 11:33:23 +03002776requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Becker1b18fd32019-08-30 11:18:59 +01002777requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2778run_test "Context serialization, client serializes, with CID" \
2779 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
2780 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
2781 0 \
2782 -c "Deserializing connection..." \
2783 -S "Deserializing connection..."
2784
2785requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002786run_test "Context serialization, server serializes, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002787 "$P_SRV dtls=1 serialize=1 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002788 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2789 0 \
2790 -C "Deserializing connection..." \
2791 -s "Deserializing connection..."
2792
2793requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2794run_test "Context serialization, server serializes, ChaChaPoly" \
2795 "$P_SRV dtls=1 serialize=1 exchanges=2" \
2796 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2797 0 \
2798 -C "Deserializing connection..." \
2799 -s "Deserializing connection..."
2800
2801requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2802run_test "Context serialization, server serializes, GCM" \
2803 "$P_SRV dtls=1 serialize=1 exchanges=2" \
2804 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002805 0 \
Jarno Lamsacbee1b32019-06-04 15:18:19 +03002806 -C "Deserializing connection..." \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002807 -s "Deserializing connection..."
2808
Jerry Yuab082902021-12-23 18:02:22 +08002809requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Jarno Lamsa2937d812019-06-04 11:33:23 +03002810requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Becker1b18fd32019-08-30 11:18:59 +01002811requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2812run_test "Context serialization, server serializes, with CID" \
2813 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
2814 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \
2815 0 \
2816 -C "Deserializing connection..." \
2817 -s "Deserializing connection..."
2818
2819requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002820run_test "Context serialization, both serialize, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002821 "$P_SRV dtls=1 serialize=1 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002822 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2823 0 \
2824 -c "Deserializing connection..." \
2825 -s "Deserializing connection..."
2826
2827requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2828run_test "Context serialization, both serialize, ChaChaPoly" \
2829 "$P_SRV dtls=1 serialize=1 exchanges=2" \
2830 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2831 0 \
2832 -c "Deserializing connection..." \
2833 -s "Deserializing connection..."
2834
2835requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2836run_test "Context serialization, both serialize, GCM" \
2837 "$P_SRV dtls=1 serialize=1 exchanges=2" \
2838 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002839 0 \
Jarno Lamsacbee1b32019-06-04 15:18:19 +03002840 -c "Deserializing connection..." \
Jarno Lamsa2937d812019-06-04 11:33:23 +03002841 -s "Deserializing connection..."
2842
Jerry Yuab082902021-12-23 18:02:22 +08002843requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Jarno Lamsac2376f02019-06-06 10:44:14 +03002844requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Becker1b18fd32019-08-30 11:18:59 +01002845requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2846run_test "Context serialization, both serialize, with CID" \
2847 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
2848 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
2849 0 \
2850 -c "Deserializing connection..." \
2851 -s "Deserializing connection..."
2852
2853requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002854run_test "Context serialization, re-init, client serializes, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002855 "$P_SRV dtls=1 serialize=0 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002856 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2857 0 \
2858 -c "Deserializing connection..." \
2859 -S "Deserializing connection..."
2860
Jerry Yuab082902021-12-23 18:02:22 +08002861requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002862requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2863run_test "Context serialization, re-init, client serializes, ChaChaPoly" \
2864 "$P_SRV dtls=1 serialize=0 exchanges=2" \
2865 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2866 0 \
2867 -c "Deserializing connection..." \
2868 -S "Deserializing connection..."
2869
2870requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2871run_test "Context serialization, re-init, client serializes, GCM" \
2872 "$P_SRV dtls=1 serialize=0 exchanges=2" \
2873 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
Jarno Lamsac2376f02019-06-06 10:44:14 +03002874 0 \
2875 -c "Deserializing connection..." \
2876 -S "Deserializing connection..."
2877
Jerry Yuab082902021-12-23 18:02:22 +08002878requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Jarno Lamsac2376f02019-06-06 10:44:14 +03002879requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Becker1b18fd32019-08-30 11:18:59 +01002880requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2881run_test "Context serialization, re-init, client serializes, with CID" \
2882 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
2883 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \
2884 0 \
2885 -c "Deserializing connection..." \
2886 -S "Deserializing connection..."
2887
2888requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002889run_test "Context serialization, re-init, server serializes, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002890 "$P_SRV dtls=1 serialize=2 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002891 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2892 0 \
2893 -C "Deserializing connection..." \
2894 -s "Deserializing connection..."
2895
2896requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2897run_test "Context serialization, re-init, server serializes, ChaChaPoly" \
2898 "$P_SRV dtls=1 serialize=2 exchanges=2" \
2899 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2900 0 \
2901 -C "Deserializing connection..." \
2902 -s "Deserializing connection..."
2903
2904requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2905run_test "Context serialization, re-init, server serializes, GCM" \
2906 "$P_SRV dtls=1 serialize=2 exchanges=2" \
2907 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
Jarno Lamsac2376f02019-06-06 10:44:14 +03002908 0 \
2909 -C "Deserializing connection..." \
2910 -s "Deserializing connection..."
2911
Jerry Yuab082902021-12-23 18:02:22 +08002912requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Jarno Lamsac2376f02019-06-06 10:44:14 +03002913requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Becker1b18fd32019-08-30 11:18:59 +01002914requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2915run_test "Context serialization, re-init, server serializes, with CID" \
2916 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \
2917 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \
2918 0 \
2919 -C "Deserializing connection..." \
2920 -s "Deserializing connection..."
2921
2922requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002923run_test "Context serialization, re-init, both serialize, CCM" \
Manuel Pégourié-Gonnard862b3192019-07-23 14:13:43 +02002924 "$P_SRV dtls=1 serialize=2 exchanges=2" \
Hanno Beckere0b90ec2019-08-30 11:32:12 +01002925 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
2926 0 \
2927 -c "Deserializing connection..." \
2928 -s "Deserializing connection..."
2929
2930requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2931run_test "Context serialization, re-init, both serialize, ChaChaPoly" \
2932 "$P_SRV dtls=1 serialize=2 exchanges=2" \
2933 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
2934 0 \
2935 -c "Deserializing connection..." \
2936 -s "Deserializing connection..."
2937
2938requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2939run_test "Context serialization, re-init, both serialize, GCM" \
2940 "$P_SRV dtls=1 serialize=2 exchanges=2" \
2941 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
Jarno Lamsac2376f02019-06-06 10:44:14 +03002942 0 \
2943 -c "Deserializing connection..." \
2944 -s "Deserializing connection..."
2945
Jerry Yuab082902021-12-23 18:02:22 +08002946requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker1b18fd32019-08-30 11:18:59 +01002947requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2948requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
2949run_test "Context serialization, re-init, both serialize, with CID" \
2950 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \
2951 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \
2952 0 \
2953 -c "Deserializing connection..." \
2954 -s "Deserializing connection..."
2955
Jerry Yuab082902021-12-23 18:02:22 +08002956requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Piotr Nowicki3de298f2020-04-16 14:35:19 +02002957requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
2958run_test "Saving the serialized context to a file" \
2959 "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \
2960 "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \
2961 0 \
2962 -s "Save serialized context to a file... ok" \
2963 -c "Save serialized context to a file... ok"
Max Fillinger92b7a7e2024-11-11 17:50:34 +01002964
2965requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
2966requires_protocol_version tls12
2967run_test_export_keying_material tls12
2968
2969requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
2970requires_protocol_version tls12
2971run_test_export_keying_material_openssl_compat tls12
2972
2973requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
2974requires_protocol_version tls13
2975run_test_export_keying_material tls13
2976
Max Fillinger4e217032024-11-14 17:50:42 +01002977requires_config_enabled MBEDTLS_SSL_KEYING_MATERIAL_EXPORT
Max Fillingerd23579c2024-11-14 21:11:26 +01002978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
2979requires_openssl_tls1_3_with_compatible_ephemeral
Max Fillinger4e217032024-11-14 17:50:42 +01002980run_test_export_keying_material_openssl_compat tls13
2981
Piotr Nowicki3de298f2020-04-16 14:35:19 +02002982rm -f context_srv.txt
2983rm -f context_cli.txt
2984
Hanno Becker7cf463e2019-04-09 18:08:47 +01002985# Tests for DTLS Connection ID extension
2986
Hanno Becker7cf463e2019-04-09 18:08:47 +01002987# So far, the CID API isn't implemented, so we can't
2988# grep for output witnessing its use. This needs to be
2989# changed once the CID extension is implemented.
2990
Jerry Yuab082902021-12-23 18:02:22 +08002991requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01002992requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01002993run_test "Connection ID: Cli enabled, Srv disabled" \
Hanno Beckerf157a972019-04-25 16:05:45 +01002994 "$P_SRV debug_level=3 dtls=1 cid=0" \
2995 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
2996 0 \
2997 -s "Disable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01002998 -s "found CID extension" \
2999 -s "Client sent CID extension, but CID disabled" \
Hanno Becker6b78c832019-04-25 17:01:43 +01003000 -c "Enable use of CID extension." \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003001 -c "client hello, adding CID extension" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003002 -S "server hello, adding CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003003 -C "found CID extension" \
3004 -S "Copy CIDs into SSL transform" \
Hanno Beckerfcffdcc2019-04-26 17:19:46 +01003005 -C "Copy CIDs into SSL transform" \
3006 -c "Use of Connection ID was rejected by the server"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003007
Jerry Yuab082902021-12-23 18:02:22 +08003008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003009requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003010run_test "Connection ID: Cli disabled, Srv enabled" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003011 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
3012 "$P_CLI debug_level=3 dtls=1 cid=0" \
3013 0 \
3014 -c "Disable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003015 -C "client hello, adding CID extension" \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003016 -S "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003017 -s "Enable use of CID extension." \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003018 -S "server hello, adding CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003019 -C "found CID extension" \
3020 -S "Copy CIDs into SSL transform" \
Hanno Beckerfcffdcc2019-04-26 17:19:46 +01003021 -C "Copy CIDs into SSL transform" \
Hanno Beckerb3e9dd52019-05-08 13:19:53 +01003022 -s "Use of Connection ID was not offered by client"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003023
Jerry Yuab082902021-12-23 18:02:22 +08003024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003025requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003026run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003027 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
3028 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \
3029 0 \
3030 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003031 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003032 -c "client hello, adding CID extension" \
3033 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003034 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003035 -s "server hello, adding CID extension" \
3036 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003037 -c "Use of CID extension negotiated" \
3038 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003039 -c "Copy CIDs into SSL transform" \
3040 -c "Peer CID (length 2 Bytes): de ad" \
3041 -s "Peer CID (length 2 Bytes): be ef" \
3042 -s "Use of Connection ID has been negotiated" \
3043 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003044
Jerry Yuab082902021-12-23 18:02:22 +08003045requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003046requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003047run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003048 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003049 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \
3050 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \
3051 0 \
3052 -c "Enable use of CID extension." \
3053 -s "Enable use of CID extension." \
3054 -c "client hello, adding CID extension" \
3055 -s "found CID extension" \
3056 -s "Use of CID extension negotiated" \
3057 -s "server hello, adding CID extension" \
3058 -c "found CID extension" \
3059 -c "Use of CID extension negotiated" \
3060 -s "Copy CIDs into SSL transform" \
3061 -c "Copy CIDs into SSL transform" \
3062 -c "Peer CID (length 2 Bytes): de ad" \
3063 -s "Peer CID (length 2 Bytes): be ef" \
3064 -s "Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003065 -c "Use of Connection ID has been negotiated" \
3066 -c "ignoring unexpected CID" \
3067 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003068
Jerry Yuab082902021-12-23 18:02:22 +08003069requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003070requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003071run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
3072 -p "$P_PXY mtu=800" \
3073 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
3074 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
3075 0 \
3076 -c "Enable use of CID extension." \
3077 -s "Enable use of CID extension." \
3078 -c "client hello, adding CID extension" \
3079 -s "found CID extension" \
3080 -s "Use of CID extension negotiated" \
3081 -s "server hello, adding CID extension" \
3082 -c "found CID extension" \
3083 -c "Use of CID extension negotiated" \
3084 -s "Copy CIDs into SSL transform" \
3085 -c "Copy CIDs into SSL transform" \
3086 -c "Peer CID (length 2 Bytes): de ad" \
3087 -s "Peer CID (length 2 Bytes): be ef" \
3088 -s "Use of Connection ID has been negotiated" \
3089 -c "Use of Connection ID has been negotiated"
3090
Jerry Yuab082902021-12-23 18:02:22 +08003091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003092requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003093run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003094 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003095 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \
3096 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \
3097 0 \
3098 -c "Enable use of CID extension." \
3099 -s "Enable use of CID extension." \
3100 -c "client hello, adding CID extension" \
3101 -s "found CID extension" \
3102 -s "Use of CID extension negotiated" \
3103 -s "server hello, adding CID extension" \
3104 -c "found CID extension" \
3105 -c "Use of CID extension negotiated" \
3106 -s "Copy CIDs into SSL transform" \
3107 -c "Copy CIDs into SSL transform" \
3108 -c "Peer CID (length 2 Bytes): de ad" \
3109 -s "Peer CID (length 2 Bytes): be ef" \
3110 -s "Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003111 -c "Use of Connection ID has been negotiated" \
3112 -c "ignoring unexpected CID" \
3113 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003114
Jerry Yuab082902021-12-23 18:02:22 +08003115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003116requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003117run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003118 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
3119 "$P_CLI debug_level=3 dtls=1 cid=1" \
3120 0 \
3121 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003122 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003123 -c "client hello, adding CID extension" \
3124 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003125 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003126 -s "server hello, adding CID extension" \
3127 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003128 -c "Use of CID extension negotiated" \
3129 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003130 -c "Copy CIDs into SSL transform" \
3131 -c "Peer CID (length 4 Bytes): de ad be ef" \
3132 -s "Peer CID (length 0 Bytes):" \
3133 -s "Use of Connection ID has been negotiated" \
3134 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003135
Jerry Yuab082902021-12-23 18:02:22 +08003136requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003137requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003138run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003139 "$P_SRV debug_level=3 dtls=1 cid=1" \
3140 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
3141 0 \
3142 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003143 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003144 -c "client hello, adding CID extension" \
3145 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003146 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003147 -s "server hello, adding CID extension" \
3148 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003149 -c "Use of CID extension negotiated" \
3150 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003151 -c "Copy CIDs into SSL transform" \
3152 -s "Peer CID (length 4 Bytes): de ad be ef" \
3153 -c "Peer CID (length 0 Bytes):" \
3154 -s "Use of Connection ID has been negotiated" \
3155 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003156
Jerry Yuab082902021-12-23 18:02:22 +08003157requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003158requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003159run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003160 "$P_SRV debug_level=3 dtls=1 cid=1" \
3161 "$P_CLI debug_level=3 dtls=1 cid=1" \
3162 0 \
3163 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003164 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003165 -c "client hello, adding CID extension" \
3166 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003167 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003168 -s "server hello, adding CID extension" \
3169 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003170 -c "Use of CID extension negotiated" \
3171 -s "Copy CIDs into SSL transform" \
Hanno Beckerfcffdcc2019-04-26 17:19:46 +01003172 -c "Copy CIDs into SSL transform" \
3173 -S "Use of Connection ID has been negotiated" \
3174 -C "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003175
Hanno Beckera0e20d02019-05-15 14:03:01 +01003176requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003177run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003178 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
3179 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
3180 0 \
3181 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003182 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003183 -c "client hello, adding CID extension" \
3184 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003185 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003186 -s "server hello, adding CID extension" \
3187 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003188 -c "Use of CID extension negotiated" \
3189 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003190 -c "Copy CIDs into SSL transform" \
3191 -c "Peer CID (length 2 Bytes): de ad" \
3192 -s "Peer CID (length 2 Bytes): be ef" \
3193 -s "Use of Connection ID has been negotiated" \
3194 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003195
Hanno Beckera0e20d02019-05-15 14:03:01 +01003196requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003197run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003198 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
3199 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
3200 0 \
3201 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003202 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003203 -c "client hello, adding CID extension" \
3204 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003205 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003206 -s "server hello, adding CID extension" \
3207 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003208 -c "Use of CID extension negotiated" \
3209 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003210 -c "Copy CIDs into SSL transform" \
3211 -c "Peer CID (length 4 Bytes): de ad be ef" \
3212 -s "Peer CID (length 0 Bytes):" \
3213 -s "Use of Connection ID has been negotiated" \
3214 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003215
Hanno Beckera0e20d02019-05-15 14:03:01 +01003216requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003217run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003218 "$P_SRV debug_level=3 dtls=1 cid=1" \
3219 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
3220 0 \
3221 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003222 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003223 -c "client hello, adding CID extension" \
3224 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003225 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003226 -s "server hello, adding CID extension" \
3227 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003228 -c "Use of CID extension negotiated" \
3229 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003230 -c "Copy CIDs into SSL transform" \
3231 -s "Peer CID (length 4 Bytes): de ad be ef" \
3232 -c "Peer CID (length 0 Bytes):" \
3233 -s "Use of Connection ID has been negotiated" \
3234 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003235
Hanno Beckera0e20d02019-05-15 14:03:01 +01003236requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003237run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003238 "$P_SRV debug_level=3 dtls=1 cid=1" \
3239 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
3240 0 \
3241 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003242 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003243 -c "client hello, adding CID extension" \
3244 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003245 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003246 -s "server hello, adding CID extension" \
3247 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003248 -c "Use of CID extension negotiated" \
3249 -s "Copy CIDs into SSL transform" \
Hanno Beckerfcffdcc2019-04-26 17:19:46 +01003250 -c "Copy CIDs into SSL transform" \
3251 -S "Use of Connection ID has been negotiated" \
3252 -C "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003253
Hanno Beckera0e20d02019-05-15 14:03:01 +01003254requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003255run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003256 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \
3257 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
3258 0 \
3259 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003260 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003261 -c "client hello, adding CID extension" \
3262 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003263 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003264 -s "server hello, adding CID extension" \
3265 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003266 -c "Use of CID extension negotiated" \
3267 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003268 -c "Copy CIDs into SSL transform" \
3269 -c "Peer CID (length 2 Bytes): de ad" \
3270 -s "Peer CID (length 2 Bytes): be ef" \
3271 -s "Use of Connection ID has been negotiated" \
3272 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003273
Hanno Beckera0e20d02019-05-15 14:03:01 +01003274requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003275run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003276 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \
3277 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
3278 0 \
3279 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003280 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003281 -c "client hello, adding CID extension" \
3282 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003283 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003284 -s "server hello, adding CID extension" \
3285 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003286 -c "Use of CID extension negotiated" \
3287 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003288 -c "Copy CIDs into SSL transform" \
3289 -c "Peer CID (length 4 Bytes): de ad be ef" \
3290 -s "Peer CID (length 0 Bytes):" \
3291 -s "Use of Connection ID has been negotiated" \
3292 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003293
Hanno Beckera0e20d02019-05-15 14:03:01 +01003294requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003295run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003296 "$P_SRV debug_level=3 dtls=1 cid=1" \
3297 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
3298 0 \
3299 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003300 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003301 -c "client hello, adding CID extension" \
3302 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003303 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003304 -s "server hello, adding CID extension" \
3305 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003306 -c "Use of CID extension negotiated" \
3307 -s "Copy CIDs into SSL transform" \
Hanno Becker2749a672019-05-03 17:04:23 +01003308 -c "Copy CIDs into SSL transform" \
3309 -s "Peer CID (length 4 Bytes): de ad be ef" \
3310 -c "Peer CID (length 0 Bytes):" \
3311 -s "Use of Connection ID has been negotiated" \
3312 -c "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003313
Hanno Beckera0e20d02019-05-15 14:03:01 +01003314requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003315run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003316 "$P_SRV debug_level=3 dtls=1 cid=1" \
3317 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
3318 0 \
3319 -c "Enable use of CID extension." \
Hanno Becker6b78c832019-04-25 17:01:43 +01003320 -s "Enable use of CID extension." \
Hanno Becker7dee2c62019-04-26 14:17:56 +01003321 -c "client hello, adding CID extension" \
3322 -s "found CID extension" \
Hanno Becker4bc9e9d2019-04-26 16:00:29 +01003323 -s "Use of CID extension negotiated" \
Hanno Beckera6a4c762019-04-26 16:13:31 +01003324 -s "server hello, adding CID extension" \
3325 -c "found CID extension" \
Hanno Becker9ecb6c62019-04-26 16:23:52 +01003326 -c "Use of CID extension negotiated" \
3327 -s "Copy CIDs into SSL transform" \
Hanno Beckerfcffdcc2019-04-26 17:19:46 +01003328 -c "Copy CIDs into SSL transform" \
3329 -S "Use of Connection ID has been negotiated" \
3330 -C "Use of Connection ID has been negotiated"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003331
Jerry Yuab082902021-12-23 18:02:22 +08003332requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003333requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker9bae30d2019-04-23 11:52:44 +01003334requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003335run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \
Hanno Beckerf157a972019-04-25 16:05:45 +01003336 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
3337 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
3338 0 \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003339 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3340 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3341 -s "(initial handshake) Use of Connection ID has been negotiated" \
3342 -c "(initial handshake) Use of Connection ID has been negotiated" \
3343 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3344 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3345 -s "(after renegotiation) Use of Connection ID has been negotiated" \
3346 -c "(after renegotiation) Use of Connection ID has been negotiated"
3347
Jerry Yuab082902021-12-23 18:02:22 +08003348requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003349requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003350requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003351run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003352 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
3353 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
3354 0 \
3355 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3356 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3357 -s "(initial handshake) Use of Connection ID has been negotiated" \
3358 -c "(initial handshake) Use of Connection ID has been negotiated" \
3359 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3360 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3361 -s "(after renegotiation) Use of Connection ID has been negotiated" \
3362 -c "(after renegotiation) Use of Connection ID has been negotiated"
3363
Jerry Yuab082902021-12-23 18:02:22 +08003364requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003365requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003366requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Beckerc2045b02019-05-08 16:20:46 +01003367run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \
3368 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \
3369 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
3370 0 \
3371 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3372 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3373 -s "(initial handshake) Use of Connection ID has been negotiated" \
3374 -c "(initial handshake) Use of Connection ID has been negotiated" \
3375 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3376 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3377 -s "(after renegotiation) Use of Connection ID has been negotiated" \
3378 -c "(after renegotiation) Use of Connection ID has been negotiated"
3379
Jerry Yuab082902021-12-23 18:02:22 +08003380requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003381requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerc2045b02019-05-08 16:20:46 +01003382requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003383run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003384 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003385 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
3386 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
3387 0 \
3388 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3389 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3390 -s "(initial handshake) Use of Connection ID has been negotiated" \
3391 -c "(initial handshake) Use of Connection ID has been negotiated" \
3392 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3393 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3394 -s "(after renegotiation) Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003395 -c "(after renegotiation) Use of Connection ID has been negotiated" \
3396 -c "ignoring unexpected CID" \
3397 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003398
Jerry Yuab082902021-12-23 18:02:22 +08003399requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003400requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003401requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3402run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003403 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
3404 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
3405 0 \
3406 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3407 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3408 -s "(initial handshake) Use of Connection ID has been negotiated" \
3409 -c "(initial handshake) Use of Connection ID has been negotiated" \
3410 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3411 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3412 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3413 -S "(after renegotiation) Use of Connection ID has been negotiated"
3414
Jerry Yuab082902021-12-23 18:02:22 +08003415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003416requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003417requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Beckerc2045b02019-05-08 16:20:46 +01003418run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \
3419 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
3420 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
3421 0 \
3422 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3423 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3424 -s "(initial handshake) Use of Connection ID has been negotiated" \
3425 -c "(initial handshake) Use of Connection ID has been negotiated" \
3426 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3427 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3428 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3429 -S "(after renegotiation) Use of Connection ID has been negotiated"
3430
Jerry Yuab082902021-12-23 18:02:22 +08003431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003432requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerc2045b02019-05-08 16:20:46 +01003433requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003434run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003435 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003436 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
3437 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
3438 0 \
3439 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3440 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3441 -s "(initial handshake) Use of Connection ID has been negotiated" \
3442 -c "(initial handshake) Use of Connection ID has been negotiated" \
3443 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3444 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3445 -C "(after renegotiation) Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003446 -S "(after renegotiation) Use of Connection ID has been negotiated" \
3447 -c "ignoring unexpected CID" \
3448 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003449
Jerry Yuab082902021-12-23 18:02:22 +08003450requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003451requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003452requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3453run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003454 "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
3455 "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
3456 0 \
3457 -S "(initial handshake) Use of Connection ID has been negotiated" \
3458 -C "(initial handshake) Use of Connection ID has been negotiated" \
3459 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3460 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3461 -c "(after renegotiation) Use of Connection ID has been negotiated" \
3462 -s "(after renegotiation) Use of Connection ID has been negotiated"
3463
Jerry Yuab082902021-12-23 18:02:22 +08003464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003465requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003466requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Beckerc2045b02019-05-08 16:20:46 +01003467run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \
3468 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
3469 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
3470 0 \
3471 -S "(initial handshake) Use of Connection ID has been negotiated" \
3472 -C "(initial handshake) Use of Connection ID has been negotiated" \
3473 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3474 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3475 -c "(after renegotiation) Use of Connection ID has been negotiated" \
3476 -s "(after renegotiation) Use of Connection ID has been negotiated"
3477
Jerry Yuab082902021-12-23 18:02:22 +08003478requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003479requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerc2045b02019-05-08 16:20:46 +01003480requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003481run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003482 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003483 "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
3484 "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
3485 0 \
3486 -S "(initial handshake) Use of Connection ID has been negotiated" \
3487 -C "(initial handshake) Use of Connection ID has been negotiated" \
3488 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3489 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3490 -c "(after renegotiation) Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003491 -s "(after renegotiation) Use of Connection ID has been negotiated" \
3492 -c "ignoring unexpected CID" \
3493 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003494
Jerry Yuab082902021-12-23 18:02:22 +08003495requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003496requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003497requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3498run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003499 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
3500 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
3501 0 \
3502 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3503 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3504 -s "(initial handshake) Use of Connection ID has been negotiated" \
3505 -c "(initial handshake) Use of Connection ID has been negotiated" \
3506 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3507 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3508 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3509 -S "(after renegotiation) Use of Connection ID has been negotiated" \
3510 -s "(after renegotiation) Use of Connection ID was not offered by client"
3511
Jerry Yuab082902021-12-23 18:02:22 +08003512requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003513requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003514requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Hanno Becker78c91372019-05-08 13:31:15 +01003515run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003516 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Becker78c91372019-05-08 13:31:15 +01003517 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
3518 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
3519 0 \
3520 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3521 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3522 -s "(initial handshake) Use of Connection ID has been negotiated" \
3523 -c "(initial handshake) Use of Connection ID has been negotiated" \
3524 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3525 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3526 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3527 -S "(after renegotiation) Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003528 -s "(after renegotiation) Use of Connection ID was not offered by client" \
3529 -c "ignoring unexpected CID" \
3530 -s "ignoring unexpected CID"
Hanno Becker78c91372019-05-08 13:31:15 +01003531
Jerry Yuab082902021-12-23 18:02:22 +08003532requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003533requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003534requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3535run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \
3536 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
3537 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
3538 0 \
3539 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3540 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3541 -s "(initial handshake) Use of Connection ID has been negotiated" \
3542 -c "(initial handshake) Use of Connection ID has been negotiated" \
3543 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3544 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3545 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3546 -S "(after renegotiation) Use of Connection ID has been negotiated" \
3547 -c "(after renegotiation) Use of Connection ID was rejected by the server"
3548
Jerry Yuab082902021-12-23 18:02:22 +08003549requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera0e20d02019-05-15 14:03:01 +01003550requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
Hanno Becker78c91372019-05-08 13:31:15 +01003551requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
3552run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003553 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \
Hanno Beckerb42ec0d2019-05-03 17:30:59 +01003554 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
3555 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
3556 0 \
3557 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3558 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3559 -s "(initial handshake) Use of Connection ID has been negotiated" \
3560 -c "(initial handshake) Use of Connection ID has been negotiated" \
3561 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
3562 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
3563 -C "(after renegotiation) Use of Connection ID has been negotiated" \
3564 -S "(after renegotiation) Use of Connection ID has been negotiated" \
Hanno Beckerd0ac5fa2019-05-24 10:11:23 +01003565 -c "(after renegotiation) Use of Connection ID was rejected by the server" \
3566 -c "ignoring unexpected CID" \
3567 -s "ignoring unexpected CID"
Hanno Becker7cf463e2019-04-09 18:08:47 +01003568
Yuto Takano3fa16732021-07-09 11:21:43 +01003569# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the
Yuto Takano9c09d552021-07-08 16:03:44 +01003570# tests check that the buffer contents are reallocated when the message is
3571# larger than the buffer.
Andrzej Kurekb6577832020-06-08 07:08:03 -04003572requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
3573requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Yuto Takano9c09d552021-07-08 16:03:44 +01003574requires_max_content_len 513
Andrzej Kurekb6577832020-06-08 07:08:03 -04003575run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \
3576 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
3577 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \
3578 0 \
3579 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3580 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3581 -s "(initial handshake) Use of Connection ID has been negotiated" \
3582 -c "(initial handshake) Use of Connection ID has been negotiated" \
3583 -s "Reallocating in_buf" \
3584 -s "Reallocating out_buf"
3585
3586requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
3587requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
Yuto Takano9c09d552021-07-08 16:03:44 +01003588requires_max_content_len 1025
Andrzej Kurekb6577832020-06-08 07:08:03 -04003589run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \
3590 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \
3591 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \
3592 0 \
3593 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
3594 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
3595 -s "(initial handshake) Use of Connection ID has been negotiated" \
3596 -c "(initial handshake) Use of Connection ID has been negotiated" \
3597 -s "Reallocating in_buf" \
3598 -s "Reallocating out_buf"
3599
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01003600# Tests for Encrypt-then-MAC extension
3601
3602run_test "Encrypt then MAC: default" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +01003603 "$P_SRV debug_level=3 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01003604 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01003605 "$P_CLI debug_level=3" \
3606 0 \
3607 -c "client hello, adding encrypt_then_mac extension" \
3608 -s "found encrypt then mac extension" \
3609 -s "server hello, adding encrypt then mac extension" \
3610 -c "found encrypt_then_mac extension" \
3611 -c "using encrypt then mac" \
3612 -s "using encrypt then mac"
3613
3614run_test "Encrypt then MAC: client enabled, server disabled" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +01003615 "$P_SRV debug_level=3 etm=0 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01003616 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01003617 "$P_CLI debug_level=3 etm=1" \
3618 0 \
3619 -c "client hello, adding encrypt_then_mac extension" \
3620 -s "found encrypt then mac extension" \
3621 -S "server hello, adding encrypt then mac extension" \
3622 -C "found encrypt_then_mac extension" \
3623 -C "using encrypt then mac" \
3624 -S "using encrypt then mac"
3625
Manuel Pégourié-Gonnard78e745f2014-11-04 15:44:06 +01003626run_test "Encrypt then MAC: client enabled, aead cipher" \
3627 "$P_SRV debug_level=3 etm=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01003628 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256" \
Manuel Pégourié-Gonnard78e745f2014-11-04 15:44:06 +01003629 "$P_CLI debug_level=3 etm=1" \
3630 0 \
3631 -c "client hello, adding encrypt_then_mac extension" \
3632 -s "found encrypt then mac extension" \
3633 -S "server hello, adding encrypt then mac extension" \
3634 -C "found encrypt_then_mac extension" \
3635 -C "using encrypt then mac" \
3636 -S "using encrypt then mac"
3637
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01003638run_test "Encrypt then MAC: client disabled, server enabled" \
Manuel Pégourié-Gonnard0098e7d2014-10-28 13:08:59 +01003639 "$P_SRV debug_level=3 etm=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01003640 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard699cafa2014-10-27 13:57:03 +01003641 "$P_CLI debug_level=3 etm=0" \
3642 0 \
3643 -C "client hello, adding encrypt_then_mac extension" \
3644 -S "found encrypt then mac extension" \
3645 -S "server hello, adding encrypt then mac extension" \
3646 -C "found encrypt_then_mac extension" \
3647 -C "using encrypt then mac" \
3648 -S "using encrypt then mac"
3649
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003650# Tests for Extended Master Secret extension
3651
Gilles Peskine2fe796f2022-02-25 19:51:52 +01003652requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003653run_test "Extended Master Secret: default" \
3654 "$P_SRV debug_level=3" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003655 "$P_CLI force_version=tls12 debug_level=3" \
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003656 0 \
3657 -c "client hello, adding extended_master_secret extension" \
3658 -s "found extended master secret extension" \
3659 -s "server hello, adding extended master secret extension" \
3660 -c "found extended_master_secret extension" \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02003661 -c "session hash for extended master secret" \
3662 -s "session hash for extended master secret"
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003663
Gilles Peskine2fe796f2022-02-25 19:51:52 +01003664requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003665run_test "Extended Master Secret: client enabled, server disabled" \
3666 "$P_SRV debug_level=3 extended_ms=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003667 "$P_CLI force_version=tls12 debug_level=3 extended_ms=1" \
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003668 0 \
3669 -c "client hello, adding extended_master_secret extension" \
3670 -s "found extended master secret extension" \
3671 -S "server hello, adding extended master secret extension" \
3672 -C "found extended_master_secret extension" \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02003673 -C "session hash for extended master secret" \
3674 -S "session hash for extended master secret"
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003675
Gilles Peskine2fe796f2022-02-25 19:51:52 +01003676requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003677run_test "Extended Master Secret: client disabled, server enabled" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003678 "$P_SRV force_version=tls12 debug_level=3 extended_ms=1" \
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003679 "$P_CLI debug_level=3 extended_ms=0" \
3680 0 \
3681 -C "client hello, adding extended_master_secret extension" \
3682 -S "found extended master secret extension" \
3683 -S "server hello, adding extended master secret extension" \
3684 -C "found extended_master_secret extension" \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02003685 -C "session hash for extended master secret" \
3686 -S "session hash for extended master secret"
Manuel Pégourié-Gonnard367381f2014-10-20 18:40:56 +02003687
Andres Amaya Garcia4c761fa2018-07-10 20:08:04 +01003688# Test sending and receiving empty application data records
3689
3690run_test "Encrypt then MAC: empty application data record" \
3691 "$P_SRV auth_mode=none debug_level=4 etm=1" \
3692 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
3693 0 \
3694 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
3695 -s "dumping 'input payload after decrypt' (0 bytes)" \
3696 -c "0 bytes written in 1 fragments"
3697
Jerry Yuab082902021-12-23 18:02:22 +08003698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9e2c80f2020-03-24 10:53:39 +01003699run_test "Encrypt then MAC: disabled, empty application data record" \
Andres Amaya Garcia4c761fa2018-07-10 20:08:04 +01003700 "$P_SRV auth_mode=none debug_level=4 etm=0" \
3701 "$P_CLI auth_mode=none etm=0 request_size=0" \
3702 0 \
3703 -s "dumping 'input payload after decrypt' (0 bytes)" \
3704 -c "0 bytes written in 1 fragments"
3705
3706run_test "Encrypt then MAC, DTLS: empty application data record" \
3707 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \
3708 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \
3709 0 \
3710 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \
3711 -s "dumping 'input payload after decrypt' (0 bytes)" \
3712 -c "0 bytes written in 1 fragments"
3713
Jerry Yuab082902021-12-23 18:02:22 +08003714requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9e2c80f2020-03-24 10:53:39 +01003715run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \
Andres Amaya Garcia4c761fa2018-07-10 20:08:04 +01003716 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \
3717 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \
3718 0 \
3719 -s "dumping 'input payload after decrypt' (0 bytes)" \
3720 -c "0 bytes written in 1 fragments"
3721
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +01003722# Tests for CBC 1/n-1 record splitting
3723
3724run_test "CBC Record splitting: TLS 1.2, no splitting" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01003725 "$P_SRV force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01003726 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA \
Ronald Cronf3b425b2022-03-17 16:45:09 +01003727 request_size=123" \
Manuel Pégourié-Gonnard3ff78232015-01-08 11:15:09 +01003728 0 \
3729 -s "Read from client: 123 bytes read" \
3730 -S "Read from client: 1 bytes read" \
3731 -S "122 bytes read"
3732
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01003733# Tests for Session Tickets
3734
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003735requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02003736run_test "Session resume using tickets: basic" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02003737 "$P_SRV debug_level=3 tickets=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003738 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01003739 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01003740 -c "client hello, adding session ticket extension" \
3741 -s "found session ticket extension" \
3742 -s "server hello, adding session ticket extension" \
3743 -c "found session_ticket extension" \
3744 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01003745 -S "session successfully restored from cache" \
3746 -s "session successfully restored from ticket" \
3747 -s "a session has been resumed" \
3748 -c "a session has been resumed"
3749
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003750requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Glenn Strausse3282452022-02-03 17:23:24 -05003751run_test "Session resume using tickets: manual rotation" \
3752 "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003753 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Glenn Strausse3282452022-02-03 17:23:24 -05003754 0 \
3755 -c "client hello, adding session ticket extension" \
3756 -s "found session ticket extension" \
3757 -s "server hello, adding session ticket extension" \
3758 -c "found session_ticket extension" \
3759 -c "parse new session ticket" \
3760 -S "session successfully restored from cache" \
3761 -s "session successfully restored from ticket" \
3762 -s "a session has been resumed" \
3763 -c "a session has been resumed"
3764
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003765requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02003766run_test "Session resume using tickets: cache disabled" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02003767 "$P_SRV debug_level=3 tickets=1 cache_max=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003768 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +01003769 0 \
3770 -c "client hello, adding session ticket extension" \
3771 -s "found session ticket extension" \
3772 -s "server hello, adding session ticket extension" \
3773 -c "found session_ticket extension" \
3774 -c "parse new session ticket" \
3775 -S "session successfully restored from cache" \
3776 -s "session successfully restored from ticket" \
3777 -s "a session has been resumed" \
3778 -c "a session has been resumed"
3779
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003780requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02003781run_test "Session resume using tickets: timeout" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02003782 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003783 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +01003784 0 \
3785 -c "client hello, adding session ticket extension" \
3786 -s "found session ticket extension" \
3787 -s "server hello, adding session ticket extension" \
3788 -c "found session_ticket extension" \
3789 -c "parse new session ticket" \
3790 -S "session successfully restored from cache" \
3791 -S "session successfully restored from ticket" \
3792 -S "a session has been resumed" \
3793 -C "a session has been resumed"
3794
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003795requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02003796run_test "Session resume using tickets: session copy" \
3797 "$P_SRV debug_level=3 tickets=1 cache_max=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003798 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02003799 0 \
3800 -c "client hello, adding session ticket extension" \
3801 -s "found session ticket extension" \
3802 -s "server hello, adding session ticket extension" \
3803 -c "found session_ticket extension" \
3804 -c "parse new session ticket" \
3805 -S "session successfully restored from cache" \
3806 -s "session successfully restored from ticket" \
3807 -s "a session has been resumed" \
3808 -c "a session has been resumed"
3809
Jerry Yuab082902021-12-23 18:02:22 +08003810requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003811requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02003812run_test "Session resume using tickets: openssl server" \
Ronald Croncbd7bfd2022-03-31 18:19:56 +02003813 "$O_SRV -tls1_2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02003814 "$P_CLI debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +01003815 0 \
3816 -c "client hello, adding session ticket extension" \
3817 -c "found session_ticket extension" \
3818 -c "parse new session ticket" \
3819 -c "a session has been resumed"
3820
Jerry Yuab082902021-12-23 18:02:22 +08003821requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003822requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02003823run_test "Session resume using tickets: openssl client" \
Gilles Peskine01fde2c2024-04-29 17:44:19 +02003824 "$P_SRV force_version=tls12 debug_level=3 tickets=1" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02003825 "( $O_CLI -sess_out $SESSION; \
3826 $O_CLI -sess_in $SESSION; \
3827 rm -f $SESSION )" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +01003828 0 \
3829 -s "found session ticket extension" \
3830 -s "server hello, adding session ticket extension" \
3831 -S "session successfully restored from cache" \
3832 -s "session successfully restored from ticket" \
3833 -s "a session has been resumed"
3834
Valerio Setti73d05312023-11-09 16:53:59 +01003835requires_cipher_enabled "AES" "GCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003836requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003837run_test "Session resume using tickets: AES-128-GCM" \
3838 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003839 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003840 0 \
3841 -c "client hello, adding session ticket extension" \
3842 -s "found session ticket extension" \
3843 -s "server hello, adding session ticket extension" \
3844 -c "found session_ticket extension" \
3845 -c "parse new session ticket" \
3846 -S "session successfully restored from cache" \
3847 -s "session successfully restored from ticket" \
3848 -s "a session has been resumed" \
3849 -c "a session has been resumed"
3850
Valerio Setti73d05312023-11-09 16:53:59 +01003851requires_cipher_enabled "AES" "GCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003852requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003853run_test "Session resume using tickets: AES-192-GCM" \
3854 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003855 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003856 0 \
3857 -c "client hello, adding session ticket extension" \
3858 -s "found session ticket extension" \
3859 -s "server hello, adding session ticket extension" \
3860 -c "found session_ticket extension" \
3861 -c "parse new session ticket" \
3862 -S "session successfully restored from cache" \
3863 -s "session successfully restored from ticket" \
3864 -s "a session has been resumed" \
3865 -c "a session has been resumed"
3866
Valerio Setti73d05312023-11-09 16:53:59 +01003867requires_cipher_enabled "AES" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003868requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003869run_test "Session resume using tickets: AES-128-CCM" \
3870 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003871 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003872 0 \
3873 -c "client hello, adding session ticket extension" \
3874 -s "found session ticket extension" \
3875 -s "server hello, adding session ticket extension" \
3876 -c "found session_ticket extension" \
3877 -c "parse new session ticket" \
3878 -S "session successfully restored from cache" \
3879 -s "session successfully restored from ticket" \
3880 -s "a session has been resumed" \
3881 -c "a session has been resumed"
3882
Valerio Setti73d05312023-11-09 16:53:59 +01003883requires_cipher_enabled "AES" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003884requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003885run_test "Session resume using tickets: AES-192-CCM" \
3886 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003887 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003888 0 \
3889 -c "client hello, adding session ticket extension" \
3890 -s "found session ticket extension" \
3891 -s "server hello, adding session ticket extension" \
3892 -c "found session_ticket extension" \
3893 -c "parse new session ticket" \
3894 -S "session successfully restored from cache" \
3895 -s "session successfully restored from ticket" \
3896 -s "a session has been resumed" \
3897 -c "a session has been resumed"
3898
Valerio Setti73d05312023-11-09 16:53:59 +01003899requires_cipher_enabled "AES" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003900requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003901run_test "Session resume using tickets: AES-256-CCM" \
3902 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003903 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003904 0 \
3905 -c "client hello, adding session ticket extension" \
3906 -s "found session ticket extension" \
3907 -s "server hello, adding session ticket extension" \
3908 -c "found session_ticket extension" \
3909 -c "parse new session ticket" \
3910 -S "session successfully restored from cache" \
3911 -s "session successfully restored from ticket" \
3912 -s "a session has been resumed" \
3913 -c "a session has been resumed"
3914
Valerio Setti73d05312023-11-09 16:53:59 +01003915requires_cipher_enabled "CAMELLIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003916requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003917run_test "Session resume using tickets: CAMELLIA-128-CCM" \
3918 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003919 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003920 0 \
3921 -c "client hello, adding session ticket extension" \
3922 -s "found session ticket extension" \
3923 -s "server hello, adding session ticket extension" \
3924 -c "found session_ticket extension" \
3925 -c "parse new session ticket" \
3926 -S "session successfully restored from cache" \
3927 -s "session successfully restored from ticket" \
3928 -s "a session has been resumed" \
3929 -c "a session has been resumed"
3930
Valerio Setti73d05312023-11-09 16:53:59 +01003931requires_cipher_enabled "CAMELLIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003932requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003933run_test "Session resume using tickets: CAMELLIA-192-CCM" \
3934 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003935 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003936 0 \
3937 -c "client hello, adding session ticket extension" \
3938 -s "found session ticket extension" \
3939 -s "server hello, adding session ticket extension" \
3940 -c "found session_ticket extension" \
3941 -c "parse new session ticket" \
3942 -S "session successfully restored from cache" \
3943 -s "session successfully restored from ticket" \
3944 -s "a session has been resumed" \
3945 -c "a session has been resumed"
3946
Valerio Setti73d05312023-11-09 16:53:59 +01003947requires_cipher_enabled "CAMELLIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003948requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003949run_test "Session resume using tickets: CAMELLIA-256-CCM" \
3950 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003951 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003952 0 \
3953 -c "client hello, adding session ticket extension" \
3954 -s "found session ticket extension" \
3955 -s "server hello, adding session ticket extension" \
3956 -c "found session_ticket extension" \
3957 -c "parse new session ticket" \
3958 -S "session successfully restored from cache" \
3959 -s "session successfully restored from ticket" \
3960 -s "a session has been resumed" \
3961 -c "a session has been resumed"
3962
Valerio Setti04c85e12023-11-13 10:54:05 +01003963requires_cipher_enabled "ARIA" "GCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003964requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003965run_test "Session resume using tickets: ARIA-128-GCM" \
3966 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003967 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003968 0 \
3969 -c "client hello, adding session ticket extension" \
3970 -s "found session ticket extension" \
3971 -s "server hello, adding session ticket extension" \
3972 -c "found session_ticket extension" \
3973 -c "parse new session ticket" \
3974 -S "session successfully restored from cache" \
3975 -s "session successfully restored from ticket" \
3976 -s "a session has been resumed" \
3977 -c "a session has been resumed"
3978
Valerio Setti04c85e12023-11-13 10:54:05 +01003979requires_cipher_enabled "ARIA" "GCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003980requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003981run_test "Session resume using tickets: ARIA-192-GCM" \
3982 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003983 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003984 0 \
3985 -c "client hello, adding session ticket extension" \
3986 -s "found session ticket extension" \
3987 -s "server hello, adding session ticket extension" \
3988 -c "found session_ticket extension" \
3989 -c "parse new session ticket" \
3990 -S "session successfully restored from cache" \
3991 -s "session successfully restored from ticket" \
3992 -s "a session has been resumed" \
3993 -c "a session has been resumed"
3994
Valerio Setti04c85e12023-11-13 10:54:05 +01003995requires_cipher_enabled "ARIA" "GCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02003996requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01003997run_test "Session resume using tickets: ARIA-256-GCM" \
3998 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01003999 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004000 0 \
4001 -c "client hello, adding session ticket extension" \
4002 -s "found session ticket extension" \
4003 -s "server hello, adding session ticket extension" \
4004 -c "found session_ticket extension" \
4005 -c "parse new session ticket" \
4006 -S "session successfully restored from cache" \
4007 -s "session successfully restored from ticket" \
4008 -s "a session has been resumed" \
4009 -c "a session has been resumed"
4010
Valerio Setti73d05312023-11-09 16:53:59 +01004011requires_cipher_enabled "ARIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004012requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004013run_test "Session resume using tickets: ARIA-128-CCM" \
4014 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004015 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004016 0 \
4017 -c "client hello, adding session ticket extension" \
4018 -s "found session ticket extension" \
4019 -s "server hello, adding session ticket extension" \
4020 -c "found session_ticket extension" \
4021 -c "parse new session ticket" \
4022 -S "session successfully restored from cache" \
4023 -s "session successfully restored from ticket" \
4024 -s "a session has been resumed" \
4025 -c "a session has been resumed"
4026
Valerio Setti73d05312023-11-09 16:53:59 +01004027requires_cipher_enabled "ARIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004028requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004029run_test "Session resume using tickets: ARIA-192-CCM" \
4030 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004031 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004032 0 \
4033 -c "client hello, adding session ticket extension" \
4034 -s "found session ticket extension" \
4035 -s "server hello, adding session ticket extension" \
4036 -c "found session_ticket extension" \
4037 -c "parse new session ticket" \
4038 -S "session successfully restored from cache" \
4039 -s "session successfully restored from ticket" \
4040 -s "a session has been resumed" \
4041 -c "a session has been resumed"
4042
Valerio Setti73d05312023-11-09 16:53:59 +01004043requires_cipher_enabled "ARIA" "CCM"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004044requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004045run_test "Session resume using tickets: ARIA-256-CCM" \
4046 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004047 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei6e5aae62022-01-12 16:29:58 +01004048 0 \
4049 -c "client hello, adding session ticket extension" \
4050 -s "found session ticket extension" \
4051 -s "server hello, adding session ticket extension" \
4052 -c "found session_ticket extension" \
4053 -c "parse new session ticket" \
4054 -S "session successfully restored from cache" \
4055 -s "session successfully restored from ticket" \
4056 -s "a session has been resumed" \
4057 -c "a session has been resumed"
4058
Valerio Setti73d05312023-11-09 16:53:59 +01004059requires_cipher_enabled "CHACHA20"
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004060requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Gabor Mezei49c8eb32022-03-10 16:13:17 +01004061run_test "Session resume using tickets: CHACHA20-POLY1305" \
4062 "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004063 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Gabor Mezei49c8eb32022-03-10 16:13:17 +01004064 0 \
4065 -c "client hello, adding session ticket extension" \
4066 -s "found session ticket extension" \
4067 -s "server hello, adding session ticket extension" \
4068 -c "found session_ticket extension" \
4069 -c "parse new session ticket" \
4070 -S "session successfully restored from cache" \
4071 -s "session successfully restored from ticket" \
4072 -s "a session has been resumed" \
4073 -c "a session has been resumed"
4074
Hanno Becker1d739932018-08-21 13:55:22 +01004075# Tests for Session Tickets with DTLS
4076
Jerry Yuab082902021-12-23 18:02:22 +08004077requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004078requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker1d739932018-08-21 13:55:22 +01004079run_test "Session resume using tickets, DTLS: basic" \
4080 "$P_SRV debug_level=3 dtls=1 tickets=1" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004081 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004082 0 \
4083 -c "client hello, adding session ticket extension" \
4084 -s "found session ticket extension" \
4085 -s "server hello, adding session ticket extension" \
4086 -c "found session_ticket extension" \
4087 -c "parse new session ticket" \
4088 -S "session successfully restored from cache" \
4089 -s "session successfully restored from ticket" \
4090 -s "a session has been resumed" \
4091 -c "a session has been resumed"
4092
Jerry Yuab082902021-12-23 18:02:22 +08004093requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004094requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker1d739932018-08-21 13:55:22 +01004095run_test "Session resume using tickets, DTLS: cache disabled" \
4096 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004097 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004098 0 \
4099 -c "client hello, adding session ticket extension" \
4100 -s "found session ticket extension" \
4101 -s "server hello, adding session ticket extension" \
4102 -c "found session_ticket extension" \
4103 -c "parse new session ticket" \
4104 -S "session successfully restored from cache" \
4105 -s "session successfully restored from ticket" \
4106 -s "a session has been resumed" \
4107 -c "a session has been resumed"
4108
Jerry Yuab082902021-12-23 18:02:22 +08004109requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004110requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker1d739932018-08-21 13:55:22 +01004111run_test "Session resume using tickets, DTLS: timeout" \
4112 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \
Jerry Yua15af372022-12-05 15:55:24 +08004113 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \
Hanno Becker1d739932018-08-21 13:55:22 +01004114 0 \
4115 -c "client hello, adding session ticket extension" \
4116 -s "found session ticket extension" \
4117 -s "server hello, adding session ticket extension" \
4118 -c "found session_ticket extension" \
4119 -c "parse new session ticket" \
4120 -S "session successfully restored from cache" \
4121 -S "session successfully restored from ticket" \
4122 -S "a session has been resumed" \
4123 -C "a session has been resumed"
4124
Jerry Yuab082902021-12-23 18:02:22 +08004125requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004126requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004127run_test "Session resume using tickets, DTLS: session copy" \
4128 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004129 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004130 0 \
4131 -c "client hello, adding session ticket extension" \
4132 -s "found session ticket extension" \
4133 -s "server hello, adding session ticket extension" \
4134 -c "found session_ticket extension" \
4135 -c "parse new session ticket" \
4136 -S "session successfully restored from cache" \
4137 -s "session successfully restored from ticket" \
4138 -s "a session has been resumed" \
4139 -c "a session has been resumed"
4140
Jerry Yuab082902021-12-23 18:02:22 +08004141requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004142requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004143run_test "Session resume using tickets, DTLS: openssl server" \
4144 "$O_SRV -dtls" \
4145 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \
4146 0 \
4147 -c "client hello, adding session ticket extension" \
4148 -c "found session_ticket extension" \
4149 -c "parse new session ticket" \
4150 -c "a session has been resumed"
4151
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004152# For reasons that aren't fully understood, this test randomly fails with high
Paul Elliott09cfa182021-10-13 16:13:44 +01004153# probability with OpenSSL 1.0.2g on the CI, see #5012.
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004154requires_openssl_next
Jerry Yuab082902021-12-23 18:02:22 +08004155requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004156requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004157run_test "Session resume using tickets, DTLS: openssl client" \
4158 "$P_SRV dtls=1 debug_level=3 tickets=1" \
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004159 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \
4160 $O_NEXT_CLI -dtls -sess_in $SESSION; \
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004161 rm -f $SESSION )" \
4162 0 \
4163 -s "found session ticket extension" \
4164 -s "server hello, adding session ticket extension" \
4165 -S "session successfully restored from cache" \
4166 -s "session successfully restored from ticket" \
4167 -s "a session has been resumed"
4168
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004169# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01004170
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004171requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004172requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004173run_test "Session resume using cache: tickets enabled on client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004174 "$P_SRV debug_level=3 tickets=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004175 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01004176 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004177 -c "client hello, adding session ticket extension" \
4178 -s "found session ticket extension" \
4179 -S "server hello, adding session ticket extension" \
4180 -C "found session_ticket extension" \
4181 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01004182 -s "session successfully restored from cache" \
4183 -S "session successfully restored from ticket" \
4184 -s "a session has been resumed" \
4185 -c "a session has been resumed"
4186
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004187requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004188requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004189run_test "Session resume using cache: tickets enabled on server" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004190 "$P_SRV debug_level=3 tickets=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004191 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01004192 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004193 -C "client hello, adding session ticket extension" \
4194 -S "found session ticket extension" \
4195 -S "server hello, adding session ticket extension" \
4196 -C "found session_ticket extension" \
4197 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +01004198 -s "session successfully restored from cache" \
4199 -S "session successfully restored from ticket" \
4200 -s "a session has been resumed" \
4201 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004202
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004203requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004204run_test "Session resume using cache: cache_max=0" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004205 "$P_SRV debug_level=3 tickets=0 cache_max=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004206 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +01004207 0 \
4208 -S "session successfully restored from cache" \
4209 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004210 -S "a session has been resumed" \
4211 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +01004212
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004213requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004214run_test "Session resume using cache: cache_max=1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004215 "$P_SRV debug_level=3 tickets=0 cache_max=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004216 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004217 0 \
4218 -s "session successfully restored from cache" \
4219 -S "session successfully restored from ticket" \
4220 -s "a session has been resumed" \
4221 -c "a session has been resumed"
4222
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004223requires_config_enabled MBEDTLS_SSL_CACHE_C
Pengyu Lv62ed1aa2023-03-07 14:52:47 +08004224run_test "Session resume using cache: cache removed" \
4225 "$P_SRV debug_level=3 tickets=0 cache_remove=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004226 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \
Pengyu Lv62ed1aa2023-03-07 14:52:47 +08004227 0 \
4228 -C "client hello, adding session ticket extension" \
4229 -S "found session ticket extension" \
4230 -S "server hello, adding session ticket extension" \
4231 -C "found session_ticket extension" \
4232 -C "parse new session ticket" \
4233 -S "session successfully restored from cache" \
4234 -S "session successfully restored from ticket" \
4235 -S "a session has been resumed" \
4236 -C "a session has been resumed"
4237
4238requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
4239requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard6df31962015-05-04 10:55:47 +02004240run_test "Session resume using cache: timeout > delay" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004241 "$P_SRV debug_level=3 tickets=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004242 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004243 0 \
4244 -s "session successfully restored from cache" \
4245 -S "session successfully restored from ticket" \
4246 -s "a session has been resumed" \
4247 -c "a session has been resumed"
4248
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004249requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004250run_test "Session resume using cache: timeout < delay" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004251 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004252 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +01004253 0 \
4254 -S "session successfully restored from cache" \
4255 -S "session successfully restored from ticket" \
4256 -S "a session has been resumed" \
4257 -C "a session has been resumed"
4258
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004259requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004260run_test "Session resume using cache: no timeout" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004261 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004262 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +01004263 0 \
4264 -s "session successfully restored from cache" \
4265 -S "session successfully restored from ticket" \
4266 -s "a session has been resumed" \
4267 -c "a session has been resumed"
4268
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004269requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004270run_test "Session resume using cache: session copy" \
4271 "$P_SRV debug_level=3 tickets=0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004272 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004273 0 \
4274 -s "session successfully restored from cache" \
4275 -S "session successfully restored from ticket" \
4276 -s "a session has been resumed" \
4277 -c "a session has been resumed"
4278
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004279requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004280requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004281run_test "Session resume using cache: openssl client" \
Ronald Cronf95d1692023-03-14 17:19:42 +01004282 "$P_SRV force_version=tls12 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +02004283 "( $O_CLI -sess_out $SESSION; \
4284 $O_CLI -sess_in $SESSION; \
4285 rm -f $SESSION )" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +01004286 0 \
4287 -s "found session ticket extension" \
4288 -S "server hello, adding session ticket extension" \
4289 -s "session successfully restored from cache" \
4290 -S "session successfully restored from ticket" \
4291 -s "a session has been resumed"
4292
Jerry Yuab082902021-12-23 18:02:22 +08004293requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004294requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004295run_test "Session resume using cache: openssl server" \
Ronald Croncbd7bfd2022-03-31 18:19:56 +02004296 "$O_SRV -tls1_2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004297 "$P_CLI debug_level=3 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +01004298 0 \
4299 -C "found session_ticket extension" \
4300 -C "parse new session ticket" \
4301 -c "a session has been resumed"
4302
Andrzej Kurek7cf87252022-06-14 07:12:33 -04004303# Tests for Session resume and extensions
4304
4305requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
4306requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
4307run_test "Session resume and connection ID" \
4308 "$P_SRV debug_level=3 cid=1 cid_val=dead dtls=1 tickets=0" \
4309 "$P_CLI debug_level=3 cid=1 cid_val=beef dtls=1 tickets=0 reconnect=1" \
4310 0 \
4311 -c "Enable use of CID extension." \
4312 -s "Enable use of CID extension." \
4313 -c "client hello, adding CID extension" \
4314 -s "found CID extension" \
4315 -s "Use of CID extension negotiated" \
4316 -s "server hello, adding CID extension" \
4317 -c "found CID extension" \
4318 -c "Use of CID extension negotiated" \
4319 -s "Copy CIDs into SSL transform" \
4320 -c "Copy CIDs into SSL transform" \
4321 -c "Peer CID (length 2 Bytes): de ad" \
4322 -s "Peer CID (length 2 Bytes): be ef" \
4323 -s "Use of Connection ID has been negotiated" \
4324 -c "Use of Connection ID has been negotiated"
4325
Hanno Becker1d739932018-08-21 13:55:22 +01004326# Tests for Session Resume based on session-ID and cache, DTLS
4327
Jerry Yuab082902021-12-23 18:02:22 +08004328requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004329requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004330requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker1d739932018-08-21 13:55:22 +01004331run_test "Session resume using cache, DTLS: tickets enabled on client" \
4332 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004333 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004334 0 \
4335 -c "client hello, adding session ticket extension" \
4336 -s "found session ticket extension" \
4337 -S "server hello, adding session ticket extension" \
4338 -C "found session_ticket extension" \
4339 -C "parse new session ticket" \
4340 -s "session successfully restored from cache" \
4341 -S "session successfully restored from ticket" \
4342 -s "a session has been resumed" \
4343 -c "a session has been resumed"
4344
Jerry Yuab082902021-12-23 18:02:22 +08004345requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004346requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004347requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker1d739932018-08-21 13:55:22 +01004348run_test "Session resume using cache, DTLS: tickets enabled on server" \
4349 "$P_SRV dtls=1 debug_level=3 tickets=1" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004350 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004351 0 \
4352 -C "client hello, adding session ticket extension" \
4353 -S "found session ticket extension" \
4354 -S "server hello, adding session ticket extension" \
4355 -C "found session_ticket extension" \
4356 -C "parse new session ticket" \
4357 -s "session successfully restored from cache" \
4358 -S "session successfully restored from ticket" \
4359 -s "a session has been resumed" \
4360 -c "a session has been resumed"
4361
Jerry Yuab082902021-12-23 18:02:22 +08004362requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004363requires_config_enabled MBEDTLS_SSL_CACHE_C
Hanno Becker1d739932018-08-21 13:55:22 +01004364run_test "Session resume using cache, DTLS: cache_max=0" \
4365 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004366 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004367 0 \
4368 -S "session successfully restored from cache" \
4369 -S "session successfully restored from ticket" \
4370 -S "a session has been resumed" \
4371 -C "a session has been resumed"
4372
Jerry Yuab082902021-12-23 18:02:22 +08004373requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004374requires_config_enabled MBEDTLS_SSL_CACHE_C
Hanno Becker1d739932018-08-21 13:55:22 +01004375run_test "Session resume using cache, DTLS: cache_max=1" \
4376 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004377 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Becker1d739932018-08-21 13:55:22 +01004378 0 \
4379 -s "session successfully restored from cache" \
4380 -S "session successfully restored from ticket" \
4381 -s "a session has been resumed" \
4382 -c "a session has been resumed"
4383
Jerry Yuab082902021-12-23 18:02:22 +08004384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004385requires_config_enabled MBEDTLS_SSL_CACHE_C
Hanno Becker1d739932018-08-21 13:55:22 +01004386run_test "Session resume using cache, DTLS: timeout > delay" \
4387 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004388 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \
Hanno Becker1d739932018-08-21 13:55:22 +01004389 0 \
4390 -s "session successfully restored from cache" \
4391 -S "session successfully restored from ticket" \
4392 -s "a session has been resumed" \
4393 -c "a session has been resumed"
4394
Jerry Yuab082902021-12-23 18:02:22 +08004395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004396requires_config_enabled MBEDTLS_SSL_CACHE_C
Hanno Becker1d739932018-08-21 13:55:22 +01004397run_test "Session resume using cache, DTLS: timeout < delay" \
4398 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \
Jerry Yua15af372022-12-05 15:55:24 +08004399 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \
Hanno Becker1d739932018-08-21 13:55:22 +01004400 0 \
4401 -S "session successfully restored from cache" \
4402 -S "session successfully restored from ticket" \
4403 -S "a session has been resumed" \
4404 -C "a session has been resumed"
4405
Jerry Yuab082902021-12-23 18:02:22 +08004406requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004407requires_config_enabled MBEDTLS_SSL_CACHE_C
Hanno Becker1d739932018-08-21 13:55:22 +01004408run_test "Session resume using cache, DTLS: no timeout" \
4409 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \
Jerry Yua15af372022-12-05 15:55:24 +08004410 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \
Hanno Becker1d739932018-08-21 13:55:22 +01004411 0 \
4412 -s "session successfully restored from cache" \
4413 -S "session successfully restored from ticket" \
4414 -s "a session has been resumed" \
4415 -c "a session has been resumed"
4416
Jerry Yuab082902021-12-23 18:02:22 +08004417requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004418requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004419run_test "Session resume using cache, DTLS: session copy" \
4420 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01004421 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \
Manuel Pégourié-Gonnarda7c37652019-05-20 12:46:26 +02004422 0 \
4423 -s "session successfully restored from cache" \
4424 -S "session successfully restored from ticket" \
4425 -s "a session has been resumed" \
4426 -c "a session has been resumed"
4427
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004428# For reasons that aren't fully understood, this test randomly fails with high
Paul Elliott09cfa182021-10-13 16:13:44 +01004429# probability with OpenSSL 1.0.2g on the CI, see #5012.
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004430requires_openssl_next
Jerry Yuab082902021-12-23 18:02:22 +08004431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004432requires_config_enabled MBEDTLS_SSL_CACHE_C
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02004433requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004434run_test "Session resume using cache, DTLS: openssl client" \
4435 "$P_SRV dtls=1 debug_level=3 tickets=0" \
Manuel Pégourié-Gonnardd60950c2021-10-13 13:12:47 +02004436 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \
4437 $O_NEXT_CLI -dtls -sess_in $SESSION; \
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004438 rm -f $SESSION )" \
4439 0 \
4440 -s "found session ticket extension" \
4441 -S "server hello, adding session ticket extension" \
4442 -s "session successfully restored from cache" \
4443 -S "session successfully restored from ticket" \
4444 -s "a session has been resumed"
4445
Jerry Yuab082902021-12-23 18:02:22 +08004446requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskine2fe796f2022-02-25 19:51:52 +01004447requires_config_enabled MBEDTLS_SSL_CACHE_C
TRodziewicz4ca18aa2021-05-20 14:46:20 +02004448run_test "Session resume using cache, DTLS: openssl server" \
4449 "$O_SRV -dtls" \
4450 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \
4451 0 \
4452 -C "found session_ticket extension" \
4453 -C "parse new session ticket" \
4454 -c "a session has been resumed"
4455
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01004456# Tests for Max Fragment Length extension
4457
Hanno Becker4aed27e2017-09-18 15:00:34 +01004458requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc5266962017-09-18 15:01:50 +01004460run_test "Max fragment length: enabled, default" \
Waleed Elmelegy3d46b7f2024-01-01 20:50:53 +00004461 "$P_SRV debug_level=3 force_version=tls12" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004462 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004463 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004464 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4465 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
4466 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4467 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004468 -C "client hello, adding max_fragment_length extension" \
4469 -S "found max fragment length extension" \
4470 -S "server hello, max_fragment_length extension" \
4471 -C "found max_fragment_length extension"
4472
Hanno Becker4aed27e2017-09-18 15:00:34 +01004473requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004474requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc5266962017-09-18 15:01:50 +01004475run_test "Max fragment length: enabled, default, larger message" \
Waleed Elmelegy3d46b7f2024-01-01 20:50:53 +00004476 "$P_SRV debug_level=3 force_version=tls12" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004477 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004478 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004479 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4480 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
4481 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4482 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004483 -C "client hello, adding max_fragment_length extension" \
4484 -S "found max fragment length extension" \
4485 -S "server hello, max_fragment_length extension" \
4486 -C "found max_fragment_length extension" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004487 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
4488 -s "$MAX_CONTENT_LEN bytes read" \
Hanno Becker9cfabe32017-10-18 14:42:01 +01004489 -s "1 bytes read"
Hanno Beckerc5266962017-09-18 15:01:50 +01004490
4491requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004492requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc5266962017-09-18 15:01:50 +01004493run_test "Max fragment length, DTLS: enabled, default, larger message" \
4494 "$P_SRV debug_level=3 dtls=1" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004495 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004496 1 \
Hanno Becker59d36702021-06-08 05:35:29 +01004497 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4498 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
4499 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4500 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004501 -C "client hello, adding max_fragment_length extension" \
4502 -S "found max fragment length extension" \
4503 -S "server hello, max_fragment_length extension" \
4504 -C "found max_fragment_length extension" \
4505 -c "fragment larger than.*maximum "
4506
Angus Grattonc4dd0732018-04-11 16:28:39 +10004507# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled
4508# (session fragment length will be 16384 regardless of mbedtls
4509# content length configuration.)
4510
Hanno Beckerc5266962017-09-18 15:01:50 +01004511requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004512requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc5266962017-09-18 15:01:50 +01004513run_test "Max fragment length: disabled, larger message" \
Waleed Elmelegy3d46b7f2024-01-01 20:50:53 +00004514 "$P_SRV debug_level=3 force_version=tls12" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004515 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004516 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004517 -C "Maximum incoming record payload length is 16384" \
4518 -C "Maximum outgoing record payload length is 16384" \
4519 -S "Maximum incoming record payload length is 16384" \
4520 -S "Maximum outgoing record payload length is 16384" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004521 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \
4522 -s "$MAX_CONTENT_LEN bytes read" \
Hanno Becker9cfabe32017-10-18 14:42:01 +01004523 -s "1 bytes read"
Hanno Beckerc5266962017-09-18 15:01:50 +01004524
4525requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004526requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Yuto Takano0509fea2021-06-21 19:43:33 +01004527run_test "Max fragment length, DTLS: disabled, larger message" \
Waleed Elmelegy3d46b7f2024-01-01 20:50:53 +00004528 "$P_SRV debug_level=3 dtls=1 force_version=tls12" \
Angus Grattonc4dd0732018-04-11 16:28:39 +10004529 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004530 1 \
Hanno Becker59d36702021-06-08 05:35:29 +01004531 -C "Maximum incoming record payload length is 16384" \
4532 -C "Maximum outgoing record payload length is 16384" \
4533 -S "Maximum incoming record payload length is 16384" \
4534 -S "Maximum outgoing record payload length is 16384" \
Hanno Beckerc5266962017-09-18 15:01:50 +01004535 -c "fragment larger than.*maximum "
4536
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004537requires_max_content_len 4096
Hanno Beckerc5266962017-09-18 15:01:50 +01004538requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004539run_test "Max fragment length: used by client" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004540 "$P_SRV debug_level=3" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004541 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004542 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004543 -c "Maximum incoming record payload length is 4096" \
4544 -c "Maximum outgoing record payload length is 4096" \
4545 -s "Maximum incoming record payload length is 4096" \
4546 -s "Maximum outgoing record payload length is 4096" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004547 -c "client hello, adding max_fragment_length extension" \
4548 -s "found max fragment length extension" \
4549 -s "server hello, max_fragment_length extension" \
4550 -c "found max_fragment_length extension"
4551
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004552requires_max_content_len 1024
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004553requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4554run_test "Max fragment length: client 512, server 1024" \
4555 "$P_SRV debug_level=3 max_frag_len=1024" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004556 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004557 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004558 -c "Maximum incoming record payload length is 512" \
4559 -c "Maximum outgoing record payload length is 512" \
4560 -s "Maximum incoming record payload length is 512" \
4561 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004562 -c "client hello, adding max_fragment_length extension" \
4563 -s "found max fragment length extension" \
4564 -s "server hello, max_fragment_length extension" \
4565 -c "found max_fragment_length extension"
4566
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004567requires_max_content_len 2048
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004568requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4569run_test "Max fragment length: client 512, server 2048" \
4570 "$P_SRV debug_level=3 max_frag_len=2048" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004571 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004572 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004573 -c "Maximum incoming record payload length is 512" \
4574 -c "Maximum outgoing record payload length is 512" \
4575 -s "Maximum incoming record payload length is 512" \
4576 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004577 -c "client hello, adding max_fragment_length extension" \
4578 -s "found max fragment length extension" \
4579 -s "server hello, max_fragment_length extension" \
4580 -c "found max_fragment_length extension"
4581
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004582requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004583requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4584run_test "Max fragment length: client 512, server 4096" \
4585 "$P_SRV debug_level=3 max_frag_len=4096" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004586 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004587 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004588 -c "Maximum incoming record payload length is 512" \
4589 -c "Maximum outgoing record payload length is 512" \
4590 -s "Maximum incoming record payload length is 512" \
4591 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004592 -c "client hello, adding max_fragment_length extension" \
4593 -s "found max fragment length extension" \
4594 -s "server hello, max_fragment_length extension" \
4595 -c "found max_fragment_length extension"
4596
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004597requires_max_content_len 1024
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004598requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4599run_test "Max fragment length: client 1024, server 512" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004600 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004601 "$P_CLI debug_level=3 max_frag_len=1024" \
4602 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004603 -c "Maximum incoming record payload length is 1024" \
4604 -c "Maximum outgoing record payload length is 1024" \
4605 -s "Maximum incoming record payload length is 1024" \
4606 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004607 -c "client hello, adding max_fragment_length extension" \
4608 -s "found max fragment length extension" \
4609 -s "server hello, max_fragment_length extension" \
4610 -c "found max_fragment_length extension"
4611
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004612requires_max_content_len 2048
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004613requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4614run_test "Max fragment length: client 1024, server 2048" \
4615 "$P_SRV debug_level=3 max_frag_len=2048" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004616 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004617 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004618 -c "Maximum incoming record payload length is 1024" \
4619 -c "Maximum outgoing record payload length is 1024" \
4620 -s "Maximum incoming record payload length is 1024" \
4621 -s "Maximum outgoing record payload length is 1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004622 -c "client hello, adding max_fragment_length extension" \
4623 -s "found max fragment length extension" \
4624 -s "server hello, max_fragment_length extension" \
4625 -c "found max_fragment_length extension"
4626
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004627requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004628requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4629run_test "Max fragment length: client 1024, server 4096" \
4630 "$P_SRV debug_level=3 max_frag_len=4096" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004631 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004632 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004633 -c "Maximum incoming record payload length is 1024" \
4634 -c "Maximum outgoing record payload length is 1024" \
4635 -s "Maximum incoming record payload length is 1024" \
4636 -s "Maximum outgoing record payload length is 1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004637 -c "client hello, adding max_fragment_length extension" \
4638 -s "found max fragment length extension" \
4639 -s "server hello, max_fragment_length extension" \
4640 -c "found max_fragment_length extension"
4641
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004642requires_max_content_len 2048
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004643requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4644run_test "Max fragment length: client 2048, server 512" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004645 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004646 "$P_CLI debug_level=3 max_frag_len=2048" \
4647 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004648 -c "Maximum incoming record payload length is 2048" \
4649 -c "Maximum outgoing record payload length is 2048" \
4650 -s "Maximum incoming record payload length is 2048" \
4651 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004652 -c "client hello, adding max_fragment_length extension" \
4653 -s "found max fragment length extension" \
4654 -s "server hello, max_fragment_length extension" \
4655 -c "found max_fragment_length extension"
4656
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004657requires_max_content_len 2048
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004658requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4659run_test "Max fragment length: client 2048, server 1024" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004660 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004661 "$P_CLI debug_level=3 max_frag_len=2048" \
4662 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004663 -c "Maximum incoming record payload length is 2048" \
4664 -c "Maximum outgoing record payload length is 2048" \
4665 -s "Maximum incoming record payload length is 2048" \
4666 -s "Maximum outgoing record payload length is 1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004667 -c "client hello, adding max_fragment_length extension" \
4668 -s "found max fragment length extension" \
4669 -s "server hello, max_fragment_length extension" \
4670 -c "found max_fragment_length extension"
4671
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004672requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004673requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4674run_test "Max fragment length: client 2048, server 4096" \
4675 "$P_SRV debug_level=3 max_frag_len=4096" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004676 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004677 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004678 -c "Maximum incoming record payload length is 2048" \
4679 -c "Maximum outgoing record payload length is 2048" \
4680 -s "Maximum incoming record payload length is 2048" \
4681 -s "Maximum outgoing record payload length is 2048" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004682 -c "client hello, adding max_fragment_length extension" \
4683 -s "found max fragment length extension" \
4684 -s "server hello, max_fragment_length extension" \
4685 -c "found max_fragment_length extension"
4686
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004687requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004688requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4689run_test "Max fragment length: client 4096, server 512" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004690 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004691 "$P_CLI debug_level=3 max_frag_len=4096" \
4692 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004693 -c "Maximum incoming record payload length is 4096" \
4694 -c "Maximum outgoing record payload length is 4096" \
4695 -s "Maximum incoming record payload length is 4096" \
4696 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004697 -c "client hello, adding max_fragment_length extension" \
4698 -s "found max fragment length extension" \
4699 -s "server hello, max_fragment_length extension" \
4700 -c "found max_fragment_length extension"
4701
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004702requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004703requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4704run_test "Max fragment length: client 4096, server 1024" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004705 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004706 "$P_CLI debug_level=3 max_frag_len=4096" \
4707 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004708 -c "Maximum incoming record payload length is 4096" \
4709 -c "Maximum outgoing record payload length is 4096" \
4710 -s "Maximum incoming record payload length is 4096" \
4711 -s "Maximum outgoing record payload length is 1024" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004712 -c "client hello, adding max_fragment_length extension" \
4713 -s "found max fragment length extension" \
4714 -s "server hello, max_fragment_length extension" \
4715 -c "found max_fragment_length extension"
4716
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004717requires_max_content_len 4096
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004718requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
4719run_test "Max fragment length: client 4096, server 2048" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004720 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \
Andrzej Kurek90c6e842020-04-03 05:25:29 -04004721 "$P_CLI debug_level=3 max_frag_len=4096" \
4722 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004723 -c "Maximum incoming record payload length is 4096" \
4724 -c "Maximum outgoing record payload length is 4096" \
4725 -s "Maximum incoming record payload length is 4096" \
4726 -s "Maximum outgoing record payload length is 2048" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004727 -c "client hello, adding max_fragment_length extension" \
4728 -s "found max fragment length extension" \
4729 -s "server hello, max_fragment_length extension" \
4730 -c "found max_fragment_length extension"
4731
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004732requires_max_content_len 4096
Hanno Becker4aed27e2017-09-18 15:00:34 +01004733requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004734run_test "Max fragment length: used by server" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004735 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004736 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004737 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004738 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4739 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \
4740 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \
4741 -s "Maximum outgoing record payload length is 4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +01004742 -C "client hello, adding max_fragment_length extension" \
4743 -S "found max fragment length extension" \
4744 -S "server hello, max_fragment_length extension" \
4745 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01004746
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004747requires_max_content_len 4096
Hanno Becker4aed27e2017-09-18 15:00:34 +01004748requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004749requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08004750requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02004751run_test "Max fragment length: gnutls server" \
Ronald Croncbd7bfd2022-03-31 18:19:56 +02004752 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02004753 "$P_CLI debug_level=3 max_frag_len=4096" \
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +02004754 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004755 -c "Maximum incoming record payload length is 4096" \
4756 -c "Maximum outgoing record payload length is 4096" \
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +02004757 -c "client hello, adding max_fragment_length extension" \
4758 -c "found max_fragment_length extension"
4759
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004760requires_max_content_len 2048
Hanno Becker4aed27e2017-09-18 15:00:34 +01004761requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004762run_test "Max fragment length: client, message just fits" \
4763 "$P_SRV debug_level=3" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004764 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004765 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004766 -c "Maximum incoming record payload length is 2048" \
4767 -c "Maximum outgoing record payload length is 2048" \
4768 -s "Maximum incoming record payload length is 2048" \
4769 -s "Maximum outgoing record payload length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004770 -c "client hello, adding max_fragment_length extension" \
4771 -s "found max fragment length extension" \
4772 -s "server hello, max_fragment_length extension" \
4773 -c "found max_fragment_length extension" \
4774 -c "2048 bytes written in 1 fragments" \
4775 -s "2048 bytes read"
4776
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004777requires_max_content_len 2048
Hanno Becker4aed27e2017-09-18 15:00:34 +01004778requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004779run_test "Max fragment length: client, larger message" \
4780 "$P_SRV debug_level=3" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01004781 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004782 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01004783 -c "Maximum incoming record payload length is 2048" \
4784 -c "Maximum outgoing record payload length is 2048" \
4785 -s "Maximum incoming record payload length is 2048" \
4786 -s "Maximum outgoing record payload length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004787 -c "client hello, adding max_fragment_length extension" \
4788 -s "found max fragment length extension" \
4789 -s "server hello, max_fragment_length extension" \
4790 -c "found max_fragment_length extension" \
4791 -c "2345 bytes written in 2 fragments" \
4792 -s "2048 bytes read" \
4793 -s "297 bytes read"
4794
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01004795requires_max_content_len 2048
Hanno Becker4aed27e2017-09-18 15:00:34 +01004796requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Jerry Yuab082902021-12-23 18:02:22 +08004797requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard23eb74d2015-01-21 14:37:13 +00004798run_test "Max fragment length: DTLS client, larger message" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004799 "$P_SRV debug_level=3 dtls=1" \
4800 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \
4801 1 \
Hanno Becker59d36702021-06-08 05:35:29 +01004802 -c "Maximum incoming record payload length is 2048" \
4803 -c "Maximum outgoing record payload length is 2048" \
4804 -s "Maximum incoming record payload length is 2048" \
4805 -s "Maximum outgoing record payload length is 2048" \
Manuel Pégourié-Gonnard37e08e12014-10-13 17:55:52 +02004806 -c "client hello, adding max_fragment_length extension" \
4807 -s "found max fragment length extension" \
4808 -s "server hello, max_fragment_length extension" \
4809 -c "found max_fragment_length extension" \
4810 -c "fragment larger than.*maximum"
4811
Jan Bruckneraa31b192023-02-06 12:54:29 +01004812# Tests for Record Size Limit extension
4813
Jan Bruckneraa31b192023-02-06 12:54:29 +01004814requires_gnutls_tls1_3
4815requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004816requires_config_enabled MBEDTLS_SSL_SRV_C
4817requires_config_enabled MBEDTLS_DEBUG_C
Jan Bruckner151f6422023-02-10 12:45:19 +01004818requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004820run_test "Record Size Limit: TLS 1.3: Server-side parsing and debug output" \
Jan Bruckner151f6422023-02-10 12:45:19 +01004821 "$P_SRV debug_level=3 force_version=tls13" \
Jan Bruckneraa31b192023-02-06 12:54:29 +01004822 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004823 0 \
Jan Bruckner151f6422023-02-10 12:45:19 +01004824 -s "RecordSizeLimit: 16385 Bytes" \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004825 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004826 -s "Maximum outgoing record payload length is 16383" \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004827 -s "bytes written in 1 fragments"
Jan Bruckner151f6422023-02-10 12:45:19 +01004828
4829requires_gnutls_tls1_3
4830requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004831requires_config_enabled MBEDTLS_SSL_CLI_C
4832requires_config_enabled MBEDTLS_DEBUG_C
Jan Bruckner151f6422023-02-10 12:45:19 +01004833requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004834requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004835run_test "Record Size Limit: TLS 1.3: Client-side parsing and debug output" \
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004836 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert -d 4" \
Jan Bruckner151f6422023-02-10 12:45:19 +01004837 "$P_CLI debug_level=4 force_version=tls13" \
Jan Bruckneraa31b192023-02-06 12:54:29 +01004838 0 \
Yanray Wang42017cd2023-11-08 11:15:23 +08004839 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy3a377562024-01-05 18:13:42 +00004840 -c "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy3a377562024-01-05 18:13:42 +00004841 -c "EncryptedExtensions: record_size_limit(28) extension received." \
Yanray Wang42017cd2023-11-08 11:15:23 +08004842 -c "RecordSizeLimit: 16385 Bytes" \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004843
Waleed Elmelegyf5017902024-01-09 14:18:34 +00004844# In the following tests, --recordsize is the value used by the G_NEXT_CLI (3.7.2) to configure the
4845# maximum record size using gnutls_record_set_max_size()
4846# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-size).
4847# There is currently a lower limit of 512, caused by gnutls_record_set_max_size()
4848# not respecting the "%ALLOW_SMALL_RECORDS" priority string and not using the
4849# more recent function gnutls_record_set_max_recv_size()
4850# (https://gnutls.org/reference/gnutls-gnutls.html#gnutls-record-set-max-recv-size).
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004851# There is currently an upper limit of 4096, caused by the cli arg parser:
4852# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/src/cli-args.def#L395.
Waleed Elmelegyf5017902024-01-09 14:18:34 +00004853# Thus, these tests are currently limited to the value range 512-4096.
4854# Also, the value sent in the extension will be one larger than the value
4855# set at the command line:
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004856# https://gitlab.com/gnutls/gnutls/-/blob/3.7.2/lib/ext/record_size_limit.c#L142
Waleed Elmelegy9aec1c72023-12-05 20:08:51 +00004857
4858# Currently test certificates being used do not fit in 513 record size limit
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004859# so for 513 record size limit tests we use preshared key to avoid sending
4860# the certificate.
Waleed Elmelegy9aec1c72023-12-05 20:08:51 +00004861
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004862requires_gnutls_tls1_3
4863requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004864requires_config_enabled MBEDTLS_SSL_SRV_C
4865requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004866requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
4867requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
4868run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 1 fragment" \
4869 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \
4870 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \
4871 response_size=256" \
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004872 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \
4873 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004874 0 \
4875 -s "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004876 -s "ClientHello: record_size_limit(28) extension exists." \
4877 -s "Sent RecordSizeLimit: 16384 Bytes" \
4878 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004879 -s "Maximum outgoing record payload length is 511" \
4880 -s "256 bytes written in 1 fragments"
Waleed Elmelegy9aec1c72023-12-05 20:08:51 +00004881
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004882requires_gnutls_tls1_3
4883requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004884requires_config_enabled MBEDTLS_SSL_SRV_C
4885requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004886requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
4887requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
4888run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 2 fragments" \
4889 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \
4890 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \
4891 response_size=768" \
4892 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \
4893 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
4894 0 \
4895 -s "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004896 -s "ClientHello: record_size_limit(28) extension exists." \
4897 -s "Sent RecordSizeLimit: 16384 Bytes" \
4898 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004899 -s "Maximum outgoing record payload length is 511" \
4900 -s "768 bytes written in 2 fragments"
Waleed Elmelegy9aec1c72023-12-05 20:08:51 +00004901
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004902requires_gnutls_tls1_3
4903requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004904requires_config_enabled MBEDTLS_SSL_SRV_C
4905requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004906requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
4907requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
4908run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (513), 3 fragments" \
4909 "$P_SRV debug_level=3 force_version=tls13 tls13_kex_modes=psk \
4910 psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70 \
4911 response_size=1280" \
4912 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+PSK --recordsize 512 \
4913 --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70" \
4914 0 \
4915 -s "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy9457e672024-01-08 15:40:12 +00004916 -s "ClientHello: record_size_limit(28) extension exists." \
4917 -s "Sent RecordSizeLimit: 16384 Bytes" \
4918 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Waleed Elmelegy87a373e2023-12-28 17:49:36 +00004919 -s "Maximum outgoing record payload length is 511" \
4920 -s "1280 bytes written in 3 fragments"
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004921
4922requires_gnutls_tls1_3
4923requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004924requires_config_enabled MBEDTLS_SSL_SRV_C
4925requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004926requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00004927requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004928run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 1 fragment" \
4929 "$P_SRV debug_level=3 force_version=tls13 response_size=512" \
4930 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
4931 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004932 -s "RecordSizeLimit: 1024 Bytes" \
4933 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy47d29462024-01-03 17:31:52 +00004934 -s "Sent RecordSizeLimit: 16384 Bytes" \
4935 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004936 -s "Maximum outgoing record payload length is 1023" \
4937 -s "512 bytes written in 1 fragments"
4938
4939requires_gnutls_tls1_3
4940requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004941requires_config_enabled MBEDTLS_SSL_SRV_C
4942requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004943requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00004944requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004945run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 2 fragments" \
4946 "$P_SRV debug_level=3 force_version=tls13 response_size=1536" \
4947 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
4948 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004949 -s "RecordSizeLimit: 1024 Bytes" \
4950 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy47d29462024-01-03 17:31:52 +00004951 -s "Sent RecordSizeLimit: 16384 Bytes" \
4952 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004953 -s "Maximum outgoing record payload length is 1023" \
4954 -s "1536 bytes written in 2 fragments"
4955
4956requires_gnutls_tls1_3
4957requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004958requires_config_enabled MBEDTLS_SSL_SRV_C
4959requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004960requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00004961requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004962run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (1024), 3 fragments" \
4963 "$P_SRV debug_level=3 force_version=tls13 response_size=2560" \
4964 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 1023" \
4965 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004966 -s "RecordSizeLimit: 1024 Bytes" \
4967 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy47d29462024-01-03 17:31:52 +00004968 -s "Sent RecordSizeLimit: 16384 Bytes" \
4969 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004970 -s "Maximum outgoing record payload length is 1023" \
4971 -s "2560 bytes written in 3 fragments"
4972
4973requires_gnutls_tls1_3
4974requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004975requires_config_enabled MBEDTLS_SSL_SRV_C
4976requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004977requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00004978requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004979run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 1 fragment" \
4980 "$P_SRV debug_level=3 force_version=tls13 response_size=2048" \
4981 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
4982 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004983 -s "RecordSizeLimit: 4096 Bytes" \
4984 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy47d29462024-01-03 17:31:52 +00004985 -s "Sent RecordSizeLimit: 16384 Bytes" \
4986 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004987 -s "Maximum outgoing record payload length is 4095" \
4988 -s "2048 bytes written in 1 fragments"
4989
4990requires_gnutls_tls1_3
4991requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02004992requires_config_enabled MBEDTLS_SSL_SRV_C
4993requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004994requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00004995requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01004996run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 2 fragments" \
4997 "$P_SRV debug_level=3 force_version=tls13 response_size=6144" \
4998 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
4999 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005000 -s "RecordSizeLimit: 4096 Bytes" \
5001 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy47d29462024-01-03 17:31:52 +00005002 -s "Sent RecordSizeLimit: 16384 Bytes" \
5003 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005004 -s "Maximum outgoing record payload length is 4095" \
5005 -s "6144 bytes written in 2 fragments"
5006
5007requires_gnutls_tls1_3
5008requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005009requires_config_enabled MBEDTLS_SSL_SRV_C
5010requires_config_enabled MBEDTLS_DEBUG_C
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005011requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy60f0f722024-01-04 14:57:31 +00005012requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005013run_test "Record Size Limit: TLS 1.3: Server complies with record size limit (4096), 3 fragments" \
5014 "$P_SRV debug_level=3 force_version=tls13 response_size=10240" \
5015 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4 --recordsize 4095" \
5016 0 \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005017 -s "RecordSizeLimit: 4096 Bytes" \
5018 -s "ClientHello: record_size_limit(28) extension exists." \
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005019 -s "Sent RecordSizeLimit: 16384 Bytes" \
5020 -s "EncryptedExtensions: record_size_limit(28) extension exists." \
Jan Brucknerf482dcc2023-03-15 09:09:06 +01005021 -s "Maximum outgoing record payload length is 4095" \
5022 -s "10240 bytes written in 3 fragments"
Jan Bruckneraa31b192023-02-06 12:54:29 +01005023
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005024requires_gnutls_tls1_3
5025requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005026requires_config_enabled MBEDTLS_SSL_CLI_C
5027requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005028requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5029requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5030run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 1 fragment" \
5031 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
5032 "$P_CLI debug_level=4 force_version=tls13 request_size=256" \
5033 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005034 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005035 -c "ClientHello: record_size_limit(28) extension exists." \
5036 -c "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005037 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5038 -c "Maximum outgoing record payload length is 511" \
5039 -c "256 bytes written in 1 fragments"
5040
5041requires_gnutls_tls1_3
5042requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005043requires_config_enabled MBEDTLS_SSL_CLI_C
5044requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005045requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5046requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5047run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 2 fragments" \
5048 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
5049 "$P_CLI debug_level=4 force_version=tls13 request_size=768" \
5050 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005051 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005052 -c "ClientHello: record_size_limit(28) extension exists." \
5053 -c "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005054 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5055 -c "Maximum outgoing record payload length is 511" \
5056 -c "768 bytes written in 2 fragments"
5057
5058requires_gnutls_tls1_3
5059requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005060requires_config_enabled MBEDTLS_SSL_CLI_C
5061requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005062requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5064run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (513), 3 fragments" \
5065 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --disable-client-cert --recordsize 512" \
5066 "$P_CLI debug_level=4 force_version=tls13 request_size=1280" \
5067 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005068 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005069 -c "ClientHello: record_size_limit(28) extension exists." \
5070 -c "RecordSizeLimit: 513 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005071 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5072 -c "Maximum outgoing record payload length is 511" \
5073 -c "1280 bytes written in 3 fragments"
5074
5075requires_gnutls_tls1_3
5076requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005077requires_config_enabled MBEDTLS_SSL_CLI_C
5078requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005079requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5080requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5081run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 1 fragment" \
5082 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
5083 "$P_CLI debug_level=4 force_version=tls13 request_size=512" \
5084 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005085 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005086 -c "ClientHello: record_size_limit(28) extension exists." \
5087 -c "RecordSizeLimit: 1024 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005088 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5089 -c "Maximum outgoing record payload length is 1023" \
5090 -c "512 bytes written in 1 fragments"
5091
5092requires_gnutls_tls1_3
5093requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005094requires_config_enabled MBEDTLS_SSL_CLI_C
5095requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005096requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5097requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5098run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 2 fragments" \
5099 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
5100 "$P_CLI debug_level=4 force_version=tls13 request_size=1536" \
5101 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005102 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005103 -c "ClientHello: record_size_limit(28) extension exists." \
5104 -c "RecordSizeLimit: 1024 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005105 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5106 -c "Maximum outgoing record payload length is 1023" \
5107 -c "1536 bytes written in 2 fragments"
5108
5109requires_gnutls_tls1_3
5110requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005111requires_config_enabled MBEDTLS_SSL_CLI_C
5112requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005113requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5114requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5115run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (1024), 3 fragments" \
5116 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 1023" \
5117 "$P_CLI debug_level=4 force_version=tls13 request_size=2560" \
5118 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005119 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005120 -c "ClientHello: record_size_limit(28) extension exists." \
5121 -c "RecordSizeLimit: 1024 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005122 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5123 -c "Maximum outgoing record payload length is 1023" \
5124 -c "2560 bytes written in 3 fragments"
5125
5126requires_gnutls_tls1_3
5127requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005128requires_config_enabled MBEDTLS_SSL_CLI_C
5129requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005130requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5131requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5132run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 1 fragment" \
5133 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
5134 "$P_CLI debug_level=4 force_version=tls13 request_size=2048" \
5135 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005136 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005137 -c "ClientHello: record_size_limit(28) extension exists." \
5138 -c "RecordSizeLimit: 4096 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005139 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5140 -c "Maximum outgoing record payload length is 4095" \
5141 -c "2048 bytes written in 1 fragments"
5142
5143requires_gnutls_tls1_3
5144requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005145requires_config_enabled MBEDTLS_SSL_CLI_C
5146requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005147requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5148requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5149run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 2 fragments" \
5150 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
5151 "$P_CLI debug_level=4 force_version=tls13 request_size=6144" \
5152 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005153 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005154 -c "ClientHello: record_size_limit(28) extension exists." \
5155 -c "RecordSizeLimit: 4096 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005156 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5157 -c "Maximum outgoing record payload length is 4095" \
5158 -c "6144 bytes written in 2 fragments"
5159
5160requires_gnutls_tls1_3
5161requires_gnutls_record_size_limit
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005162requires_config_enabled MBEDTLS_SSL_CLI_C
5163requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005164requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
5165requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5166run_test "Record Size Limit: TLS 1.3: Client complies with record size limit (4096), 3 fragments" \
5167 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL -d 4 --recordsize 4095" \
5168 "$P_CLI debug_level=4 force_version=tls13 request_size=10240" \
5169 0 \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005170 -c "Sent RecordSizeLimit: 16384 Bytes" \
Waleed Elmelegy14877602024-01-10 16:15:08 +00005171 -c "ClientHello: record_size_limit(28) extension exists." \
5172 -c "RecordSizeLimit: 4096 Bytes" \
Waleed Elmelegy2fa99b22024-01-09 17:15:03 +00005173 -c "EncryptedExtensions: record_size_limit(28) extension exists." \
5174 -c "Maximum outgoing record payload length is 4095" \
5175 -c "10240 bytes written in 3 fragments"
5176
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005177# TODO: For time being, we send fixed value of RecordSizeLimit defined by
5178# MBEDTLS_SSL_IN_CONTENT_LEN. Once we support variable buffer length of
5179# RecordSizeLimit, we need to modify value of RecordSizeLimit in below test.
Waleed Elmelegy3a377562024-01-05 18:13:42 +00005180requires_config_value_equals "MBEDTLS_SSL_IN_CONTENT_LEN" 16384
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02005181requires_config_enabled MBEDTLS_SSL_CLI_C
5182requires_config_enabled MBEDTLS_SSL_SRV_C
5183requires_config_enabled MBEDTLS_DEBUG_C
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005184requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT
Waleed Elmelegy3a377562024-01-05 18:13:42 +00005185requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
5186run_test "Record Size Limit: TLS 1.3 m->m: both peer comply with record size limit (default)" \
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005187 "$P_SRV debug_level=4 force_version=tls13" \
Waleed Elmelegy3a377562024-01-05 18:13:42 +00005188 "$P_CLI debug_level=4" \
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005189 0 \
Waleed Elmelegy3a377562024-01-05 18:13:42 +00005190 -c "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \
5191 -c "RecordSizeLimit: $MAX_IN_LEN Bytes" \
Waleed Elmelegy3a377562024-01-05 18:13:42 +00005192 -s "RecordSizeLimit: $MAX_IN_LEN Bytes" \
5193 -s "Sent RecordSizeLimit: $MAX_IN_LEN Bytes" \
5194 -s "Maximum outgoing record payload length is 16383" \
Waleed Elmelegy598ea092024-01-03 17:34:03 +00005195 -s "Maximum incoming record payload length is 16384"
5196
Waleed Elmelegyf5017902024-01-09 14:18:34 +00005197# End of Record size limit tests
5198
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005199# Tests for renegotiation
5200
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005201# G_NEXT_SRV is used in renegotiation tests becuase of the increased
5202# extensions limit since we exceed the limit in G_SRV when we send
5203# TLS 1.3 extensions in the initial handshake.
5204
Hanno Becker6a243642017-10-12 15:18:45 +01005205# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005206run_test "Renegotiation: none, for reference" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005207 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005208 "$P_CLI force_version=tls12 debug_level=3 exchanges=2" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005209 0 \
5210 -C "client hello, adding renegotiation extension" \
5211 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5212 -S "found renegotiation extension" \
5213 -s "server hello, secure renegotiation extension" \
5214 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005215 -C "=> renegotiate" \
5216 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005217 -S "write hello request"
5218
Hanno Becker6a243642017-10-12 15:18:45 +01005219requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005220run_test "Renegotiation: client-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005221 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005222 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005223 0 \
5224 -c "client hello, adding renegotiation extension" \
5225 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5226 -s "found renegotiation extension" \
5227 -s "server hello, secure renegotiation extension" \
5228 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005229 -c "=> renegotiate" \
5230 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005231 -S "write hello request"
5232
Hanno Becker6a243642017-10-12 15:18:45 +01005233requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005234run_test "Renegotiation: server-initiated" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005235 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005236 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005237 0 \
5238 -c "client hello, adding renegotiation extension" \
5239 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5240 -s "found renegotiation extension" \
5241 -s "server hello, secure renegotiation extension" \
5242 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005243 -c "=> renegotiate" \
5244 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005245 -s "write hello request"
5246
Janos Follathb0f148c2017-10-05 12:29:42 +01005247# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
5248# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +02005249# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
Hanno Becker6a243642017-10-12 15:18:45 +01005250requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Janos Follathb0f148c2017-10-05 12:29:42 +01005251run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \
5252 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005253 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Janos Follathb0f148c2017-10-05 12:29:42 +01005254 0 \
5255 -c "client hello, adding renegotiation extension" \
5256 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5257 -s "found renegotiation extension" \
5258 -s "server hello, secure renegotiation extension" \
5259 -c "found renegotiation extension" \
5260 -c "=> renegotiate" \
5261 -s "=> renegotiate" \
5262 -S "write hello request" \
5263 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
5264
5265# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that
5266# the server did not parse the Signature Algorithm extension. This test is valid only if an MD
Bence Szépkútibb0cfeb2021-05-28 09:42:25 +02005267# algorithm stronger than SHA-1 is enabled in mbedtls_config.h
Hanno Becker6a243642017-10-12 15:18:45 +01005268requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Janos Follathb0f148c2017-10-05 12:29:42 +01005269run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005270 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
Janos Follathb0f148c2017-10-05 12:29:42 +01005271 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
5272 0 \
5273 -c "client hello, adding renegotiation extension" \
5274 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5275 -s "found renegotiation extension" \
5276 -s "server hello, secure renegotiation extension" \
5277 -c "found renegotiation extension" \
5278 -c "=> renegotiate" \
5279 -s "=> renegotiate" \
5280 -s "write hello request" \
5281 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated?
5282
Hanno Becker6a243642017-10-12 15:18:45 +01005283requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005284run_test "Renegotiation: double" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005285 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005286 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005287 0 \
5288 -c "client hello, adding renegotiation extension" \
5289 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5290 -s "found renegotiation extension" \
5291 -s "server hello, secure renegotiation extension" \
5292 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005293 -c "=> renegotiate" \
5294 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005295 -s "write hello request"
5296
Hanno Becker6a243642017-10-12 15:18:45 +01005297requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Andrzej Kurek8ea68722020-04-03 06:40:47 -04005298requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanob0a1c5b2021-07-02 10:10:49 +01005299requires_max_content_len 2048
Andrzej Kurek8ea68722020-04-03 06:40:47 -04005300run_test "Renegotiation with max fragment length: client 2048, server 512" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005301 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \
Andrzej Kurek8ea68722020-04-03 06:40:47 -04005302 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
5303 0 \
Hanno Becker59d36702021-06-08 05:35:29 +01005304 -c "Maximum incoming record payload length is 2048" \
5305 -c "Maximum outgoing record payload length is 2048" \
5306 -s "Maximum incoming record payload length is 2048" \
5307 -s "Maximum outgoing record payload length is 512" \
Andrzej Kurek8ea68722020-04-03 06:40:47 -04005308 -c "client hello, adding max_fragment_length extension" \
5309 -s "found max fragment length extension" \
5310 -s "server hello, max_fragment_length extension" \
5311 -c "found max_fragment_length extension" \
5312 -c "client hello, adding renegotiation extension" \
5313 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5314 -s "found renegotiation extension" \
5315 -s "server hello, secure renegotiation extension" \
5316 -c "found renegotiation extension" \
5317 -c "=> renegotiate" \
5318 -s "=> renegotiate" \
5319 -s "write hello request"
5320
5321requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005322run_test "Renegotiation: client-initiated, server-rejected" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005323 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005324 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005325 1 \
5326 -c "client hello, adding renegotiation extension" \
5327 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5328 -S "found renegotiation extension" \
5329 -s "server hello, secure renegotiation extension" \
5330 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005331 -c "=> renegotiate" \
5332 -S "=> renegotiate" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005333 -S "write hello request" \
Manuel Pégourié-Gonnard65919622014-08-19 12:50:30 +02005334 -c "SSL - Unexpected message at ServerHello in renegotiation" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005335 -c "failed"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005336
Hanno Becker6a243642017-10-12 15:18:45 +01005337requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005338run_test "Renegotiation: server-initiated, client-rejected, default" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005339 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005340 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005341 0 \
5342 -C "client hello, adding renegotiation extension" \
5343 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5344 -S "found renegotiation extension" \
5345 -s "server hello, secure renegotiation extension" \
5346 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +01005347 -C "=> renegotiate" \
5348 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +01005349 -s "write hello request" \
Manuel Pégourié-Gonnarda9964db2014-07-03 19:29:16 +02005350 -S "SSL - An unexpected message was received from our peer" \
5351 -S "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +01005352
Hanno Becker6a243642017-10-12 15:18:45 +01005353requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005354run_test "Renegotiation: server-initiated, client-rejected, not enforced" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005355 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005356 renego_delay=-1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005357 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005358 0 \
5359 -C "client hello, adding renegotiation extension" \
5360 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5361 -S "found renegotiation extension" \
5362 -s "server hello, secure renegotiation extension" \
5363 -c "found renegotiation extension" \
5364 -C "=> renegotiate" \
5365 -S "=> renegotiate" \
5366 -s "write hello request" \
5367 -S "SSL - An unexpected message was received from our peer" \
5368 -S "failed"
5369
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02005370# delay 2 for 1 alert record + 1 application data record
Hanno Becker6a243642017-10-12 15:18:45 +01005371requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005372run_test "Renegotiation: server-initiated, client-rejected, delay 2" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005373 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005374 renego_delay=2 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005375 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005376 0 \
5377 -C "client hello, adding renegotiation extension" \
5378 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5379 -S "found renegotiation extension" \
5380 -s "server hello, secure renegotiation extension" \
5381 -c "found renegotiation extension" \
5382 -C "=> renegotiate" \
5383 -S "=> renegotiate" \
5384 -s "write hello request" \
5385 -S "SSL - An unexpected message was received from our peer" \
5386 -S "failed"
5387
Hanno Becker6a243642017-10-12 15:18:45 +01005388requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005389run_test "Renegotiation: server-initiated, client-rejected, delay 0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005390 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005391 renego_delay=0 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005392 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005393 0 \
5394 -C "client hello, adding renegotiation extension" \
5395 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5396 -S "found renegotiation extension" \
5397 -s "server hello, secure renegotiation extension" \
5398 -c "found renegotiation extension" \
5399 -C "=> renegotiate" \
5400 -S "=> renegotiate" \
5401 -s "write hello request" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +02005402 -s "SSL - An unexpected message was received from our peer"
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005403
Hanno Becker6a243642017-10-12 15:18:45 +01005404requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005405run_test "Renegotiation: server-initiated, client-accepted, delay 0" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005406 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005407 renego_delay=0 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005408 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +02005409 0 \
5410 -c "client hello, adding renegotiation extension" \
5411 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5412 -s "found renegotiation extension" \
5413 -s "server hello, secure renegotiation extension" \
5414 -c "found renegotiation extension" \
5415 -c "=> renegotiate" \
5416 -s "=> renegotiate" \
5417 -s "write hello request" \
5418 -S "SSL - An unexpected message was received from our peer" \
5419 -S "failed"
5420
Hanno Becker6a243642017-10-12 15:18:45 +01005421requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005422run_test "Renegotiation: periodic, just below period" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005423 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005424 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005425 0 \
5426 -C "client hello, adding renegotiation extension" \
5427 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5428 -S "found renegotiation extension" \
5429 -s "server hello, secure renegotiation extension" \
5430 -c "found renegotiation extension" \
5431 -S "record counter limit reached: renegotiate" \
5432 -C "=> renegotiate" \
5433 -S "=> renegotiate" \
5434 -S "write hello request" \
5435 -S "SSL - An unexpected message was received from our peer" \
5436 -S "failed"
5437
Manuel Pégourié-Gonnard9835bc02015-01-14 14:41:58 +01005438# one extra exchange to be able to complete renego
Hanno Becker6a243642017-10-12 15:18:45 +01005439requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005440run_test "Renegotiation: periodic, just above period" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005441 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard9835bc02015-01-14 14:41:58 +01005442 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005443 0 \
5444 -c "client hello, adding renegotiation extension" \
5445 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5446 -s "found renegotiation extension" \
5447 -s "server hello, secure renegotiation extension" \
5448 -c "found renegotiation extension" \
5449 -s "record counter limit reached: renegotiate" \
5450 -c "=> renegotiate" \
5451 -s "=> renegotiate" \
5452 -s "write hello request" \
5453 -S "SSL - An unexpected message was received from our peer" \
5454 -S "failed"
5455
Hanno Becker6a243642017-10-12 15:18:45 +01005456requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005457run_test "Renegotiation: periodic, two times period" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005458 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005459 "$P_CLI force_version=tls12 debug_level=3 exchanges=7 renegotiation=1" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005460 0 \
5461 -c "client hello, adding renegotiation extension" \
5462 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5463 -s "found renegotiation extension" \
5464 -s "server hello, secure renegotiation extension" \
5465 -c "found renegotiation extension" \
5466 -s "record counter limit reached: renegotiate" \
5467 -c "=> renegotiate" \
5468 -s "=> renegotiate" \
5469 -s "write hello request" \
5470 -S "SSL - An unexpected message was received from our peer" \
5471 -S "failed"
5472
Hanno Becker6a243642017-10-12 15:18:45 +01005473requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005474run_test "Renegotiation: periodic, above period, disabled" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005475 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \
Manuel Pégourié-Gonnard590f4162014-11-05 14:23:03 +01005476 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \
5477 0 \
5478 -C "client hello, adding renegotiation extension" \
5479 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5480 -S "found renegotiation extension" \
5481 -s "server hello, secure renegotiation extension" \
5482 -c "found renegotiation extension" \
5483 -S "record counter limit reached: renegotiate" \
5484 -C "=> renegotiate" \
5485 -S "=> renegotiate" \
5486 -S "write hello request" \
5487 -S "SSL - An unexpected message was received from our peer" \
5488 -S "failed"
5489
Hanno Becker6a243642017-10-12 15:18:45 +01005490requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005491run_test "Renegotiation: nbio, client-initiated" \
Manuel Pégourié-Gonnardfa44f202015-03-27 17:52:25 +01005492 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005493 "$P_CLI force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +02005494 0 \
5495 -c "client hello, adding renegotiation extension" \
5496 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5497 -s "found renegotiation extension" \
5498 -s "server hello, secure renegotiation extension" \
5499 -c "found renegotiation extension" \
5500 -c "=> renegotiate" \
5501 -s "=> renegotiate" \
5502 -S "write hello request"
5503
Hanno Becker6a243642017-10-12 15:18:45 +01005504requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005505run_test "Renegotiation: nbio, server-initiated" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005506 "$P_SRV force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005507 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +02005508 0 \
5509 -c "client hello, adding renegotiation extension" \
5510 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5511 -s "found renegotiation extension" \
5512 -s "server hello, secure renegotiation extension" \
5513 -c "found renegotiation extension" \
5514 -c "=> renegotiate" \
5515 -s "=> renegotiate" \
5516 -s "write hello request"
5517
Hanno Becker6a243642017-10-12 15:18:45 +01005518requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005519requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005520run_test "Renegotiation: openssl server, client-initiated" \
Gilles Peskine56ee69d2024-09-06 13:52:14 +02005521 "$O_SRV -www $OPENSSL_S_SERVER_CLIENT_RENEGOTIATION -tls1_2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005522 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +02005523 0 \
5524 -c "client hello, adding renegotiation extension" \
5525 -c "found renegotiation extension" \
5526 -c "=> renegotiate" \
Wenxing Houb4d03cc2024-06-19 11:04:13 +08005527 -C "ssl_handshake() returned" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +02005528 -C "error" \
5529 -c "HTTP/1.0 200 [Oo][Kk]"
5530
Paul Bakker539d9722015-02-08 16:18:35 +01005531requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +01005532requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005533requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005534run_test "Renegotiation: gnutls server strict, client-initiated" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005535 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02005536 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +02005537 0 \
5538 -c "client hello, adding renegotiation extension" \
5539 -c "found renegotiation extension" \
5540 -c "=> renegotiate" \
Wenxing Houb4d03cc2024-06-19 11:04:13 +08005541 -C "ssl_handshake() returned" \
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +02005542 -C "error" \
5543 -c "HTTP/1.0 200 [Oo][Kk]"
5544
Paul Bakker539d9722015-02-08 16:18:35 +01005545requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +01005546requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005548run_test "Renegotiation: gnutls server unsafe, client-initiated default" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005549 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005550 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \
5551 1 \
5552 -c "client hello, adding renegotiation extension" \
5553 -C "found renegotiation extension" \
5554 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02005555 -c "mbedtls_ssl_handshake() returned" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005556 -c "error" \
5557 -C "HTTP/1.0 200 [Oo][Kk]"
5558
Paul Bakker539d9722015-02-08 16:18:35 +01005559requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +01005560requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005561requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005562run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005563 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005564 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
5565 allow_legacy=0" \
5566 1 \
5567 -c "client hello, adding renegotiation extension" \
5568 -C "found renegotiation extension" \
5569 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02005570 -c "mbedtls_ssl_handshake() returned" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005571 -c "error" \
5572 -C "HTTP/1.0 200 [Oo][Kk]"
5573
Paul Bakker539d9722015-02-08 16:18:35 +01005574requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +01005575requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005576requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005577run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005578 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005579 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \
5580 allow_legacy=1" \
5581 0 \
5582 -c "client hello, adding renegotiation extension" \
5583 -C "found renegotiation extension" \
5584 -c "=> renegotiate" \
Wenxing Houb4d03cc2024-06-19 11:04:13 +08005585 -C "ssl_handshake() returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005586 -C "error" \
5587 -c "HTTP/1.0 200 [Oo][Kk]"
5588
Hanno Becker6a243642017-10-12 15:18:45 +01005589requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005590requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard30d16eb2014-08-19 17:43:50 +02005591run_test "Renegotiation: DTLS, client-initiated" \
5592 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \
5593 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
5594 0 \
5595 -c "client hello, adding renegotiation extension" \
5596 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5597 -s "found renegotiation extension" \
5598 -s "server hello, secure renegotiation extension" \
5599 -c "found renegotiation extension" \
5600 -c "=> renegotiate" \
5601 -s "=> renegotiate" \
5602 -S "write hello request"
5603
Hanno Becker6a243642017-10-12 15:18:45 +01005604requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005605requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardc392b242014-08-19 17:53:11 +02005606run_test "Renegotiation: DTLS, server-initiated" \
5607 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnarddf9a0a82014-10-02 14:17:18 +02005608 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \
5609 read_timeout=1000 max_resend=2" \
Manuel Pégourié-Gonnardc392b242014-08-19 17:53:11 +02005610 0 \
5611 -c "client hello, adding renegotiation extension" \
5612 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5613 -s "found renegotiation extension" \
5614 -s "server hello, secure renegotiation extension" \
5615 -c "found renegotiation extension" \
5616 -c "=> renegotiate" \
5617 -s "=> renegotiate" \
5618 -s "write hello request"
5619
Hanno Becker6a243642017-10-12 15:18:45 +01005620requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005621requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres AG692ad842017-01-19 16:30:57 +00005622run_test "Renegotiation: DTLS, renego_period overflow" \
5623 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \
5624 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \
5625 0 \
5626 -c "client hello, adding renegotiation extension" \
5627 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
5628 -s "found renegotiation extension" \
5629 -s "server hello, secure renegotiation extension" \
5630 -s "record counter limit reached: renegotiate" \
5631 -c "=> renegotiate" \
5632 -s "=> renegotiate" \
Hanno Becker6a243642017-10-12 15:18:45 +01005633 -s "write hello request"
Andres AG692ad842017-01-19 16:30:57 +00005634
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +00005635requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +01005636requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005637requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardf1499f62014-08-31 17:13:13 +02005638run_test "Renegotiation: DTLS, gnutls server, client-initiated" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005639 "$G_NEXT_SRV -u --mtu 4096" \
Manuel Pégourié-Gonnardf1499f62014-08-31 17:13:13 +02005640 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \
5641 0 \
5642 -c "client hello, adding renegotiation extension" \
5643 -c "found renegotiation extension" \
5644 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02005645 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardf1499f62014-08-31 17:13:13 +02005646 -C "error" \
5647 -s "Extra-header:"
5648
Shaun Case8b0ecbc2021-12-20 21:14:10 -08005649# Test for the "secure renegotiation" extension only (no actual renegotiation)
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005650
Paul Bakker539d9722015-02-08 16:18:35 +01005651requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005652requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005653requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005654run_test "Renego ext: gnutls server strict, client default" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005655 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005656 "$P_CLI debug_level=3" \
5657 0 \
5658 -c "found renegotiation extension" \
5659 -C "error" \
5660 -c "HTTP/1.0 200 [Oo][Kk]"
5661
Paul Bakker539d9722015-02-08 16:18:35 +01005662requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005663requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005664requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005665run_test "Renego ext: gnutls server unsafe, client default" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005666 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005667 "$P_CLI debug_level=3" \
5668 0 \
5669 -C "found renegotiation extension" \
5670 -C "error" \
5671 -c "HTTP/1.0 200 [Oo][Kk]"
5672
Paul Bakker539d9722015-02-08 16:18:35 +01005673requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005674requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005675requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005676run_test "Renego ext: gnutls server unsafe, client break legacy" \
Waleed Elmelegy4b09dcd2024-01-12 10:50:25 +00005677 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005678 "$P_CLI debug_level=3 allow_legacy=-1" \
5679 1 \
5680 -C "found renegotiation extension" \
5681 -c "error" \
5682 -C "HTTP/1.0 200 [Oo][Kk]"
5683
Paul Bakker539d9722015-02-08 16:18:35 +01005684requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005685requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005686requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005687run_test "Renego ext: gnutls client strict, server default" \
5688 "$P_SRV debug_level=3" \
Gilles Peskine01fde2c2024-04-29 17:44:19 +02005689 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION localhost" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005690 0 \
5691 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
5692 -s "server hello, secure renegotiation extension"
5693
Paul Bakker539d9722015-02-08 16:18:35 +01005694requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005695requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005696requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005697run_test "Renego ext: gnutls client unsafe, server default" \
5698 "$P_SRV debug_level=3" \
Gilles Peskine01fde2c2024-04-29 17:44:19 +02005699 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005700 0 \
5701 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
5702 -S "server hello, secure renegotiation extension"
5703
Paul Bakker539d9722015-02-08 16:18:35 +01005704requires_gnutls
Gilles Peskine6191f4a2024-04-29 17:47:35 +02005705requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +08005706requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005707run_test "Renego ext: gnutls client unsafe, server break legacy" \
5708 "$P_SRV debug_level=3 allow_legacy=-1" \
Gilles Peskine01fde2c2024-04-29 17:44:19 +02005709 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION localhost" \
Manuel Pégourié-Gonnard85d915b2014-11-03 20:10:36 +01005710 1 \
5711 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
5712 -S "server hello, secure renegotiation extension"
5713
Janos Follath0b242342016-02-17 10:11:21 +00005714# Tests for silently dropping trailing extra bytes in .der certificates
5715
5716requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005717requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005718run_test "DER format: no trailing bytes" \
David Horstmann184c4f02024-07-01 17:01:28 +01005719 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der0.crt \
5720 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005721 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005722 0 \
5723 -c "Handshake was completed" \
5724
5725requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005726requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005727run_test "DER format: with a trailing zero byte" \
David Horstmann184c4f02024-07-01 17:01:28 +01005728 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1a.crt \
5729 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005730 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005731 0 \
5732 -c "Handshake was completed" \
5733
5734requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005736run_test "DER format: with a trailing random byte" \
David Horstmann184c4f02024-07-01 17:01:28 +01005737 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der1b.crt \
5738 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005739 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005740 0 \
5741 -c "Handshake was completed" \
5742
5743requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005744requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005745run_test "DER format: with 2 trailing random bytes" \
David Horstmann184c4f02024-07-01 17:01:28 +01005746 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der2.crt \
5747 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005748 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005749 0 \
5750 -c "Handshake was completed" \
5751
5752requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005753requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005754run_test "DER format: with 4 trailing random bytes" \
David Horstmann184c4f02024-07-01 17:01:28 +01005755 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der4.crt \
5756 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005757 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005758 0 \
5759 -c "Handshake was completed" \
5760
5761requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005762requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005763run_test "DER format: with 8 trailing random bytes" \
David Horstmann184c4f02024-07-01 17:01:28 +01005764 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der8.crt \
5765 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005766 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005767 0 \
5768 -c "Handshake was completed" \
5769
5770requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +08005771requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Janos Follath0b242342016-02-17 10:11:21 +00005772run_test "DER format: with 9 trailing random bytes" \
David Horstmann184c4f02024-07-01 17:01:28 +01005773 "$P_SRV crt_file=$DATA_FILES_PATH/server5-der9.crt \
5774 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +02005775 "$G_CLI localhost" \
Janos Follath0b242342016-02-17 10:11:21 +00005776 0 \
5777 -c "Handshake was completed" \
5778
Jarno Lamsaf7a7f9e2019-04-01 15:11:54 +03005779# Tests for auth_mode, there are duplicated tests using ca callback for authentication
5780# When updating these tests, modify the matching authentication tests accordingly
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005781
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005782# The next 4 cases test the 3 auth modes with a badly signed server cert.
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005783run_test "Authentication: server badcert, client required" \
David Horstmann184c4f02024-07-01 17:01:28 +01005784 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5785 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005786 "$P_CLI debug_level=3 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005787 1 \
5788 -c "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01005789 -c "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02005790 -c "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005791 -c "send alert level=2 message=48" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005792 -c "X509 - Certificate verification failed"
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005793 # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
5794# We don't check that the server receives the alert because it might
5795# detect that its write end of the connection is closed and abort
5796# before reading the alert message.
5797
5798run_test "Authentication: server badcert, client required (1.2)" \
5799 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5800 key_file=$DATA_FILES_PATH/server5.key" \
5801 "$P_CLI force_version=tls12 debug_level=3 auth_mode=required" \
5802 1 \
5803 -c "x509_verify_cert() returned" \
5804 -c "! The certificate is not correctly signed by the trusted CA" \
5805 -c "! mbedtls_ssl_handshake returned" \
5806 -c "send alert level=2 message=48" \
5807 -c "X509 - Certificate verification failed"
5808 # MBEDTLS_X509_BADCERT_NOT_TRUSTED -> MBEDTLS_SSL_ALERT_MSG_UNKNOWN_CA
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005809
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02005810run_test "Authentication: server badcert, client optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01005811 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5812 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard58ab9ba2024-08-14 09:47:38 +02005813 "$P_CLI force_version=tls13 debug_level=3 auth_mode=optional" \
5814 0 \
5815 -c "x509_verify_cert() returned" \
5816 -c "! The certificate is not correctly signed by the trusted CA" \
5817 -C "! mbedtls_ssl_handshake returned" \
5818 -C "send alert level=2 message=48" \
5819 -C "X509 - Certificate verification failed"
5820
5821run_test "Authentication: server badcert, client optional (1.2)" \
5822 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5823 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005824 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005825 0 \
5826 -c "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01005827 -c "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02005828 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005829 -C "send alert level=2 message=48" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01005830 -C "X509 - Certificate verification failed"
5831
Manuel Pégourié-Gonnard946d14a2024-08-05 11:21:01 +02005832run_test "Authentication: server badcert, client none" \
5833 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5834 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard69015042024-08-14 10:44:02 +02005835 "$P_CLI debug_level=3 auth_mode=none" \
5836 0 \
5837 -C "x509_verify_cert() returned" \
5838 -C "! The certificate is not correctly signed by the trusted CA" \
5839 -C "! mbedtls_ssl_handshake returned" \
5840 -C "send alert level=2 message=48" \
5841 -C "X509 - Certificate verification failed"
5842
5843run_test "Authentication: server badcert, client none (1.2)" \
5844 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
5845 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005846 "$P_CLI force_version=tls12 debug_level=3 auth_mode=none" \
Manuel Pégourié-Gonnard946d14a2024-08-05 11:21:01 +02005847 0 \
5848 -C "x509_verify_cert() returned" \
5849 -C "! The certificate is not correctly signed by the trusted CA" \
5850 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard02741752024-08-05 12:41:59 +02005851 -C "send alert level=2 message=48" \
Manuel Pégourié-Gonnard946d14a2024-08-05 11:21:01 +02005852 -C "X509 - Certificate verification failed"
5853
Manuel Pégourié-Gonnard18dd2132024-08-14 10:34:53 +02005854run_test "Authentication: server goodcert, client required, no trusted CA" \
5855 "$P_SRV" \
5856 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
5857 1 \
5858 -c "x509_verify_cert() returned" \
5859 -c "! The certificate is not correctly signed by the trusted CA" \
5860 -c "! Certificate verification flags"\
5861 -c "! mbedtls_ssl_handshake returned" \
5862 -c "SSL - No CA Chain is set, but required to operate"
5863
5864requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
5865run_test "Authentication: server goodcert, client required, no trusted CA (1.2)" \
5866 "$P_SRV force_version=tls12" \
5867 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \
5868 1 \
5869 -c "x509_verify_cert() returned" \
5870 -c "! The certificate is not correctly signed by the trusted CA" \
5871 -c "! Certificate verification flags"\
5872 -c "! mbedtls_ssl_handshake returned" \
5873 -c "SSL - No CA Chain is set, but required to operate"
Manuel Pégourié-Gonnard58ab9ba2024-08-14 09:47:38 +02005874
Hanno Beckere6706e62017-05-15 16:05:15 +01005875run_test "Authentication: server goodcert, client optional, no trusted CA" \
5876 "$P_SRV" \
Manuel Pégourié-Gonnard58ab9ba2024-08-14 09:47:38 +02005877 "$P_CLI debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
5878 0 \
5879 -c "x509_verify_cert() returned" \
5880 -c "! The certificate is not correctly signed by the trusted CA" \
5881 -c "! Certificate verification flags"\
5882 -C "! mbedtls_ssl_handshake returned" \
5883 -C "X509 - Certificate verification failed" \
5884 -C "SSL - No CA Chain is set, but required to operate"
5885
5886requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
5887run_test "Authentication: server goodcert, client optional, no trusted CA (1.2)" \
5888 "$P_SRV" \
Ronald Cronf95d1692023-03-14 17:19:42 +01005889 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \
Hanno Beckere6706e62017-05-15 16:05:15 +01005890 0 \
5891 -c "x509_verify_cert() returned" \
5892 -c "! The certificate is not correctly signed by the trusted CA" \
5893 -c "! Certificate verification flags"\
5894 -C "! mbedtls_ssl_handshake returned" \
5895 -C "X509 - Certificate verification failed" \
5896 -C "SSL - No CA Chain is set, but required to operate"
5897
Manuel Pégourié-Gonnard69015042024-08-14 10:44:02 +02005898run_test "Authentication: server goodcert, client none, no trusted CA" \
5899 "$P_SRV" \
5900 "$P_CLI debug_level=3 auth_mode=none ca_file=none ca_path=none" \
5901 0 \
5902 -C "x509_verify_cert() returned" \
5903 -C "! The certificate is not correctly signed by the trusted CA" \
5904 -C "! Certificate verification flags"\
5905 -C "! mbedtls_ssl_handshake returned" \
5906 -C "X509 - Certificate verification failed" \
5907 -C "SSL - No CA Chain is set, but required to operate"
5908
5909requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
5910run_test "Authentication: server goodcert, client none, no trusted CA (1.2)" \
5911 "$P_SRV" \
5912 "$P_CLI force_version=tls12 debug_level=3 auth_mode=none ca_file=none ca_path=none" \
5913 0 \
5914 -C "x509_verify_cert() returned" \
5915 -C "! The certificate is not correctly signed by the trusted CA" \
5916 -C "! Certificate verification flags"\
5917 -C "! mbedtls_ssl_handshake returned" \
5918 -C "X509 - Certificate verification failed" \
5919 -C "SSL - No CA Chain is set, but required to operate"
Manuel Pégourié-Gonnarda6397f02024-08-05 11:10:47 +02005920
Gilles Peskinee5054e42025-02-12 21:50:53 +01005921# The next few tests check what happens if the server has a valid certificate
5922# that does not match its name (impersonation).
5923
5924run_test "Authentication: hostname match, client required" \
5925 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01005926 "$P_CLI auth_mode=required server_name=localhost debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01005927 0 \
5928 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01005929 -C "Certificate verification without having set hostname" \
5930 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01005931 -C "x509_verify_cert() returned -" \
5932 -C "! mbedtls_ssl_handshake returned" \
5933 -C "X509 - Certificate verification failed"
5934
Gilles Peskine640512e2025-02-13 21:46:00 +01005935run_test "Authentication: hostname match, client required, CA callback" \
5936 "$P_SRV" \
5937 "$P_CLI auth_mode=required server_name=localhost debug_level=3 ca_callback=1" \
5938 0 \
5939 -C "does not match with the expected CN" \
5940 -C "Certificate verification without having set hostname" \
5941 -C "Certificate verification without CN verification" \
5942 -c "use CA callback for X.509 CRT verification" \
5943 -C "x509_verify_cert() returned -" \
5944 -C "! mbedtls_ssl_handshake returned" \
5945 -C "X509 - Certificate verification failed"
5946
Gilles Peskinee5054e42025-02-12 21:50:53 +01005947run_test "Authentication: hostname mismatch (wrong), client required" \
5948 "$P_SRV" \
5949 "$P_CLI auth_mode=required server_name=wrong-name debug_level=1" \
5950 1 \
5951 -c "does not match with the expected CN" \
5952 -c "x509_verify_cert() returned -" \
5953 -c "! mbedtls_ssl_handshake returned" \
5954 -c "X509 - Certificate verification failed"
5955
5956run_test "Authentication: hostname mismatch (empty), client required" \
5957 "$P_SRV" \
5958 "$P_CLI auth_mode=required server_name= debug_level=1" \
5959 1 \
5960 -c "does not match with the expected CN" \
5961 -c "x509_verify_cert() returned -" \
5962 -c "! mbedtls_ssl_handshake returned" \
5963 -c "X509 - Certificate verification failed"
5964
5965run_test "Authentication: hostname mismatch (truncated), client required" \
5966 "$P_SRV" \
5967 "$P_CLI auth_mode=required server_name=localhos debug_level=1" \
5968 1 \
5969 -c "does not match with the expected CN" \
5970 -c "x509_verify_cert() returned -" \
5971 -c "! mbedtls_ssl_handshake returned" \
5972 -c "X509 - Certificate verification failed"
5973
5974run_test "Authentication: hostname mismatch (last char), client required" \
5975 "$P_SRV" \
5976 "$P_CLI auth_mode=required server_name=localhoss debug_level=1" \
5977 1 \
5978 -c "does not match with the expected CN" \
5979 -c "x509_verify_cert() returned -" \
5980 -c "! mbedtls_ssl_handshake returned" \
5981 -c "X509 - Certificate verification failed"
5982
5983run_test "Authentication: hostname mismatch (trailing), client required" \
5984 "$P_SRV" \
5985 "$P_CLI auth_mode=required server_name=localhostt debug_level=1" \
5986 1 \
5987 -c "does not match with the expected CN" \
5988 -c "x509_verify_cert() returned -" \
5989 -c "! mbedtls_ssl_handshake returned" \
5990 -c "X509 - Certificate verification failed"
5991
5992run_test "Authentication: hostname mismatch, client optional" \
5993 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01005994 "$P_CLI auth_mode=optional server_name=wrong-name debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01005995 0 \
5996 -c "does not match with the expected CN" \
5997 -c "x509_verify_cert() returned -" \
5998 -C "X509 - Certificate verification failed"
5999
6000run_test "Authentication: hostname mismatch, client none" \
6001 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006002 "$P_CLI auth_mode=none server_name=wrong-name debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006003 0 \
6004 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006005 -C "Certificate verification without having set hostname" \
6006 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006007 -C "x509_verify_cert() returned -" \
6008 -C "X509 - Certificate verification failed"
6009
6010run_test "Authentication: hostname null, client required" \
6011 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006012 "$P_CLI auth_mode=required set_hostname=NULL debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006013 0 \
6014 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006015 -C "Certificate verification without having set hostname" \
6016 -c "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006017 -C "x509_verify_cert() returned -" \
6018 -C "! mbedtls_ssl_handshake returned" \
6019 -C "X509 - Certificate verification failed"
6020
6021run_test "Authentication: hostname null, client optional" \
6022 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006023 "$P_CLI auth_mode=optional set_hostname=NULL debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006024 0 \
6025 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006026 -C "Certificate verification without having set hostname" \
6027 -c "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006028 -C "x509_verify_cert() returned -" \
6029 -C "X509 - Certificate verification failed"
6030
6031run_test "Authentication: hostname null, client none" \
6032 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006033 "$P_CLI auth_mode=none set_hostname=NULL debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006034 0 \
6035 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006036 -C "Certificate verification without having set hostname" \
6037 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006038 -C "x509_verify_cert() returned -" \
6039 -C "X509 - Certificate verification failed"
6040
6041run_test "Authentication: hostname unset, client required" \
6042 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006043 "$P_CLI auth_mode=required set_hostname=no debug_level=2" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006044 1 \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006045 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006046 -c "Certificate verification without having set hostname" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006047 -C "Certificate verification without CN verification" \
6048 -c "get_hostname_for_verification() returned -" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006049 -C "x509_verify_cert() returned -" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006050 -c "! mbedtls_ssl_handshake returned" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006051 -C "X509 - Certificate verification failed"
6052
Gilles Peskine640512e2025-02-13 21:46:00 +01006053run_test "Authentication: hostname unset, client required, CA callback" \
6054 "$P_SRV" \
6055 "$P_CLI auth_mode=required set_hostname=no debug_level=3 ca_callback=1" \
6056 1 \
6057 -C "does not match with the expected CN" \
6058 -c "Certificate verification without having set hostname" \
6059 -C "Certificate verification without CN verification" \
6060 -c "get_hostname_for_verification() returned -" \
6061 -C "use CA callback for X.509 CRT verification" \
6062 -C "x509_verify_cert() returned -" \
6063 -c "! mbedtls_ssl_handshake returned" \
6064 -C "X509 - Certificate verification failed"
6065
Gilles Peskinee5054e42025-02-12 21:50:53 +01006066run_test "Authentication: hostname unset, client optional" \
6067 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006068 "$P_CLI auth_mode=optional set_hostname=no debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006069 0 \
6070 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006071 -c "Certificate verification without having set hostname" \
6072 -c "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006073 -C "x509_verify_cert() returned -" \
6074 -C "X509 - Certificate verification failed"
6075
6076run_test "Authentication: hostname unset, client none" \
6077 "$P_SRV" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006078 "$P_CLI auth_mode=none set_hostname=no debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006079 0 \
6080 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006081 -C "Certificate verification without having set hostname" \
6082 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006083 -C "x509_verify_cert() returned -" \
6084 -C "X509 - Certificate verification failed"
6085
6086run_test "Authentication: hostname unset, client default, server picks cert, 1.2" \
6087 "$P_SRV force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006088 "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006089 1 \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006090 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006091 -c "Certificate verification without having set hostname" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006092 -C "Certificate verification without CN verification" \
6093 -c "get_hostname_for_verification() returned -" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006094 -C "x509_verify_cert() returned -" \
6095 -C "X509 - Certificate verification failed"
6096
6097requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
6098run_test "Authentication: hostname unset, client default, server picks cert, 1.3" \
6099 "$P_SRV force_version=tls13 tls13_kex_modes=ephemeral" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006100 "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006101 1 \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006102 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006103 -c "Certificate verification without having set hostname" \
Gilles Peskine488b9192025-02-13 14:39:02 +01006104 -C "Certificate verification without CN verification" \
6105 -c "get_hostname_for_verification() returned -" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006106 -C "x509_verify_cert() returned -" \
6107 -C "X509 - Certificate verification failed"
6108
6109run_test "Authentication: hostname unset, client default, server picks PSK, 1.2" \
6110 "$P_SRV force_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006111 "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006112 0 \
6113 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006114 -C "Certificate verification without having set hostname" \
6115 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006116 -C "x509_verify_cert() returned -" \
6117 -C "X509 - Certificate verification failed"
6118
6119requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
6120run_test "Authentication: hostname unset, client default, server picks PSK, 1.3" \
6121 "$P_SRV force_version=tls13 tls13_kex_modes=psk psk=73776f726466697368 psk_identity=foo" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006122 "$P_CLI psk=73776f726466697368 psk_identity=foo set_hostname=no debug_level=2" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006123 0 \
6124 -C "does not match with the expected CN" \
Gilles Peskine434016e2025-02-20 18:49:59 +01006125 -C "Certificate verification without having set hostname" \
6126 -C "Certificate verification without CN verification" \
Gilles Peskinee5054e42025-02-12 21:50:53 +01006127 -C "x509_verify_cert() returned -" \
6128 -C "X509 - Certificate verification failed"
6129
Hanno Beckere6706e62017-05-15 16:05:15 +01006130# The purpose of the next two tests is to test the client's behaviour when receiving a server
6131# certificate with an unsupported elliptic curve. This should usually not happen because
6132# the client informs the server about the supported curves - it does, though, in the
6133# corner case of a static ECDH suite, because the server doesn't check the curve on that
6134# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
6135# different means to have the server ignoring the client's supported curve list.
6136
Hanno Beckere6706e62017-05-15 16:05:15 +01006137run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \
David Horstmann184c4f02024-07-01 17:01:28 +01006138 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
6139 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02006140 "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \
Hanno Beckere6706e62017-05-15 16:05:15 +01006141 1 \
6142 -c "bad certificate (EC key curve)"\
6143 -c "! Certificate verification flags"\
6144 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
6145
Hanno Beckere6706e62017-05-15 16:05:15 +01006146run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \
David Horstmann184c4f02024-07-01 17:01:28 +01006147 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
6148 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02006149 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \
Hanno Beckere6706e62017-05-15 16:05:15 +01006150 1 \
6151 -c "bad certificate (EC key curve)"\
6152 -c "! Certificate verification flags"\
6153 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
6154
Ronald Cron5de538c2022-10-20 14:47:56 +02006155requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Simon Butcher99000142016-10-13 17:21:01 +01006156run_test "Authentication: client SHA256, server required" \
6157 "$P_SRV auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006158 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
6159 key_file=$DATA_FILES_PATH/server6.key \
Simon Butcher99000142016-10-13 17:21:01 +01006160 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
6161 0 \
Andrzej Kurekec71b092022-11-15 10:21:50 -05006162 -c "Supported Signature Algorithm found: 04 " \
6163 -c "Supported Signature Algorithm found: 05 "
Simon Butcher99000142016-10-13 17:21:01 +01006164
Ronald Cron5de538c2022-10-20 14:47:56 +02006165requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Simon Butcher99000142016-10-13 17:21:01 +01006166run_test "Authentication: client SHA384, server required" \
6167 "$P_SRV auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006168 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
6169 key_file=$DATA_FILES_PATH/server6.key \
Simon Butcher99000142016-10-13 17:21:01 +01006170 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
6171 0 \
Andrzej Kurekec71b092022-11-15 10:21:50 -05006172 -c "Supported Signature Algorithm found: 04 " \
6173 -c "Supported Signature Algorithm found: 05 "
Simon Butcher99000142016-10-13 17:21:01 +01006174
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006175run_test "Authentication: client has no cert, server required (TLS)" \
6176 "$P_SRV debug_level=3 auth_mode=required" \
6177 "$P_CLI debug_level=3 crt_file=none \
David Horstmann184c4f02024-07-01 17:01:28 +01006178 key_file=$DATA_FILES_PATH/server5.key" \
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006179 1 \
6180 -S "skip write certificate request" \
6181 -C "skip parse certificate request" \
6182 -c "got a certificate request" \
6183 -c "= write certificate$" \
6184 -C "skip write certificate$" \
6185 -S "x509_verify_cert() returned" \
Ronald Cron19385882022-06-15 16:26:13 +02006186 -s "peer has no certificate" \
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006187 -s "! mbedtls_ssl_handshake returned" \
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006188 -s "No client certification received from the client, but required by the authentication mode"
6189
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006190run_test "Authentication: client badcert, server required" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006191 "$P_SRV debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006192 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6193 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006194 1 \
6195 -S "skip write certificate request" \
6196 -C "skip parse certificate request" \
6197 -c "got a certificate request" \
6198 -C "skip write certificate" \
6199 -C "skip write certificate verify" \
6200 -S "skip parse certificate verify" \
6201 -s "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006202 -s "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006203 -s "! mbedtls_ssl_handshake returned" \
Gilles Peskine1cc8e342017-05-03 16:28:34 +02006204 -s "send alert level=2 message=48" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006205 -s "X509 - Certificate verification failed"
Gilles Peskine1cc8e342017-05-03 16:28:34 +02006206# We don't check that the client receives the alert because it might
6207# detect that its write end of the connection is closed and abort
6208# before reading the alert message.
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006209
Gilles Peskinee1cc60e2022-01-07 23:10:56 +01006210run_test "Authentication: client cert self-signed and trusted, server required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006211 "$P_SRV debug_level=3 auth_mode=required ca_file=$DATA_FILES_PATH/server5-selfsigned.crt" \
6212 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
6213 key_file=$DATA_FILES_PATH/server5.key" \
Gilles Peskinee1cc60e2022-01-07 23:10:56 +01006214 0 \
6215 -S "skip write certificate request" \
6216 -C "skip parse certificate request" \
6217 -c "got a certificate request" \
6218 -C "skip write certificate" \
6219 -C "skip write certificate verify" \
6220 -S "skip parse certificate verify" \
6221 -S "x509_verify_cert() returned" \
6222 -S "! The certificate is not correctly signed" \
6223 -S "X509 - Certificate verification failed"
6224
Janos Follath89baba22017-04-10 14:34:35 +01006225run_test "Authentication: client cert not trusted, server required" \
6226 "$P_SRV debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006227 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
6228 key_file=$DATA_FILES_PATH/server5.key" \
Janos Follath89baba22017-04-10 14:34:35 +01006229 1 \
6230 -S "skip write certificate request" \
6231 -C "skip parse certificate request" \
6232 -c "got a certificate request" \
6233 -C "skip write certificate" \
6234 -C "skip write certificate verify" \
6235 -S "skip parse certificate verify" \
6236 -s "x509_verify_cert() returned" \
6237 -s "! The certificate is not correctly signed by the trusted CA" \
6238 -s "! mbedtls_ssl_handshake returned" \
Janos Follath89baba22017-04-10 14:34:35 +01006239 -s "X509 - Certificate verification failed"
6240
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006241run_test "Authentication: client badcert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006242 "$P_SRV debug_level=3 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006243 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6244 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006245 0 \
6246 -S "skip write certificate request" \
6247 -C "skip parse certificate request" \
6248 -c "got a certificate request" \
6249 -C "skip write certificate" \
6250 -C "skip write certificate verify" \
6251 -S "skip parse certificate verify" \
6252 -s "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01006253 -s "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006254 -S "! mbedtls_ssl_handshake returned" \
6255 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006256 -S "X509 - Certificate verification failed"
6257
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006258run_test "Authentication: client badcert, server none" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006259 "$P_SRV debug_level=3 auth_mode=none" \
David Horstmann184c4f02024-07-01 17:01:28 +01006260 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6261 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006262 0 \
6263 -s "skip write certificate request" \
6264 -C "skip parse certificate request" \
6265 -c "got no certificate request" \
6266 -c "skip write certificate" \
6267 -c "skip write certificate verify" \
6268 -s "skip parse certificate verify" \
6269 -S "x509_verify_cert() returned" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01006270 -S "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006271 -S "! mbedtls_ssl_handshake returned" \
6272 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01006273 -S "X509 - Certificate verification failed"
6274
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006275run_test "Authentication: client no cert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006276 "$P_SRV debug_level=3 auth_mode=optional" \
6277 "$P_CLI debug_level=3 crt_file=none key_file=none" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006278 0 \
6279 -S "skip write certificate request" \
6280 -C "skip parse certificate request" \
6281 -c "got a certificate request" \
6282 -C "skip write certificate$" \
6283 -C "got no certificate to send" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006284 -c "skip write certificate verify" \
6285 -s "skip parse certificate verify" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01006286 -s "! Certificate was missing" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006287 -S "! mbedtls_ssl_handshake returned" \
6288 -C "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006289 -S "X509 - Certificate verification failed"
6290
Przemek Stekielc31a7982023-06-27 10:53:33 +02006291requires_openssl_tls1_3_with_compatible_ephemeral
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006292run_test "Authentication: openssl client no cert, server optional" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006293 "$P_SRV debug_level=3 auth_mode=optional" \
Ronald Cron92dca392023-03-10 16:11:15 +01006294 "$O_NEXT_CLI_NO_CERT -no_middlebox" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006295 0 \
6296 -S "skip write certificate request" \
6297 -s "skip parse certificate verify" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +01006298 -s "! Certificate was missing" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006299 -S "! mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006300 -S "X509 - Certificate verification failed"
6301
Jerry Yuab082902021-12-23 18:02:22 +08006302requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006303run_test "Authentication: client no cert, openssl server optional" \
Ronald Croncbd7bfd2022-03-31 18:19:56 +02006304 "$O_SRV -verify 10 -tls1_2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02006305 "$P_CLI debug_level=3 crt_file=none key_file=none" \
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006306 0 \
6307 -C "skip parse certificate request" \
6308 -c "got a certificate request" \
6309 -C "skip write certificate$" \
6310 -c "skip write certificate verify" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006311 -C "! mbedtls_ssl_handshake returned"
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +01006312
Jerry Yuab082902021-12-23 18:02:22 +08006313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006314run_test "Authentication: client no cert, openssl server required" \
Ronald Croncbd7bfd2022-03-31 18:19:56 +02006315 "$O_SRV -Verify 10 -tls1_2" \
Gilles Peskinefd8332e2017-05-03 16:25:07 +02006316 "$P_CLI debug_level=3 crt_file=none key_file=none" \
6317 1 \
6318 -C "skip parse certificate request" \
6319 -c "got a certificate request" \
6320 -C "skip write certificate$" \
6321 -c "skip write certificate verify" \
6322 -c "! mbedtls_ssl_handshake returned"
6323
Yuto Takano02485822021-07-02 13:05:15 +01006324# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default
6325# value, defined here as MAX_IM_CA. Some test cases will be skipped if the
6326# library is configured with a different value.
Hanno Beckera6bca9f2017-07-26 13:35:11 +01006327
Simon Butcherbcfa6f42017-07-28 15:59:35 +01006328MAX_IM_CA='8'
Hanno Beckera6bca9f2017-07-26 13:35:11 +01006329
Yuto Takano02485822021-07-02 13:05:15 +01006330# The tests for the max_int tests can pass with any number higher than MAX_IM_CA
6331# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1
6332# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions
6333# are in place so that the semantics are consistent with the test description.
Yuto Takano6f657432021-07-02 13:10:41 +01006334requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006335requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006336run_test "Authentication: server max_int chain, client default" \
David Horstmann184c4f02024-07-01 17:01:28 +01006337 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
6338 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
6339 "$P_CLI server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006340 0 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006341 -C "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006342
Yuto Takano6f657432021-07-02 13:10:41 +01006343requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006344requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006345run_test "Authentication: server max_int+1 chain, client default" \
David Horstmann184c4f02024-07-01 17:01:28 +01006346 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6347 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
6348 "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006349 1 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006350 -c "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006351
Yuto Takano6f657432021-07-02 13:10:41 +01006352requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006353requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006354run_test "Authentication: server max_int+1 chain, client optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006355 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6356 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Manuel Pégourié-Gonnard58ab9ba2024-08-14 09:47:38 +02006357 "$P_CLI server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006358 auth_mode=optional" \
6359 1 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006360 -c "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006361
Yuto Takano6f657432021-07-02 13:10:41 +01006362requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006363requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006364run_test "Authentication: server max_int+1 chain, client none" \
David Horstmann184c4f02024-07-01 17:01:28 +01006365 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6366 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
6367 "$P_CLI force_version=tls12 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006368 auth_mode=none" \
6369 0 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006370 -C "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006371
Yuto Takano6f657432021-07-02 13:10:41 +01006372requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006373requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006374run_test "Authentication: client max_int+1 chain, server default" \
David Horstmann184c4f02024-07-01 17:01:28 +01006375 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
6376 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6377 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006378 0 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006379 -S "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006380
Yuto Takano6f657432021-07-02 13:10:41 +01006381requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006382requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006383run_test "Authentication: client max_int+1 chain, server optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006384 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
6385 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6386 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006387 1 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006388 -s "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006389
Yuto Takano6f657432021-07-02 13:10:41 +01006390requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006391requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006392run_test "Authentication: client max_int+1 chain, server required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006393 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
6394 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6395 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006396 1 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006397 -s "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006398
Yuto Takano6f657432021-07-02 13:10:41 +01006399requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Angus Grattonc4dd0732018-04-11 16:28:39 +10006400requires_full_size_output_buffer
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006401run_test "Authentication: client max_int chain, server required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006402 "$P_SRV ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
6403 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
6404 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006405 0 \
Antonin Décimo36e89b52019-01-23 15:24:37 +01006406 -S "X509 - A fatal error occurred"
Manuel Pégourié-Gonnard81bb6b62017-06-26 10:45:33 +02006407
Janos Follath89baba22017-04-10 14:34:35 +01006408# Tests for CA list in CertificateRequest messages
6409
Ronald Cron5de538c2022-10-20 14:47:56 +02006410requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Janos Follath89baba22017-04-10 14:34:35 +01006411run_test "Authentication: send CA list in CertificateRequest (default)" \
6412 "$P_SRV debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006413 "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \
6414 key_file=$DATA_FILES_PATH/server6.key" \
Janos Follath89baba22017-04-10 14:34:35 +01006415 0 \
6416 -s "requested DN"
6417
Ronald Cron5de538c2022-10-20 14:47:56 +02006418requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Janos Follath89baba22017-04-10 14:34:35 +01006419run_test "Authentication: do not send CA list in CertificateRequest" \
6420 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
David Horstmann184c4f02024-07-01 17:01:28 +01006421 "$P_CLI force_version=tls12 crt_file=$DATA_FILES_PATH/server6.crt \
6422 key_file=$DATA_FILES_PATH/server6.key" \
Janos Follath89baba22017-04-10 14:34:35 +01006423 0 \
6424 -S "requested DN"
6425
6426run_test "Authentication: send CA list in CertificateRequest, client self signed" \
Ronald Cronf95d1692023-03-14 17:19:42 +01006427 "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \
David Horstmann184c4f02024-07-01 17:01:28 +01006428 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
6429 key_file=$DATA_FILES_PATH/server5.key" \
Janos Follath89baba22017-04-10 14:34:35 +01006430 1 \
6431 -S "requested DN" \
6432 -s "x509_verify_cert() returned" \
6433 -s "! The certificate is not correctly signed by the trusted CA" \
6434 -s "! mbedtls_ssl_handshake returned" \
6435 -c "! mbedtls_ssl_handshake returned" \
6436 -s "X509 - Certificate verification failed"
6437
Ronald Cron5de538c2022-10-20 14:47:56 +02006438requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006439run_test "Authentication: send alt conf DN hints in CertificateRequest" \
6440 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
David Horstmann184c4f02024-07-01 17:01:28 +01006441 crt_file2=$DATA_FILES_PATH/server1.crt \
6442 key_file2=$DATA_FILES_PATH/server1.key" \
Ronald Cronf95d1692023-03-14 17:19:42 +01006443 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006444 crt_file=$DATA_FILES_PATH/server6.crt \
6445 key_file=$DATA_FILES_PATH/server6.key" \
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006446 0 \
6447 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
6448
Ronald Cron5de538c2022-10-20 14:47:56 +02006449requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006450run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \
6451 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \
David Horstmann184c4f02024-07-01 17:01:28 +01006452 crt_file2=$DATA_FILES_PATH/server2.crt \
6453 key_file2=$DATA_FILES_PATH/server2.key" \
Ronald Cronf95d1692023-03-14 17:19:42 +01006454 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006455 crt_file=$DATA_FILES_PATH/server6.crt \
6456 key_file=$DATA_FILES_PATH/server6.key" \
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006457 0 \
6458 -c "DN hint: C=NL, O=PolarSSL, CN=localhost"
6459
Ronald Cron5de538c2022-10-20 14:47:56 +02006460requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006461run_test "Authentication: send alt hs DN hints in CertificateRequest" \
6462 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01006463 crt_file2=$DATA_FILES_PATH/server1.crt \
6464 key_file2=$DATA_FILES_PATH/server1.key" \
Ronald Cronf95d1692023-03-14 17:19:42 +01006465 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006466 crt_file=$DATA_FILES_PATH/server6.crt \
6467 key_file=$DATA_FILES_PATH/server6.key" \
Glenn Straussbd10c4e2022-06-25 03:15:48 -04006468 0 \
6469 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1"
6470
Jarno Lamsaf7a7f9e2019-04-01 15:11:54 +03006471# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests
6472# When updating these tests, modify the matching authentication tests accordingly
Hanno Becker746aaf32019-03-28 15:25:23 +00006473
Hanno Becker746aaf32019-03-28 15:25:23 +00006474run_test "Authentication, CA callback: server badcert, client required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006475 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6476 key_file=$DATA_FILES_PATH/server5.key" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006477 "$P_CLI ca_callback=1 debug_level=3 auth_mode=required" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006478 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006479 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006480 -c "x509_verify_cert() returned" \
6481 -c "! The certificate is not correctly signed by the trusted CA" \
6482 -c "! mbedtls_ssl_handshake returned" \
6483 -c "X509 - Certificate verification failed"
6484
Hanno Becker746aaf32019-03-28 15:25:23 +00006485run_test "Authentication, CA callback: server badcert, client optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006486 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6487 key_file=$DATA_FILES_PATH/server5.key" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006488 "$P_CLI ca_callback=1 debug_level=3 auth_mode=optional" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006489 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006490 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006491 -c "x509_verify_cert() returned" \
6492 -c "! The certificate is not correctly signed by the trusted CA" \
6493 -C "! mbedtls_ssl_handshake returned" \
6494 -C "X509 - Certificate verification failed"
6495
Ronald Cron95dd6f52024-04-03 09:10:02 +02006496run_test "Authentication, CA callback: server badcert, client none" \
6497 "$P_SRV crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6498 key_file=$DATA_FILES_PATH/server5.key" \
6499 "$P_CLI ca_callback=1 debug_level=3 auth_mode=none" \
6500 0 \
6501 -C "use CA callback for X.509 CRT verification" \
6502 -C "x509_verify_cert() returned" \
6503 -C "! The certificate is not correctly signed by the trusted CA" \
6504 -C "! mbedtls_ssl_handshake returned" \
6505 -C "X509 - Certificate verification failed"
6506
Hanno Becker746aaf32019-03-28 15:25:23 +00006507# The purpose of the next two tests is to test the client's behaviour when receiving a server
6508# certificate with an unsupported elliptic curve. This should usually not happen because
6509# the client informs the server about the supported curves - it does, though, in the
6510# corner case of a static ECDH suite, because the server doesn't check the curve on that
6511# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a
6512# different means to have the server ignoring the client's supported curve list.
6513
Hanno Becker746aaf32019-03-28 15:25:23 +00006514run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \
David Horstmann184c4f02024-07-01 17:01:28 +01006515 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
6516 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02006517 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006518 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006519 -c "use CA callback for X.509 CRT verification" \
6520 -c "bad certificate (EC key curve)" \
6521 -c "! Certificate verification flags" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006522 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage
6523
Hanno Becker746aaf32019-03-28 15:25:23 +00006524run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \
David Horstmann184c4f02024-07-01 17:01:28 +01006525 "$P_SRV debug_level=1 key_file=$DATA_FILES_PATH/server5.key \
6526 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02006527 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006528 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006529 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006530 -c "bad certificate (EC key curve)"\
6531 -c "! Certificate verification flags"\
6532 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check
6533
Ronald Cron5de538c2022-10-20 14:47:56 +02006534requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron7a442c92024-04-03 08:57:09 +02006535run_test "Authentication, CA callback: client SHA384, server required" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006536 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006537 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
6538 key_file=$DATA_FILES_PATH/server6.key \
Hanno Becker746aaf32019-03-28 15:25:23 +00006539 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
6540 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006541 -s "use CA callback for X.509 CRT verification" \
Andrzej Kurekec71b092022-11-15 10:21:50 -05006542 -c "Supported Signature Algorithm found: 04 " \
6543 -c "Supported Signature Algorithm found: 05 "
Hanno Becker746aaf32019-03-28 15:25:23 +00006544
Ronald Cron5de538c2022-10-20 14:47:56 +02006545requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron7a442c92024-04-03 08:57:09 +02006546run_test "Authentication, CA callback: client SHA256, server required" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006547 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006548 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server6.crt \
6549 key_file=$DATA_FILES_PATH/server6.key \
Hanno Becker746aaf32019-03-28 15:25:23 +00006550 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
6551 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006552 -s "use CA callback for X.509 CRT verification" \
Andrzej Kurekec71b092022-11-15 10:21:50 -05006553 -c "Supported Signature Algorithm found: 04 " \
6554 -c "Supported Signature Algorithm found: 05 "
Hanno Becker746aaf32019-03-28 15:25:23 +00006555
Hanno Becker746aaf32019-03-28 15:25:23 +00006556run_test "Authentication, CA callback: client badcert, server required" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006557 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006558 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6559 key_file=$DATA_FILES_PATH/server5.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006560 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006561 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006562 -S "skip write certificate request" \
6563 -C "skip parse certificate request" \
6564 -c "got a certificate request" \
6565 -C "skip write certificate" \
6566 -C "skip write certificate verify" \
6567 -S "skip parse certificate verify" \
6568 -s "x509_verify_cert() returned" \
6569 -s "! The certificate is not correctly signed by the trusted CA" \
6570 -s "! mbedtls_ssl_handshake returned" \
6571 -s "send alert level=2 message=48" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006572 -s "X509 - Certificate verification failed"
6573# We don't check that the client receives the alert because it might
6574# detect that its write end of the connection is closed and abort
6575# before reading the alert message.
6576
Hanno Becker746aaf32019-03-28 15:25:23 +00006577run_test "Authentication, CA callback: client cert not trusted, server required" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006578 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006579 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-selfsigned.crt \
6580 key_file=$DATA_FILES_PATH/server5.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006581 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006582 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006583 -S "skip write certificate request" \
6584 -C "skip parse certificate request" \
6585 -c "got a certificate request" \
6586 -C "skip write certificate" \
6587 -C "skip write certificate verify" \
6588 -S "skip parse certificate verify" \
6589 -s "x509_verify_cert() returned" \
6590 -s "! The certificate is not correctly signed by the trusted CA" \
6591 -s "! mbedtls_ssl_handshake returned" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006592 -s "X509 - Certificate verification failed"
6593
Hanno Becker746aaf32019-03-28 15:25:23 +00006594run_test "Authentication, CA callback: client badcert, server optional" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006595 "$P_SRV ca_callback=1 debug_level=3 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006596 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
6597 key_file=$DATA_FILES_PATH/server5.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006598 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006599 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006600 -S "skip write certificate request" \
6601 -C "skip parse certificate request" \
6602 -c "got a certificate request" \
6603 -C "skip write certificate" \
6604 -C "skip write certificate verify" \
6605 -S "skip parse certificate verify" \
6606 -s "x509_verify_cert() returned" \
6607 -s "! The certificate is not correctly signed by the trusted CA" \
6608 -S "! mbedtls_ssl_handshake returned" \
6609 -C "! mbedtls_ssl_handshake returned" \
6610 -S "X509 - Certificate verification failed"
6611
Yuto Takano6f657432021-07-02 13:10:41 +01006612requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006613requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006614run_test "Authentication, CA callback: server max_int chain, client default" \
David Horstmann184c4f02024-07-01 17:01:28 +01006615 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
6616 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006617 "$P_CLI ca_callback=1 debug_level=3 server_name=CA09 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006618 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006619 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006620 -C "X509 - A fatal error occurred"
6621
Yuto Takano6f657432021-07-02 13:10:41 +01006622requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006623requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006624run_test "Authentication, CA callback: server max_int+1 chain, client default" \
David Horstmann184c4f02024-07-01 17:01:28 +01006625 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6626 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006627 "$P_CLI debug_level=3 ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006628 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006629 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006630 -c "X509 - A fatal error occurred"
6631
Yuto Takano6f657432021-07-02 13:10:41 +01006632requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006633requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006634run_test "Authentication, CA callback: server max_int+1 chain, client optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006635 "$P_SRV crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6636 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006637 "$P_CLI ca_callback=1 server_name=CA10 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt \
Hanno Becker746aaf32019-03-28 15:25:23 +00006638 debug_level=3 auth_mode=optional" \
6639 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006640 -c "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006641 -c "X509 - A fatal error occurred"
6642
Yuto Takano6f657432021-07-02 13:10:41 +01006643requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006644requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006645run_test "Authentication, CA callback: client max_int+1 chain, server optional" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006646 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01006647 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6648 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006649 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006650 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006651 -s "X509 - A fatal error occurred"
6652
Yuto Takano6f657432021-07-02 13:10:41 +01006653requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006654requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006655run_test "Authentication, CA callback: client max_int+1 chain, server required" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006656 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006657 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c10.pem \
6658 key_file=$DATA_FILES_PATH/dir-maxpath/10.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006659 1 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006660 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006661 -s "X509 - A fatal error occurred"
6662
Yuto Takano6f657432021-07-02 13:10:41 +01006663requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA
Hanno Becker746aaf32019-03-28 15:25:23 +00006664requires_full_size_output_buffer
Hanno Becker746aaf32019-03-28 15:25:23 +00006665run_test "Authentication, CA callback: client max_int chain, server required" \
Ronald Cron95dd6f52024-04-03 09:10:02 +02006666 "$P_SRV ca_callback=1 debug_level=3 ca_file=$DATA_FILES_PATH/dir-maxpath/00.crt auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01006667 "$P_CLI crt_file=$DATA_FILES_PATH/dir-maxpath/c09.pem \
6668 key_file=$DATA_FILES_PATH/dir-maxpath/09.key" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006669 0 \
Janos Follathd7ecbd62019-04-05 14:52:17 +01006670 -s "use CA callback for X.509 CRT verification" \
Hanno Becker746aaf32019-03-28 15:25:23 +00006671 -S "X509 - A fatal error occurred"
6672
Shaun Case8b0ecbc2021-12-20 21:14:10 -08006673# Tests for certificate selection based on SHA version
Manuel Pégourié-Gonnarddf331a52015-01-08 16:43:07 +01006674
Hanno Beckerc5722d12020-10-09 11:10:42 +01006675requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Manuel Pégourié-Gonnarddf331a52015-01-08 16:43:07 +01006676run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
David Horstmann184c4f02024-07-01 17:01:28 +01006677 "$P_SRV force_version=tls12 crt_file=$DATA_FILES_PATH/server5.crt \
6678 key_file=$DATA_FILES_PATH/server5.key \
6679 crt_file2=$DATA_FILES_PATH/server5-sha1.crt \
6680 key_file2=$DATA_FILES_PATH/server5.key" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01006681 "$P_CLI" \
Manuel Pégourié-Gonnarddf331a52015-01-08 16:43:07 +01006682 0 \
6683 -c "signed using.*ECDSA with SHA256" \
6684 -C "signed using.*ECDSA with SHA1"
6685
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +01006686# tests for SNI
6687
Hanno Beckerc5722d12020-10-09 11:10:42 +01006688requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006689run_test "SNI: no SNI callback" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006690 "$P_SRV debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01006691 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006692 "$P_CLI server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006693 0 \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006694 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
6695 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +01006696
Hanno Beckerc5722d12020-10-09 11:10:42 +01006697requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006698run_test "SNI: matching cert 1" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006699 "$P_SRV debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01006700 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6701 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006702 "$P_CLI server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006703 0 \
6704 -s "parse ServerName extension" \
6705 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
6706 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +01006707
Hanno Beckerc5722d12020-10-09 11:10:42 +01006708requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006709run_test "SNI: matching cert 2" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006710 "$P_SRV debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01006711 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6712 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006713 "$P_CLI server_name=polarssl.example" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006714 0 \
6715 -s "parse ServerName extension" \
6716 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
6717 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +01006718
Hanno Beckerc5722d12020-10-09 11:10:42 +01006719requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006720run_test "SNI: no matching cert" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006721 "$P_SRV debug_level=3 \
David Horstmann184c4f02024-07-01 17:01:28 +01006722 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6723 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02006724 "$P_CLI server_name=nonesuch.example" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006725 1 \
6726 -s "parse ServerName extension" \
6727 -s "ssl_sni_wrapper() returned" \
6728 -s "mbedtls_ssl_handshake returned" \
6729 -c "mbedtls_ssl_handshake returned" \
6730 -c "SSL - A fatal alert message was received from our peer"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +01006731
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006732run_test "SNI: client auth no override: optional" \
6733 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006734 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6735 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006736 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006737 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006738 -S "skip write certificate request" \
6739 -C "skip parse certificate request" \
6740 -c "got a certificate request" \
6741 -C "skip write certificate" \
6742 -C "skip write certificate verify" \
6743 -S "skip parse certificate verify"
6744
6745run_test "SNI: client auth override: none -> optional" \
6746 "$P_SRV debug_level=3 auth_mode=none \
David Horstmann184c4f02024-07-01 17:01:28 +01006747 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6748 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006749 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006750 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006751 -S "skip write certificate request" \
6752 -C "skip parse certificate request" \
6753 -c "got a certificate request" \
6754 -C "skip write certificate" \
6755 -C "skip write certificate verify" \
6756 -S "skip parse certificate verify"
6757
6758run_test "SNI: client auth override: optional -> none" \
6759 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006760 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6761 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006762 "$P_CLI debug_level=3 server_name=localhost" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006763 0 \
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006764 -s "skip write certificate request" \
6765 -C "skip parse certificate request" \
6766 -c "got no certificate request" \
XiaokangQian23c5be62022-06-07 02:04:34 +00006767 -c "skip write certificate"
Manuel Pégourié-Gonnardc948a792015-06-22 16:04:20 +02006768
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006769run_test "SNI: CA no override" \
6770 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006771 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6772 ca_file=$DATA_FILES_PATH/test-ca.crt \
6773 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006774 "$P_CLI debug_level=3 server_name=localhost \
David Horstmann184c4f02024-07-01 17:01:28 +01006775 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006776 1 \
6777 -S "skip write certificate request" \
6778 -C "skip parse certificate request" \
6779 -c "got a certificate request" \
6780 -C "skip write certificate" \
6781 -C "skip write certificate verify" \
6782 -S "skip parse certificate verify" \
6783 -s "x509_verify_cert() returned" \
6784 -s "! The certificate is not correctly signed by the trusted CA" \
6785 -S "The certificate has been revoked (is on a CRL)"
6786
6787run_test "SNI: CA override" \
6788 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006789 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6790 ca_file=$DATA_FILES_PATH/test-ca.crt \
6791 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006792 "$P_CLI debug_level=3 server_name=localhost \
David Horstmann184c4f02024-07-01 17:01:28 +01006793 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006794 0 \
6795 -S "skip write certificate request" \
6796 -C "skip parse certificate request" \
6797 -c "got a certificate request" \
6798 -C "skip write certificate" \
6799 -C "skip write certificate verify" \
6800 -S "skip parse certificate verify" \
6801 -S "x509_verify_cert() returned" \
6802 -S "! The certificate is not correctly signed by the trusted CA" \
6803 -S "The certificate has been revoked (is on a CRL)"
6804
6805run_test "SNI: CA override with CRL" \
6806 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006807 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6808 ca_file=$DATA_FILES_PATH/test-ca.crt \
6809 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006810 "$P_CLI debug_level=3 server_name=localhost \
David Horstmann184c4f02024-07-01 17:01:28 +01006811 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006812 1 \
6813 -S "skip write certificate request" \
6814 -C "skip parse certificate request" \
6815 -c "got a certificate request" \
6816 -C "skip write certificate" \
6817 -C "skip write certificate verify" \
6818 -S "skip parse certificate verify" \
6819 -s "x509_verify_cert() returned" \
6820 -S "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2ffa53a2024-08-05 12:44:57 +02006821 -s "send alert level=2 message=44" \
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006822 -s "The certificate has been revoked (is on a CRL)"
Manuel Pégourié-Gonnard2ffa53a2024-08-05 12:44:57 +02006823 # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
Manuel Pégourié-Gonnard6ea831d2015-06-22 16:50:52 +02006824
Andres AG1a834452016-12-07 10:01:30 +00006825# Tests for SNI and DTLS
6826
Hanno Beckerc5722d12020-10-09 11:10:42 +01006827requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Jerry Yuab082902021-12-23 18:02:22 +08006828requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006829run_test "SNI: DTLS, no SNI callback" \
6830 "$P_SRV debug_level=3 dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006831 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006832 "$P_CLI server_name=localhost dtls=1" \
6833 0 \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006834 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
6835 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
6836
Hanno Beckerc5722d12020-10-09 11:10:42 +01006837requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Jerry Yuab082902021-12-23 18:02:22 +08006838requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garciaf77d3d32018-05-01 20:26:47 +01006839run_test "SNI: DTLS, matching cert 1" \
Andres AG1a834452016-12-07 10:01:30 +00006840 "$P_SRV debug_level=3 dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006841 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6842 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Andres AG1a834452016-12-07 10:01:30 +00006843 "$P_CLI server_name=localhost dtls=1" \
6844 0 \
6845 -s "parse ServerName extension" \
6846 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
6847 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
6848
Hanno Beckerc5722d12020-10-09 11:10:42 +01006849requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Jerry Yuab082902021-12-23 18:02:22 +08006850requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006851run_test "SNI: DTLS, matching cert 2" \
6852 "$P_SRV debug_level=3 dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006853 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6854 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006855 "$P_CLI server_name=polarssl.example dtls=1" \
6856 0 \
6857 -s "parse ServerName extension" \
6858 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
6859 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
6860
Jerry Yuab082902021-12-23 18:02:22 +08006861requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006862run_test "SNI: DTLS, no matching cert" \
6863 "$P_SRV debug_level=3 dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006864 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6865 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006866 "$P_CLI server_name=nonesuch.example dtls=1" \
6867 1 \
6868 -s "parse ServerName extension" \
6869 -s "ssl_sni_wrapper() returned" \
6870 -s "mbedtls_ssl_handshake returned" \
6871 -c "mbedtls_ssl_handshake returned" \
6872 -c "SSL - A fatal alert message was received from our peer"
6873
Jerry Yuab082902021-12-23 18:02:22 +08006874requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006875run_test "SNI: DTLS, client auth no override: optional" \
6876 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006877 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6878 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006879 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
6880 0 \
6881 -S "skip write certificate request" \
6882 -C "skip parse certificate request" \
6883 -c "got a certificate request" \
6884 -C "skip write certificate" \
6885 -C "skip write certificate verify" \
6886 -S "skip parse certificate verify"
6887
Jerry Yuab082902021-12-23 18:02:22 +08006888requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006889run_test "SNI: DTLS, client auth override: none -> optional" \
6890 "$P_SRV debug_level=3 auth_mode=none dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006891 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6892 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,optional" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006893 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
6894 0 \
6895 -S "skip write certificate request" \
6896 -C "skip parse certificate request" \
6897 -c "got a certificate request" \
6898 -C "skip write certificate" \
6899 -C "skip write certificate verify" \
6900 -S "skip parse certificate verify"
6901
Jerry Yuab082902021-12-23 18:02:22 +08006902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006903run_test "SNI: DTLS, client auth override: optional -> none" \
6904 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006905 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6906 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,none" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006907 "$P_CLI debug_level=3 server_name=localhost dtls=1" \
6908 0 \
6909 -s "skip write certificate request" \
6910 -C "skip parse certificate request" \
6911 -c "got no certificate request" \
6912 -c "skip write certificate" \
6913 -c "skip write certificate verify" \
6914 -s "skip parse certificate verify"
6915
Jerry Yuab082902021-12-23 18:02:22 +08006916requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006917run_test "SNI: DTLS, CA no override" \
6918 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006919 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6920 ca_file=$DATA_FILES_PATH/test-ca.crt \
6921 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,required" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006922 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006923 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Andres Amaya Garcia54306c12018-05-01 20:27:37 +01006924 1 \
6925 -S "skip write certificate request" \
6926 -C "skip parse certificate request" \
6927 -c "got a certificate request" \
6928 -C "skip write certificate" \
6929 -C "skip write certificate verify" \
6930 -S "skip parse certificate verify" \
6931 -s "x509_verify_cert() returned" \
6932 -s "! The certificate is not correctly signed by the trusted CA" \
6933 -S "The certificate has been revoked (is on a CRL)"
6934
Jerry Yuab082902021-12-23 18:02:22 +08006935requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garciaf77d3d32018-05-01 20:26:47 +01006936run_test "SNI: DTLS, CA override" \
Andres AG1a834452016-12-07 10:01:30 +00006937 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006938 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
6939 ca_file=$DATA_FILES_PATH/test-ca.crt \
6940 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,-,required" \
Andres AG1a834452016-12-07 10:01:30 +00006941 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006942 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Andres AG1a834452016-12-07 10:01:30 +00006943 0 \
6944 -S "skip write certificate request" \
6945 -C "skip parse certificate request" \
6946 -c "got a certificate request" \
6947 -C "skip write certificate" \
6948 -C "skip write certificate verify" \
6949 -S "skip parse certificate verify" \
6950 -S "x509_verify_cert() returned" \
6951 -S "! The certificate is not correctly signed by the trusted CA" \
6952 -S "The certificate has been revoked (is on a CRL)"
6953
Jerry Yuab082902021-12-23 18:02:22 +08006954requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andres Amaya Garciaf77d3d32018-05-01 20:26:47 +01006955run_test "SNI: DTLS, CA override with CRL" \
Andres AG1a834452016-12-07 10:01:30 +00006956 "$P_SRV debug_level=3 auth_mode=optional \
David Horstmann184c4f02024-07-01 17:01:28 +01006957 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key dtls=1 \
6958 ca_file=$DATA_FILES_PATH/test-ca.crt \
6959 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,$DATA_FILES_PATH/test-ca2.crt,$DATA_FILES_PATH/crl-ec-sha256.pem,required" \
Andres AG1a834452016-12-07 10:01:30 +00006960 "$P_CLI debug_level=3 server_name=localhost dtls=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01006961 crt_file=$DATA_FILES_PATH/server6.crt key_file=$DATA_FILES_PATH/server6.key" \
Andres AG1a834452016-12-07 10:01:30 +00006962 1 \
6963 -S "skip write certificate request" \
6964 -C "skip parse certificate request" \
6965 -c "got a certificate request" \
6966 -C "skip write certificate" \
6967 -C "skip write certificate verify" \
6968 -S "skip parse certificate verify" \
6969 -s "x509_verify_cert() returned" \
6970 -S "! The certificate is not correctly signed by the trusted CA" \
Manuel Pégourié-Gonnard2ffa53a2024-08-05 12:44:57 +02006971 -s "send alert level=2 message=44" \
Andres AG1a834452016-12-07 10:01:30 +00006972 -s "The certificate has been revoked (is on a CRL)"
Manuel Pégourié-Gonnard2ffa53a2024-08-05 12:44:57 +02006973 # MBEDTLS_X509_BADCERT_REVOKED -> MBEDTLS_SSL_ALERT_MSG_CERT_REVOKED
Andres AG1a834452016-12-07 10:01:30 +00006974
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006975# Tests for non-blocking I/O: exercise a variety of handshake flows
6976
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006977run_test "Non-blocking I/O: basic handshake" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006978 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
6979 "$P_CLI nbio=2 tickets=0" \
6980 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006981 -S "mbedtls_ssl_handshake returned" \
6982 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006983 -c "Read from server: .* bytes read"
6984
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006985run_test "Non-blocking I/O: client auth" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006986 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
6987 "$P_CLI nbio=2 tickets=0" \
6988 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006989 -S "mbedtls_ssl_handshake returned" \
6990 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006991 -c "Read from server: .* bytes read"
6992
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02006993requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02006994run_test "Non-blocking I/O: ticket" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01006995 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
6996 "$P_CLI nbio=2 tickets=1" \
6997 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02006998 -S "mbedtls_ssl_handshake returned" \
6999 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007000 -c "Read from server: .* bytes read"
7001
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007002requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007003run_test "Non-blocking I/O: ticket + client auth" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007004 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
7005 "$P_CLI nbio=2 tickets=1" \
7006 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02007007 -S "mbedtls_ssl_handshake returned" \
7008 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007009 -c "Read from server: .* bytes read"
7010
Ronald Cron5de538c2022-10-20 14:47:56 +02007011requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007012requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007013run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007014 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
Ronald Cron92dca392023-03-10 16:11:15 +01007015 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007016 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02007017 -S "mbedtls_ssl_handshake returned" \
7018 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007019 -c "Read from server: .* bytes read"
7020
Ronald Cron92dca392023-03-10 16:11:15 +01007021requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7022requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007024requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007025run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \
7026 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01007027 "$P_CLI nbio=2 tickets=1 reconnect=1" \
Ronald Cron92dca392023-03-10 16:11:15 +01007028 0 \
7029 -S "mbedtls_ssl_handshake returned" \
7030 -C "mbedtls_ssl_handshake returned" \
7031 -c "Read from server: .* bytes read"
7032
Ronald Cron5de538c2022-10-20 14:47:56 +02007033requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007034requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007035run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007036 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
Ronald Cron92dca392023-03-10 16:11:15 +01007037 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \
7038 0 \
7039 -S "mbedtls_ssl_handshake returned" \
7040 -C "mbedtls_ssl_handshake returned" \
7041 -c "Read from server: .* bytes read"
7042
7043requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7044requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7045requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007046requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007047run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \
7048 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01007049 "$P_CLI nbio=2 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007050 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02007051 -S "mbedtls_ssl_handshake returned" \
7052 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007053 -c "Read from server: .* bytes read"
7054
Ronald Cron5de538c2022-10-20 14:47:56 +02007055requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007056run_test "Non-blocking I/O: session-id resume" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007057 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01007058 "$P_CLI force_version=tls12 nbio=2 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007059 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02007060 -S "mbedtls_ssl_handshake returned" \
7061 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +01007062 -c "Read from server: .* bytes read"
7063
Hanno Becker00076712017-11-15 16:39:08 +00007064# Tests for event-driven I/O: exercise a variety of handshake flows
7065
7066run_test "Event-driven I/O: basic handshake" \
7067 "$P_SRV event=1 tickets=0 auth_mode=none" \
7068 "$P_CLI event=1 tickets=0" \
7069 0 \
7070 -S "mbedtls_ssl_handshake returned" \
7071 -C "mbedtls_ssl_handshake returned" \
7072 -c "Read from server: .* bytes read"
7073
7074run_test "Event-driven I/O: client auth" \
7075 "$P_SRV event=1 tickets=0 auth_mode=required" \
7076 "$P_CLI event=1 tickets=0" \
7077 0 \
7078 -S "mbedtls_ssl_handshake returned" \
7079 -C "mbedtls_ssl_handshake returned" \
7080 -c "Read from server: .* bytes read"
7081
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007082requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker00076712017-11-15 16:39:08 +00007083run_test "Event-driven I/O: ticket" \
7084 "$P_SRV event=1 tickets=1 auth_mode=none" \
7085 "$P_CLI event=1 tickets=1" \
7086 0 \
7087 -S "mbedtls_ssl_handshake returned" \
7088 -C "mbedtls_ssl_handshake returned" \
7089 -c "Read from server: .* bytes read"
7090
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007091requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker00076712017-11-15 16:39:08 +00007092run_test "Event-driven I/O: ticket + client auth" \
7093 "$P_SRV event=1 tickets=1 auth_mode=required" \
7094 "$P_CLI event=1 tickets=1" \
7095 0 \
7096 -S "mbedtls_ssl_handshake returned" \
7097 -C "mbedtls_ssl_handshake returned" \
7098 -c "Read from server: .* bytes read"
7099
Ronald Cron5de538c2022-10-20 14:47:56 +02007100requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007101requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007102run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \
Hanno Becker00076712017-11-15 16:39:08 +00007103 "$P_SRV event=1 tickets=1 auth_mode=required" \
Ronald Cron92dca392023-03-10 16:11:15 +01007104 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \
Hanno Becker00076712017-11-15 16:39:08 +00007105 0 \
7106 -S "mbedtls_ssl_handshake returned" \
7107 -C "mbedtls_ssl_handshake returned" \
7108 -c "Read from server: .* bytes read"
7109
Ronald Cron92dca392023-03-10 16:11:15 +01007110requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7111requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7112requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007113requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007114run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \
7115 "$P_SRV event=1 tickets=1 auth_mode=required" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01007116 "$P_CLI event=1 tickets=1 reconnect=1" \
Ronald Cron92dca392023-03-10 16:11:15 +01007117 0 \
7118 -S "mbedtls_ssl_handshake returned" \
7119 -C "mbedtls_ssl_handshake returned" \
7120 -c "Read from server: .* bytes read"
7121
Ronald Cron5de538c2022-10-20 14:47:56 +02007122requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007123requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007124run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \
Hanno Becker00076712017-11-15 16:39:08 +00007125 "$P_SRV event=1 tickets=1 auth_mode=none" \
Ronald Cron92dca392023-03-10 16:11:15 +01007126 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \
7127 0 \
7128 -S "mbedtls_ssl_handshake returned" \
7129 -C "mbedtls_ssl_handshake returned" \
7130 -c "Read from server: .* bytes read"
7131
7132requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7133requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
7134requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007135requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Ronald Cron92dca392023-03-10 16:11:15 +01007136run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \
7137 "$P_SRV event=1 tickets=1 auth_mode=none" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01007138 "$P_CLI event=1 tickets=1 reconnect=1" \
Hanno Becker00076712017-11-15 16:39:08 +00007139 0 \
7140 -S "mbedtls_ssl_handshake returned" \
7141 -C "mbedtls_ssl_handshake returned" \
7142 -c "Read from server: .* bytes read"
7143
Ronald Cron5de538c2022-10-20 14:47:56 +02007144requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Hanno Becker00076712017-11-15 16:39:08 +00007145run_test "Event-driven I/O: session-id resume" \
7146 "$P_SRV event=1 tickets=0 auth_mode=none" \
Ronald Cronf95d1692023-03-14 17:19:42 +01007147 "$P_CLI force_version=tls12 event=1 tickets=0 reconnect=1" \
Hanno Becker00076712017-11-15 16:39:08 +00007148 0 \
7149 -S "mbedtls_ssl_handshake returned" \
7150 -C "mbedtls_ssl_handshake returned" \
7151 -c "Read from server: .* bytes read"
7152
Jerry Yuab082902021-12-23 18:02:22 +08007153requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker6a33f592018-03-13 11:38:46 +00007154run_test "Event-driven I/O, DTLS: basic handshake" \
7155 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
7156 "$P_CLI dtls=1 event=1 tickets=0" \
7157 0 \
7158 -c "Read from server: .* bytes read"
7159
Jerry Yuab082902021-12-23 18:02:22 +08007160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker6a33f592018-03-13 11:38:46 +00007161run_test "Event-driven I/O, DTLS: client auth" \
7162 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
7163 "$P_CLI dtls=1 event=1 tickets=0" \
7164 0 \
7165 -c "Read from server: .* bytes read"
7166
Jerry Yuab082902021-12-23 18:02:22 +08007167requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007168requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker6a33f592018-03-13 11:38:46 +00007169run_test "Event-driven I/O, DTLS: ticket" \
7170 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
7171 "$P_CLI dtls=1 event=1 tickets=1" \
7172 0 \
7173 -c "Read from server: .* bytes read"
7174
Jerry Yuab082902021-12-23 18:02:22 +08007175requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007176requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker6a33f592018-03-13 11:38:46 +00007177run_test "Event-driven I/O, DTLS: ticket + client auth" \
7178 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
7179 "$P_CLI dtls=1 event=1 tickets=1" \
7180 0 \
7181 -c "Read from server: .* bytes read"
7182
Jerry Yuab082902021-12-23 18:02:22 +08007183requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007184requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker6a33f592018-03-13 11:38:46 +00007185run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \
7186 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01007187 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Becker6a33f592018-03-13 11:38:46 +00007188 0 \
7189 -c "Read from server: .* bytes read"
7190
Jerry Yuab082902021-12-23 18:02:22 +08007191requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +02007192requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker6a33f592018-03-13 11:38:46 +00007193run_test "Event-driven I/O, DTLS: ticket + resume" \
7194 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01007195 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \
Hanno Becker6a33f592018-03-13 11:38:46 +00007196 0 \
7197 -c "Read from server: .* bytes read"
7198
Jerry Yuab082902021-12-23 18:02:22 +08007199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker6a33f592018-03-13 11:38:46 +00007200run_test "Event-driven I/O, DTLS: session-id resume" \
7201 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01007202 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Becker6a33f592018-03-13 11:38:46 +00007203 0 \
7204 -c "Read from server: .* bytes read"
Hanno Beckerbc6c1102018-03-13 11:39:40 +00007205
7206# This test demonstrates the need for the mbedtls_ssl_check_pending function.
7207# During session resumption, the client will send its ApplicationData record
7208# within the same datagram as the Finished messages. In this situation, the
7209# server MUST NOT idle on the underlying transport after handshake completion,
7210# because the ApplicationData request has already been queued internally.
Jerry Yuab082902021-12-23 18:02:22 +08007211requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerbc6c1102018-03-13 11:39:40 +00007212run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \
Hanno Becker8d832182018-03-15 10:14:19 +00007213 -p "$P_PXY pack=50" \
Hanno Beckerbc6c1102018-03-13 11:39:40 +00007214 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +01007215 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \
Hanno Beckerbc6c1102018-03-13 11:39:40 +00007216 0 \
7217 -c "Read from server: .* bytes read"
7218
Ronald Cron35884a42024-03-15 15:43:14 +01007219# Tests for version negotiation. Some information to ease the understanding
7220# of the version negotiation test titles below:
7221# . 1.2/1.3 means that only TLS 1.2/TLS 1.3 is enabled.
7222# . 1.2+1.3 means that both TLS 1.2 and TLS 1.3 are enabled.
7223# . 1.2+(1.3)/(1.2)+1.3 means that TLS 1.2/1.3 is enabled and that
7224# TLS 1.3/1.2 may be enabled or not.
7225# . max=1.2 means that both TLS 1.2 and TLS 1.3 are enabled at build time but
7226# TLS 1.3 is disabled at runtime (maximum negotiable version is TLS 1.2).
7227# . min=1.3 means that both TLS 1.2 and TLS 1.3 are enabled at build time but
7228# TLS 1.2 is disabled at runtime (minimum negotiable version is TLS 1.3).
7229
Ronald Cronfe18d8d2024-03-06 15:19:55 +01007230# Tests for version negotiation, MbedTLS client and server
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007231
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007232requires_config_enabled MBEDTLS_SSL_CLI_C
7233requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron114c5f02024-03-06 15:24:41 +01007234requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
7235requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007236run_test "Version nego m->m: cli 1.2, srv 1.2 -> 1.2" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +01007237 "$P_SRV" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007238 "$P_CLI" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +01007239 0 \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02007240 -S "mbedtls_ssl_handshake returned" \
7241 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +01007242 -s "Protocol is TLSv1.2" \
7243 -c "Protocol is TLSv1.2"
7244
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007245requires_config_enabled MBEDTLS_SSL_CLI_C
7246requires_config_enabled MBEDTLS_SSL_SRV_C
7247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7248requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron114c5f02024-03-06 15:24:41 +01007249requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007250run_test "Version nego m->m: cli max=1.2, srv max=1.2 -> 1.2" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007251 "$P_SRV max_version=tls12" \
7252 "$P_CLI max_version=tls12" \
7253 0 \
7254 -S "mbedtls_ssl_handshake returned" \
7255 -C "mbedtls_ssl_handshake returned" \
7256 -s "Protocol is TLSv1.2" \
7257 -c "Protocol is TLSv1.2"
7258
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007259requires_config_enabled MBEDTLS_SSL_CLI_C
7260requires_config_enabled MBEDTLS_SSL_SRV_C
7261requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron114c5f02024-03-06 15:24:41 +01007262requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron35884a42024-03-15 15:43:14 +01007263run_test "Version nego m->m: cli 1.3, srv 1.3 -> 1.3" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007264 "$P_SRV" \
7265 "$P_CLI" \
7266 0 \
7267 -S "mbedtls_ssl_handshake returned" \
7268 -C "mbedtls_ssl_handshake returned" \
7269 -s "Protocol is TLSv1.3" \
7270 -c "Protocol is TLSv1.3"
7271
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007272requires_config_enabled MBEDTLS_SSL_CLI_C
7273requires_config_enabled MBEDTLS_SSL_SRV_C
7274requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7275requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007277run_test "Version nego m->m: cli min=1.3, srv min=1.3 -> 1.3" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007278 "$P_SRV min_version=tls13" \
7279 "$P_CLI min_version=tls13" \
7280 0 \
7281 -S "mbedtls_ssl_handshake returned" \
7282 -C "mbedtls_ssl_handshake returned" \
7283 -s "Protocol is TLSv1.3" \
7284 -c "Protocol is TLSv1.3"
7285
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007286requires_config_enabled MBEDTLS_SSL_CLI_C
7287requires_config_enabled MBEDTLS_SSL_SRV_C
7288requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7289requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007291run_test "Version nego m->m: cli 1.2+1.3, srv 1.2+1.3 -> 1.3" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007292 "$P_SRV" \
7293 "$P_CLI" \
7294 0 \
7295 -S "mbedtls_ssl_handshake returned" \
7296 -C "mbedtls_ssl_handshake returned" \
7297 -s "Protocol is TLSv1.3" \
7298 -c "Protocol is TLSv1.3"
7299
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007300requires_config_enabled MBEDTLS_SSL_CLI_C
7301requires_config_enabled MBEDTLS_SSL_SRV_C
7302requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7304requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007305run_test "Version nego m->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007306 "$P_SRV min_version=tls13" \
7307 "$P_CLI" \
7308 0 \
7309 -S "mbedtls_ssl_handshake returned" \
7310 -C "mbedtls_ssl_handshake returned" \
7311 -s "Protocol is TLSv1.3" \
7312 -c "Protocol is TLSv1.3"
7313
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007314requires_config_enabled MBEDTLS_SSL_CLI_C
7315requires_config_enabled MBEDTLS_SSL_SRV_C
7316requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron114c5f02024-03-06 15:24:41 +01007318requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007319run_test "Version nego m->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007320 "$P_SRV max_version=tls12" \
7321 "$P_CLI" \
7322 0 \
7323 -S "mbedtls_ssl_handshake returned" \
7324 -C "mbedtls_ssl_handshake returned" \
7325 -s "Protocol is TLSv1.2" \
7326 -c "Protocol is TLSv1.2"
7327
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007328requires_config_enabled MBEDTLS_SSL_CLI_C
7329requires_config_enabled MBEDTLS_SSL_SRV_C
7330requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7331requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron114c5f02024-03-06 15:24:41 +01007332requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007333run_test "Version nego m->m: cli max=1.2, srv 1.2+1.3 -> 1.2" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +01007334 "$P_SRV" \
Ronald Crondcfd00c2024-03-06 15:58:50 +01007335 "$P_CLI max_version=tls12" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +01007336 0 \
7337 -S "mbedtls_ssl_handshake returned" \
7338 -C "mbedtls_ssl_handshake returned" \
7339 -s "Protocol is TLSv1.2" \
7340 -c "Protocol is TLSv1.2"
7341
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007342requires_config_enabled MBEDTLS_SSL_CLI_C
7343requires_config_enabled MBEDTLS_SSL_SRV_C
7344requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7345requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007347run_test "Version nego m->m: cli min=1.3, srv 1.2+1.3 -> 1.3" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007348 "$P_SRV" \
7349 "$P_CLI min_version=tls13" \
7350 0 \
7351 -S "mbedtls_ssl_handshake returned" \
7352 -C "mbedtls_ssl_handshake returned" \
7353 -s "Protocol is TLSv1.3" \
7354 -c "Protocol is TLSv1.3"
7355
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007356requires_config_enabled MBEDTLS_SSL_CLI_C
7357requires_config_enabled MBEDTLS_SSL_SRV_C
7358requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7359requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007360run_test "Not supported version m->m: cli max=1.2, srv min=1.3" \
Ronald Crondcfd00c2024-03-06 15:58:50 +01007361 "$P_SRV min_version=tls13" \
7362 "$P_CLI max_version=tls12" \
7363 1 \
7364 -s "Handshake protocol not within min/max boundaries" \
7365 -S "Protocol is TLSv1.2" \
7366 -C "Protocol is TLSv1.2" \
7367 -S "Protocol is TLSv1.3" \
7368 -C "Protocol is TLSv1.3"
Ronald Cronfe18d8d2024-03-06 15:19:55 +01007369
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007370requires_config_enabled MBEDTLS_SSL_CLI_C
7371requires_config_enabled MBEDTLS_SSL_SRV_C
7372requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7373requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007374run_test "Not supported version m->m: cli min=1.3, srv max=1.2" \
Ronald Cron114c5f02024-03-06 15:24:41 +01007375 "$P_SRV max_version=tls12" \
7376 "$P_CLI min_version=tls13" \
7377 1 \
7378 -s "The handshake negotiation failed" \
7379 -S "Protocol is TLSv1.2" \
7380 -C "Protocol is TLSv1.2" \
7381 -S "Protocol is TLSv1.3" \
7382 -C "Protocol is TLSv1.3"
7383
Ronald Croncd1370e2024-03-12 16:07:48 +01007384# Tests of version negotiation on server side against GnuTLS client
7385
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007386requires_config_enabled MBEDTLS_SSL_SRV_C
7387requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron98bdcc42024-03-06 15:00:42 +01007388requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007389run_test "Server version nego G->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007390 "$P_SRV" \
Ronald Crondfad4932024-03-06 15:05:14 +01007391 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
Ronald Croncd1370e2024-03-12 16:07:48 +01007392 0 \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007393 -S "mbedtls_ssl_handshake returned" \
7394 -s "Protocol is TLSv1.2"
Ronald Croncd1370e2024-03-12 16:07:48 +01007395
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007396requires_config_enabled MBEDTLS_SSL_SRV_C
7397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7398requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Crondfad4932024-03-06 15:05:14 +01007399requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007400run_test "Server version nego G->m: cli 1.2, srv max=1.2 -> 1.2" \
Ronald Crondfad4932024-03-06 15:05:14 +01007401 "$P_SRV max_version=tls12" \
7402 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
7403 0 \
7404 -S "mbedtls_ssl_handshake returned" \
7405 -s "Protocol is TLSv1.2"
7406
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007407requires_config_enabled MBEDTLS_SSL_SRV_C
7408requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7409requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007410run_test "Server version nego G->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Crondfad4932024-03-06 15:05:14 +01007411 "$P_SRV" \
7412 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
7413 0 \
7414 -S "mbedtls_ssl_handshake returned" \
7415 -s "Protocol is TLSv1.3"
7416
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007417requires_config_enabled MBEDTLS_SSL_SRV_C
7418requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7419requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007421run_test "Server version nego G->m: cli 1.3, srv min=1.3 -> 1.3" \
Ronald Crondfad4932024-03-06 15:05:14 +01007422 "$P_SRV min_version=tls13" \
7423 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
7424 0 \
7425 -S "mbedtls_ssl_handshake returned" \
7426 -s "Protocol is TLSv1.3"
7427
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007428requires_config_enabled MBEDTLS_SSL_SRV_C
7429requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007431run_test "Server version nego G->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007432 "$P_SRV" \
7433 "$G_NEXT_CLI localhost --priority=NORMAL" \
Ronald Croncd1370e2024-03-12 16:07:48 +01007434 0 \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007435 -S "mbedtls_ssl_handshake returned" \
7436 -s "Protocol is TLSv1.3"
Ronald Croncd1370e2024-03-12 16:07:48 +01007437
Ronald Cron98bdcc42024-03-06 15:00:42 +01007438requires_gnutls_next_disable_tls13_compat
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007439requires_config_enabled MBEDTLS_SSL_SRV_C
7440requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7441requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007442run_test "Server version nego G->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007443 "$P_SRV" \
7444 "$G_NEXT_CLI localhost --priority=NORMAL:%DISABLE_TLS13_COMPAT_MODE" \
Ronald Croncd1370e2024-03-12 16:07:48 +01007445 0 \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007446 -S "mbedtls_ssl_handshake returned" \
7447 -s "Protocol is TLSv1.3"
Ronald Croncd1370e2024-03-12 16:07:48 +01007448
7449# GnuTLS can be setup to send a ClientHello containing a supported versions
7450# extension proposing TLS 1.2 (preferred) and then TLS 1.3. In that case,
7451# a TLS 1.3 and TLS 1.2 capable server is supposed to negotiate TLS 1.2 and
7452# to indicate in the ServerHello that it downgrades from TLS 1.3. The GnuTLS
7453# client then detects the downgrade indication and aborts the handshake even
7454# if TLS 1.2 was its preferred version. Keeping the test even if the
7455# handshake fails eventually as it exercices parts of the Mbed TLS
7456# implementation that are otherwise not exercised.
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007457requires_config_enabled MBEDTLS_SSL_SRV_C
7458requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007460run_test "Server version nego G->m: cli 1.2+1.3 (1.2 preferred!), srv 1.2+1.3 -> 1.2" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007461 "$P_SRV" \
Ronald Croncd1370e2024-03-12 16:07:48 +01007462 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \
7463 1 \
7464 -c "Detected downgrade to TLS 1.2 from TLS 1.3"
7465
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007466requires_config_enabled MBEDTLS_SSL_SRV_C
7467requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7468requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007470run_test "Server version nego G->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
Ronald Crondfad4932024-03-06 15:05:14 +01007471 "$P_SRV min_version=tls13" \
7472 "$G_NEXT_CLI localhost --priority=NORMAL" \
7473 0 \
7474 -S "mbedtls_ssl_handshake returned" \
7475 -s "Protocol is TLSv1.3"
7476
7477requires_config_enabled MBEDTLS_SSL_SRV_C
7478requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
7479requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007480run_test "Server version nego G->m: cli 1.2+1.3, srv 1.2 -> 1.2" \
Ronald Crondfad4932024-03-06 15:05:14 +01007481 "$P_SRV" \
7482 "$G_NEXT_CLI localhost --priority=NORMAL" \
7483 0 \
7484 -S "mbedtls_ssl_handshake returned" \
7485 -s "Protocol is TLSv1.2"
7486
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007487requires_config_enabled MBEDTLS_SSL_SRV_C
7488requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Crondfad4932024-03-06 15:05:14 +01007490requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007491run_test "Server version nego G->m: cli 1.2+1.3, max=1.2 -> 1.2" \
Ronald Crondfad4932024-03-06 15:05:14 +01007492 "$P_SRV max_version=tls12" \
7493 "$G_NEXT_CLI localhost --priority=NORMAL" \
7494 0 \
7495 -S "mbedtls_ssl_handshake returned" \
7496 -s "Protocol is TLSv1.2"
7497
Ronald Cron98bdcc42024-03-06 15:00:42 +01007498requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron35884a42024-03-15 15:43:14 +01007499run_test "Not supported version G->m: cli 1.0, (1.2)+(1.3)" \
TRodziewicz2abf03c2021-06-25 14:40:09 +02007500 "$P_SRV" \
7501 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \
7502 1 \
7503 -s "Handshake protocol not within min/max boundaries" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007504 -S "Protocol is TLSv1.0"
TRodziewicz2abf03c2021-06-25 14:40:09 +02007505
Ronald Cron98bdcc42024-03-06 15:00:42 +01007506requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron35884a42024-03-15 15:43:14 +01007507run_test "Not supported version G->m: cli 1.1, (1.2)+(1.3)" \
TRodziewicz2abf03c2021-06-25 14:40:09 +02007508 "$P_SRV" \
7509 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \
7510 1 \
7511 -s "Handshake protocol not within min/max boundaries" \
Ronald Cron98bdcc42024-03-06 15:00:42 +01007512 -S "Protocol is TLSv1.1"
TRodziewicz2abf03c2021-06-25 14:40:09 +02007513
Ronald Crondfad4932024-03-06 15:05:14 +01007514requires_config_enabled MBEDTLS_SSL_SRV_C
7515requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron35884a42024-03-15 15:43:14 +01007516run_test "Not supported version G->m: cli 1.2, srv 1.3" \
Ronald Crondfad4932024-03-06 15:05:14 +01007517 "$P_SRV" \
7518 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
7519 1 \
7520 -s "Handshake protocol not within min/max boundaries" \
7521 -S "Protocol is TLSv1.2"
7522
7523requires_config_enabled MBEDTLS_SSL_SRV_C
7524requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007525run_test "Not supported version G->m: cli 1.3, srv 1.2" \
Ronald Crondfad4932024-03-06 15:05:14 +01007526 "$P_SRV" \
7527 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
7528 1 \
7529 -S "Handshake protocol not within min/max boundaries" \
7530 -s "The handshake negotiation failed" \
7531 -S "Protocol is TLSv1.3"
7532
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007533requires_config_enabled MBEDTLS_SSL_SRV_C
7534requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7535requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007536run_test "Not supported version G->m: cli 1.2, srv min=1.3" \
Ronald Crondfad4932024-03-06 15:05:14 +01007537 "$P_SRV min_version=tls13" \
7538 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
7539 1 \
7540 -s "Handshake protocol not within min/max boundaries" \
7541 -S "Protocol is TLSv1.2"
7542
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007543requires_config_enabled MBEDTLS_SSL_SRV_C
7544requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007546run_test "Not supported version G->m: cli 1.3, srv max=1.2" \
Ronald Crondfad4932024-03-06 15:05:14 +01007547 "$P_SRV max_version=tls12" \
7548 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3" \
7549 1 \
7550 -S "Handshake protocol not within min/max boundaries" \
7551 -s "The handshake negotiation failed" \
7552 -S "Protocol is TLSv1.3"
7553
Ronald Cron10797e32024-03-07 08:27:24 +01007554# Tests of version negotiation on server side against OpenSSL client
7555
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007556requires_config_enabled MBEDTLS_SSL_SRV_C
7557requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron10797e32024-03-07 08:27:24 +01007558requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007559run_test "Server version nego O->m: cli 1.2, srv 1.2+(1.3) -> 1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007560 "$P_SRV" \
7561 "$O_NEXT_CLI -tls1_2" \
7562 0 \
7563 -S "mbedtls_ssl_handshake returned" \
7564 -s "Protocol is TLSv1.2"
7565
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007566requires_config_enabled MBEDTLS_SSL_SRV_C
7567requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7568requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron10797e32024-03-07 08:27:24 +01007569requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007570run_test "Server version nego O->m: cli 1.2, srv max=1.2 -> 1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007571 "$P_SRV max_version=tls12" \
7572 "$O_NEXT_CLI -tls1_2" \
7573 0 \
7574 -S "mbedtls_ssl_handshake returned" \
7575 -s "Protocol is TLSv1.2"
7576
7577requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007578requires_config_enabled MBEDTLS_SSL_SRV_C
7579requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7580requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007581run_test "Server version nego O->m: cli 1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007582 "$P_SRV" \
7583 "$O_NEXT_CLI -tls1_3" \
7584 0 \
7585 -S "mbedtls_ssl_handshake returned" \
7586 -s "Protocol is TLSv1.3"
7587
7588requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007589requires_config_enabled MBEDTLS_SSL_SRV_C
7590requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7591requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7592requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007593run_test "Server version nego O->m: cli 1.3, srv min=1.3 -> 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007594 "$P_SRV min_version=tls13" \
7595 "$O_NEXT_CLI -tls1_3" \
7596 0 \
7597 -S "mbedtls_ssl_handshake returned" \
7598 -s "Protocol is TLSv1.3"
7599
7600requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007601requires_config_enabled MBEDTLS_SSL_SRV_C
7602requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7603requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007604run_test "Server version nego O->m: cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007605 "$P_SRV" \
7606 "$O_NEXT_CLI" \
7607 0 \
7608 -S "mbedtls_ssl_handshake returned" \
7609 -s "Protocol is TLSv1.3"
7610
7611requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007612requires_config_enabled MBEDTLS_SSL_SRV_C
7613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7614requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007615run_test "Server version nego O->m (no compat): cli 1.2+1.3, srv (1.2)+1.3 -> 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007616 "$P_SRV" \
7617 "$O_NEXT_CLI -no_middlebox" \
7618 0 \
7619 -S "mbedtls_ssl_handshake returned" \
7620 -s "Protocol is TLSv1.3"
7621
7622requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007623requires_config_enabled MBEDTLS_SSL_SRV_C
7624requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7625requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7626requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron35884a42024-03-15 15:43:14 +01007627run_test "Server version nego O->m: cli 1.2+1.3, srv min=1.3 -> 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007628 "$P_SRV min_version=tls13" \
7629 "$O_NEXT_CLI" \
7630 0 \
7631 -S "mbedtls_ssl_handshake returned" \
7632 -s "Protocol is TLSv1.3"
7633
7634requires_config_enabled MBEDTLS_SSL_SRV_C
7635requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
7636requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007637run_test "Server version nego O->m: cli 1.2+1.3, srv 1.2 -> 1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007638 "$P_SRV" \
7639 "$O_NEXT_CLI" \
7640 0 \
7641 -S "mbedtls_ssl_handshake returned" \
7642 -s "Protocol is TLSv1.2"
7643
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007644requires_config_enabled MBEDTLS_SSL_SRV_C
7645requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7646requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron10797e32024-03-07 08:27:24 +01007647requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
Ronald Cron35884a42024-03-15 15:43:14 +01007648run_test "Server version nego O->m: cli 1.2+1.3, srv max=1.2 -> 1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007649 "$P_SRV max_version=tls12" \
7650 "$O_NEXT_CLI" \
7651 0 \
7652 -S "mbedtls_ssl_handshake returned" \
7653 -s "Protocol is TLSv1.2"
7654
7655requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron35884a42024-03-15 15:43:14 +01007656run_test "Not supported version O->m: cli 1.0, srv (1.2)+(1.3)" \
Ronald Cron10797e32024-03-07 08:27:24 +01007657 "$P_SRV" \
7658 "$O_CLI -tls1" \
7659 1 \
7660 -s "Handshake protocol not within min/max boundaries" \
7661 -S "Protocol is TLSv1.0"
7662
7663requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron35884a42024-03-15 15:43:14 +01007664run_test "Not supported version O->m: cli 1.1, srv (1.2)+(1.3)" \
Ronald Cron10797e32024-03-07 08:27:24 +01007665 "$P_SRV" \
7666 "$O_CLI -tls1_1" \
7667 1 \
7668 -s "Handshake protocol not within min/max boundaries" \
7669 -S "Protocol is TLSv1.1"
7670
7671requires_config_enabled MBEDTLS_SSL_SRV_C
7672requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron35884a42024-03-15 15:43:14 +01007673run_test "Not supported version O->m: cli 1.2, srv 1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007674 "$P_SRV" \
7675 "$O_NEXT_CLI -tls1_2" \
7676 1 \
7677 -s "Handshake protocol not within min/max boundaries" \
7678 -S "Protocol is TLSv1.2"
7679
7680requires_config_enabled MBEDTLS_SSL_SRV_C
7681requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007682run_test "Not supported version O->m: cli 1.3, srv 1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007683 "$P_SRV" \
7684 "$O_NEXT_CLI -tls1_3" \
7685 1 \
7686 -S "Handshake protocol not within min/max boundaries" \
7687 -s "The handshake negotiation failed" \
7688 -S "Protocol is TLSv1.3"
7689
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007690requires_config_enabled MBEDTLS_SSL_SRV_C
7691requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7692requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007693run_test "Not supported version O->m: cli 1.2, srv min=1.3" \
Ronald Cron10797e32024-03-07 08:27:24 +01007694 "$P_SRV min_version=tls13" \
7695 "$O_NEXT_CLI -tls1_2" \
7696 1 \
7697 -s "Handshake protocol not within min/max boundaries" \
7698 -S "Protocol is TLSv1.2"
7699
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02007700requires_config_enabled MBEDTLS_SSL_SRV_C
7701requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
7702requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007703run_test "Not supported version O->m: cli 1.3, srv max=1.2" \
Ronald Cron10797e32024-03-07 08:27:24 +01007704 "$P_SRV max_version=tls12" \
7705 "$O_NEXT_CLI -tls1_3" \
7706 1 \
7707 -S "Handshake protocol not within min/max boundaries" \
7708 -s "The handshake negotiation failed" \
7709 -S "Protocol is TLSv1.3"
7710
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007711# Tests of version negotiation on client side against GnuTLS and OpenSSL server
TRodziewicz2abf03c2021-06-25 14:40:09 +02007712
Jerry Yuab082902021-12-23 18:02:22 +08007713requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron35884a42024-03-15 15:43:14 +01007714run_test "Not supported version: srv max TLS 1.0" \
TRodziewicz2abf03c2021-06-25 14:40:09 +02007715 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \
7716 "$P_CLI" \
7717 1 \
7718 -s "Error in protocol version" \
7719 -c "Handshake protocol not within min/max boundaries" \
7720 -S "Version: TLS1.0" \
7721 -C "Protocol is TLSv1.0"
7722
Jerry Yuab082902021-12-23 18:02:22 +08007723requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ronald Cron35884a42024-03-15 15:43:14 +01007724run_test "Not supported version: srv max TLS 1.1" \
TRodziewicz2abf03c2021-06-25 14:40:09 +02007725 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \
7726 "$P_CLI" \
7727 1 \
7728 -s "Error in protocol version" \
7729 -c "Handshake protocol not within min/max boundaries" \
7730 -S "Version: TLS1.1" \
7731 -C "Protocol is TLSv1.1"
7732
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007733requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7734requires_config_enabled MBEDTLS_DEBUG_C
7735requires_config_enabled MBEDTLS_SSL_CLI_C
7736skip_handshake_stage_check
7737requires_gnutls_tls1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007738run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.0" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007739 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \
7740 "$P_CLI debug_level=4" \
7741 1 \
7742 -s "Client's version: 3.3" \
7743 -S "Version: TLS1.0" \
7744 -C "Protocol is TLSv1.0"
7745
7746requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7747requires_config_enabled MBEDTLS_DEBUG_C
7748requires_config_enabled MBEDTLS_SSL_CLI_C
7749skip_handshake_stage_check
7750requires_gnutls_tls1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007751run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.1" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007752 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \
7753 "$P_CLI debug_level=4" \
7754 1 \
7755 -s "Client's version: 3.3" \
7756 -S "Version: TLS1.1" \
7757 -C "Protocol is TLSv1.1"
7758
7759requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7760requires_config_enabled MBEDTLS_DEBUG_C
7761requires_config_enabled MBEDTLS_SSL_CLI_C
7762skip_handshake_stage_check
7763requires_gnutls_tls1_3
Ronald Cron35884a42024-03-15 15:43:14 +01007764run_test "TLS 1.3: Not supported version:gnutls: srv max TLS 1.2" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007765 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \
7766 "$P_CLI force_version=tls13 debug_level=4" \
7767 1 \
7768 -s "Client's version: 3.3" \
7769 -c "is a fatal alert message (msg 40)" \
7770 -S "Version: TLS1.2" \
7771 -C "Protocol is TLSv1.2"
7772
7773requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7774requires_config_enabled MBEDTLS_DEBUG_C
7775requires_config_enabled MBEDTLS_SSL_CLI_C
7776skip_handshake_stage_check
7777requires_openssl_next
Ronald Cron35884a42024-03-15 15:43:14 +01007778run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.0" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007779 "$O_NEXT_SRV -msg -tls1" \
7780 "$P_CLI debug_level=4" \
7781 1 \
7782 -s "fatal protocol_version" \
7783 -c "is a fatal alert message (msg 70)" \
7784 -S "Version: TLS1.0" \
7785 -C "Protocol : TLSv1.0"
7786
7787requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7788requires_config_enabled MBEDTLS_DEBUG_C
7789requires_config_enabled MBEDTLS_SSL_CLI_C
7790skip_handshake_stage_check
7791requires_openssl_next
Ronald Cron35884a42024-03-15 15:43:14 +01007792run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.1" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007793 "$O_NEXT_SRV -msg -tls1_1" \
7794 "$P_CLI debug_level=4" \
7795 1 \
7796 -s "fatal protocol_version" \
7797 -c "is a fatal alert message (msg 70)" \
7798 -S "Version: TLS1.1" \
7799 -C "Protocol : TLSv1.1"
7800
7801requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
7802requires_config_enabled MBEDTLS_DEBUG_C
7803requires_config_enabled MBEDTLS_SSL_CLI_C
7804skip_handshake_stage_check
7805requires_openssl_next
Ronald Cron35884a42024-03-15 15:43:14 +01007806run_test "TLS 1.3: Not supported version:openssl: srv max TLS 1.2" \
Ronald Crona1e7b6a2024-03-06 15:13:49 +01007807 "$O_NEXT_SRV -msg -tls1_2" \
7808 "$P_CLI force_version=tls13 debug_level=4" \
7809 1 \
7810 -s "fatal protocol_version" \
7811 -c "is a fatal alert message (msg 70)" \
7812 -S "Version: TLS1.2" \
7813 -C "Protocol : TLSv1.2"
7814
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007815# Tests for ALPN extension
7816
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007817run_test "ALPN: none" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007818 "$P_SRV debug_level=3" \
7819 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007820 0 \
7821 -C "client hello, adding alpn extension" \
7822 -S "found alpn extension" \
7823 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007824 -S "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007825 -C "found alpn extension " \
7826 -C "Application Layer Protocol is" \
7827 -S "Application Layer Protocol is"
7828
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007829run_test "ALPN: client only" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007830 "$P_SRV debug_level=3" \
7831 "$P_CLI debug_level=3 alpn=abc,1234" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007832 0 \
7833 -c "client hello, adding alpn extension" \
7834 -s "found alpn extension" \
7835 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007836 -S "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007837 -C "found alpn extension " \
7838 -c "Application Layer Protocol is (none)" \
7839 -S "Application Layer Protocol is"
7840
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007841run_test "ALPN: server only" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007842 "$P_SRV debug_level=3 alpn=abc,1234" \
7843 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007844 0 \
7845 -C "client hello, adding alpn extension" \
7846 -S "found alpn extension" \
7847 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007848 -S "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007849 -C "found alpn extension " \
7850 -C "Application Layer Protocol is" \
7851 -s "Application Layer Protocol is (none)"
7852
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007853run_test "ALPN: both, common cli1-srv1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007854 "$P_SRV debug_level=3 alpn=abc,1234" \
7855 "$P_CLI debug_level=3 alpn=abc,1234" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007856 0 \
7857 -c "client hello, adding alpn extension" \
7858 -s "found alpn extension" \
7859 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007860 -s "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007861 -c "found alpn extension" \
7862 -c "Application Layer Protocol is abc" \
7863 -s "Application Layer Protocol is abc"
7864
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007865run_test "ALPN: both, common cli2-srv1" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007866 "$P_SRV debug_level=3 alpn=abc,1234" \
7867 "$P_CLI debug_level=3 alpn=1234,abc" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007868 0 \
7869 -c "client hello, adding alpn extension" \
7870 -s "found alpn extension" \
7871 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007872 -s "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007873 -c "found alpn extension" \
7874 -c "Application Layer Protocol is abc" \
7875 -s "Application Layer Protocol is abc"
7876
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007877run_test "ALPN: both, common cli1-srv2" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007878 "$P_SRV debug_level=3 alpn=abc,1234" \
7879 "$P_CLI debug_level=3 alpn=1234,abcde" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007880 0 \
7881 -c "client hello, adding alpn extension" \
7882 -s "found alpn extension" \
7883 -C "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007884 -s "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007885 -c "found alpn extension" \
7886 -c "Application Layer Protocol is 1234" \
7887 -s "Application Layer Protocol is 1234"
7888
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02007889run_test "ALPN: both, no common" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007890 "$P_SRV debug_level=3 alpn=abc,123" \
7891 "$P_CLI debug_level=3 alpn=1234,abcde" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007892 1 \
7893 -c "client hello, adding alpn extension" \
7894 -s "found alpn extension" \
7895 -c "got an alert message, type: \\[2:120]" \
XiaokangQianacb39922022-06-17 10:18:48 +00007896 -S "server side, adding alpn extension" \
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02007897 -C "found alpn extension" \
7898 -C "Application Layer Protocol is 1234" \
7899 -S "Application Layer Protocol is 1234"
7900
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +02007901
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007902# Tests for keyUsage in leaf certificates, part 1:
7903# server-side certificate/suite selection
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02007904#
7905# This is only about 1.2 (for 1.3, all key exchanges use signatures).
7906# In 4.0 this will probably go away as all TLS 1.2 key exchanges will use
7907# signatures too, following the removal of RSA #8170 and static ECDH #9201.
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007908
Valerio Setti98f348a2025-01-30 12:10:28 +01007909run_test "keyUsage srv 1.2: RSA, digitalSignature -> ECDHE-RSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01007910 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
7911 crt_file=$DATA_FILES_PATH/server2.ku-ds.crt" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007912 "$P_CLI" \
7913 0 \
Valerio Setti98f348a2025-01-30 12:10:28 +01007914 -c "Ciphersuite is TLS-ECDHE-RSA-WITH-"
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007915
Gabor Mezei3ead04a2025-02-27 14:30:35 +01007916run_test "keyUsage srv 1.2: RSA, keyEncipherment -> fail" \
David Horstmann184c4f02024-07-01 17:01:28 +01007917 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
7918 crt_file=$DATA_FILES_PATH/server2.ku-ke.crt" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007919 "$P_CLI" \
Gabor Mezei3ead04a2025-02-27 14:30:35 +01007920 1 \
7921 -C "Ciphersuite is "
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007922
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02007923run_test "keyUsage srv 1.2: RSA, keyAgreement -> fail" \
David Horstmann184c4f02024-07-01 17:01:28 +01007924 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server2.key \
7925 crt_file=$DATA_FILES_PATH/server2.ku-ka.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +02007926 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007927 1 \
7928 -C "Ciphersuite is "
7929
Valerio Settid1f991c2023-02-22 12:54:13 +01007930requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02007931run_test "keyUsage srv 1.2: ECC, digitalSignature -> ECDHE-ECDSA" \
David Horstmann184c4f02024-07-01 17:01:28 +01007932 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
7933 crt_file=$DATA_FILES_PATH/server5.ku-ds.crt" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007934 "$P_CLI" \
7935 0 \
7936 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
7937
7938
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02007939run_test "keyUsage srv 1.2: ECC, keyAgreement -> ECDH-" \
David Horstmann184c4f02024-07-01 17:01:28 +01007940 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
7941 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007942 "$P_CLI" \
7943 0 \
7944 -c "Ciphersuite is TLS-ECDH-"
7945
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02007946run_test "keyUsage srv 1.2: ECC, keyEncipherment -> fail" \
David Horstmann184c4f02024-07-01 17:01:28 +01007947 "$P_SRV force_version=tls12 key_file=$DATA_FILES_PATH/server5.key \
7948 crt_file=$DATA_FILES_PATH/server5.ku-ke.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +02007949 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007950 1 \
7951 -C "Ciphersuite is "
7952
7953# Tests for keyUsage in leaf certificates, part 2:
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02007954# client-side checking of server cert
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007955
Valerio Setti309a7ec2025-01-20 13:07:39 +01007956run_test "keyUsage cli 1.2: DigitalSignature+KeyEncipherment, ECDHE-RSA: OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01007957 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
7958 -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007959 "$P_CLI debug_level=1 \
Valerio Setti309a7ec2025-01-20 13:07:39 +01007960 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007961 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02007962 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007963 -C "Processing of the Certificate handshake message failed" \
7964 -c "Ciphersuite is TLS-"
7965
Valerio Setti309a7ec2025-01-20 13:07:39 +01007966run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01007967 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
7968 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
Manuel Pégourié-Gonnard8e70c2b2024-08-05 12:49:57 +02007969 "$P_CLI debug_level=3 \
Valerio Setti309a7ec2025-01-20 13:07:39 +01007970 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007971 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02007972 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007973 -c "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard8e70c2b2024-08-05 12:49:57 +02007974 -C "Ciphersuite is TLS-" \
7975 -c "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02007976 -c "! Usage does not match the keyUsage extension"
Manuel Pégourié-Gonnard8e70c2b2024-08-05 12:49:57 +02007977 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007978
Valerio Setti309a7ec2025-01-20 13:07:39 +01007979run_test "keyUsage cli 1.2: KeyEncipherment, ECDHE-RSA: fail (soft)" \
David Horstmann184c4f02024-07-01 17:01:28 +01007980 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
7981 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
Manuel Pégourié-Gonnard8e70c2b2024-08-05 12:49:57 +02007982 "$P_CLI debug_level=3 auth_mode=optional \
Valerio Setti309a7ec2025-01-20 13:07:39 +01007983 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnarde6efa6f2015-04-20 11:01:48 +01007984 0 \
7985 -c "bad certificate (usage extensions)" \
7986 -C "Processing of the Certificate handshake message failed" \
7987 -c "Ciphersuite is TLS-" \
Manuel Pégourié-Gonnard8e70c2b2024-08-05 12:49:57 +02007988 -C "send alert level=2 message=43" \
Manuel Pégourié-Gonnarde6efa6f2015-04-20 11:01:48 +01007989 -c "! Usage does not match the keyUsage extension"
7990
Valerio Setti309a7ec2025-01-20 13:07:39 +01007991run_test "keyUsage cli 1.2: DigitalSignature, ECDHE-RSA: OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01007992 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server2.key \
7993 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02007994 "$P_CLI debug_level=1 \
Valerio Setti309a7ec2025-01-20 13:07:39 +01007995 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007996 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02007997 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02007998 -C "Processing of the Certificate handshake message failed" \
7999 -c "Ciphersuite is TLS-"
8000
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008001requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008002requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008003run_test "keyUsage cli 1.3: DigitalSignature, RSA: OK" \
8004 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
8005 -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
8006 "$P_CLI debug_level=3" \
8007 0 \
8008 -C "bad certificate (usage extensions)" \
8009 -C "Processing of the Certificate handshake message failed" \
8010 -c "Ciphersuite is"
8011
8012requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008013requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008014run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008015 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
8016 -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008017 "$P_CLI debug_level=3" \
8018 0 \
8019 -C "bad certificate (usage extensions)" \
8020 -C "Processing of the Certificate handshake message failed" \
8021 -c "Ciphersuite is"
8022
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008023requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008024requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008025run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008026 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
8027 -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008028 "$P_CLI debug_level=3" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008029 1 \
8030 -c "bad certificate (usage extensions)" \
8031 -c "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008032 -C "Ciphersuite is" \
8033 -c "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008034 -c "! Usage does not match the keyUsage extension"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008035 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008036
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008037requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008039run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008040 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server2.key \
8041 -cert $DATA_FILES_PATH/server2-sha256.ku-ka.crt" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008042 "$P_CLI debug_level=3" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008043 1 \
8044 -c "bad certificate (usage extensions)" \
8045 -c "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008046 -C "Ciphersuite is" \
8047 -c "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008048 -c "! Usage does not match the keyUsage extension"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008049 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008050
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008051requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008052requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008053run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008054 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8055 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008056 "$P_CLI debug_level=3" \
8057 0 \
8058 -C "bad certificate (usage extensions)" \
8059 -C "Processing of the Certificate handshake message failed" \
8060 -c "Ciphersuite is"
8061
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008062requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008063requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008064run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008065 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8066 -cert $DATA_FILES_PATH/server5.ku-ke.crt" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008067 "$P_CLI debug_level=3" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008068 1 \
8069 -c "bad certificate (usage extensions)" \
8070 -c "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008071 -C "Ciphersuite is" \
8072 -c "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008073 -c "! Usage does not match the keyUsage extension"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008074 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008075
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008076requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008077requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008078run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008079 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8080 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008081 "$P_CLI debug_level=3" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008082 1 \
8083 -c "bad certificate (usage extensions)" \
8084 -c "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008085 -C "Ciphersuite is" \
8086 -c "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008087 -c "! Usage does not match the keyUsage extension"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008088 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008089
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008090# Tests for keyUsage in leaf certificates, part 3:
8091# server-side checking of client cert
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008092#
8093# Here, both 1.2 and 1.3 only use signatures.
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008094
Jerry Yuab082902021-12-23 18:02:22 +08008095requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008096run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature: OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008097 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008098 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
8099 -cert $DATA_FILES_PATH/server2.ku-ds.crt" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008100 0 \
Ronald Cronf9c13fe2022-06-22 14:35:17 +02008101 -s "Verifying peer X.509 certificate... ok" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008102 -S "bad certificate (usage extensions)" \
8103 -S "Processing of the Certificate handshake message failed"
8104
Jerry Yuab082902021-12-23 18:02:22 +08008105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008106run_test "keyUsage cli-auth 1.2: RSA, DigitalSignature+KeyEncipherment: OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008107 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008108 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008109 -cert $DATA_FILES_PATH/server2.ku-ds_ke.crt" \
8110 0 \
8111 -s "Verifying peer X.509 certificate... ok" \
8112 -S "bad certificate (usage extensions)" \
8113 -S "Processing of the Certificate handshake message failed"
8114
8115requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008116run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (soft)" \
8117 "$P_SRV debug_level=3 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008118 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
8119 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008120 0 \
8121 -s "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008122 -S "send alert level=2 message=43" \
8123 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008124 -S "Processing of the Certificate handshake message failed"
8125
Jerry Yuab082902021-12-23 18:02:22 +08008126requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008127run_test "keyUsage cli-auth 1.2: RSA, KeyEncipherment: fail (hard)" \
8128 "$P_SRV debug_level=3 force_version=tls12 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01008129 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server2.key \
8130 -cert $DATA_FILES_PATH/server2.ku-ke.crt" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008131 1 \
8132 -s "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008133 -s "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008134 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008135 -s "Processing of the Certificate handshake message failed"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008136 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008137
Jerry Yuab082902021-12-23 18:02:22 +08008138requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008139run_test "keyUsage cli-auth 1.2: ECDSA, DigitalSignature: OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008140 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008141 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8142 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008143 0 \
Ronald Cronf9c13fe2022-06-22 14:35:17 +02008144 -s "Verifying peer X.509 certificate... ok" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008145 -S "bad certificate (usage extensions)" \
8146 -S "Processing of the Certificate handshake message failed"
8147
Jerry Yuab082902021-12-23 18:02:22 +08008148requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008149run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (soft)" \
8150 "$P_SRV debug_level=3 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008151 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8152 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008153 0 \
8154 -s "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008155 -S "send alert level=2 message=43" \
8156 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02008157 -S "Processing of the Certificate handshake message failed"
8158
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008159requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
8160run_test "keyUsage cli-auth 1.2: ECDSA, KeyAgreement: fail (hard)" \
8161 "$P_SRV debug_level=3 auth_mode=required" \
8162 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8163 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
8164 1 \
8165 -s "bad certificate (usage extensions)" \
8166 -s "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008167 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008168 -s "Processing of the Certificate handshake message failed"
8169 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
8170
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008171requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008172requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008173run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008174 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008175 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
8176 -cert $DATA_FILES_PATH/server2-sha256.ku-ds.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008177 0 \
Ronald Cronf9c13fe2022-06-22 14:35:17 +02008178 -s "Verifying peer X.509 certificate... ok" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008179 -S "bad certificate (usage extensions)" \
8180 -S "Processing of the Certificate handshake message failed"
8181
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008182requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008183requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard19d6d342024-08-08 12:19:46 +02008184run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature+KeyEncipherment: OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008185 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008186 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008187 -cert $DATA_FILES_PATH/server2-sha256.ku-ds_ke.crt" \
8188 0 \
8189 -s "Verifying peer X.509 certificate... ok" \
8190 -S "bad certificate (usage extensions)" \
8191 -S "Processing of the Certificate handshake message failed"
8192
8193requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008194requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008195run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \
8196 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
8197 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server2.key \
David Horstmann184c4f02024-07-01 17:01:28 +01008198 -cert $DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008199 0 \
8200 -s "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008201 -S "send alert level=2 message=43" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008202 -s "! Usage does not match the keyUsage extension" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008203 -S "Processing of the Certificate handshake message failed"
8204
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008205requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008207run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (hard)" \
8208 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
Manuel Pégourié-Gonnardaeda1fd2024-08-12 09:50:18 +02008209 "$P_CLI key_file=$DATA_FILES_PATH/server2.key \
8210 crt_file=$DATA_FILES_PATH/server2-sha256.ku-ke.crt" \
8211 1 \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008212 -s "bad certificate (usage extensions)" \
8213 -s "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008214 -s "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008215 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008216 -s "! mbedtls_ssl_handshake returned"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008217 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008218
Ronald Crond28f5a92022-06-16 19:27:25 +02008219requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008220requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008221run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008222 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008223 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8224 -cert $DATA_FILES_PATH/server5.ku-ds.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008225 0 \
Ronald Cronf9c13fe2022-06-22 14:35:17 +02008226 -s "Verifying peer X.509 certificate... ok" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008227 -S "bad certificate (usage extensions)" \
8228 -S "Processing of the Certificate handshake message failed"
8229
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008230requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008231requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008232run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008233 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008234 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8235 -cert $DATA_FILES_PATH/server5.ku-ka.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008236 0 \
8237 -s "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008238 -s "! Usage does not match the keyUsage extension" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008239 -S "Processing of the Certificate handshake message failed"
8240
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008241requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008242requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008243run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (hard)" \
8244 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
Manuel Pégourié-Gonnardaeda1fd2024-08-12 09:50:18 +02008245 "$P_CLI key_file=$DATA_FILES_PATH/server5.key \
8246 crt_file=$DATA_FILES_PATH/server5.ku-ka.crt" \
8247 1 \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008248 -s "bad certificate (usage extensions)" \
8249 -s "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard4956e322024-08-08 10:28:56 +02008250 -s "send alert level=2 message=43" \
Manuel Pégourié-Gonnard92a391e2024-08-08 10:56:41 +02008251 -s "! Usage does not match the keyUsage extension" \
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008252 -s "! mbedtls_ssl_handshake returned"
Manuel Pégourié-Gonnard5a4c8f02024-08-06 12:14:04 +02008253 # MBEDTLS_X509_BADCERT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01008254
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008255# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
8256
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008257run_test "extKeyUsage srv: serverAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008258 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
8259 crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008260 "$P_CLI" \
8261 0
8262
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008263run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008264 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
8265 crt_file=$DATA_FILES_PATH/server5.eku-srv.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008266 "$P_CLI" \
8267 0
8268
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008269run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008270 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
8271 crt_file=$DATA_FILES_PATH/server5.eku-cs_any.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008272 "$P_CLI" \
8273 0
8274
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008275run_test "extKeyUsage srv: codeSign -> fail" \
David Horstmann184c4f02024-07-01 17:01:28 +01008276 "$P_SRV key_file=$DATA_FILES_PATH/server5.key \
8277 crt_file=$DATA_FILES_PATH/server5.eku-cli.crt" \
Manuel Pégourié-Gonnard7eb58cb2015-07-07 11:54:14 +02008278 "$P_CLI" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008279 1
8280
8281# Tests for extendedKeyUsage, part 2: client-side checking of server cert
8282
Jerry Yuab082902021-12-23 18:02:22 +08008283requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008284run_test "extKeyUsage cli 1.2: serverAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008285 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
8286 -cert $DATA_FILES_PATH/server5.eku-srv.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008287 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008288 0 \
8289 -C "bad certificate (usage extensions)" \
8290 -C "Processing of the Certificate handshake message failed" \
8291 -c "Ciphersuite is TLS-"
8292
Jerry Yuab082902021-12-23 18:02:22 +08008293requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008294run_test "extKeyUsage cli 1.2: serverAuth,clientAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008295 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
8296 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008297 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008298 0 \
8299 -C "bad certificate (usage extensions)" \
8300 -C "Processing of the Certificate handshake message failed" \
8301 -c "Ciphersuite is TLS-"
8302
Jerry Yuab082902021-12-23 18:02:22 +08008303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008304run_test "extKeyUsage cli 1.2: codeSign,anyEKU -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008305 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
8306 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008307 "$P_CLI debug_level=1" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008308 0 \
8309 -C "bad certificate (usage extensions)" \
8310 -C "Processing of the Certificate handshake message failed" \
8311 -c "Ciphersuite is TLS-"
8312
Jerry Yuab082902021-12-23 18:02:22 +08008313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaitef48bfb02024-08-16 17:18:28 +01008314run_test "extKeyUsage cli 1.2: codeSign -> fail (soft)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008315 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
8316 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Elena Uziunaitef48bfb02024-08-16 17:18:28 +01008317 "$P_CLI debug_level=3 auth_mode=optional" \
8318 0 \
8319 -c "bad certificate (usage extensions)" \
8320 -C "Processing of the Certificate handshake message failed" \
8321 -c "Ciphersuite is TLS-" \
8322 -C "send alert level=2 message=43" \
8323 -c "! Usage does not match the extendedKeyUsage extension"
8324 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
8325
8326requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008327run_test "extKeyUsage cli 1.2: codeSign -> fail (hard)" \
David Horstmanndcf18dd2024-06-11 17:44:00 +01008328 "$O_SRV -tls1_2 -key $DATA_FILES_PATH/server5.key \
8329 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008330 "$P_CLI debug_level=3" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008331 1 \
8332 -c "bad certificate (usage extensions)" \
8333 -c "Processing of the Certificate handshake message failed" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008334 -C "Ciphersuite is TLS-" \
8335 -c "send alert level=2 message=43" \
8336 -c "! Usage does not match the extendedKeyUsage extension"
8337 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008338
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008339requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008341run_test "extKeyUsage cli 1.3: serverAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008342 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8343 -cert $DATA_FILES_PATH/server5.eku-srv.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008344 "$P_CLI debug_level=1" \
8345 0 \
8346 -C "bad certificate (usage extensions)" \
8347 -C "Processing of the Certificate handshake message failed" \
8348 -c "Ciphersuite is"
8349
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008350requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008351requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008352run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008353 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8354 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008355 "$P_CLI debug_level=1" \
8356 0 \
8357 -C "bad certificate (usage extensions)" \
8358 -C "Processing of the Certificate handshake message failed" \
8359 -c "Ciphersuite is"
8360
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008361requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008362requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008363run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \
David Horstmann184c4f02024-07-01 17:01:28 +01008364 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8365 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008366 "$P_CLI debug_level=1" \
8367 0 \
8368 -C "bad certificate (usage extensions)" \
8369 -C "Processing of the Certificate handshake message failed" \
8370 -c "Ciphersuite is"
8371
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008372requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008373requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008374run_test "extKeyUsage cli 1.3: codeSign -> fail (hard)" \
David Horstmann184c4f02024-07-01 17:01:28 +01008375 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key $DATA_FILES_PATH/server5.key \
8376 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008377 "$P_CLI debug_level=3" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008378 1 \
8379 -c "bad certificate (usage extensions)" \
8380 -c "Processing of the Certificate handshake message failed" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008381 -C "Ciphersuite is" \
8382 -c "send alert level=2 message=43" \
8383 -c "! Usage does not match the extendedKeyUsage extension"
8384 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Ronald Crond28f5a92022-06-16 19:27:25 +02008385
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008386# Tests for extendedKeyUsage, part 3: server-side checking of client cert
8387
Jerry Yuab082902021-12-23 18:02:22 +08008388requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008389run_test "extKeyUsage cli-auth 1.2: clientAuth -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008390 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008391 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8392 -cert $DATA_FILES_PATH/server5.eku-cli.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008393 0 \
8394 -S "bad certificate (usage extensions)" \
8395 -S "Processing of the Certificate handshake message failed"
8396
Jerry Yuab082902021-12-23 18:02:22 +08008397requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008398run_test "extKeyUsage cli-auth 1.2: serverAuth,clientAuth -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008399 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008400 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8401 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008402 0 \
8403 -S "bad certificate (usage extensions)" \
8404 -S "Processing of the Certificate handshake message failed"
8405
Jerry Yuab082902021-12-23 18:02:22 +08008406requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008407run_test "extKeyUsage cli-auth 1.2: codeSign,anyEKU -> OK" \
Manuel Pégourié-Gonnard644e8f32014-08-30 21:59:31 +02008408 "$P_SRV debug_level=1 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008409 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8410 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008411 0 \
8412 -S "bad certificate (usage extensions)" \
8413 -S "Processing of the Certificate handshake message failed"
8414
Jerry Yuab082902021-12-23 18:02:22 +08008415requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008416run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (soft)" \
8417 "$P_SRV debug_level=3 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008418 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8419 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008420 0 \
8421 -s "bad certificate (usage extensions)" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008422 -S "send alert level=2 message=43" \
8423 -s "! Usage does not match the extendedKeyUsage extension" \
8424 -S "Processing of the Certificate handshake message failed" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008425
Jerry Yuab082902021-12-23 18:02:22 +08008426requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008427run_test "extKeyUsage cli-auth 1.2: codeSign -> fail (hard)" \
8428 "$P_SRV debug_level=3 auth_mode=required" \
David Horstmann184c4f02024-07-01 17:01:28 +01008429 "$O_CLI -tls1_2 -key $DATA_FILES_PATH/server5.key \
8430 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008431 1 \
8432 -s "bad certificate (usage extensions)" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008433 -s "send alert level=2 message=43" \
8434 -s "! Usage does not match the extendedKeyUsage extension" \
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008435 -s "Processing of the Certificate handshake message failed"
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008436 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02008437
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008438requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008439requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008440run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008441 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008442 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8443 -cert $DATA_FILES_PATH/server5.eku-cli.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008444 0 \
8445 -S "bad certificate (usage extensions)" \
8446 -S "Processing of the Certificate handshake message failed"
8447
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008448requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008450run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008451 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008452 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8453 -cert $DATA_FILES_PATH/server5.eku-srv_cli.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008454 0 \
8455 -S "bad certificate (usage extensions)" \
8456 -S "Processing of the Certificate handshake message failed"
8457
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008458requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008459requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008460run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \
Ronald Cron89ca9772022-10-17 14:56:45 +02008461 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008462 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8463 -cert $DATA_FILES_PATH/server5.eku-cs_any.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008464 0 \
8465 -S "bad certificate (usage extensions)" \
8466 -S "Processing of the Certificate handshake message failed"
8467
Przemek Stekiel8bfe8972023-06-26 12:59:45 +02008468requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008469requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crond28f5a92022-06-16 19:27:25 +02008470run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008471 "$P_SRV debug_level=3 force_version=tls13 auth_mode=optional" \
David Horstmann184c4f02024-07-01 17:01:28 +01008472 "$O_NEXT_CLI_NO_CERT -key $DATA_FILES_PATH/server5.key \
8473 -cert $DATA_FILES_PATH/server5.eku-cs.crt" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008474 0 \
8475 -s "bad certificate (usage extensions)" \
Elena Uziunaite6a04b162024-08-15 15:24:09 +01008476 -S "send alert level=2 message=43" \
8477 -s "! Usage does not match the extendedKeyUsage extension" \
Ronald Crond28f5a92022-06-16 19:27:25 +02008478 -S "Processing of the Certificate handshake message failed"
8479
Elena Uziunaitef48bfb02024-08-16 17:18:28 +01008480requires_openssl_tls1_3_with_compatible_ephemeral
Gilles Peskine7b02c1f2024-09-13 14:15:46 +02008481requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Elena Uziunaitef48bfb02024-08-16 17:18:28 +01008482run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (hard)" \
8483 "$P_SRV debug_level=3 force_version=tls13 auth_mode=required" \
8484 "$P_CLI key_file=$DATA_FILES_PATH/server5.key \
8485 crt_file=$DATA_FILES_PATH/server5.eku-cs.crt" \
8486 1 \
8487 -s "bad certificate (usage extensions)" \
8488 -s "send alert level=2 message=43" \
8489 -s "! Usage does not match the extendedKeyUsage extension" \
8490 -s "Processing of the Certificate handshake message failed"
8491 # MBEDTLS_X509_BADCERT_EXT_KEY_USAGE -> MBEDTLS_SSL_ALERT_MSG_UNSUPPORTED_CERT
8492
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008493# Tests for PSK callback
8494
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008495run_test "PSK callback: psk, no callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008496 "$P_SRV psk=73776f726466697368 psk_identity=foo" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008497 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008498 psk_identity=foo psk=73776f726466697368" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008499 0 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008500 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02008501 -S "SSL - Unknown identity received" \
8502 -S "SSL - Verification of the message MAC failed"
8503
Hanno Beckerf7027512018-10-23 15:27:39 +01008504run_test "PSK callback: opaque psk on client, no callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008505 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008506 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008507 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008508 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008509 -C "session hash for extended master secret"\
8510 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008511 -S "SSL - The handshake negotiation failed" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008512 -S "SSL - Unknown identity received" \
8513 -S "SSL - Verification of the message MAC failed"
8514
Hanno Beckerf7027512018-10-23 15:27:39 +01008515run_test "PSK callback: opaque psk on client, no callback, SHA-384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008516 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008517 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008518 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008519 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008520 -C "session hash for extended master secret"\
8521 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008522 -S "SSL - The handshake negotiation failed" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008523 -S "SSL - Unknown identity received" \
8524 -S "SSL - Verification of the message MAC failed"
8525
Hanno Beckerf7027512018-10-23 15:27:39 +01008526run_test "PSK callback: opaque psk on client, no callback, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008527 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008528 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008529 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008530 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008531 -c "session hash for extended master secret"\
8532 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008533 -S "SSL - The handshake negotiation failed" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008534 -S "SSL - Unknown identity received" \
8535 -S "SSL - Verification of the message MAC failed"
8536
Hanno Beckerf7027512018-10-23 15:27:39 +01008537run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008538 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008539 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008540 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008541 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008542 -c "session hash for extended master secret"\
8543 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008544 -S "SSL - The handshake negotiation failed" \
Hanno Beckerf7027512018-10-23 15:27:39 +01008545 -S "SSL - Unknown identity received" \
8546 -S "SSL - Verification of the message MAC failed"
8547
Przemek Stekielb6a05032022-04-14 10:22:18 +02008548run_test "PSK callback: opaque ecdhe-psk on client, no callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008549 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008550 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008551 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008552 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008553 -C "session hash for extended master secret"\
8554 -S "session hash for extended master secret"\
8555 -S "SSL - The handshake negotiation failed" \
8556 -S "SSL - Unknown identity received" \
8557 -S "SSL - Verification of the message MAC failed"
8558
Przemek Stekielb6a05032022-04-14 10:22:18 +02008559run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008560 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008561 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008562 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008563 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008564 -C "session hash for extended master secret"\
8565 -S "session hash for extended master secret"\
8566 -S "SSL - The handshake negotiation failed" \
8567 -S "SSL - Unknown identity received" \
8568 -S "SSL - Verification of the message MAC failed"
8569
Przemek Stekielb6a05032022-04-14 10:22:18 +02008570run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008571 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008572 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008573 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008574 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008575 -c "session hash for extended master secret"\
8576 -s "session hash for extended master secret"\
8577 -S "SSL - The handshake negotiation failed" \
8578 -S "SSL - Unknown identity received" \
8579 -S "SSL - Verification of the message MAC failed"
8580
Przemek Stekielb6a05032022-04-14 10:22:18 +02008581run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008582 "$P_SRV extended_ms=1 debug_level=3 psk=73776f726466697368 psk_identity=foo" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008583 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008584 psk_identity=foo psk=73776f726466697368 psk_opaque=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008585 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008586 -c "session hash for extended master secret"\
8587 -s "session hash for extended master secret"\
8588 -S "SSL - The handshake negotiation failed" \
8589 -S "SSL - Unknown identity received" \
8590 -S "SSL - Verification of the message MAC failed"
8591
Hanno Becker28c79dc2018-10-26 13:15:08 +01008592run_test "PSK callback: raw psk on client, static opaque on server, no callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008593 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008594 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008595 psk_identity=foo psk=73776f726466697368" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008596 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008597 -C "session hash for extended master secret"\
8598 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008599 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008600 -S "SSL - Unknown identity received" \
8601 -S "SSL - Verification of the message MAC failed"
8602
Hanno Becker28c79dc2018-10-26 13:15:08 +01008603run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008604 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008605 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008606 psk_identity=foo psk=73776f726466697368" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008607 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008608 -C "session hash for extended master secret"\
8609 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008610 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008611 -S "SSL - Unknown identity received" \
8612 -S "SSL - Verification of the message MAC failed"
8613
Hanno Becker28c79dc2018-10-26 13:15:08 +01008614run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008615 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008616 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008617 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008618 psk_identity=foo psk=73776f726466697368 extended_ms=1" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008619 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008620 -c "session hash for extended master secret"\
8621 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008622 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008623 -S "SSL - Unknown identity received" \
8624 -S "SSL - Verification of the message MAC failed"
8625
Hanno Becker28c79dc2018-10-26 13:15:08 +01008626run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008627 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008628 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008629 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008630 psk_identity=foo psk=73776f726466697368 extended_ms=1" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008631 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008632 -c "session hash for extended master secret"\
8633 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008634 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008635 -S "SSL - Unknown identity received" \
8636 -S "SSL - Verification of the message MAC failed"
8637
Przemek Stekielb6a05032022-04-14 10:22:18 +02008638run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008639 "$P_SRV extended_ms=0 debug_level=5 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008640 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008641 psk_identity=foo psk=73776f726466697368" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008642 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008643 -C "session hash for extended master secret"\
8644 -S "session hash for extended master secret"\
8645 -S "SSL - The handshake negotiation failed" \
8646 -S "SSL - Unknown identity received" \
8647 -S "SSL - Verification of the message MAC failed"
8648
Przemek Stekielb6a05032022-04-14 10:22:18 +02008649run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008650 "$P_SRV extended_ms=0 debug_level=1 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008651 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008652 psk_identity=foo psk=73776f726466697368" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008653 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008654 -C "session hash for extended master secret"\
8655 -S "session hash for extended master secret"\
8656 -S "SSL - The handshake negotiation failed" \
8657 -S "SSL - Unknown identity received" \
8658 -S "SSL - Verification of the message MAC failed"
8659
Przemek Stekielb6a05032022-04-14 10:22:18 +02008660run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008661 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008662 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
8663 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008664 psk_identity=foo psk=73776f726466697368 extended_ms=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008665 0 \
8666 -c "session hash for extended master secret"\
8667 -s "session hash for extended master secret"\
Przemek Stekielb6a05032022-04-14 10:22:18 +02008668 -S "SSL - The handshake negotiation failed" \
8669 -S "SSL - Unknown identity received" \
8670 -S "SSL - Verification of the message MAC failed"
8671
Przemek Stekielb6a05032022-04-14 10:22:18 +02008672run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008673 "$P_SRV debug_level=3 psk=73776f726466697368 psk_identity=foo psk_opaque=1 min_version=tls12 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008674 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
8675 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008676 psk_identity=foo psk=73776f726466697368 extended_ms=1" \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008677 0 \
8678 -c "session hash for extended master secret"\
8679 -s "session hash for extended master secret"\
Przemek Stekielb6a05032022-04-14 10:22:18 +02008680 -S "SSL - The handshake negotiation failed" \
8681 -S "SSL - Unknown identity received" \
8682 -S "SSL - Verification of the message MAC failed"
8683
Hanno Becker28c79dc2018-10-26 13:15:08 +01008684run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008685 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
8686 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008687 psk_identity=def psk=beef" \
8688 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008689 -C "session hash for extended master secret"\
8690 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008691 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008692 -S "SSL - Unknown identity received" \
8693 -S "SSL - Verification of the message MAC failed"
8694
Hanno Becker28c79dc2018-10-26 13:15:08 +01008695run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008696 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \
8697 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008698 psk_identity=def psk=beef" \
8699 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008700 -C "session hash for extended master secret"\
8701 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008702 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008703 -S "SSL - Unknown identity received" \
8704 -S "SSL - Verification of the message MAC failed"
8705
Hanno Becker28c79dc2018-10-26 13:15:08 +01008706run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008707 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008708 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008709 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008710 psk_identity=abc psk=dead extended_ms=1" \
8711 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008712 -c "session hash for extended master secret"\
8713 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008714 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008715 -S "SSL - Unknown identity received" \
8716 -S "SSL - Verification of the message MAC failed"
8717
Hanno Becker28c79dc2018-10-26 13:15:08 +01008718run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008719 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008720 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008721 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008722 psk_identity=abc psk=dead extended_ms=1" \
8723 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008724 -c "session hash for extended master secret"\
8725 -s "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008726 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008727 -S "SSL - Unknown identity received" \
8728 -S "SSL - Verification of the message MAC failed"
8729
Przemek Stekielb6a05032022-04-14 10:22:18 +02008730run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \
8731 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \
8732 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
8733 psk_identity=def psk=beef" \
8734 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008735 -C "session hash for extended master secret"\
8736 -S "session hash for extended master secret"\
8737 -S "SSL - The handshake negotiation failed" \
8738 -S "SSL - Unknown identity received" \
8739 -S "SSL - Verification of the message MAC failed"
8740
Przemek Stekielb6a05032022-04-14 10:22:18 +02008741run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \
8742 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \
8743 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
8744 psk_identity=def psk=beef" \
8745 0 \
Przemek Stekielb6a05032022-04-14 10:22:18 +02008746 -C "session hash for extended master secret"\
8747 -S "session hash for extended master secret"\
8748 -S "SSL - The handshake negotiation failed" \
8749 -S "SSL - Unknown identity received" \
8750 -S "SSL - Verification of the message MAC failed"
8751
Przemek Stekielb6a05032022-04-14 10:22:18 +02008752run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \
8753 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
8754 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \
8755 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \
8756 psk_identity=abc psk=dead extended_ms=1" \
8757 0 \
8758 -c "session hash for extended master secret"\
8759 -s "session hash for extended master secret"\
Przemek Stekielb6a05032022-04-14 10:22:18 +02008760 -S "SSL - The handshake negotiation failed" \
8761 -S "SSL - Unknown identity received" \
8762 -S "SSL - Verification of the message MAC failed"
8763
Przemek Stekielb6a05032022-04-14 10:22:18 +02008764run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \
8765 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \
8766 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \
8767 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \
8768 psk_identity=abc psk=dead extended_ms=1" \
8769 0 \
8770 -c "session hash for extended master secret"\
8771 -s "session hash for extended master secret"\
Przemek Stekielb6a05032022-04-14 10:22:18 +02008772 -S "SSL - The handshake negotiation failed" \
8773 -S "SSL - Unknown identity received" \
8774 -S "SSL - Verification of the message MAC failed"
8775
Hanno Becker28c79dc2018-10-26 13:15:08 +01008776run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008777 "$P_SRV extended_ms=0 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008778 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008779 psk_identity=def psk=beef" \
8780 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008781 -C "session hash for extended master secret"\
8782 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008783 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008784 -S "SSL - Unknown identity received" \
8785 -S "SSL - Verification of the message MAC failed"
8786
Hanno Becker28c79dc2018-10-26 13:15:08 +01008787run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008788 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008789 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008790 psk_identity=def psk=beef" \
8791 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008792 -C "session hash for extended master secret"\
8793 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008794 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008795 -S "SSL - Unknown identity received" \
8796 -S "SSL - Verification of the message MAC failed"
8797
Hanno Becker28c79dc2018-10-26 13:15:08 +01008798run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008799 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008800 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008801 psk_identity=def psk=beef" \
8802 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008803 -C "session hash for extended master secret"\
8804 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008805 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008806 -S "SSL - Unknown identity received" \
8807 -S "SSL - Verification of the message MAC failed"
8808
Hanno Becker28c79dc2018-10-26 13:15:08 +01008809run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008810 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=73776f726466697368 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008811 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008812 psk_identity=def psk=beef" \
8813 0 \
Manuel Pégourié-Gonnard8faa70e2019-05-20 12:09:50 +02008814 -C "session hash for extended master secret"\
8815 -S "session hash for extended master secret"\
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008816 -S "SSL - The handshake negotiation failed" \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008817 -S "SSL - Unknown identity received" \
8818 -S "SSL - Verification of the message MAC failed"
8819
Hanno Becker28c79dc2018-10-26 13:15:08 +01008820run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008821 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,73776f726466697368 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00008822 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Hanno Becker28c79dc2018-10-26 13:15:08 +01008823 psk_identity=def psk=beef" \
8824 1 \
8825 -s "SSL - Verification of the message MAC failed"
8826
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008827run_test "PSK callback: no psk, no callback" \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02008828 "$P_SRV" \
8829 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008830 psk_identity=foo psk=73776f726466697368" \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02008831 1 \
Dave Rodgman6ce10be2021-06-29 14:20:31 +01008832 -s "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008833 -S "SSL - Unknown identity received" \
8834 -S "SSL - Verification of the message MAC failed"
8835
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008836run_test "PSK callback: callback overrides other settings" \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008837 "$P_SRV psk=73776f726466697368 psk_identity=foo psk_list=abc,dead,def,beef" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008838 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
Gilles Peskine77c13e62024-04-29 16:09:52 +02008839 psk_identity=foo psk=73776f726466697368" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008840 1 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008841 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008842 -s "SSL - Unknown identity received" \
8843 -S "SSL - Verification of the message MAC failed"
8844
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008845run_test "PSK callback: first id matches" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008846 "$P_SRV psk_list=abc,dead,def,beef" \
8847 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
8848 psk_identity=abc psk=dead" \
8849 0 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008850 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008851 -S "SSL - Unknown identity received" \
8852 -S "SSL - Verification of the message MAC failed"
8853
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008854run_test "PSK callback: second id matches" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008855 "$P_SRV psk_list=abc,dead,def,beef" \
8856 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
8857 psk_identity=def psk=beef" \
8858 0 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008859 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008860 -S "SSL - Unknown identity received" \
8861 -S "SSL - Verification of the message MAC failed"
8862
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008863run_test "PSK callback: no match" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008864 "$P_SRV psk_list=abc,dead,def,beef" \
8865 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
8866 psk_identity=ghi psk=beef" \
8867 1 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008868 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008869 -s "SSL - Unknown identity received" \
8870 -S "SSL - Verification of the message MAC failed"
8871
Manuel Pégourié-Gonnard8e03c712014-08-30 21:42:40 +02008872run_test "PSK callback: wrong key" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008873 "$P_SRV psk_list=abc,dead,def,beef" \
8874 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
8875 psk_identity=abc psk=beef" \
8876 1 \
Dave Rodgmane5b828c2021-06-29 19:05:34 +01008877 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02008878 -S "SSL - Unknown identity received" \
8879 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +02008880
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008881# Tests for EC J-PAKE
8882
Hanno Beckerfa452c42020-08-14 15:42:49 +01008883requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Jerry Yuab082902021-12-23 18:02:22 +08008884requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008885run_test "ECJPAKE: client not configured" \
8886 "$P_SRV debug_level=3" \
8887 "$P_CLI debug_level=3" \
8888 0 \
Hanno Beckeree63af62020-08-14 15:41:23 +01008889 -C "add ciphersuite: 0xc0ff" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008890 -C "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02008891 -S "found ecjpake kkpp extension" \
8892 -S "skip ecjpake kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008893 -S "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +02008894 -S "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +02008895 -C "found ecjpake_kkpp extension" \
Dave Rodgman737237f2021-06-29 19:07:57 +01008896 -S "SSL - The handshake negotiation failed"
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008897
Hanno Beckerfa452c42020-08-14 15:42:49 +01008898requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008899run_test "ECJPAKE: server not configured" \
8900 "$P_SRV debug_level=3" \
8901 "$P_CLI debug_level=3 ecjpake_pw=bla \
8902 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
8903 1 \
Ronald Cron7320e642022-03-08 13:34:49 +01008904 -c "add ciphersuite: c0ff" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008905 -c "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02008906 -s "found ecjpake kkpp extension" \
8907 -s "skip ecjpake kkpp extension" \
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008908 -s "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +02008909 -S "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +02008910 -C "found ecjpake_kkpp extension" \
Dave Rodgman737237f2021-06-29 19:07:57 +01008911 -s "SSL - The handshake negotiation failed"
Manuel Pégourié-Gonnarde511b4e2015-09-16 14:11:09 +02008912
Valerio Settif11e05a2022-12-07 15:41:05 +01008913# Note: if the name of this test is changed, then please adjust the corresponding
8914# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh")
Hanno Beckerfa452c42020-08-14 15:42:49 +01008915requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02008916run_test "ECJPAKE: working, TLS" \
8917 "$P_SRV debug_level=3 ecjpake_pw=bla" \
8918 "$P_CLI debug_level=3 ecjpake_pw=bla \
8919 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
Manuel Pégourié-Gonnard0f1660a2015-09-16 22:41:06 +02008920 0 \
Ronald Cron7320e642022-03-08 13:34:49 +01008921 -c "add ciphersuite: c0ff" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02008922 -c "adding ecjpake_kkpp extension" \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +02008923 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02008924 -s "found ecjpake kkpp extension" \
8925 -S "skip ecjpake kkpp extension" \
8926 -S "ciphersuite mismatch: ecjpake not configured" \
Manuel Pégourié-Gonnard55c7f992015-09-16 15:35:27 +02008927 -s "server hello, ecjpake kkpp extension" \
Manuel Pégourié-Gonnard0a1324a2015-09-16 16:01:00 +02008928 -c "found ecjpake_kkpp extension" \
Dave Rodgman737237f2021-06-29 19:07:57 +01008929 -S "SSL - The handshake negotiation failed" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02008930 -S "SSL - Verification of the message MAC failed"
8931
Valerio Settid572a822022-11-28 18:27:51 +01008932requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Valerio Setti70e02902022-12-02 16:21:56 +01008933run_test "ECJPAKE: opaque password client+server, working, TLS" \
Valerio Settid572a822022-11-28 18:27:51 +01008934 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \
8935 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\
8936 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
8937 0 \
8938 -c "add ciphersuite: c0ff" \
8939 -c "adding ecjpake_kkpp extension" \
Valerio Setti661b9bc2022-11-29 17:19:25 +01008940 -c "using opaque password" \
8941 -s "using opaque password" \
Valerio Settid572a822022-11-28 18:27:51 +01008942 -C "re-using cached ecjpake parameters" \
8943 -s "found ecjpake kkpp extension" \
8944 -S "skip ecjpake kkpp extension" \
8945 -S "ciphersuite mismatch: ecjpake not configured" \
8946 -s "server hello, ecjpake kkpp extension" \
8947 -c "found ecjpake_kkpp extension" \
8948 -S "SSL - The handshake negotiation failed" \
8949 -S "SSL - Verification of the message MAC failed"
8950
Valerio Settif11e05a2022-12-07 15:41:05 +01008951# Note: if the name of this test is changed, then please adjust the corresponding
8952# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh")
Valerio Settib287ddf2022-12-01 16:18:12 +01008953requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Valerio Setti70e02902022-12-02 16:21:56 +01008954run_test "ECJPAKE: opaque password client only, working, TLS" \
Valerio Settib287ddf2022-12-01 16:18:12 +01008955 "$P_SRV debug_level=3 ecjpake_pw=bla" \
8956 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\
8957 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
8958 0 \
8959 -c "add ciphersuite: c0ff" \
8960 -c "adding ecjpake_kkpp extension" \
8961 -c "using opaque password" \
8962 -S "using opaque password" \
8963 -C "re-using cached ecjpake parameters" \
8964 -s "found ecjpake kkpp extension" \
8965 -S "skip ecjpake kkpp extension" \
8966 -S "ciphersuite mismatch: ecjpake not configured" \
8967 -s "server hello, ecjpake kkpp extension" \
8968 -c "found ecjpake_kkpp extension" \
8969 -S "SSL - The handshake negotiation failed" \
8970 -S "SSL - Verification of the message MAC failed"
8971
Valerio Settif11e05a2022-12-07 15:41:05 +01008972# Note: if the name of this test is changed, then please adjust the corresponding
8973# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh")
Valerio Settib287ddf2022-12-01 16:18:12 +01008974requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Valerio Setti70e02902022-12-02 16:21:56 +01008975run_test "ECJPAKE: opaque password server only, working, TLS" \
Valerio Settib287ddf2022-12-01 16:18:12 +01008976 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \
8977 "$P_CLI debug_level=3 ecjpake_pw=bla\
8978 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
8979 0 \
8980 -c "add ciphersuite: c0ff" \
8981 -c "adding ecjpake_kkpp extension" \
8982 -C "using opaque password" \
8983 -s "using opaque password" \
8984 -C "re-using cached ecjpake parameters" \
8985 -s "found ecjpake kkpp extension" \
8986 -S "skip ecjpake kkpp extension" \
8987 -S "ciphersuite mismatch: ecjpake not configured" \
8988 -s "server hello, ecjpake kkpp extension" \
8989 -c "found ecjpake_kkpp extension" \
8990 -S "SSL - The handshake negotiation failed" \
8991 -S "SSL - Verification of the message MAC failed"
8992
Janos Follath74537a62016-09-02 13:45:28 +01008993server_needs_more_time 1
Dave Rodgmanbec7caf2021-06-29 19:05:34 +01008994requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02008995run_test "ECJPAKE: password mismatch, TLS" \
8996 "$P_SRV debug_level=3 ecjpake_pw=bla" \
8997 "$P_CLI debug_level=3 ecjpake_pw=bad \
8998 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
8999 1 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +02009000 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02009001 -s "SSL - Verification of the message MAC failed"
9002
Valerio Settib287ddf2022-12-01 16:18:12 +01009003server_needs_more_time 1
9004requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Valerio Settib287ddf2022-12-01 16:18:12 +01009005run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \
9006 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \
9007 "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \
9008 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
9009 1 \
9010 -c "using opaque password" \
9011 -s "using opaque password" \
9012 -C "re-using cached ecjpake parameters" \
9013 -s "SSL - Verification of the message MAC failed"
9014
Dave Rodgmanbec7caf2021-06-29 19:05:34 +01009015requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02009016run_test "ECJPAKE: working, DTLS" \
9017 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
9018 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
9019 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
9020 0 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +02009021 -c "re-using cached ecjpake parameters" \
9022 -S "SSL - Verification of the message MAC failed"
9023
Dave Rodgmanbec7caf2021-06-29 19:05:34 +01009024requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +02009025run_test "ECJPAKE: working, DTLS, no cookie" \
9026 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \
9027 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \
9028 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
9029 0 \
9030 -C "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02009031 -S "SSL - Verification of the message MAC failed"
9032
Janos Follath74537a62016-09-02 13:45:28 +01009033server_needs_more_time 1
Dave Rodgmanbec7caf2021-06-29 19:05:34 +01009034requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02009035run_test "ECJPAKE: password mismatch, DTLS" \
9036 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \
9037 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \
9038 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
9039 1 \
Manuel Pégourié-Gonnardd0d8cb32015-09-17 14:16:30 +02009040 -c "re-using cached ecjpake parameters" \
Manuel Pégourié-Gonnard921f2d02015-09-16 22:52:18 +02009041 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnardbf57be62015-09-16 15:04:01 +02009042
Manuel Pégourié-Gonnardca700b22015-10-20 14:47:00 +02009043# for tests with configs/config-thread.h
Dave Rodgmanbec7caf2021-06-29 19:05:34 +01009044requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED
Manuel Pégourié-Gonnardca700b22015-10-20 14:47:00 +02009045run_test "ECJPAKE: working, DTLS, nolog" \
9046 "$P_SRV dtls=1 ecjpake_pw=bla" \
9047 "$P_CLI dtls=1 ecjpake_pw=bla \
9048 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \
9049 0
9050
Manuel Pégourié-Gonnard4cc8c632015-07-23 12:24:03 +02009051# Test for ClientHello without extensions
9052
Gilles Peskinefc73aa02024-05-13 21:18:41 +02009053requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Gilles Peskine3b81ea12024-04-29 17:42:52 +02009054requires_gnutls
9055run_test "ClientHello without extensions: PSK" \
9056 "$P_SRV force_version=tls12 debug_level=3 psk=73776f726466697368" \
Valerio Setti98f348a2025-01-30 12:10:28 +01009057 "$G_CLI --priority=NORMAL:+PSK:-RSA:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION --pskusername=Client_identity --pskkey=73776f726466697368 localhost" \
Gilles Peskine3b81ea12024-04-29 17:42:52 +02009058 0 \
9059 -s "Ciphersuite is .*-PSK-.*" \
9060 -S "Ciphersuite is .*-EC.*" \
Gilles Peskine5d2511c2017-05-12 13:16:40 +02009061 -s "dumping 'client hello extensions' (0 bytes)"
9062
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02009063# Tests for mbedtls_ssl_get_bytes_avail()
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02009064
Gilles Peskined2d90af2022-04-06 23:35:56 +02009065# The server first reads buffer_size-1 bytes, then reads the remainder.
Jerry Yuab082902021-12-23 18:02:22 +08009066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +02009067run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
Gilles Peskined2d90af2022-04-06 23:35:56 +02009068 "$P_SRV buffer_size=100" \
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02009069 "$P_CLI request_size=100" \
9070 0 \
9071 -s "Read from client: 100 bytes read$"
9072
Jerry Yuab082902021-12-23 18:02:22 +08009073requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Gilles Peskined2d90af2022-04-06 23:35:56 +02009074run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \
9075 "$P_SRV buffer_size=100" \
9076 "$P_CLI request_size=101" \
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02009077 0 \
Gilles Peskined2d90af2022-04-06 23:35:56 +02009078 -s "Read from client: 101 bytes read (100 + 1)"
9079
9080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
9081requires_max_content_len 200
9082run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \
9083 "$P_SRV buffer_size=100" \
9084 "$P_CLI request_size=200" \
9085 0 \
9086 -s "Read from client: 200 bytes read (100 + 100)"
9087
9088requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
9089run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \
Waleed Elmelegybae705c2024-01-01 14:21:21 +00009090 "$P_SRV buffer_size=100 force_version=tls12" \
Gilles Peskined2d90af2022-04-06 23:35:56 +02009091 "$P_CLI request_size=$MAX_CONTENT_LEN" \
9092 0 \
9093 -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +02009094
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009095# Tests for small client packets
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02009096
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009097run_test "Small client packet TLS 1.2 BlockCipher" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009098 "$P_SRV force_version=tls12" \
9099 "$P_CLI request_size=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009100 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02009101 0 \
9102 -s "Read from client: 1 bytes read"
9103
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009104run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009105 "$P_SRV force_version=tls12" \
9106 "$P_CLI request_size=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009107 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \
Manuel Pégourié-Gonnard169dd6a2014-11-04 16:15:39 +01009108 0 \
9109 -s "Read from client: 1 bytes read"
9110
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009111run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009112 "$P_SRV force_version=tls12" \
9113 "$P_CLI request_size=1 \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +01009114 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02009115 0 \
9116 -s "Read from client: 1 bytes read"
9117
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009118run_test "Small client packet TLS 1.2 AEAD" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009119 "$P_SRV force_version=tls12" \
9120 "$P_CLI request_size=1 \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009121 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02009122 0 \
9123 -s "Read from client: 1 bytes read"
9124
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009125run_test "Small client packet TLS 1.2 AEAD shorter tag" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009126 "$P_SRV force_version=tls12" \
9127 "$P_CLI request_size=1 \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009128 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02009129 0 \
9130 -s "Read from client: 1 bytes read"
9131
Ronald Cron928cbd32022-10-04 16:14:26 +02009132requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009133run_test "Small client packet TLS 1.3 AEAD" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009134 "$P_SRV" \
Ronald Crona4417c12022-06-23 16:06:28 +02009135 "$P_CLI request_size=1 \
9136 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
9137 0 \
9138 -s "Read from client: 1 bytes read"
9139
Ronald Cron928cbd32022-10-04 16:14:26 +02009140requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009141run_test "Small client packet TLS 1.3 AEAD shorter tag" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009142 "$P_SRV" \
Ronald Crona4417c12022-06-23 16:06:28 +02009143 "$P_CLI request_size=1 \
9144 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
9145 0 \
9146 -s "Read from client: 1 bytes read"
9147
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009148# Tests for small client packets in DTLS
Hanno Beckere2148042017-11-10 08:59:18 +00009149
9150requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009151run_test "Small client packet DTLS 1.2" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00009152 "$P_SRV dtls=1 force_version=dtls12" \
Hanno Beckere2148042017-11-10 08:59:18 +00009153 "$P_CLI dtls=1 request_size=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009154 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Hanno Beckere2148042017-11-10 08:59:18 +00009155 0 \
9156 -s "Read from client: 1 bytes read"
9157
9158requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009159run_test "Small client packet DTLS 1.2, without EtM" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00009160 "$P_SRV dtls=1 force_version=dtls12 etm=0" \
Hanno Beckere2148042017-11-10 08:59:18 +00009161 "$P_CLI dtls=1 request_size=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009162 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Hanno Beckere2148042017-11-10 08:59:18 +00009163 0 \
9164 -s "Read from client: 1 bytes read"
9165
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009166# Tests for small server packets
9167
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009168run_test "Small server packet TLS 1.2 BlockCipher" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009169 "$P_SRV response_size=1 force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009170 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009171 0 \
9172 -c "Read from server: 1 bytes read"
9173
9174run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009175 "$P_SRV response_size=1 force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009176 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA etm=0" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009177 0 \
9178 -c "Read from server: 1 bytes read"
9179
9180run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009181 "$P_SRV response_size=1 force_version=tls12" \
9182 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009183 0 \
9184 -c "Read from server: 1 bytes read"
9185
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009186run_test "Small server packet TLS 1.2 AEAD" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009187 "$P_SRV response_size=1 force_version=tls12" \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009188 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009189 0 \
9190 -c "Read from server: 1 bytes read"
9191
9192run_test "Small server packet TLS 1.2 AEAD shorter tag" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009193 "$P_SRV response_size=1 force_version=tls12" \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009194 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009195 0 \
9196 -c "Read from server: 1 bytes read"
9197
Ronald Cron928cbd32022-10-04 16:14:26 +02009198requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009199run_test "Small server packet TLS 1.3 AEAD" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009200 "$P_SRV response_size=1" \
Ronald Crona4417c12022-06-23 16:06:28 +02009201 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
9202 0 \
9203 -c "Read from server: 1 bytes read"
9204
Ronald Cron928cbd32022-10-04 16:14:26 +02009205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009206run_test "Small server packet TLS 1.3 AEAD shorter tag" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009207 "$P_SRV response_size=1" \
Ronald Crona4417c12022-06-23 16:06:28 +02009208 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
9209 0 \
9210 -c "Read from server: 1 bytes read"
9211
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009212# Tests for small server packets in DTLS
9213
9214requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009215run_test "Small server packet DTLS 1.2" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00009216 "$P_SRV dtls=1 response_size=1 force_version=dtls12" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009217 "$P_CLI dtls=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009218 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009219 0 \
9220 -c "Read from server: 1 bytes read"
9221
9222requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
9223run_test "Small server packet DTLS 1.2, without EtM" \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +00009224 "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009225 "$P_CLI dtls=1 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009226 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009227 0 \
9228 -c "Read from server: 1 bytes read"
9229
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009230# Test for large client packets
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009231
Angus Grattonc4dd0732018-04-11 16:28:39 +10009232# How many fragments do we expect to write $1 bytes?
9233fragments_for_write() {
9234 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))"
9235}
9236
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009237run_test "Large client packet TLS 1.2 BlockCipher" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009238 "$P_SRV force_version=tls12" \
9239 "$P_CLI request_size=16384 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009240 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009241 0 \
Angus Grattonc4dd0732018-04-11 16:28:39 +10009242 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
9243 -s "Read from client: $MAX_CONTENT_LEN bytes read"
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009244
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009245run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009246 "$P_SRV force_version=tls12" \
9247 "$P_CLI request_size=16384 etm=0 \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009248 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Hanno Becker278fc7a2017-11-10 09:16:28 +00009249 0 \
Angus Grattonc4dd0732018-04-11 16:28:39 +10009250 -s "Read from client: $MAX_CONTENT_LEN bytes read"
Hanno Becker278fc7a2017-11-10 09:16:28 +00009251
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009252run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009253 "$P_SRV force_version=tls12" \
9254 "$P_CLI request_size=16384 \
Manuel Pégourié-Gonnardc82ee352015-01-07 16:35:25 +01009255 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009256 0 \
Angus Grattonc4dd0732018-04-11 16:28:39 +10009257 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
9258 -s "Read from client: $MAX_CONTENT_LEN bytes read"
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009259
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009260run_test "Large client packet TLS 1.2 AEAD" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009261 "$P_SRV force_version=tls12" \
9262 "$P_CLI request_size=16384 \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009263 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009264 0 \
Angus Grattonc4dd0732018-04-11 16:28:39 +10009265 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
9266 -s "Read from client: $MAX_CONTENT_LEN bytes read"
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009267
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009268run_test "Large client packet TLS 1.2 AEAD shorter tag" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009269 "$P_SRV force_version=tls12" \
9270 "$P_CLI request_size=16384 \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009271 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009272 0 \
Angus Grattonc4dd0732018-04-11 16:28:39 +10009273 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \
9274 -s "Read from client: $MAX_CONTENT_LEN bytes read"
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02009275
Ronald Cron928cbd32022-10-04 16:14:26 +02009276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009277run_test "Large client packet TLS 1.3 AEAD" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009278 "$P_SRV" \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009279 "$P_CLI request_size=16383 \
Ronald Crona4417c12022-06-23 16:06:28 +02009280 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
9281 0 \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009282 -c "16383 bytes written in $(fragments_for_write 16383) fragments" \
9283 -s "Read from client: 16383 bytes read"
Ronald Crona4417c12022-06-23 16:06:28 +02009284
Ronald Cron928cbd32022-10-04 16:14:26 +02009285requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009286run_test "Large client packet TLS 1.3 AEAD shorter tag" \
Ronald Cron50ae84e2023-03-14 08:59:56 +01009287 "$P_SRV" \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009288 "$P_CLI request_size=16383 \
Ronald Crona4417c12022-06-23 16:06:28 +02009289 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
9290 0 \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009291 -c "16383 bytes written in $(fragments_for_write 16383) fragments" \
9292 -s "Read from client: 16383 bytes read"
Ronald Crona4417c12022-06-23 16:06:28 +02009293
Yuto Takanobc87b1d2021-07-08 15:56:33 +01009294# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384.
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009295run_test "Large server packet TLS 1.2 BlockCipher" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009296 "$P_SRV response_size=16384 force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009297 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009298 0 \
9299 -c "Read from server: 16384 bytes read"
9300
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009301run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009302 "$P_SRV response_size=16384 force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009303 "$P_CLI etm=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009304 0 \
9305 -s "16384 bytes written in 1 fragments" \
9306 -c "Read from server: 16384 bytes read"
9307
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009308run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009309 "$P_SRV response_size=16384 force_version=tls12" \
9310 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009311 0 \
9312 -c "Read from server: 16384 bytes read"
9313
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009314run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009315 "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009316 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \
Andrzej Kurekc19fc552018-06-19 09:37:30 -04009317 0 \
9318 -s "16384 bytes written in 1 fragments" \
9319 -c "Read from server: 16384 bytes read"
9320
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009321run_test "Large server packet TLS 1.2 AEAD" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009322 "$P_SRV response_size=16384 force_version=tls12" \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009323 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009324 0 \
9325 -c "Read from server: 16384 bytes read"
9326
9327run_test "Large server packet TLS 1.2 AEAD shorter tag" \
Ronald Cronf3b425b2022-03-17 16:45:09 +01009328 "$P_SRV response_size=16384 force_version=tls12" \
Gabor Mezeidd7c0f12025-02-17 13:42:46 +01009329 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8" \
Andrzej Kurek30e731d2017-10-12 13:50:29 +02009330 0 \
9331 -c "Read from server: 16384 bytes read"
9332
Ronald Cron928cbd32022-10-04 16:14:26 +02009333requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009334run_test "Large server packet TLS 1.3 AEAD" \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009335 "$P_SRV response_size=16383" \
Ronald Crona4417c12022-06-23 16:06:28 +02009336 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \
9337 0 \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009338 -c "Read from server: 16383 bytes read"
Ronald Crona4417c12022-06-23 16:06:28 +02009339
Ronald Cron928cbd32022-10-04 16:14:26 +02009340requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona4417c12022-06-23 16:06:28 +02009341run_test "Large server packet TLS 1.3 AEAD shorter tag" \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009342 "$P_SRV response_size=16383" \
Ronald Crona4417c12022-06-23 16:06:28 +02009343 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \
9344 0 \
Waleed Elmelegyea031832023-12-29 15:36:51 +00009345 -c "Read from server: 16383 bytes read"
Ronald Crona4417c12022-06-23 16:06:28 +02009346
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009347# Tests for restartable ECC
9348
Gilles Peskine4a02cef2021-06-03 11:12:40 +02009349# Force the use of a curve that supports restartable ECC (secp256r1).
9350
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009351requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009352requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009353run_test "EC restart: TLS, default" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009354 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009355 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009356 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009357 debug_level=1" \
9358 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009359 -C "x509_verify_cert.*\(4b00\|-248\)" \
9360 -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
9361 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9362 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009363
9364requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009365requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009366run_test "EC restart: TLS, max_ops=0" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009367 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009368 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009369 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009370 debug_level=1 ec_max_ops=0" \
9371 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009372 -C "x509_verify_cert.*\(4b00\|-248\)" \
9373 -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
9374 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9375 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009376
9377requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009378requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009379run_test "EC restart: TLS, max_ops=65535" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009380 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009381 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009382 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009383 debug_level=1 ec_max_ops=65535" \
9384 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009385 -C "x509_verify_cert.*\(4b00\|-248\)" \
9386 -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
9387 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9388 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009389
Ben Taylor6164e922025-07-16 08:06:28 +01009390# The following test cases for restartable ECDH come in two variants:
9391# * The "(USE_PSA)" variant expects the current behavior, which is the behavior
Ben Taylor8519c3e2025-07-16 08:11:37 +01009392# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is enabled. This tests
Ben Taylor6164e922025-07-16 08:06:28 +01009393# the partial implementation where ECDH in TLS is not actually restartable.
9394# * The "(no USE_PSA)" variant expects the desired behavior. These test
9395# cases cannot currently pass because the implementation of restartable ECC
9396# in TLS is partial: ECDH is not actually restartable. This is the behavior
Ben Taylor8519c3e2025-07-16 08:11:37 +01009397# from Mbed TLS 3.x when MBEDTLS_USE_PSA_CRYPTO is disabled.
Ben Taylor6164e922025-07-16 08:06:28 +01009398#
Ben Taylor07687262025-07-16 08:03:43 +01009399# As part of resolving https://github.com/Mbed-TLS/mbedtls/issues/7294,
9400# we will remove the "(USE_PSA)" test cases and run the "(no USE_PSA)" test
9401# cases.
9402
9403# With USE_PSA disabled we expect full restartable behaviour.
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009404requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009405requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Gilles Peskine005370f2024-10-24 20:21:46 +02009406skip_next_test
Ben Taylor07687262025-07-16 08:03:43 +01009407run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009408 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009409 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009410 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009411 debug_level=1 ec_max_ops=1000" \
9412 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009413 -c "x509_verify_cert.*\(4b00\|-248\)" \
9414 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9415 -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9416 -c "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009417
Ben Taylor07687262025-07-16 08:03:43 +01009418# With USE_PSA enabled we expect only partial restartable behaviour:
9419# everything except ECDH (where TLS calls PSA directly).
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009420requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ben Taylorc454b5b2025-07-30 07:54:31 +01009421requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Ben Taylor07687262025-07-16 08:03:43 +01009422run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009423 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009424 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009425 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009426 debug_level=1 ec_max_ops=1000" \
9427 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009428 -c "x509_verify_cert.*\(4b00\|-248\)" \
9429 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9430 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9431 -c "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009432
Ben Taylor07687262025-07-16 08:03:43 +01009433# This works the same with & without USE_PSA as we never get to ECDH:
9434# we abort as soon as we determined the cert is bad.
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009435requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009436requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009437run_test "EC restart: TLS, max_ops=1000, badsign" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009438 "$P_SRV groups=secp256r1 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +01009439 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
9440 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009441 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009442 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009443 debug_level=1 ec_max_ops=1000" \
9444 1 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009445 -c "x509_verify_cert.*\(4b00\|-248\)" \
9446 -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
9447 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9448 -C "mbedtls_pk_sign.*\(4b00\|-248\)" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009449 -c "! The certificate is not correctly signed by the trusted CA" \
9450 -c "! mbedtls_ssl_handshake returned" \
9451 -c "X509 - Certificate verification failed"
9452
Ben Taylor07687262025-07-16 08:03:43 +01009453# With USE_PSA disabled we expect full restartable behaviour.
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009454requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009455requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Gilles Peskine005370f2024-10-24 20:21:46 +02009456skip_next_test
Ben Taylor07687262025-07-16 08:03:43 +01009457run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009458 "$P_SRV groups=secp256r1 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +01009459 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
9460 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009461 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009462 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009463 debug_level=1 ec_max_ops=1000 auth_mode=optional" \
9464 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009465 -c "x509_verify_cert.*\(4b00\|-248\)" \
9466 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9467 -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9468 -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009469 -c "! The certificate is not correctly signed by the trusted CA" \
9470 -C "! mbedtls_ssl_handshake returned" \
9471 -C "X509 - Certificate verification failed"
9472
Ben Taylor07687262025-07-16 08:03:43 +01009473# With USE_PSA enabled we expect only partial restartable behaviour:
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009474# everything except ECDH (where TLS calls PSA directly).
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009475requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ben Taylorc454b5b2025-07-30 07:54:31 +01009476requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Ben Taylor07687262025-07-16 08:03:43 +01009477run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009478 "$P_SRV groups=secp256r1 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +01009479 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
9480 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009481 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009482 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009483 debug_level=1 ec_max_ops=1000 auth_mode=optional" \
9484 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009485 -c "x509_verify_cert.*\(4b00\|-248\)" \
9486 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9487 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9488 -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009489 -c "! The certificate is not correctly signed by the trusted CA" \
9490 -C "! mbedtls_ssl_handshake returned" \
9491 -C "X509 - Certificate verification failed"
9492
Ben Taylor07687262025-07-16 08:03:43 +01009493# With USE_PSA disabled we expect full restartable behaviour.
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009494requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009495requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Gilles Peskine005370f2024-10-24 20:21:46 +02009496skip_next_test
Ben Taylor07687262025-07-16 08:03:43 +01009497run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009498 "$P_SRV groups=secp256r1 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +01009499 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
9500 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009501 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009502 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009503 debug_level=1 ec_max_ops=1000 auth_mode=none" \
9504 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009505 -C "x509_verify_cert.*\(4b00\|-248\)" \
9506 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9507 -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9508 -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009509 -C "! The certificate is not correctly signed by the trusted CA" \
9510 -C "! mbedtls_ssl_handshake returned" \
9511 -C "X509 - Certificate verification failed"
9512
Ben Taylor07687262025-07-16 08:03:43 +01009513# With USE_PSA enabled we expect only partial restartable behaviour:
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009514# everything except ECDH (where TLS calls PSA directly).
Manuel Pégourié-Gonnard3bf49c42017-08-15 13:47:06 +02009515requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ben Taylorc454b5b2025-07-30 07:54:31 +01009516requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Ben Taylor07687262025-07-16 08:03:43 +01009517run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009518 "$P_SRV groups=secp256r1 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +01009519 crt_file=$DATA_FILES_PATH/server5-badsign.crt \
9520 key_file=$DATA_FILES_PATH/server5.key" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009521 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009522 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009523 debug_level=1 ec_max_ops=1000 auth_mode=none" \
9524 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009525 -C "x509_verify_cert.*\(4b00\|-248\)" \
9526 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9527 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9528 -c "mbedtls_pk_sign.*\(4b00\|-248\)" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009529 -C "! The certificate is not correctly signed by the trusted CA" \
9530 -C "! mbedtls_ssl_handshake returned" \
9531 -C "X509 - Certificate verification failed"
9532
Ben Taylor07687262025-07-16 08:03:43 +01009533# With USE_PSA disabled we expect full restartable behaviour.
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009534requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009535requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Gilles Peskine005370f2024-10-24 20:21:46 +02009536skip_next_test
Ben Taylor07687262025-07-16 08:03:43 +01009537run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009538 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009539 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009540 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009541 dtls=1 debug_level=1 ec_max_ops=1000" \
9542 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009543 -c "x509_verify_cert.*\(4b00\|-248\)" \
9544 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9545 -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9546 -c "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard2350b4e2017-05-16 09:26:48 +02009547
Ben Taylor07687262025-07-16 08:03:43 +01009548# With USE_PSA enabled we expect only partial restartable behaviour:
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009549# everything except ECDH (where TLS calls PSA directly).
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009550requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ben Taylorc454b5b2025-07-30 07:54:31 +01009551requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Ben Taylor07687262025-07-16 08:03:43 +01009552run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009553 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009554 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009555 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009556 dtls=1 debug_level=1 ec_max_ops=1000" \
9557 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009558 -c "x509_verify_cert.*\(4b00\|-248\)" \
9559 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9560 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9561 -c "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009562
Ben Taylor07687262025-07-16 08:03:43 +01009563# With USE_PSA disabled we expect full restartable behaviour.
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009564requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009565requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Gilles Peskine005370f2024-10-24 20:21:46 +02009566skip_next_test
Ben Taylor07687262025-07-16 08:03:43 +01009567run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009568 "$P_SRV groups=secp256r1" \
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009569 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
9570 debug_level=1 ec_max_ops=1000" \
9571 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009572 -c "x509_verify_cert.*\(4b00\|-248\)" \
9573 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9574 -c "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9575 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009576
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +01009577
Ben Taylor07687262025-07-16 08:03:43 +01009578# With USE_PSA enabled we expect only partial restartable behaviour:
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009579# everything except ECDH (where TLS calls PSA directly).
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009580requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ben Taylorc454b5b2025-07-30 07:54:31 +01009581requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Ben Taylor07687262025-07-16 08:03:43 +01009582run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009583 "$P_SRV groups=secp256r1" \
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009584 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
9585 debug_level=1 ec_max_ops=1000" \
9586 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009587 -c "x509_verify_cert.*\(4b00\|-248\)" \
9588 -c "mbedtls_pk_verify.*\(4b00\|-248\)" \
9589 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9590 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard55a188b2022-12-06 12:00:33 +01009591
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +01009592# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no
9593# restartable behaviour at all (not even client auth).
9594# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA,
9595# and all 4 assertions negated.
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009596requires_config_enabled MBEDTLS_ECP_RESTARTABLE
Ronald Cronfbd51572025-07-10 13:19:31 +02009597requires_config_enabled PSA_WANT_ECC_SECP_R1_256
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +01009598run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \
Przemek Stekiel45255e42023-06-29 13:56:36 +02009599 "$P_SRV groups=secp256r1 auth_mode=required" \
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +01009600 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \
David Horstmann184c4f02024-07-01 17:01:28 +01009601 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
Manuel Pégourié-Gonnard2b7ad642022-12-06 10:42:44 +01009602 debug_level=1 ec_max_ops=1000" \
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009603 0 \
Felix Conwaye0ce40b2025-05-19 13:30:42 +01009604 -C "x509_verify_cert.*\(4b00\|-248\)" \
9605 -C "mbedtls_pk_verify.*\(4b00\|-248\)" \
9606 -C "mbedtls_ecdh_make_public.*\(4b00\|-248\)" \
9607 -C "mbedtls_pk_sign.*\(4b00\|-248\)"
Manuel Pégourié-Gonnard32033da2017-05-18 12:49:27 +02009608
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009609# Tests of asynchronous private key support in SSL
9610
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009611requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009612run_test "SSL async private: sign, delay=0" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009613 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009614 async_operations=s async_private_delay1=0 async_private_delay2=0" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009615 "$P_CLI" \
9616 0 \
9617 -s "Async sign callback: using key slot " \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009618 -s "Async resume (slot [0-9]): sign done, status=0"
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009619
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009620requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009621run_test "SSL async private: sign, delay=1" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009622 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009623 async_operations=s async_private_delay1=1 async_private_delay2=1" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009624 "$P_CLI" \
9625 0 \
9626 -s "Async sign callback: using key slot " \
9627 -s "Async resume (slot [0-9]): call 0 more times." \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009628 -s "Async resume (slot [0-9]): sign done, status=0"
9629
Gilles Peskine12d0cc12018-04-26 15:06:56 +02009630requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
9631run_test "SSL async private: sign, delay=2" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009632 "$P_SRV force_version=tls12 \
Gilles Peskine12d0cc12018-04-26 15:06:56 +02009633 async_operations=s async_private_delay1=2 async_private_delay2=2" \
9634 "$P_CLI" \
9635 0 \
9636 -s "Async sign callback: using key slot " \
9637 -U "Async sign callback: using key slot " \
9638 -s "Async resume (slot [0-9]): call 1 more times." \
9639 -s "Async resume (slot [0-9]): call 0 more times." \
9640 -s "Async resume (slot [0-9]): sign done, status=0"
9641
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009642requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Hanno Beckerc5722d12020-10-09 11:10:42 +01009643requires_config_disabled MBEDTLS_X509_REMOVE_INFO
Gilles Peskine807d74a2018-04-30 10:30:49 +02009644run_test "SSL async private: sign, SNI" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009645 "$P_SRV force_version=tls12 debug_level=3 \
Gilles Peskine807d74a2018-04-30 10:30:49 +02009646 async_operations=s async_private_delay1=0 async_private_delay2=0 \
David Horstmann184c4f02024-07-01 17:01:28 +01009647 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
9648 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
Gilles Peskine807d74a2018-04-30 10:30:49 +02009649 "$P_CLI server_name=polarssl.example" \
9650 0 \
9651 -s "Async sign callback: using key slot " \
9652 -s "Async resume (slot [0-9]): sign done, status=0" \
9653 -s "parse ServerName extension" \
9654 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
9655 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
9656
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009657# key1: ECDSA, key2: RSA; use key1 from slot 0
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009658requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009659run_test "SSL async private: slot 0 used with key1" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009660 "$P_SRV \
9661 async_operations=s async_private_delay1=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01009662 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9663 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009664 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
9665 0 \
9666 -s "Async sign callback: using key slot 0," \
9667 -s "Async resume (slot 0): call 0 more times." \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009668 -s "Async resume (slot 0): sign done, status=0"
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009669
9670# key1: ECDSA, key2: RSA; use key2 from slot 0
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009671requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009672run_test "SSL async private: slot 0 used with key2" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009673 "$P_SRV \
9674 async_operations=s async_private_delay2=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01009675 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9676 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009677 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
9678 0 \
9679 -s "Async sign callback: using key slot 0," \
9680 -s "Async resume (slot 0): call 0 more times." \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009681 -s "Async resume (slot 0): sign done, status=0"
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009682
9683# key1: ECDSA, key2: RSA; use key2 from slot 1
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009684requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskinead28bf02018-04-26 00:19:16 +02009685run_test "SSL async private: slot 1 used with key2" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009686 "$P_SRV \
Gilles Peskine168dae82018-04-25 23:35:42 +02009687 async_operations=s async_private_delay1=1 async_private_delay2=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01009688 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9689 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009690 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
9691 0 \
9692 -s "Async sign callback: using key slot 1," \
9693 -s "Async resume (slot 1): call 0 more times." \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009694 -s "Async resume (slot 1): sign done, status=0"
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009695
9696# key1: ECDSA, key2: RSA; use key2 directly
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009697requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009698run_test "SSL async private: fall back to transparent key" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009699 "$P_SRV \
9700 async_operations=s async_private_delay1=1 \
David Horstmann184c4f02024-07-01 17:01:28 +01009701 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9702 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt " \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009703 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
9704 0 \
9705 -s "Async sign callback: no key matches this certificate."
9706
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009707requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine725f1cb2018-06-12 15:06:40 +02009708run_test "SSL async private: sign, error in start" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009709 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009710 async_operations=s async_private_delay1=1 async_private_delay2=1 \
9711 async_private_error=1" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009712 "$P_CLI" \
9713 1 \
9714 -s "Async sign callback: injected error" \
9715 -S "Async resume" \
Gilles Peskine37289cd2018-04-27 11:50:14 +02009716 -S "Async cancel" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009717 -s "! mbedtls_ssl_handshake returned"
9718
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009719requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine725f1cb2018-06-12 15:06:40 +02009720run_test "SSL async private: sign, cancel after start" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009721 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009722 async_operations=s async_private_delay1=1 async_private_delay2=1 \
9723 async_private_error=2" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009724 "$P_CLI" \
9725 1 \
9726 -s "Async sign callback: using key slot " \
9727 -S "Async resume" \
9728 -s "Async cancel"
9729
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009730requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine725f1cb2018-06-12 15:06:40 +02009731run_test "SSL async private: sign, error in resume" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009732 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009733 async_operations=s async_private_delay1=1 async_private_delay2=1 \
9734 async_private_error=3" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009735 "$P_CLI" \
9736 1 \
9737 -s "Async sign callback: using key slot " \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009738 -s "Async resume callback: sign done but injected error" \
Gilles Peskine37289cd2018-04-27 11:50:14 +02009739 -S "Async cancel" \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009740 -s "! mbedtls_ssl_handshake returned"
9741
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009742requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009743run_test "SSL async private: cancel after start then operate correctly" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009744 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009745 async_operations=s async_private_delay1=1 async_private_delay2=1 \
9746 async_private_error=-2" \
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009747 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
9748 0 \
9749 -s "Async cancel" \
9750 -s "! mbedtls_ssl_handshake returned" \
9751 -s "Async resume" \
9752 -s "Successful connection"
9753
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009754requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009755run_test "SSL async private: error in resume then operate correctly" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009756 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009757 async_operations=s async_private_delay1=1 async_private_delay2=1 \
9758 async_private_error=-3" \
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009759 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \
9760 0 \
9761 -s "! mbedtls_ssl_handshake returned" \
9762 -s "Async resume" \
9763 -s "Successful connection"
9764
9765# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009766requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Valerio Setti3f2309f2023-02-23 13:47:30 +01009767# Note: the function "detect_required_features()" is not able to detect more than
9768# one "force_ciphersuite" per client/server and it only picks the 2nd one.
9769# Therefore the 1st one is added explicitly here
Valerio Settid1f991c2023-02-22 12:54:13 +01009770requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009771run_test "SSL async private: cancel after start then fall back to transparent key" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009772 "$P_SRV \
9773 async_operations=s async_private_delay1=1 async_private_error=-2 \
David Horstmann184c4f02024-07-01 17:01:28 +01009774 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9775 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009776 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
9777 [ \$? -eq 1 ] &&
9778 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
9779 0 \
Gilles Peskinededa75a2018-04-30 10:02:45 +02009780 -s "Async sign callback: using key slot 0" \
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009781 -S "Async resume" \
9782 -s "Async cancel" \
9783 -s "! mbedtls_ssl_handshake returned" \
9784 -s "Async sign callback: no key matches this certificate." \
9785 -s "Successful connection"
9786
9787# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009788requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Valerio Setti3f2309f2023-02-23 13:47:30 +01009789# Note: the function "detect_required_features()" is not able to detect more than
9790# one "force_ciphersuite" per client/server and it only picks the 2nd one.
9791# Therefore the 1st one is added explicitly here
Valerio Settid1f991c2023-02-22 12:54:13 +01009792requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
Gilles Peskine725f1cb2018-06-12 15:06:40 +02009793run_test "SSL async private: sign, error in resume then fall back to transparent key" \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009794 "$P_SRV \
9795 async_operations=s async_private_delay1=1 async_private_error=-3 \
David Horstmann184c4f02024-07-01 17:01:28 +01009796 key_file=$DATA_FILES_PATH/server5.key crt_file=$DATA_FILES_PATH/server5.crt \
9797 key_file2=$DATA_FILES_PATH/server2.key crt_file2=$DATA_FILES_PATH/server2.crt" \
Gilles Peskine60ee4ca2018-01-08 11:28:05 +01009798 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256;
9799 [ \$? -eq 1 ] &&
9800 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \
9801 0 \
9802 -s "Async resume" \
9803 -s "! mbedtls_ssl_handshake returned" \
9804 -s "Async sign callback: no key matches this certificate." \
9805 -s "Successful connection"
9806
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009807requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009808requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Gilles Peskine654bab72019-09-16 15:19:20 +02009809run_test "SSL async private: renegotiation: client-initiated, sign" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009810 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009811 async_operations=s async_private_delay1=1 async_private_delay2=1 \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009812 exchanges=2 renegotiation=1" \
9813 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \
9814 0 \
9815 -s "Async sign callback: using key slot " \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009816 -s "Async resume (slot [0-9]): sign done, status=0"
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009817
Gilles Peskineb74a1c72018-04-24 13:09:22 +02009818requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009819requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Gilles Peskine654bab72019-09-16 15:19:20 +02009820run_test "SSL async private: renegotiation: server-initiated, sign" \
Ronald Cronfd4c6af2023-03-11 10:46:01 +01009821 "$P_SRV force_version=tls12 \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009822 async_operations=s async_private_delay1=1 async_private_delay2=1 \
Gilles Peskine3665f1d2018-01-05 21:22:12 +01009823 exchanges=2 renegotiation=1 renegotiate=1" \
9824 "$P_CLI exchanges=2 renegotiation=1" \
9825 0 \
9826 -s "Async sign callback: using key slot " \
Gilles Peskinefcca9d82018-01-12 13:47:48 +01009827 -s "Async resume (slot [0-9]): sign done, status=0"
9828
Ron Eldor58093c82018-06-28 13:22:05 +03009829# Tests for ECC extensions (rfc 4492)
9830
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04009831requires_hash_alg SHA_256
Gabor Mezeifc42c222025-02-05 17:28:03 +01009832requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Ron Eldor58093c82018-06-28 13:22:05 +03009833run_test "Force a non ECC ciphersuite in the client side" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009834 "$P_SRV debug_level=3 psk=73776f726466697368" \
9835 "$P_CLI debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \
Ron Eldor58093c82018-06-28 13:22:05 +03009836 0 \
Jerry Yu136320b2021-12-21 17:09:00 +08009837 -C "client hello, adding supported_groups extension" \
Ron Eldor58093c82018-06-28 13:22:05 +03009838 -C "client hello, adding supported_point_formats extension" \
9839 -S "found supported elliptic curves extension" \
9840 -S "found supported point formats extension"
9841
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04009842requires_hash_alg SHA_256
Gabor Mezeifc42c222025-02-05 17:28:03 +01009843requires_config_enabled MBEDTLS_KEY_EXCHANGE_PSK_ENABLED
Ron Eldor58093c82018-06-28 13:22:05 +03009844run_test "Force a non ECC ciphersuite in the server side" \
Gabor Mezeifc42c222025-02-05 17:28:03 +01009845 "$P_SRV debug_level=3 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA256" \
9846 "$P_CLI debug_level=3 psk=73776f726466697368" \
Ron Eldor58093c82018-06-28 13:22:05 +03009847 0 \
9848 -C "found supported_point_formats extension" \
9849 -S "server hello, supported_point_formats extension"
9850
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04009851requires_hash_alg SHA_256
Ron Eldor58093c82018-06-28 13:22:05 +03009852run_test "Force an ECC ciphersuite in the client side" \
9853 "$P_SRV debug_level=3" \
9854 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
9855 0 \
Jerry Yu136320b2021-12-21 17:09:00 +08009856 -c "client hello, adding supported_groups extension" \
Ron Eldor58093c82018-06-28 13:22:05 +03009857 -c "client hello, adding supported_point_formats extension" \
9858 -s "found supported elliptic curves extension" \
9859 -s "found supported point formats extension"
9860
Andrzej Kurek934e9cd2022-09-05 14:44:46 -04009861requires_hash_alg SHA_256
Ron Eldor58093c82018-06-28 13:22:05 +03009862run_test "Force an ECC ciphersuite in the server side" \
9863 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \
9864 "$P_CLI debug_level=3" \
9865 0 \
9866 -c "found supported_point_formats extension" \
9867 -s "server hello, supported_point_formats extension"
9868
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009869# Tests for DTLS HelloVerifyRequest
9870
Jerry Yuab082902021-12-23 18:02:22 +08009871requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009872run_test "DTLS cookie: enabled" \
9873 "$P_SRV dtls=1 debug_level=2" \
9874 "$P_CLI dtls=1 debug_level=2" \
9875 0 \
9876 -s "cookie verification failed" \
9877 -s "cookie verification passed" \
9878 -S "cookie verification skipped" \
9879 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +02009880 -s "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009881 -S "SSL - The requested feature is not available"
9882
Jerry Yuab082902021-12-23 18:02:22 +08009883requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009884run_test "DTLS cookie: disabled" \
9885 "$P_SRV dtls=1 debug_level=2 cookies=0" \
9886 "$P_CLI dtls=1 debug_level=2" \
9887 0 \
9888 -S "cookie verification failed" \
9889 -S "cookie verification passed" \
9890 -s "cookie verification skipped" \
9891 -C "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +02009892 -S "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009893 -S "SSL - The requested feature is not available"
9894
Jerry Yuab082902021-12-23 18:02:22 +08009895requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +02009896run_test "DTLS cookie: default (failing)" \
9897 "$P_SRV dtls=1 debug_level=2 cookies=-1" \
9898 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \
9899 1 \
9900 -s "cookie verification failed" \
9901 -S "cookie verification passed" \
9902 -S "cookie verification skipped" \
9903 -C "received hello verify request" \
9904 -S "hello verification requested" \
9905 -s "SSL - The requested feature is not available"
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009906
9907requires_ipv6
Jerry Yuab082902021-12-23 18:02:22 +08009908requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009909run_test "DTLS cookie: enabled, IPv6" \
9910 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \
9911 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \
9912 0 \
9913 -s "cookie verification failed" \
9914 -s "cookie verification passed" \
9915 -S "cookie verification skipped" \
9916 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +02009917 -s "hello verification requested" \
Manuel Pégourié-Gonnard0eb6cab2014-07-23 20:17:47 +02009918 -S "SSL - The requested feature is not available"
9919
Jerry Yuab082902021-12-23 18:02:22 +08009920requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard579950c2014-09-29 17:47:33 +02009921run_test "DTLS cookie: enabled, nbio" \
9922 "$P_SRV dtls=1 nbio=2 debug_level=2" \
9923 "$P_CLI dtls=1 nbio=2 debug_level=2" \
9924 0 \
9925 -s "cookie verification failed" \
9926 -s "cookie verification passed" \
9927 -S "cookie verification skipped" \
9928 -c "received hello verify request" \
Manuel Pégourié-Gonnardcaecdae2014-10-13 19:04:37 +02009929 -s "hello verification requested" \
Manuel Pégourié-Gonnard579950c2014-09-29 17:47:33 +02009930 -S "SSL - The requested feature is not available"
9931
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009932# Tests for client reconnecting from the same port with DTLS
9933
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009934not_with_valgrind # spurious resend
Jerry Yuab082902021-12-23 18:02:22 +08009935requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009936run_test "DTLS client reconnect from same port: reference" \
Manuel Pégourié-Gonnardb6929892019-09-09 11:14:37 +02009937 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
9938 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009939 0 \
9940 -C "resend" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009941 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009942 -S "Client initiated reconnection from same port"
9943
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009944not_with_valgrind # spurious resend
Jerry Yuab082902021-12-23 18:02:22 +08009945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009946run_test "DTLS client reconnect from same port: reconnect" \
Manuel Pégourié-Gonnardb6929892019-09-09 11:14:37 +02009947 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \
9948 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009949 0 \
9950 -C "resend" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009951 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009952 -s "Client initiated reconnection from same port"
9953
Paul Bakker362689d2016-05-13 10:33:25 +01009954not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts)
Jerry Yuab082902021-12-23 18:02:22 +08009955requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakker362689d2016-05-13 10:33:25 +01009956run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009957 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \
9958 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009959 0 \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009960 -S "The operation timed out" \
Manuel Pégourié-Gonnardd745a1a2015-09-08 12:40:43 +02009961 -s "Client initiated reconnection from same port"
9962
Paul Bakker362689d2016-05-13 10:33:25 +01009963only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout
Jerry Yuab082902021-12-23 18:02:22 +08009964requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Paul Bakker362689d2016-05-13 10:33:25 +01009965run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \
9966 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \
9967 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \
9968 0 \
9969 -S "The operation timed out" \
9970 -s "Client initiated reconnection from same port"
9971
Jerry Yuab082902021-12-23 18:02:22 +08009972requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009973run_test "DTLS client reconnect from same port: no cookies" \
9974 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \
Manuel Pégourié-Gonnard6ad23b92015-09-15 12:57:46 +02009975 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \
9976 0 \
Manuel Pégourié-Gonnard259db912015-09-09 11:37:17 +02009977 -s "The operation timed out" \
9978 -S "Client initiated reconnection from same port"
9979
Jerry Yuab082902021-12-23 18:02:22 +08009980requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardbaad2de2020-03-13 11:11:02 +01009981run_test "DTLS client reconnect from same port: attacker-injected" \
9982 -p "$P_PXY inject_clihlo=1" \
9983 "$P_SRV dtls=1 exchanges=2 debug_level=1" \
9984 "$P_CLI dtls=1 exchanges=2" \
9985 0 \
9986 -s "possible client reconnect from the same port" \
9987 -S "Client initiated reconnection from same port"
9988
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +02009989# Tests for various cases of client authentication with DTLS
9990# (focused on handshake flows and message parsing)
9991
Jerry Yuab082902021-12-23 18:02:22 +08009992requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +02009993run_test "DTLS client auth: required" \
9994 "$P_SRV dtls=1 auth_mode=required" \
9995 "$P_CLI dtls=1" \
9996 0 \
9997 -s "Verifying peer X.509 certificate... ok"
9998
Jerry Yuab082902021-12-23 18:02:22 +08009999requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +020010000run_test "DTLS client auth: optional, client has no cert" \
10001 "$P_SRV dtls=1 auth_mode=optional" \
10002 "$P_CLI dtls=1 crt_file=none key_file=none" \
10003 0 \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +010010004 -s "! Certificate was missing"
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +020010005
Jerry Yuab082902021-12-23 18:02:22 +080010006requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +010010007run_test "DTLS client auth: none, client has no cert" \
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +020010008 "$P_SRV dtls=1 auth_mode=none" \
10009 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \
10010 0 \
10011 -c "skip write certificate$" \
Manuel Pégourié-Gonnard89addc42015-04-20 10:56:18 +010010012 -s "! Certificate verification was skipped"
Manuel Pégourié-Gonnard08a1d4b2014-09-26 10:35:50 +020010013
Manuel Pégourié-Gonnard0a885742015-08-04 12:08:35 +020010014run_test "DTLS wrong PSK: badmac alert" \
Gilles Peskine77c13e62024-04-29 16:09:52 +020010015 "$P_SRV dtls=1 psk=73776f726466697368 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \
Gilles Peskinef9f3d212024-05-13 21:06:26 +020010016 "$P_CLI dtls=1 psk=73776f726466697374" \
Manuel Pégourié-Gonnard0a885742015-08-04 12:08:35 +020010017 1 \
10018 -s "SSL - Verification of the message MAC failed" \
10019 -c "SSL - A fatal alert message was received from our peer"
10020
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +020010021# Tests for receiving fragmented handshake messages with DTLS
10022
10023requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080010024requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +020010025run_test "DTLS reassembly: no fragmentation (gnutls server)" \
10026 "$G_SRV -u --mtu 2048 -a" \
10027 "$P_CLI dtls=1 debug_level=2" \
10028 0 \
10029 -C "found fragmented DTLS handshake message" \
10030 -C "error"
10031
10032requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080010033requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +020010034run_test "DTLS reassembly: some fragmentation (gnutls server)" \
10035 "$G_SRV -u --mtu 512" \
10036 "$P_CLI dtls=1 debug_level=2" \
10037 0 \
10038 -c "found fragmented DTLS handshake message" \
10039 -C "error"
10040
10041requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080010042requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +020010043run_test "DTLS reassembly: more fragmentation (gnutls server)" \
10044 "$G_SRV -u --mtu 128" \
10045 "$P_CLI dtls=1 debug_level=2" \
10046 0 \
10047 -c "found fragmented DTLS handshake message" \
10048 -C "error"
10049
10050requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080010051requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard502bf302014-08-20 13:12:58 +020010052run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \
10053 "$G_SRV -u --mtu 128" \
10054 "$P_CLI dtls=1 nbio=2 debug_level=2" \
10055 0 \
10056 -c "found fragmented DTLS handshake message" \
10057 -C "error"
10058
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +020010059requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +010010060requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +080010061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +020010062run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \
10063 "$G_SRV -u --mtu 256" \
10064 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \
10065 0 \
10066 -c "found fragmented DTLS handshake message" \
10067 -c "client hello, adding renegotiation extension" \
10068 -c "found renegotiation extension" \
10069 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020010070 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +020010071 -C "error" \
10072 -s "Extra-header:"
10073
10074requires_gnutls
Hanno Becker6a243642017-10-12 15:18:45 +010010075requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Jerry Yuab082902021-12-23 18:02:22 +080010076requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +020010077run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \
10078 "$G_SRV -u --mtu 256" \
10079 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \
10080 0 \
10081 -c "found fragmented DTLS handshake message" \
10082 -c "client hello, adding renegotiation extension" \
10083 -c "found renegotiation extension" \
10084 -c "=> renegotiate" \
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020010085 -C "mbedtls_ssl_handshake returned" \
Manuel Pégourié-Gonnard0c4cbc72014-09-02 14:47:31 +020010086 -C "error" \
10087 -s "Extra-header:"
10088
Jerry Yuab082902021-12-23 18:02:22 +080010089requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020010090run_test "DTLS reassembly: no fragmentation (openssl server)" \
10091 "$O_SRV -dtls -mtu 2048" \
10092 "$P_CLI dtls=1 debug_level=2" \
10093 0 \
10094 -C "found fragmented DTLS handshake message" \
10095 -C "error"
10096
Jerry Yuab082902021-12-23 18:02:22 +080010097requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020010098run_test "DTLS reassembly: some fragmentation (openssl server)" \
Valerio Setti6ba247c2023-03-14 17:13:43 +010010099 "$O_SRV -dtls -mtu 256" \
TRodziewicz4ca18aa2021-05-20 14:46:20 +020010100 "$P_CLI dtls=1 debug_level=2" \
10101 0 \
10102 -c "found fragmented DTLS handshake message" \
10103 -C "error"
10104
Jerry Yuab082902021-12-23 18:02:22 +080010105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020010106run_test "DTLS reassembly: more fragmentation (openssl server)" \
10107 "$O_SRV -dtls -mtu 256" \
10108 "$P_CLI dtls=1 debug_level=2" \
10109 0 \
10110 -c "found fragmented DTLS handshake message" \
10111 -C "error"
10112
Jerry Yuab082902021-12-23 18:02:22 +080010113requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020010114run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \
10115 "$O_SRV -dtls -mtu 256" \
10116 "$P_CLI dtls=1 nbio=2 debug_level=2" \
10117 0 \
10118 -c "found fragmented DTLS handshake message" \
10119 -C "error"
10120
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010121# Tests for sending fragmented handshake messages with DTLS
10122#
10123# Use client auth when we need the client to send large messages,
10124# and use large cert chains on both sides too (the long chains we have all use
10125# both RSA and ECDSA, but ideally we should have long chains with either).
10126# Sizes reached (UDP payload):
10127# - 2037B for server certificate
10128# - 1542B for client certificate
10129# - 1013B for newsessionticket
10130# - all others below 512B
10131# All those tests assume MAX_CONTENT_LEN is at least 2048
10132
10133requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010134requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010135requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010136requires_max_content_len 4096
Jerry Yuab082902021-12-23 18:02:22 +080010137requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010138run_test "DTLS fragmenting: none (for reference)" \
10139 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010140 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10141 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010142 hs_timeout=2500-60000 \
Hanno Becker12405e72018-08-13 16:45:46 +010010143 max_frag_len=4096" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010144 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010145 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10146 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010147 hs_timeout=2500-60000 \
Hanno Becker12405e72018-08-13 16:45:46 +010010148 max_frag_len=4096" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010149 0 \
10150 -S "found fragmented DTLS handshake message" \
10151 -C "found fragmented DTLS handshake message" \
10152 -C "error"
10153
10154requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010155requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010156requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010157requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010159run_test "DTLS fragmenting: server only (max_frag_len)" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010160 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010161 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10162 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010163 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010164 max_frag_len=1024" \
10165 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010166 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10167 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010168 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010169 max_frag_len=2048" \
10170 0 \
10171 -S "found fragmented DTLS handshake message" \
10172 -c "found fragmented DTLS handshake message" \
10173 -C "error"
10174
Hanno Becker69ca0ad2018-08-24 12:11:35 +010010175# With the MFL extension, the server has no way of forcing
10176# the client to not exceed a certain MTU; hence, the following
10177# test can't be replicated with an MTU proxy such as the one
10178# `client-initiated, server only (max_frag_len)` below.
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010179requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010180requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010181requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010182requires_max_content_len 4096
Jerry Yuab082902021-12-23 18:02:22 +080010183requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010184run_test "DTLS fragmenting: server only (more) (max_frag_len)" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010185 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010186 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10187 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010188 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010189 max_frag_len=512" \
10190 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010191 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10192 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010193 hs_timeout=2500-60000 \
Hanno Becker69ca0ad2018-08-24 12:11:35 +010010194 max_frag_len=4096" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010195 0 \
10196 -S "found fragmented DTLS handshake message" \
10197 -c "found fragmented DTLS handshake message" \
10198 -C "error"
10199
10200requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010201requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010202requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010203requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010204requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010205run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010206 "$P_SRV dtls=1 debug_level=2 auth_mode=none \
David Horstmann184c4f02024-07-01 17:01:28 +010010207 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10208 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010209 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010210 max_frag_len=2048" \
10211 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010212 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10213 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010214 hs_timeout=2500-60000 \
10215 max_frag_len=1024" \
10216 0 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010217 -S "found fragmented DTLS handshake message" \
10218 -c "found fragmented DTLS handshake message" \
10219 -C "error"
10220
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010221# While not required by the standard defining the MFL extension
10222# (according to which it only applies to records, not to datagrams),
10223# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
10224# as otherwise there wouldn't be any means to communicate MTU restrictions
10225# to the peer.
10226# The next test checks that no datagrams significantly larger than the
10227# negotiated MFL are sent.
10228requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010229requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010230requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010231requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010233run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \
Andrzej Kurek0fc9cf42018-10-09 03:09:41 -040010234 -p "$P_PXY mtu=1110" \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010235 "$P_SRV dtls=1 debug_level=2 auth_mode=none \
David Horstmann184c4f02024-07-01 17:01:28 +010010236 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10237 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010238 hs_timeout=2500-60000 \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010239 max_frag_len=2048" \
10240 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010241 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10242 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010243 hs_timeout=2500-60000 \
10244 max_frag_len=1024" \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010245 0 \
10246 -S "found fragmented DTLS handshake message" \
10247 -c "found fragmented DTLS handshake message" \
10248 -C "error"
10249
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010250requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010251requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010252requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010253requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010255run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010256 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010257 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10258 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010259 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010260 max_frag_len=2048" \
10261 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010262 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10263 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010264 hs_timeout=2500-60000 \
10265 max_frag_len=1024" \
Manuel Pégourié-Gonnard2cb17e22017-09-19 13:00:47 +020010266 0 \
10267 -s "found fragmented DTLS handshake message" \
10268 -c "found fragmented DTLS handshake message" \
10269 -C "error"
10270
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010271# While not required by the standard defining the MFL extension
10272# (according to which it only applies to records, not to datagrams),
10273# Mbed TLS will never send datagrams larger than MFL + { Max record expansion },
10274# as otherwise there wouldn't be any means to communicate MTU restrictions
10275# to the peer.
10276# The next test checks that no datagrams significantly larger than the
10277# negotiated MFL are sent.
10278requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010279requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010280requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010281requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010283run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \
Andrzej Kurek0fc9cf42018-10-09 03:09:41 -040010284 -p "$P_PXY mtu=1110" \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010285 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010286 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10287 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010288 hs_timeout=2500-60000 \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010289 max_frag_len=2048" \
10290 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010291 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10292 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010293 hs_timeout=2500-60000 \
10294 max_frag_len=1024" \
Hanno Beckerc92b5c82018-08-24 11:48:01 +010010295 0 \
10296 -s "found fragmented DTLS handshake message" \
10297 -c "found fragmented DTLS handshake message" \
10298 -C "error"
10299
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010300requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010301requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010302requires_max_content_len 4096
Jerry Yuab082902021-12-23 18:02:22 +080010303requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010304run_test "DTLS fragmenting: none (for reference) (MTU)" \
10305 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010306 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10307 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010308 hs_timeout=2500-60000 \
Hanno Becker12405e72018-08-13 16:45:46 +010010309 mtu=4096" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010310 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010311 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10312 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010313 hs_timeout=2500-60000 \
Hanno Becker12405e72018-08-13 16:45:46 +010010314 mtu=4096" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010315 0 \
10316 -S "found fragmented DTLS handshake message" \
10317 -C "found fragmented DTLS handshake message" \
10318 -C "error"
10319
10320requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010321requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010322requires_max_content_len 4096
Jerry Yuab082902021-12-23 18:02:22 +080010323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010324run_test "DTLS fragmenting: client (MTU)" \
10325 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010326 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10327 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek948fe802018-10-05 15:42:44 -040010328 hs_timeout=3500-60000 \
Hanno Becker12405e72018-08-13 16:45:46 +010010329 mtu=4096" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010330 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010331 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10332 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek948fe802018-10-05 15:42:44 -040010333 hs_timeout=3500-60000 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010334 mtu=1024" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010335 0 \
10336 -s "found fragmented DTLS handshake message" \
10337 -C "found fragmented DTLS handshake message" \
10338 -C "error"
10339
10340requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010341requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010342requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010343requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010344run_test "DTLS fragmenting: server (MTU)" \
10345 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010346 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10347 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010348 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010349 mtu=512" \
10350 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010351 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10352 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010353 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010354 mtu=2048" \
10355 0 \
10356 -S "found fragmented DTLS handshake message" \
10357 -c "found fragmented DTLS handshake message" \
10358 -C "error"
10359
10360requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010361requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010362requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010363requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andrzej Kurek7311c782018-10-11 06:49:41 -040010364run_test "DTLS fragmenting: both (MTU=1024)" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010365 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010366 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010367 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10368 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010369 hs_timeout=2500-60000 \
Andrzej Kurek95805282018-10-11 08:55:37 -040010370 mtu=1024" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010371 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010372 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10373 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010374 hs_timeout=2500-60000 \
10375 mtu=1024" \
Manuel Pégourié-Gonnardb747c6c2018-08-12 13:28:53 +020010376 0 \
10377 -s "found fragmented DTLS handshake message" \
10378 -c "found fragmented DTLS handshake message" \
10379 -C "error"
10380
Andrzej Kurek77826052018-10-11 07:34:08 -040010381# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
Andrzej Kurek7311c782018-10-11 06:49:41 -040010382requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010383requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010384requires_hash_alg SHA_256
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010385requires_max_content_len 2048
Andrzej Kurek7311c782018-10-11 06:49:41 -040010386run_test "DTLS fragmenting: both (MTU=512)" \
Hanno Becker8d832182018-03-15 10:14:19 +000010387 -p "$P_PXY mtu=512" \
Hanno Becker72a4f032017-11-15 16:39:20 +000010388 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010389 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10390 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010391 hs_timeout=2500-60000 \
Hanno Becker72a4f032017-11-15 16:39:20 +000010392 mtu=512" \
10393 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010394 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10395 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010396 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
10397 hs_timeout=2500-60000 \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020010398 mtu=512" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +020010399 0 \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +020010400 -s "found fragmented DTLS handshake message" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020010401 -c "found fragmented DTLS handshake message" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020010402 -C "error"
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +020010403
Andrzej Kurek7311c782018-10-11 06:49:41 -040010404# Test for automatic MTU reduction on repeated resend.
Andrzej Kurek77826052018-10-11 07:34:08 -040010405# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
Andrzej Kurek7311c782018-10-11 06:49:41 -040010406# The ratio of max/min timeout should ideally equal 4 to accept two
10407# retransmissions, but in some cases (like both the server and client using
10408# fragmentation and auto-reduction) an extra retransmission might occur,
10409# hence the ratio of 8.
Hanno Becker37029eb2018-08-29 17:01:40 +010010410not_with_valgrind
Manuel Pégourié-Gonnardb8eec192018-08-20 09:34:02 +020010411requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010412requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010413requires_max_content_len 2048
Gilles Peskine0d8b86a2019-09-20 18:03:11 +020010414run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \
Manuel Pégourié-Gonnardb8eec192018-08-20 09:34:02 +020010415 -p "$P_PXY mtu=508" \
10416 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010417 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10418 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010419 hs_timeout=400-3200" \
Manuel Pégourié-Gonnardb8eec192018-08-20 09:34:02 +020010420 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010421 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10422 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010423 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
10424 hs_timeout=400-3200" \
Manuel Pégourié-Gonnardb8eec192018-08-20 09:34:02 +020010425 0 \
10426 -s "found fragmented DTLS handshake message" \
10427 -c "found fragmented DTLS handshake message" \
10428 -C "error"
10429
Andrzej Kurek77826052018-10-11 07:34:08 -040010430# Forcing ciphersuite for this test to fit the MTU of 508 with full config.
Hanno Becker108992e2018-08-29 17:04:18 +010010431only_with_valgrind
10432requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010433requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010434requires_max_content_len 2048
Gilles Peskine0d8b86a2019-09-20 18:03:11 +020010435run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \
Hanno Becker108992e2018-08-29 17:04:18 +010010436 -p "$P_PXY mtu=508" \
10437 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010438 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10439 key_file=$DATA_FILES_PATH/server7.key \
Hanno Becker108992e2018-08-29 17:04:18 +010010440 hs_timeout=250-10000" \
10441 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010442 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10443 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010444 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
Hanno Becker108992e2018-08-29 17:04:18 +010010445 hs_timeout=250-10000" \
10446 0 \
10447 -s "found fragmented DTLS handshake message" \
10448 -c "found fragmented DTLS handshake message" \
10449 -C "error"
10450
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010451# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
Manuel Pégourié-Gonnard3d183ce2018-08-22 09:56:22 +020010452# OTOH the client might resend if the server is to slow to reset after sending
10453# a HelloVerifyRequest, so only check for no retransmission server-side
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010454not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010455requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010456requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010457requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010458requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andrzej Kurek7311c782018-10-11 06:49:41 -040010459run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010460 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010461 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010462 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10463 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010464 hs_timeout=10000-60000 \
10465 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010466 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010467 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10468 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010469 hs_timeout=10000-60000 \
10470 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010471 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010472 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010473 -s "found fragmented DTLS handshake message" \
10474 -c "found fragmented DTLS handshake message" \
10475 -C "error"
10476
Andrzej Kurek77826052018-10-11 07:34:08 -040010477# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
Andrzej Kurek7311c782018-10-11 06:49:41 -040010478# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend
10479# OTOH the client might resend if the server is to slow to reset after sending
10480# a HelloVerifyRequest, so only check for no retransmission server-side
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010481not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010482requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010483requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010484requires_max_content_len 2048
Andrzej Kurek7311c782018-10-11 06:49:41 -040010485run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010486 -p "$P_PXY mtu=512" \
10487 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010488 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10489 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010490 hs_timeout=10000-60000 \
10491 mtu=512" \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010492 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010493 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10494 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010495 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
10496 hs_timeout=10000-60000 \
10497 mtu=512" \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010498 0 \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010499 -S "autoreduction" \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010500 -s "found fragmented DTLS handshake message" \
10501 -c "found fragmented DTLS handshake message" \
10502 -C "error"
10503
Andrzej Kurek7311c782018-10-11 06:49:41 -040010504not_with_valgrind # spurious autoreduction due to timeout
10505requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010506requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010507requires_max_content_len 2048
Jerry Yuab082902021-12-23 18:02:22 +080010508requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Andrzej Kurek7311c782018-10-11 06:49:41 -040010509run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010510 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010511 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010512 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10513 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010514 hs_timeout=10000-60000 \
10515 mtu=1024 nbio=2" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010516 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010517 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10518 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010519 hs_timeout=10000-60000 \
10520 mtu=1024 nbio=2" \
10521 0 \
10522 -S "autoreduction" \
10523 -s "found fragmented DTLS handshake message" \
10524 -c "found fragmented DTLS handshake message" \
10525 -C "error"
10526
Andrzej Kurek77826052018-10-11 07:34:08 -040010527# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
Andrzej Kurek7311c782018-10-11 06:49:41 -040010528not_with_valgrind # spurious autoreduction due to timeout
10529requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010530requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010531requires_max_content_len 2048
Andrzej Kurek7311c782018-10-11 06:49:41 -040010532run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \
10533 -p "$P_PXY mtu=512" \
10534 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010535 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10536 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010537 hs_timeout=10000-60000 \
10538 mtu=512 nbio=2" \
10539 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010540 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10541 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010542 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
10543 hs_timeout=10000-60000 \
10544 mtu=512 nbio=2" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010545 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010546 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010547 -s "found fragmented DTLS handshake message" \
10548 -c "found fragmented DTLS handshake message" \
10549 -C "error"
10550
Andrzej Kurek77826052018-10-11 07:34:08 -040010551# Forcing ciphersuite for this test to fit the MTU of 1450 with full config.
Hanno Beckerb841b4f2018-08-28 10:25:51 +010010552# This ensures things still work after session_reset().
10553# It also exercises the "resumed handshake" flow.
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010554# Since we don't support reading fragmented ClientHello yet,
10555# up the MTU to 1450 (larger than ClientHello with session ticket,
10556# but still smaller than client's Certificate to ensure fragmentation).
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010557# An autoreduction on the client-side might happen if the server is
10558# slow to reset, therefore omitting '-C "autoreduction"' below.
Manuel Pégourié-Gonnard2f2d9022018-08-21 12:17:54 +020010559# reco_delay avoids races where the client reconnects before the server has
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010560# resumed listening, which would result in a spurious autoreduction.
10561not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010562requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010563requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010564requires_max_content_len 2048
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010565run_test "DTLS fragmenting: proxy MTU, resumed handshake" \
10566 -p "$P_PXY mtu=1450" \
10567 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010568 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10569 key_file=$DATA_FILES_PATH/server7.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010570 hs_timeout=10000-60000 \
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010571 mtu=1450" \
10572 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010573 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10574 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010575 hs_timeout=10000-60000 \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010576 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
Jerry Yua15af372022-12-05 15:55:24 +080010577 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010578 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010579 -S "autoreduction" \
Manuel Pégourié-Gonnard19c62f92018-08-16 10:50:39 +020010580 -s "found fragmented DTLS handshake message" \
10581 -c "found fragmented DTLS handshake message" \
10582 -C "error"
10583
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010584# An autoreduction on the client-side might happen if the server is
10585# slow to reset, therefore omitting '-C "autoreduction"' below.
10586not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010587requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010588requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010589requires_hash_alg SHA_256
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010590requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010591requires_max_content_len 2048
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010592run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \
10593 -p "$P_PXY mtu=512" \
10594 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010595 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10596 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010597 exchanges=2 renegotiation=1 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010598 hs_timeout=10000-60000 \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010599 mtu=512" \
10600 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010601 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10602 key_file=$DATA_FILES_PATH/server8.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010603 exchanges=2 renegotiation=1 renegotiate=1 \
Ronald Cron60f76662023-11-28 17:52:42 +010010604 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010605 hs_timeout=10000-60000 \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010606 mtu=512" \
10607 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010608 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010609 -s "found fragmented DTLS handshake message" \
10610 -c "found fragmented DTLS handshake message" \
10611 -C "error"
10612
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010613# An autoreduction on the client-side might happen if the server is
10614# slow to reset, therefore omitting '-C "autoreduction"' below.
10615not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010616requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010617requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010618requires_hash_alg SHA_256
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010619requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010620requires_max_content_len 2048
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010621run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \
10622 -p "$P_PXY mtu=512" \
10623 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010624 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10625 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010626 exchanges=2 renegotiation=1 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010627 hs_timeout=10000-60000 \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010628 mtu=512" \
10629 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010630 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10631 key_file=$DATA_FILES_PATH/server8.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010632 exchanges=2 renegotiation=1 renegotiate=1 \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010633 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010634 hs_timeout=10000-60000 \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010635 mtu=512" \
10636 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010637 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010638 -s "found fragmented DTLS handshake message" \
10639 -c "found fragmented DTLS handshake message" \
10640 -C "error"
10641
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010642# An autoreduction on the client-side might happen if the server is
10643# slow to reset, therefore omitting '-C "autoreduction"' below.
10644not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010645requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010646requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010647requires_hash_alg SHA_256
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010648requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010649requires_max_content_len 2048
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010650run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010651 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010652 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010653 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10654 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010655 exchanges=2 renegotiation=1 \
10656 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010657 hs_timeout=10000-60000 \
10658 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010659 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010660 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10661 key_file=$DATA_FILES_PATH/server8.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010662 exchanges=2 renegotiation=1 renegotiate=1 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010663 hs_timeout=10000-60000 \
10664 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010665 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010666 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010667 -s "found fragmented DTLS handshake message" \
10668 -c "found fragmented DTLS handshake message" \
10669 -C "error"
10670
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010671# An autoreduction on the client-side might happen if the server is
10672# slow to reset, therefore omitting '-C "autoreduction"' below.
10673not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010674requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010675requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010676requires_hash_alg SHA_256
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010677requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010678requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010679requires_max_content_len 2048
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010680run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010681 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010682 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010683 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10684 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010685 exchanges=2 renegotiation=1 \
10686 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010687 hs_timeout=10000-60000 \
10688 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010689 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010690 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10691 key_file=$DATA_FILES_PATH/server8.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010692 exchanges=2 renegotiation=1 renegotiate=1 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010693 hs_timeout=10000-60000 \
10694 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010695 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010696 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010697 -s "found fragmented DTLS handshake message" \
10698 -c "found fragmented DTLS handshake message" \
10699 -C "error"
10700
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010701# An autoreduction on the client-side might happen if the server is
10702# slow to reset, therefore omitting '-C "autoreduction"' below.
10703not_with_valgrind # spurious autoreduction due to timeout
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010704requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010705requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Andrzej Kurek934e9cd2022-09-05 14:44:46 -040010706requires_hash_alg SHA_256
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010707requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010708requires_max_content_len 2048
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010709run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010710 -p "$P_PXY mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010711 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010712 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10713 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010714 exchanges=2 renegotiation=1 \
10715 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010716 hs_timeout=10000-60000 \
10717 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010718 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010719 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10720 key_file=$DATA_FILES_PATH/server8.key \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010721 exchanges=2 renegotiation=1 renegotiate=1 \
Andrzej Kurek52f84912018-10-05 07:53:40 -040010722 hs_timeout=10000-60000 \
10723 mtu=1024" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010724 0 \
Andrzej Kurek35f2f302018-10-09 08:52:14 -040010725 -S "autoreduction" \
Manuel Pégourié-Gonnard72c27072018-08-13 12:37:51 +020010726 -s "found fragmented DTLS handshake message" \
10727 -c "found fragmented DTLS handshake message" \
10728 -C "error"
10729
Andrzej Kurek77826052018-10-11 07:34:08 -040010730# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
Manuel Pégourié-Gonnard2d56f0d2018-08-16 11:09:03 +020010731requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010732requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard2d56f0d2018-08-16 11:09:03 +020010733client_needs_more_time 2
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010734requires_max_content_len 2048
Manuel Pégourié-Gonnard2d56f0d2018-08-16 11:09:03 +020010735run_test "DTLS fragmenting: proxy MTU + 3d" \
10736 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010010737 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010738 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10739 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnard02f3a8a2018-08-20 10:49:28 +020010740 hs_timeout=250-10000 mtu=512" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010010741 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010742 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10743 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010744 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
Manuel Pégourié-Gonnard02f3a8a2018-08-20 10:49:28 +020010745 hs_timeout=250-10000 mtu=512" \
Manuel Pégourié-Gonnard2d56f0d2018-08-16 11:09:03 +020010746 0 \
10747 -s "found fragmented DTLS handshake message" \
10748 -c "found fragmented DTLS handshake message" \
10749 -C "error"
10750
Andrzej Kurek77826052018-10-11 07:34:08 -040010751# Forcing ciphersuite for this test to fit the MTU of 512 with full config.
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010752requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010753requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010754client_needs_more_time 2
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010755requires_max_content_len 2048
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010756run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \
10757 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \
10758 "$P_SRV dtls=1 debug_level=2 auth_mode=required \
David Horstmann184c4f02024-07-01 17:01:28 +010010759 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10760 key_file=$DATA_FILES_PATH/server7.key \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010761 hs_timeout=250-10000 mtu=512 nbio=2" \
10762 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010763 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10764 key_file=$DATA_FILES_PATH/server8.key \
Andrzej Kurek7311c782018-10-11 06:49:41 -040010765 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \
Manuel Pégourié-Gonnardc1d54b72018-08-22 10:02:59 +020010766 hs_timeout=250-10000 mtu=512 nbio=2" \
10767 0 \
10768 -s "found fragmented DTLS handshake message" \
10769 -c "found fragmented DTLS handshake message" \
10770 -C "error"
10771
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010772# interop tests for DTLS fragmentating with reliable connection
10773#
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010774# here and below we just want to test that the we fragment in a way that
10775# pleases other implementations, so we don't need the peer to fragment
10776requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010777requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard61512982018-08-21 09:40:07 +020010778requires_gnutls
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010779requires_max_content_len 2048
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010780run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \
10781 "$G_SRV -u" \
10782 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010783 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10784 key_file=$DATA_FILES_PATH/server8.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010785 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010786 0 \
10787 -c "fragmenting handshake message" \
10788 -C "error"
10789
Hanno Beckerb9a00862018-08-28 10:20:22 +010010790# We use --insecure for the GnuTLS client because it expects
10791# the hostname / IP it connects to to be the name used in the
10792# certificate obtained from the server. Here, however, it
10793# connects to 127.0.0.1 while our test certificates use 'localhost'
10794# as the server name in the certificate. This will make the
Shaun Case8b0ecbc2021-12-20 21:14:10 -080010795# certificate validation fail, but passing --insecure makes
Hanno Beckerb9a00862018-08-28 10:20:22 +010010796# GnuTLS continue the connection nonetheless.
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010797requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010798requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard61512982018-08-21 09:40:07 +020010799requires_gnutls
Andrzej Kurekb4593462018-10-11 08:43:30 -040010800requires_not_i686
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010801requires_max_content_len 2048
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010802run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \
Valerio Setti3b2c0282023-03-08 10:22:29 +010010803 "$P_SRV dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010804 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10805 key_file=$DATA_FILES_PATH/server7.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010806 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnard34aa1872018-08-23 19:07:15 +020010807 "$G_CLI -u --insecure 127.0.0.1" \
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010808 0 \
10809 -s "fragmenting handshake message"
10810
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010811requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010812requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010813requires_max_content_len 2048
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010814run_test "DTLS fragmenting: openssl server, DTLS 1.2" \
10815 "$O_SRV -dtls1_2 -verify 10" \
10816 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010817 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10818 key_file=$DATA_FILES_PATH/server8.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010819 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010820 0 \
10821 -c "fragmenting handshake message" \
10822 -C "error"
10823
10824requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010825requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010826requires_max_content_len 2048
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010827run_test "DTLS fragmenting: openssl client, DTLS 1.2" \
10828 "$P_SRV dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010829 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10830 key_file=$DATA_FILES_PATH/server7.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010831 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnard1218bc02018-08-17 10:51:26 +020010832 "$O_CLI -dtls1_2" \
10833 0 \
10834 -s "fragmenting handshake message"
10835
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010836# interop tests for DTLS fragmentating with unreliable connection
10837#
10838# again we just want to test that the we fragment in a way that
10839# pleases other implementations, so we don't need the peer to fragment
10840requires_gnutls_next
10841requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010842requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnard02f3a8a2018-08-20 10:49:28 +020010843client_needs_more_time 4
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010844requires_max_content_len 2048
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010845run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \
10846 -p "$P_PXY drop=8 delay=8 duplicate=8" \
10847 "$G_NEXT_SRV -u" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010010848 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010849 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10850 key_file=$DATA_FILES_PATH/server8.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010851 hs_timeout=250-60000 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010852 0 \
10853 -c "fragmenting handshake message" \
10854 -C "error"
10855
10856requires_gnutls_next
10857requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010858requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010859client_needs_more_time 4
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010860requires_max_content_len 2048
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010861run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \
10862 -p "$P_PXY drop=8 delay=8 duplicate=8" \
10863 "$P_SRV dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010864 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10865 key_file=$DATA_FILES_PATH/server7.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010866 hs_timeout=250-60000 mtu=512 force_version=dtls12" \
k-stachowiak17a38d32019-02-18 15:29:56 +010010867 "$G_NEXT_CLI -u --insecure 127.0.0.1" \
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010868 0 \
10869 -s "fragmenting handshake message"
10870
Zhangsen Wang91385122022-07-12 01:48:17 +000010871## The test below requires 1.1.1a or higher version of openssl, otherwise
10872## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902)
Zhangsen Wang87a9c862022-06-28 06:10:35 +000010873requires_openssl_next
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010874requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010875requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010876client_needs_more_time 4
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010877requires_max_content_len 2048
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010878run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \
10879 -p "$P_PXY drop=8 delay=8 duplicate=8" \
Zhangsen Wang87a9c862022-06-28 06:10:35 +000010880 "$O_NEXT_SRV -dtls1_2 -verify 10" \
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010881 "$P_CLI dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010882 crt_file=$DATA_FILES_PATH/server8_int-ca2.crt \
10883 key_file=$DATA_FILES_PATH/server8.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010884 hs_timeout=250-60000 mtu=512 force_version=dtls12" \
Hanno Becker3b8b40c2018-08-28 10:25:41 +010010885 0 \
10886 -c "fragmenting handshake message" \
10887 -C "error"
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010888
Zhangsen Wangd5e8a482022-07-29 07:53:36 +000010889## the test below will time out with certain seed.
Zhangsen Wangbaeffbb2022-07-29 06:34:47 +000010890## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887)
10891skip_next_test
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010892requires_config_enabled MBEDTLS_SSL_PROTO_DTLS
Ronald Cron68ba7f72025-06-30 07:45:17 +020010893requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Manuel Pégourié-Gonnardc1eda672018-09-03 10:41:49 +020010894client_needs_more_time 4
Yuto Takanobc87b1d2021-07-08 15:56:33 +010010895requires_max_content_len 2048
Manuel Pégourié-Gonnardc1eda672018-09-03 10:41:49 +020010896run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \
10897 -p "$P_PXY drop=8 delay=8 duplicate=8" \
10898 "$P_SRV dtls=1 debug_level=2 \
David Horstmann184c4f02024-07-01 17:01:28 +010010899 crt_file=$DATA_FILES_PATH/server7_int-ca.crt \
10900 key_file=$DATA_FILES_PATH/server7.key \
Xiaofei Bai8b5c3822021-12-02 08:43:35 +000010901 hs_timeout=250-60000 mtu=512 force_version=dtls12" \
Manuel Pégourié-Gonnardc1eda672018-09-03 10:41:49 +020010902 "$O_CLI -dtls1_2" \
10903 0 \
10904 -s "fragmenting handshake message"
Manuel Pégourié-Gonnard38110df2018-08-17 12:44:54 +020010905
Ron Eldorb4655392018-07-05 18:25:39 +030010906# Tests for DTLS-SRTP (RFC 5764)
10907requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080010908requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030010909run_test "DTLS-SRTP all profiles supported" \
10910 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
10911 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
10912 0 \
10913 -s "found use_srtp extension" \
10914 -s "found srtp profile" \
10915 -s "selected srtp profile" \
10916 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010917 -s "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030010918 -c "client hello, adding use_srtp extension" \
10919 -c "found use_srtp extension" \
10920 -c "found srtp profile" \
10921 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010922 -c "DTLS-SRTP key material is"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020010923 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030010924 -C "error"
10925
Johan Pascal9bc50b02020-09-24 12:01:13 +020010926
Ron Eldorb4655392018-07-05 18:25:39 +030010927requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080010928requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030010929run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \
10930 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
Johan Pascal43f94902020-09-22 12:25:52 +020010931 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \
Ron Eldorb4655392018-07-05 18:25:39 +030010932 0 \
10933 -s "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010934 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
10935 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
Ron Eldorb4655392018-07-05 18:25:39 +030010936 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010937 -s "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030010938 -c "client hello, adding use_srtp extension" \
10939 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010940 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
Ron Eldorb4655392018-07-05 18:25:39 +030010941 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010942 -c "DTLS-SRTP key material is"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020010943 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030010944 -C "error"
10945
10946requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080010947requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030010948run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \
Johan Pascal43f94902020-09-22 12:25:52 +020010949 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
Ron Eldorb4655392018-07-05 18:25:39 +030010950 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
10951 0 \
10952 -s "found use_srtp extension" \
10953 -s "found srtp profile" \
Johan Pascal43f94902020-09-22 12:25:52 +020010954 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
Ron Eldorb4655392018-07-05 18:25:39 +030010955 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010956 -s "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030010957 -c "client hello, adding use_srtp extension" \
10958 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010959 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
Ron Eldorb4655392018-07-05 18:25:39 +030010960 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010961 -c "DTLS-SRTP key material is"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020010962 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030010963 -C "error"
10964
10965requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080010966requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030010967run_test "DTLS-SRTP server and Client support only one matching profile." \
10968 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
10969 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
10970 0 \
10971 -s "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010972 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
10973 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
Ron Eldorb4655392018-07-05 18:25:39 +030010974 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010975 -s "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030010976 -c "client hello, adding use_srtp extension" \
10977 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010978 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
Ron Eldorb4655392018-07-05 18:25:39 +030010979 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010980 -c "DTLS-SRTP key material is"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020010981 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030010982 -C "error"
10983
10984requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080010985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030010986run_test "DTLS-SRTP server and Client support only one different profile." \
10987 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
Johan Pascal43f94902020-09-22 12:25:52 +020010988 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
Ron Eldorb4655392018-07-05 18:25:39 +030010989 0 \
10990 -s "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020010991 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
Ron Eldorb4655392018-07-05 18:25:39 +030010992 -S "selected srtp profile" \
10993 -S "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010994 -S "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030010995 -c "client hello, adding use_srtp extension" \
10996 -C "found use_srtp extension" \
10997 -C "found srtp profile" \
10998 -C "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020010999 -C "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030011000 -C "error"
11001
11002requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011003requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030011004run_test "DTLS-SRTP server doesn't support use_srtp extension." \
11005 "$P_SRV dtls=1 debug_level=3" \
11006 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11007 0 \
11008 -s "found use_srtp extension" \
11009 -S "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011010 -S "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030011011 -c "client hello, adding use_srtp extension" \
11012 -C "found use_srtp extension" \
11013 -C "found srtp profile" \
11014 -C "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011015 -C "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030011016 -C "error"
11017
11018requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011019requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030011020run_test "DTLS-SRTP all profiles supported. mki used" \
11021 "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \
11022 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
11023 0 \
11024 -s "found use_srtp extension" \
11025 -s "found srtp profile" \
11026 -s "selected srtp profile" \
11027 -s "server hello, adding use_srtp extension" \
11028 -s "dumping 'using mki' (8 bytes)" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011029 -s "DTLS-SRTP key material is"\
Ron Eldorb4655392018-07-05 18:25:39 +030011030 -c "client hello, adding use_srtp extension" \
11031 -c "found use_srtp extension" \
11032 -c "found srtp profile" \
11033 -c "selected srtp profile" \
11034 -c "dumping 'sending mki' (8 bytes)" \
11035 -c "dumping 'received mki' (8 bytes)" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011036 -c "DTLS-SRTP key material is"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020011037 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Johan Pascal20c7db32020-10-26 22:45:58 +010011038 -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030011039 -C "error"
11040
11041requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011042requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorb4655392018-07-05 18:25:39 +030011043run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \
11044 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11045 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
11046 0 \
11047 -s "found use_srtp extension" \
11048 -s "found srtp profile" \
11049 -s "selected srtp profile" \
11050 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011051 -s "DTLS-SRTP key material is"\
Johan Pascal5ef72d22020-10-28 17:05:47 +010011052 -s "DTLS-SRTP no mki value negotiated"\
Ron Eldorb4655392018-07-05 18:25:39 +030011053 -S "dumping 'using mki' (8 bytes)" \
11054 -c "client hello, adding use_srtp extension" \
11055 -c "found use_srtp extension" \
11056 -c "found srtp profile" \
11057 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011058 -c "DTLS-SRTP key material is"\
Johan Pascal5ef72d22020-10-28 17:05:47 +010011059 -c "DTLS-SRTP no mki value negotiated"\
Johan Pascal9bc50b02020-09-24 12:01:13 +020011060 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
Ron Eldorb4655392018-07-05 18:25:39 +030011061 -c "dumping 'sending mki' (8 bytes)" \
11062 -C "dumping 'received mki' (8 bytes)" \
11063 -C "error"
11064
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011065requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011067run_test "DTLS-SRTP all profiles supported. openssl client." \
11068 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11069 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11070 0 \
11071 -s "found use_srtp extension" \
11072 -s "found srtp profile" \
11073 -s "selected srtp profile" \
11074 -s "server hello, adding use_srtp extension" \
11075 -s "DTLS-SRTP key material is"\
11076 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
11077 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80"
11078
11079requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011081run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \
11082 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11083 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11084 0 \
11085 -s "found use_srtp extension" \
11086 -s "found srtp profile" \
11087 -s "selected srtp profile" \
11088 -s "server hello, adding use_srtp extension" \
11089 -s "DTLS-SRTP key material is"\
11090 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
11091 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
11092
11093requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011095run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \
11096 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11097 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11098 0 \
11099 -s "found use_srtp extension" \
11100 -s "found srtp profile" \
11101 -s "selected srtp profile" \
11102 -s "server hello, adding use_srtp extension" \
11103 -s "DTLS-SRTP key material is"\
11104 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
11105 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
11106
11107requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011108requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011109run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \
11110 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11111 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11112 0 \
11113 -s "found use_srtp extension" \
11114 -s "found srtp profile" \
11115 -s "selected srtp profile" \
11116 -s "server hello, adding use_srtp extension" \
11117 -s "DTLS-SRTP key material is"\
11118 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
11119 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
11120
11121requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011123run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \
11124 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11125 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11126 0 \
11127 -s "found use_srtp extension" \
11128 -s "found srtp profile" \
11129 -s "selected srtp profile" \
11130 -s "server hello, adding use_srtp extension" \
11131 -s "DTLS-SRTP key material is"\
11132 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\
11133 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32"
11134
11135requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011136requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011137run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \
11138 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
11139 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11140 0 \
11141 -s "found use_srtp extension" \
11142 -s "found srtp profile" \
11143 -S "selected srtp profile" \
11144 -S "server hello, adding use_srtp extension" \
11145 -S "DTLS-SRTP key material is"\
11146 -C "SRTP Extension negotiated, profile"
11147
11148requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011149requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011150run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \
11151 "$P_SRV dtls=1 debug_level=3" \
11152 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11153 0 \
11154 -s "found use_srtp extension" \
11155 -S "server hello, adding use_srtp extension" \
11156 -S "DTLS-SRTP key material is"\
11157 -C "SRTP Extension negotiated, profile"
11158
11159requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011160requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011161run_test "DTLS-SRTP all profiles supported. openssl server" \
11162 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11163 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11164 0 \
11165 -c "client hello, adding use_srtp extension" \
11166 -c "found use_srtp extension" \
11167 -c "found srtp profile" \
11168 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \
11169 -c "DTLS-SRTP key material is"\
11170 -C "error"
11171
11172requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011174run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \
11175 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11176 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11177 0 \
11178 -c "client hello, adding use_srtp extension" \
11179 -c "found use_srtp extension" \
11180 -c "found srtp profile" \
11181 -c "selected srtp profile" \
11182 -c "DTLS-SRTP key material is"\
11183 -C "error"
11184
11185requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011186requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011187run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \
11188 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11189 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11190 0 \
11191 -c "client hello, adding use_srtp extension" \
11192 -c "found use_srtp extension" \
11193 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
11194 -c "selected srtp profile" \
11195 -c "DTLS-SRTP key material is"\
11196 -C "error"
11197
11198requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011200run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \
11201 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11202 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11203 0 \
11204 -c "client hello, adding use_srtp extension" \
11205 -c "found use_srtp extension" \
11206 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
11207 -c "selected srtp profile" \
11208 -c "DTLS-SRTP key material is"\
11209 -C "error"
11210
11211requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011212requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011213run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \
11214 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11215 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11216 0 \
11217 -c "client hello, adding use_srtp extension" \
11218 -c "found use_srtp extension" \
11219 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
11220 -c "selected srtp profile" \
11221 -c "DTLS-SRTP key material is"\
11222 -C "error"
11223
11224requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011225requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011226run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \
11227 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11228 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
11229 0 \
11230 -c "client hello, adding use_srtp extension" \
11231 -C "found use_srtp extension" \
11232 -C "found srtp profile" \
11233 -C "selected srtp profile" \
11234 -C "DTLS-SRTP key material is"\
11235 -C "error"
11236
11237requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011238requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011239run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \
11240 "$O_SRV -dtls" \
11241 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11242 0 \
11243 -c "client hello, adding use_srtp extension" \
11244 -C "found use_srtp extension" \
11245 -C "found srtp profile" \
11246 -C "selected srtp profile" \
11247 -C "DTLS-SRTP key material is"\
11248 -C "error"
11249
11250requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Jerry Yuab082902021-12-23 18:02:22 +080011251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
TRodziewicz4ca18aa2021-05-20 14:46:20 +020011252run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \
11253 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \
11254 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
11255 0 \
11256 -c "client hello, adding use_srtp extension" \
11257 -c "found use_srtp extension" \
11258 -c "found srtp profile" \
11259 -c "selected srtp profile" \
11260 -c "DTLS-SRTP key material is"\
11261 -c "DTLS-SRTP no mki value negotiated"\
11262 -c "dumping 'sending mki' (8 bytes)" \
11263 -C "dumping 'received mki' (8 bytes)" \
11264 -C "error"
11265
11266requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011267requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011268requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011269run_test "DTLS-SRTP all profiles supported. gnutls client." \
Ron Eldor5d991c92019-01-15 18:54:03 +020011270 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11271 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011272 0 \
11273 -s "found use_srtp extension" \
11274 -s "found srtp profile" \
11275 -s "selected srtp profile" \
11276 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011277 -s "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011278 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80"
11279
11280requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011281requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011282requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011283run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \
Ron Eldor5d991c92019-01-15 18:54:03 +020011284 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11285 "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011286 0 \
11287 -s "found use_srtp extension" \
11288 -s "found srtp profile" \
11289 -s "selected srtp profile" \
11290 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011291 -s "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011292 -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80"
11293
11294requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011295requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011296requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011297run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \
Ron Eldor5d991c92019-01-15 18:54:03 +020011298 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \
11299 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011300 0 \
11301 -s "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020011302 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
11303 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011304 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011305 -s "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011306 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
11307
11308requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011309requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011310requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011311run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \
Johan Pascal43f94902020-09-22 12:25:52 +020011312 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
Ron Eldor5d991c92019-01-15 18:54:03 +020011313 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011314 0 \
11315 -s "found use_srtp extension" \
11316 -s "found srtp profile" \
Johan Pascal43f94902020-09-22 12:25:52 +020011317 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011318 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011319 -s "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011320 -c "SRTP profile: SRTP_NULL_SHA1_32"
11321
11322requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011323requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011324requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011325run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \
Ron Eldor5d991c92019-01-15 18:54:03 +020011326 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11327 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011328 0 \
11329 -s "found use_srtp extension" \
11330 -s "found srtp profile" \
11331 -s "selected srtp profile" \
11332 -s "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011333 -s "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011334 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32"
11335
11336requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011337requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011338requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011339run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \
Ron Eldor5d991c92019-01-15 18:54:03 +020011340 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \
11341 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011342 0 \
11343 -s "found use_srtp extension" \
11344 -s "found srtp profile" \
11345 -S "selected srtp profile" \
11346 -S "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011347 -S "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011348 -C "SRTP profile:"
11349
11350requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011351requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011352requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011353run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \
Ron Eldor5d991c92019-01-15 18:54:03 +020011354 "$P_SRV dtls=1 debug_level=3" \
11355 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011356 0 \
11357 -s "found use_srtp extension" \
11358 -S "server hello, adding use_srtp extension" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011359 -S "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011360 -C "SRTP profile:"
11361
11362requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011363requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011364requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011365run_test "DTLS-SRTP all profiles supported. gnutls server" \
11366 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
11367 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11368 0 \
11369 -c "client hello, adding use_srtp extension" \
11370 -c "found use_srtp extension" \
11371 -c "found srtp profile" \
Johan Pascal43f94902020-09-22 12:25:52 +020011372 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011373 -c "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011374 -C "error"
11375
11376requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011377requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011379run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \
11380 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
11381 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11382 0 \
11383 -c "client hello, adding use_srtp extension" \
11384 -c "found use_srtp extension" \
11385 -c "found srtp profile" \
Johan Pascal43f94902020-09-22 12:25:52 +020011386 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011387 -c "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011388 -C "error"
11389
11390requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011391requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011392requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011393run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \
11394 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
11395 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11396 0 \
11397 -c "client hello, adding use_srtp extension" \
11398 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020011399 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011400 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011401 -c "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011402 -C "error"
11403
11404requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011405requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011406requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011407run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \
11408 "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011409 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011410 0 \
11411 -c "client hello, adding use_srtp extension" \
11412 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020011413 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011414 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011415 -c "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011416 -C "error"
11417
11418requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011419requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011420requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011421run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \
11422 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
11423 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \
11424 0 \
11425 -c "client hello, adding use_srtp extension" \
11426 -c "found use_srtp extension" \
Johan Pascal43f94902020-09-22 12:25:52 +020011427 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011428 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011429 -c "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011430 -C "error"
11431
11432requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011433requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011434requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011435run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \
11436 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \
Johan Pascal43f94902020-09-22 12:25:52 +020011437 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011438 0 \
11439 -c "client hello, adding use_srtp extension" \
11440 -C "found use_srtp extension" \
11441 -C "found srtp profile" \
11442 -C "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011443 -C "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011444 -C "error"
11445
11446requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011447requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011448requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011449run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \
11450 "$G_SRV -u" \
11451 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \
11452 0 \
11453 -c "client hello, adding use_srtp extension" \
11454 -C "found use_srtp extension" \
11455 -C "found srtp profile" \
11456 -C "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011457 -C "DTLS-SRTP key material is"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011458 -C "error"
11459
11460requires_config_enabled MBEDTLS_SSL_DTLS_SRTP
Ron Eldor5d991c92019-01-15 18:54:03 +020011461requires_gnutls
Jerry Yuab082902021-12-23 18:02:22 +080011462requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011463run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \
11464 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \
11465 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \
11466 0 \
11467 -c "client hello, adding use_srtp extension" \
11468 -c "found use_srtp extension" \
11469 -c "found srtp profile" \
11470 -c "selected srtp profile" \
Johan Pascal9bc97ca2020-09-21 23:44:45 +020011471 -c "DTLS-SRTP key material is"\
Johan Pascal20c7db32020-10-26 22:45:58 +010011472 -c "DTLS-SRTP mki value:"\
Ron Eldor3c6a44b2018-07-10 10:32:10 +030011473 -c "dumping 'sending mki' (8 bytes)" \
11474 -c "dumping 'received mki' (8 bytes)" \
11475 -C "error"
11476
Manuel Pégourié-Gonnard64dffc52014-09-02 13:39:16 +020011477# Tests for specific things with "unreliable" UDP connection
11478
11479not_with_valgrind # spurious resend due to timeout
Jerry Yuab082902021-12-23 18:02:22 +080011480requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard64dffc52014-09-02 13:39:16 +020011481run_test "DTLS proxy: reference" \
11482 -p "$P_PXY" \
Manuel Pégourié-Gonnardb6929892019-09-09 11:14:37 +020011483 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \
11484 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \
Manuel Pégourié-Gonnard64dffc52014-09-02 13:39:16 +020011485 0 \
11486 -C "replayed record" \
11487 -S "replayed record" \
Hanno Beckerb2a86c32019-07-19 15:43:09 +010011488 -C "Buffer record from epoch" \
11489 -S "Buffer record from epoch" \
11490 -C "ssl_buffer_message" \
11491 -S "ssl_buffer_message" \
Manuel Pégourié-Gonnarda7756172014-08-31 18:37:01 +020011492 -C "discarding invalid record" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +020011493 -S "discarding invalid record" \
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +020011494 -S "resend" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +020011495 -s "Extra-header:" \
Manuel Pégourié-Gonnardbe9eb872014-09-05 17:45:19 +020011496 -c "HTTP/1.0 200 OK"
11497
11498not_with_valgrind # spurious resend due to timeout
Jerry Yuab082902021-12-23 18:02:22 +080011499requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +020011500run_test "DTLS proxy: duplicate every packet" \
11501 -p "$P_PXY duplicate=1" \
Manuel Pégourié-Gonnardb6929892019-09-09 11:14:37 +020011502 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
11503 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +020011504 0 \
11505 -c "replayed record" \
11506 -s "replayed record" \
11507 -c "record from another epoch" \
11508 -s "record from another epoch" \
11509 -S "resend" \
11510 -s "Extra-header:" \
11511 -c "HTTP/1.0 200 OK"
11512
Jerry Yuab082902021-12-23 18:02:22 +080011513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard990f9e42014-09-06 12:27:02 +020011514run_test "DTLS proxy: duplicate every packet, server anti-replay off" \
11515 -p "$P_PXY duplicate=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011516 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \
11517 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +020011518 0 \
11519 -c "replayed record" \
11520 -S "replayed record" \
11521 -c "record from another epoch" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011522 -s "record from another epoch" \
11523 -c "resend" \
11524 -s "resend" \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +020011525 -s "Extra-header:" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011526 -c "HTTP/1.0 200 OK"
11527
Jerry Yuab082902021-12-23 18:02:22 +080011528requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +020011529run_test "DTLS proxy: multiple records in same datagram" \
11530 -p "$P_PXY pack=50" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011531 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
11532 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +020011533 0 \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011534 -c "next record in same datagram" \
11535 -s "next record in same datagram"
11536
Jerry Yuab082902021-12-23 18:02:22 +080011537requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011538run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \
11539 -p "$P_PXY pack=50 duplicate=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011540 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \
11541 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +020011542 0 \
11543 -c "next record in same datagram" \
11544 -s "next record in same datagram"
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011545
Jerry Yuab082902021-12-23 18:02:22 +080011546requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard63eca932014-09-08 16:39:08 +020011547run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \
11548 -p "$P_PXY bad_ad=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011549 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \
11550 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011551 0 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +020011552 -c "discarding invalid record (mac)" \
11553 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011554 -s "Extra-header:" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011555 -c "HTTP/1.0 200 OK" \
11556 -S "too many records with bad MAC" \
11557 -S "Verification of the message MAC failed"
11558
Jerry Yuab082902021-12-23 18:02:22 +080011559requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011560run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \
11561 -p "$P_PXY bad_ad=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011562 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \
11563 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011564 1 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +020011565 -C "discarding invalid record (mac)" \
11566 -S "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011567 -S "Extra-header:" \
11568 -C "HTTP/1.0 200 OK" \
11569 -s "too many records with bad MAC" \
11570 -s "Verification of the message MAC failed"
11571
Jerry Yuab082902021-12-23 18:02:22 +080011572requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011573run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \
11574 -p "$P_PXY bad_ad=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011575 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \
11576 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011577 0 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +020011578 -c "discarding invalid record (mac)" \
11579 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011580 -s "Extra-header:" \
11581 -c "HTTP/1.0 200 OK" \
11582 -S "too many records with bad MAC" \
11583 -S "Verification of the message MAC failed"
11584
Jerry Yuab082902021-12-23 18:02:22 +080011585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011586run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\
11587 -p "$P_PXY bad_ad=1" \
Hanno Becker1c9a24c2018-08-14 13:46:33 +010011588 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \
11589 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011590 1 \
Manuel Pégourié-Gonnard74a13782014-10-14 22:34:08 +020011591 -c "discarding invalid record (mac)" \
11592 -s "discarding invalid record (mac)" \
Manuel Pégourié-Gonnarde698f592014-10-14 19:36:36 +020011593 -s "Extra-header:" \
11594 -c "HTTP/1.0 200 OK" \
11595 -s "too many records with bad MAC" \
11596 -s "Verification of the message MAC failed"
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011597
Jerry Yuab082902021-12-23 18:02:22 +080011598requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011599run_test "DTLS proxy: delay ChangeCipherSpec" \
11600 -p "$P_PXY delay_ccs=1" \
Hanno Beckerc4305232018-08-14 13:41:21 +010011601 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \
11602 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011603 0 \
Manuel Pégourié-Gonnard246c13a2014-09-24 13:56:09 +020011604 -c "record from another epoch" \
11605 -s "record from another epoch" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011606 -s "Extra-header:" \
11607 -c "HTTP/1.0 200 OK"
11608
Hanno Beckeraa5d0c42018-08-16 13:15:19 +010011609# Tests for reordering support with DTLS
11610
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011611requires_certificate_authentication
Jerry Yuab082902021-12-23 18:02:22 +080011612requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker56cdfd12018-08-17 13:42:15 +010011613run_test "DTLS reordering: Buffer out-of-order handshake message on client" \
11614 -p "$P_PXY delay_srv=ServerHello" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011615 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11616 hs_timeout=2500-60000" \
11617 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11618 hs_timeout=2500-60000" \
Hanno Beckere3842212018-08-16 15:28:59 +010011619 0 \
11620 -c "Buffering HS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011621 -c "Next handshake message has been buffered - load"\
11622 -S "Buffering HS message" \
11623 -S "Next handshake message has been buffered - load"\
Hanno Becker39b8bc92018-08-28 17:17:13 +010011624 -C "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011625 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011626 -S "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011627 -S "Remember CCS message"
Hanno Beckere3842212018-08-16 15:28:59 +010011628
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011629requires_certificate_authentication
Jerry Yuab082902021-12-23 18:02:22 +080011630requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckerdc1e9502018-08-28 16:02:33 +010011631run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \
11632 -p "$P_PXY delay_srv=ServerHello" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011633 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11634 hs_timeout=2500-60000" \
11635 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11636 hs_timeout=2500-60000" \
Hanno Beckerdc1e9502018-08-28 16:02:33 +010011637 0 \
11638 -c "Buffering HS message" \
11639 -c "found fragmented DTLS handshake message"\
Ari Weiler-Ofek6ee4d922025-06-11 17:40:42 +010011640 -c "Next handshake message 1 not or only partially buffered" \
Hanno Beckerdc1e9502018-08-28 16:02:33 +010011641 -c "Next handshake message has been buffered - load"\
11642 -S "Buffering HS message" \
11643 -S "Next handshake message has been buffered - load"\
Hanno Becker39b8bc92018-08-28 17:17:13 +010011644 -C "Injecting buffered CCS message" \
Hanno Beckerdc1e9502018-08-28 16:02:33 +010011645 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011646 -S "Injecting buffered CCS message" \
Hanno Beckeraa5d0c42018-08-16 13:15:19 +010011647 -S "Remember CCS message"
11648
Hanno Beckera1adcca2018-08-24 14:41:07 +010011649# The client buffers the ServerKeyExchange before receiving the fragmented
11650# Certificate message; at the time of writing, together these are aroudn 1200b
11651# in size, so that the bound below ensures that the certificate can be reassembled
11652# while keeping the ServerKeyExchange.
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011653requires_certificate_authentication
Hanno Beckera1adcca2018-08-24 14:41:07 +010011654requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300
Jerry Yuab082902021-12-23 18:02:22 +080011655requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera1adcca2018-08-24 14:41:07 +010011656run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \
Hanno Beckere3567052018-08-21 16:50:43 +010011657 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011658 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11659 hs_timeout=2500-60000" \
11660 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11661 hs_timeout=2500-60000" \
Hanno Beckere3567052018-08-21 16:50:43 +010011662 0 \
11663 -c "Buffering HS message" \
11664 -c "Next handshake message has been buffered - load"\
Hanno Beckera1adcca2018-08-24 14:41:07 +010011665 -C "attempt to make space by freeing buffered messages" \
11666 -S "Buffering HS message" \
11667 -S "Next handshake message has been buffered - load"\
Hanno Becker39b8bc92018-08-28 17:17:13 +010011668 -C "Injecting buffered CCS message" \
Hanno Beckera1adcca2018-08-24 14:41:07 +010011669 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011670 -S "Injecting buffered CCS message" \
Hanno Beckera1adcca2018-08-24 14:41:07 +010011671 -S "Remember CCS message"
11672
11673# The size constraints ensure that the delayed certificate message can't
11674# be reassembled while keeping the ServerKeyExchange message, but it can
11675# when dropping it first.
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011676requires_certificate_authentication
Hanno Beckera1adcca2018-08-24 14:41:07 +010011677requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900
11678requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299
Jerry Yuab082902021-12-23 18:02:22 +080011679requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera1adcca2018-08-24 14:41:07 +010011680run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \
11681 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011682 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11683 hs_timeout=2500-60000" \
11684 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11685 hs_timeout=2500-60000" \
Hanno Beckera1adcca2018-08-24 14:41:07 +010011686 0 \
11687 -c "Buffering HS message" \
11688 -c "attempt to make space by freeing buffered future messages" \
11689 -c "Enough space available after freeing buffered HS messages" \
Hanno Beckere3567052018-08-21 16:50:43 +010011690 -S "Buffering HS message" \
11691 -S "Next handshake message has been buffered - load"\
Hanno Becker39b8bc92018-08-28 17:17:13 +010011692 -C "Injecting buffered CCS message" \
Hanno Beckere3567052018-08-21 16:50:43 +010011693 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011694 -S "Injecting buffered CCS message" \
Hanno Beckere3567052018-08-21 16:50:43 +010011695 -S "Remember CCS message"
11696
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011697requires_certificate_authentication
Jerry Yuab082902021-12-23 18:02:22 +080011698requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker56cdfd12018-08-17 13:42:15 +010011699run_test "DTLS reordering: Buffer out-of-order handshake message on server" \
11700 -p "$P_PXY delay_cli=Certificate" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011701 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \
11702 hs_timeout=2500-60000" \
11703 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11704 hs_timeout=2500-60000" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011705 0 \
11706 -C "Buffering HS message" \
11707 -C "Next handshake message has been buffered - load"\
11708 -s "Buffering HS message" \
11709 -s "Next handshake message has been buffered - load" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011710 -C "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011711 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011712 -S "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011713 -S "Remember CCS message"
11714
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011715requires_certificate_authentication
Jerry Yuab082902021-12-23 18:02:22 +080011716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +020011717requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Hanno Becker56cdfd12018-08-17 13:42:15 +010011718run_test "DTLS reordering: Buffer out-of-order CCS message on client"\
11719 -p "$P_PXY delay_srv=NewSessionTicket" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011720 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11721 hs_timeout=2500-60000" \
11722 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11723 hs_timeout=2500-60000" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011724 0 \
11725 -C "Buffering HS message" \
11726 -C "Next handshake message has been buffered - load"\
11727 -S "Buffering HS message" \
11728 -S "Next handshake message has been buffered - load" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011729 -c "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011730 -c "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011731 -S "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011732 -S "Remember CCS message"
11733
Gilles Peskine6f160ca2022-03-14 18:21:24 +010011734requires_certificate_authentication
Jerry Yuab082902021-12-23 18:02:22 +080011735requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Becker56cdfd12018-08-17 13:42:15 +010011736run_test "DTLS reordering: Buffer out-of-order CCS message on server"\
11737 -p "$P_PXY delay_cli=ClientKeyExchange" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011738 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11739 hs_timeout=2500-60000" \
11740 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11741 hs_timeout=2500-60000" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011742 0 \
11743 -C "Buffering HS message" \
11744 -C "Next handshake message has been buffered - load"\
11745 -S "Buffering HS message" \
11746 -S "Next handshake message has been buffered - load" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011747 -C "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011748 -C "Remember CCS message" \
Hanno Becker39b8bc92018-08-28 17:17:13 +010011749 -s "Injecting buffered CCS message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011750 -s "Remember CCS message"
11751
Jerry Yuab082902021-12-23 18:02:22 +080011752requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Hanno Beckera1adcca2018-08-24 14:41:07 +010011753run_test "DTLS reordering: Buffer encrypted Finished message" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011754 -p "$P_PXY delay_ccs=1" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011755 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \
11756 hs_timeout=2500-60000" \
11757 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \
11758 hs_timeout=2500-60000" \
Hanno Beckerb34149c2018-08-16 15:29:06 +010011759 0 \
11760 -s "Buffer record from epoch 1" \
Hanno Becker56cdfd12018-08-17 13:42:15 +010011761 -s "Found buffered record from current epoch - load" \
11762 -c "Buffer record from epoch 1" \
11763 -c "Found buffered record from current epoch - load"
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011764
Hanno Beckera1adcca2018-08-24 14:41:07 +010011765# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec
11766# from the server are delayed, so that the encrypted Finished message
11767# is received and buffered. When the fragmented NewSessionTicket comes
11768# in afterwards, the encrypted Finished message must be freed in order
11769# to make space for the NewSessionTicket to be reassembled.
11770# This works only in very particular circumstances:
11771# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering
11772# of the NewSessionTicket, but small enough to also allow buffering of
11773# the encrypted Finished message.
11774# - The MTU setting on the server must be so small that the NewSessionTicket
11775# needs to be fragmented.
11776# - All messages sent by the server must be small enough to be either sent
11777# without fragmentation or be reassembled within the bounds of
11778# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based
11779# handshake, omitting CRTs.
Manuel Pégourié-Gonnardeef4c752019-05-28 10:21:30 +020011780requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190
11781requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230
Hanno Beckera1adcca2018-08-24 14:41:07 +010011782run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \
11783 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011784 "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=73776f726466697368 psk_identity=foo cookies=0 dtls=1 debug_level=2" \
11785 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=73776f726466697368 psk_identity=foo" \
Hanno Beckera1adcca2018-08-24 14:41:07 +010011786 0 \
11787 -s "Buffer record from epoch 1" \
11788 -s "Found buffered record from current epoch - load" \
11789 -c "Buffer record from epoch 1" \
11790 -C "Found buffered record from current epoch - load" \
11791 -c "Enough space available after freeing future epoch record"
11792
Manuel Pégourié-Gonnarda0719722014-09-20 12:46:27 +020011793# Tests for "randomly unreliable connection": try a variety of flows and peers
11794
11795client_needs_more_time 2
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011796run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \
11797 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Gilles Peskine78df6172024-09-07 19:50:46 +020011798 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011799 psk=73776f726466697368" \
11800 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011801 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11802 0 \
11803 -s "Extra-header:" \
11804 -c "HTTP/1.0 200 OK"
11805
Janos Follath74537a62016-09-02 13:45:28 +010011806client_needs_more_time 2
Gabor Mezeifc42c222025-02-05 17:28:03 +010011807run_test "DTLS proxy: 3d, \"short\" ECDHE-RSA handshake" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011808 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011809 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
11810 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \
Gabor Mezeifc42c222025-02-05 17:28:03 +010011811 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011812 0 \
11813 -s "Extra-header:" \
11814 -c "HTTP/1.0 200 OK"
11815
Janos Follath74537a62016-09-02 13:45:28 +010011816client_needs_more_time 2
Jerry Yuab082902021-12-23 18:02:22 +080011817requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011818run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \
11819 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011820 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \
11821 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011822 0 \
11823 -s "Extra-header:" \
11824 -c "HTTP/1.0 200 OK"
11825
Janos Follath74537a62016-09-02 13:45:28 +010011826client_needs_more_time 2
Jerry Yuab082902021-12-23 18:02:22 +080011827requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011828run_test "DTLS proxy: 3d, FS, client auth" \
11829 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011830 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \
11831 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011832 0 \
11833 -s "Extra-header:" \
11834 -c "HTTP/1.0 200 OK"
11835
Janos Follath74537a62016-09-02 13:45:28 +010011836client_needs_more_time 2
Jerry Yuab082902021-12-23 18:02:22 +080011837requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +020011838requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011839run_test "DTLS proxy: 3d, FS, ticket" \
11840 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011841 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \
11842 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011843 0 \
11844 -s "Extra-header:" \
11845 -c "HTTP/1.0 200 OK"
11846
Janos Follath74537a62016-09-02 13:45:28 +010011847client_needs_more_time 2
Jerry Yuab082902021-12-23 18:02:22 +080011848requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +020011849requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard18e519a2014-09-24 19:09:17 +020011850run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \
11851 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011852 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \
11853 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \
Manuel Pégourié-Gonnard825a49e2014-09-23 11:00:37 +020011854 0 \
11855 -s "Extra-header:" \
11856 -c "HTTP/1.0 200 OK"
11857
Janos Follath74537a62016-09-02 13:45:28 +010011858client_needs_more_time 2
Jerry Yuab082902021-12-23 18:02:22 +080011859requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Norbert Fabritius4f1c9272023-04-12 09:50:30 +020011860requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011861run_test "DTLS proxy: 3d, max handshake, nbio" \
11862 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011863 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +020011864 auth_mode=required" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011865 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011866 0 \
11867 -s "Extra-header:" \
11868 -c "HTTP/1.0 200 OK"
11869
Janos Follath74537a62016-09-02 13:45:28 +010011870client_needs_more_time 4
Gilles Peskine2fe796f2022-02-25 19:51:52 +010011871requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard7a26d732014-10-02 14:50:46 +020011872run_test "DTLS proxy: 3d, min handshake, resumption" \
11873 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011874 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011875 psk=73776f726466697368 debug_level=3" \
11876 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +010011877 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
Manuel Pégourié-Gonnard7a26d732014-10-02 14:50:46 +020011878 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11879 0 \
11880 -s "a session has been resumed" \
11881 -c "a session has been resumed" \
11882 -s "Extra-header:" \
11883 -c "HTTP/1.0 200 OK"
11884
Janos Follath74537a62016-09-02 13:45:28 +010011885client_needs_more_time 4
Gilles Peskine2fe796f2022-02-25 19:51:52 +010011886requires_config_enabled MBEDTLS_SSL_CACHE_C
Manuel Pégourié-Gonnard85beb302014-10-02 17:59:19 +020011887run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \
11888 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011889 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011890 psk=73776f726466697368 debug_level=3 nbio=2" \
11891 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnard56941fe2020-02-17 11:04:33 +010011892 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \
Manuel Pégourié-Gonnard85beb302014-10-02 17:59:19 +020011893 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \
11894 0 \
11895 -s "a session has been resumed" \
11896 -c "a session has been resumed" \
11897 -s "Extra-header:" \
11898 -c "HTTP/1.0 200 OK"
11899
Janos Follath74537a62016-09-02 13:45:28 +010011900client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +010011901requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011902run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \
Manuel Pégourié-Gonnard1b753f12014-09-25 16:09:36 +020011903 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011904 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011905 psk=73776f726466697368 renegotiation=1 debug_level=2" \
11906 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +020011907 renegotiate=1 debug_level=2 \
Manuel Pégourié-Gonnard1b753f12014-09-25 16:09:36 +020011908 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11909 0 \
11910 -c "=> renegotiate" \
11911 -s "=> renegotiate" \
11912 -s "Extra-header:" \
11913 -c "HTTP/1.0 200 OK"
11914
Janos Follath74537a62016-09-02 13:45:28 +010011915client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +010011916requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011917run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \
11918 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011919 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011920 psk=73776f726466697368 renegotiation=1 debug_level=2" \
11921 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnard37a4de22014-10-01 16:38:03 +020011922 renegotiate=1 debug_level=2 \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011923 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11924 0 \
11925 -c "=> renegotiate" \
11926 -s "=> renegotiate" \
11927 -s "Extra-header:" \
11928 -c "HTTP/1.0 200 OK"
11929
Janos Follath74537a62016-09-02 13:45:28 +010011930client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +010011931requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011932run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +020011933 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011934 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011935 psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011936 debug_level=2" \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011937 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +020011938 renegotiation=1 exchanges=4 debug_level=2 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011939 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11940 0 \
11941 -c "=> renegotiate" \
11942 -s "=> renegotiate" \
11943 -s "Extra-header:" \
11944 -c "HTTP/1.0 200 OK"
11945
Janos Follath74537a62016-09-02 13:45:28 +010011946client_needs_more_time 4
Hanno Becker6a243642017-10-12 15:18:45 +010011947requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011948run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +020011949 -p "$P_PXY drop=5 delay=5 duplicate=5" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011950 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011951 psk=73776f726466697368 renegotiate=1 renegotiation=1 exchanges=4 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011952 debug_level=2 nbio=2" \
Gilles Peskine77c13e62024-04-29 16:09:52 +020011953 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=73776f726466697368 \
Manuel Pégourié-Gonnarda6ace042014-10-15 12:44:41 +020011954 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \
Manuel Pégourié-Gonnardba958b82014-10-09 16:13:44 +020011955 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \
11956 0 \
11957 -c "=> renegotiate" \
11958 -s "=> renegotiate" \
11959 -s "Extra-header:" \
11960 -c "HTTP/1.0 200 OK"
11961
Zhangsen Wang87a9c862022-06-28 06:10:35 +000011962## The three tests below require 1.1.1a or higher version of openssl, otherwise
11963## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902)
11964## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error
11965requires_openssl_next
Janos Follath74537a62016-09-02 13:45:28 +010011966client_needs_more_time 6
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020011967not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080011968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020011969run_test "DTLS proxy: 3d, openssl server" \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +020011970 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
Valerio Setti2f8eb622023-03-16 13:04:44 +010011971 "$O_NEXT_SRV -dtls1_2 -mtu 2048" \
11972 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +020011973 0 \
Manuel Pégourié-Gonnardd0fd1da2014-09-25 17:00:27 +020011974 -c "HTTP/1.0 200 OK"
11975
Zhangsen Wang87a9c862022-06-28 06:10:35 +000011976requires_openssl_next
Janos Follath74537a62016-09-02 13:45:28 +010011977client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020011978not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080011979requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020011980run_test "DTLS proxy: 3d, openssl server, fragmentation" \
11981 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
Zhangsen Wang87a9c862022-06-28 06:10:35 +000011982 "$O_NEXT_SRV -dtls1_2 -mtu 768" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011983 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020011984 0 \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020011985 -c "HTTP/1.0 200 OK"
11986
Zhangsen Wang87a9c862022-06-28 06:10:35 +000011987requires_openssl_next
Janos Follath74537a62016-09-02 13:45:28 +010011988client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020011989not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080011990requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011991run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \
11992 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \
Zhangsen Wang87a9c862022-06-28 06:10:35 +000011993 "$O_NEXT_SRV -dtls1_2 -mtu 768" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040011994 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011995 0 \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020011996 -c "HTTP/1.0 200 OK"
11997
Manuel Pégourié-Gonnard96999962015-02-17 16:02:37 +000011998requires_gnutls
Janos Follath74537a62016-09-02 13:45:28 +010011999client_needs_more_time 6
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020012000not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080012001requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020012002run_test "DTLS proxy: 3d, gnutls server" \
12003 -p "$P_PXY drop=5 delay=5 duplicate=5" \
12004 "$G_SRV -u --mtu 2048 -a" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040012005 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020012006 0 \
12007 -s "Extra-header:" \
12008 -c "Extra-header:"
12009
k-stachowiak17a38d32019-02-18 15:29:56 +010012010requires_gnutls_next
Janos Follath74537a62016-09-02 13:45:28 +010012011client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020012012not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080012013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020012014run_test "DTLS proxy: 3d, gnutls server, fragmentation" \
12015 -p "$P_PXY drop=5 delay=5 duplicate=5" \
k-stachowiak17a38d32019-02-18 15:29:56 +010012016 "$G_NEXT_SRV -u --mtu 512" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040012017 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \
Manuel Pégourié-Gonnard9590e0a2014-09-26 16:27:59 +020012018 0 \
12019 -s "Extra-header:" \
12020 -c "Extra-header:"
12021
k-stachowiak17a38d32019-02-18 15:29:56 +010012022requires_gnutls_next
Janos Follath74537a62016-09-02 13:45:28 +010012023client_needs_more_time 8
Manuel Pégourié-Gonnardd68434e2015-08-31 12:48:22 +020012024not_with_valgrind # risk of non-mbedtls peer timing out
Jerry Yuab082902021-12-23 18:02:22 +080012025requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020012026run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \
12027 -p "$P_PXY drop=5 delay=5 duplicate=5" \
k-stachowiak17a38d32019-02-18 15:29:56 +010012028 "$G_NEXT_SRV -u --mtu 512" \
Andrzej Kurek948fe802018-10-05 15:42:44 -040012029 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \
Manuel Pégourié-Gonnard6093d812014-09-29 17:52:57 +020012030 0 \
12031 -s "Extra-header:" \
12032 -c "Extra-header:"
12033
Jerry Yuab082902021-12-23 18:02:22 +080012034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Ron Eldorf75e2522019-05-14 20:38:49 +030012035run_test "export keys functionality" \
12036 "$P_SRV eap_tls=1 debug_level=3" \
Ronald Cronf95d1692023-03-14 17:19:42 +010012037 "$P_CLI force_version=tls12 eap_tls=1 debug_level=3" \
Ron Eldorf75e2522019-05-14 20:38:49 +030012038 0 \
Ron Eldor65d8c262019-06-04 13:05:36 +030012039 -c "EAP-TLS key material is:"\
12040 -s "EAP-TLS key material is:"\
12041 -c "EAP-TLS IV is:" \
12042 -s "EAP-TLS IV is:"
Ron Eldorf75e2522019-05-14 20:38:49 +030012043
Jerry Yu04029792021-08-10 16:45:37 +080012044# openssl feature tests: check if tls1.3 exists.
12045requires_openssl_tls1_3
Jerry Yuc502dff2021-12-03 10:04:08 +080012046run_test "TLS 1.3: Test openssl tls1_3 feature" \
Jerry Yu04029792021-08-10 16:45:37 +080012047 "$O_NEXT_SRV -tls1_3 -msg" \
12048 "$O_NEXT_CLI -tls1_3 -msg" \
12049 0 \
12050 -c "TLS 1.3" \
12051 -s "TLS 1.3"
12052
Jerry Yu75261df2021-09-02 17:40:08 +080012053# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options.
Jerry Yu04029792021-08-10 16:45:37 +080012054requires_gnutls_tls1_3
Jerry Yub12d81d2021-08-17 10:56:08 +080012055requires_gnutls_next_no_ticket
12056requires_gnutls_next_disable_tls13_compat
Jerry Yuc502dff2021-12-03 10:04:08 +080012057run_test "TLS 1.3: Test gnutls tls1_3 feature" \
Jerry Yu937ac672021-10-28 17:39:28 +080012058 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \
Jerry Yub12d81d2021-08-17 10:56:08 +080012059 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Jerry Yu04029792021-08-10 16:45:37 +080012060 0 \
12061 -s "Version: TLS1.3" \
12062 -c "Version: TLS1.3"
12063
Jerry Yuc46e9b42021-08-06 11:22:24 +080012064# TLS1.3 test cases
Ronald Cronb18c67a2023-02-16 16:57:16 +010012065requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
12066requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Cron4bb67732023-02-16 15:51:18 +010012067requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256
Valerio Setticf29c5d2023-09-01 09:03:41 +020012068requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255"
12069requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256"
Ronald Cronb18c67a2023-02-16 16:57:16 +010012070run_test "TLS 1.3: Default" \
David Horstmann184c4f02024-07-01 17:01:28 +010012071 "$P_SRV allow_sha1=0 debug_level=3 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key force_version=tls13" \
Ronald Cronb18c67a2023-02-16 16:57:16 +010012072 "$P_CLI allow_sha1=0" \
12073 0 \
12074 -s "Protocol is TLSv1.3" \
Ronald Cron4bb67732023-02-16 15:51:18 +010012075 -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +020012076 -s "ECDH/FFDH group: " \
Ronald Cronb18c67a2023-02-16 16:57:16 +010012077 -s "selected signature algorithm ecdsa_secp256r1_sha256"
12078
Ronald Cron587cfe62024-02-08 08:56:09 +010012079requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
12080requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
12081requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12082requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
12083run_test "Establish TLS 1.2 then TLS 1.3 session" \
12084 "$P_SRV" \
12085 "( $P_CLI force_version=tls12; \
12086 $P_CLI force_version=tls13 )" \
12087 0 \
12088 -s "Protocol is TLSv1.2" \
12089 -s "Protocol is TLSv1.3" \
12090
Ronald Cron90abb222024-02-08 09:02:49 +010012091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
12092requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
12093requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
12094requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT
12095run_test "Establish TLS 1.3 then TLS 1.2 session" \
12096 "$P_SRV" \
12097 "( $P_CLI force_version=tls13; \
12098 $P_CLI force_version=tls12 )" \
12099 0 \
12100 -s "Protocol is TLSv1.3" \
12101 -s "Protocol is TLSv1.2" \
12102
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012103requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron7c0185f2021-11-30 09:16:24 +010012104requires_config_enabled MBEDTLS_DEBUG_C
12105requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012106requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuc502dff2021-12-03 10:04:08 +080012107run_test "TLS 1.3: minimal feature sets - openssl" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010012108 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012109 "$P_CLI debug_level=3" \
Jerry Yue1b1e2d2021-10-29 17:46:32 +080012110 0 \
Ronald Cron27c85e72022-03-08 11:37:55 +010012111 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
12112 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
12113 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12114 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12115 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12116 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12117 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
12118 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
12119 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
12120 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
Xiaofei Bai746f9482021-11-12 08:53:56 +000012121 -c "<= ssl_tls13_process_server_hello" \
Ronald Cron4bb67732023-02-16 15:51:18 +010012122 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +020012123 -c "DHE group name: " \
Xiaofei Bai746f9482021-11-12 08:53:56 +000012124 -c "=> ssl_tls13_process_server_hello" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012125 -c "<= parse encrypted extensions" \
Jerry Yu834886d2021-10-30 13:26:15 +080012126 -c "Certificate verification flags clear" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012127 -c "=> parse certificate verify" \
12128 -c "<= parse certificate verify" \
XiaokangQiand0aa3e92021-11-10 06:17:40 +000012129 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
Jerry Yu6d38c192021-11-15 14:01:04 +080012130 -c "<= parse finished message" \
Gilles Peskinec63a1e02022-01-13 01:10:24 +010012131 -c "Protocol is TLSv1.3" \
Jerry Yu6d38c192021-11-15 14:01:04 +080012132 -c "HTTP/1.0 200 ok"
Jerry Yued2ef2d2021-08-19 18:11:43 +080012133
Jerry Yu76e31ec2021-09-22 21:16:27 +080012134requires_gnutls_tls1_3
Jerry Yu937ac672021-10-28 17:39:28 +080012135requires_gnutls_next_no_ticket
Ronald Cron7c0185f2021-11-30 09:16:24 +010012136requires_config_enabled MBEDTLS_DEBUG_C
12137requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012138requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuc502dff2021-12-03 10:04:08 +080012139run_test "TLS 1.3: minimal feature sets - gnutls" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010012140 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012141 "$P_CLI debug_level=3" \
Jerry Yue1b1e2d2021-10-29 17:46:32 +080012142 0 \
Ronald Cron27c85e72022-03-08 11:37:55 +010012143 -s "SERVER HELLO was queued" \
12144 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
12145 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
12146 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12147 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12148 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12149 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12150 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
12151 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
12152 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
12153 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
Xiaofei Bai746f9482021-11-12 08:53:56 +000012154 -c "<= ssl_tls13_process_server_hello" \
Ronald Cron4bb67732023-02-16 15:51:18 +010012155 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +020012156 -c "DHE group name: " \
Xiaofei Bai746f9482021-11-12 08:53:56 +000012157 -c "=> ssl_tls13_process_server_hello" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012158 -c "<= parse encrypted extensions" \
Jerry Yu834886d2021-10-30 13:26:15 +080012159 -c "Certificate verification flags clear" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012160 -c "=> parse certificate verify" \
12161 -c "<= parse certificate verify" \
XiaokangQiand0aa3e92021-11-10 06:17:40 +000012162 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
Jerry Yu6d38c192021-11-15 14:01:04 +080012163 -c "<= parse finished message" \
Gilles Peskine860429f2022-02-12 00:44:48 +010012164 -c "Protocol is TLSv1.3" \
Jerry Yu6d38c192021-11-15 14:01:04 +080012165 -c "HTTP/1.0 200 OK"
XiaokangQiand0aa3e92021-11-10 06:17:40 +000012166
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012167requires_openssl_tls1_3_with_compatible_ephemeral
lhuang0486cacac2022-01-21 07:34:27 -080012168requires_config_enabled MBEDTLS_DEBUG_C
12169requires_config_enabled MBEDTLS_SSL_CLI_C
12170requires_config_enabled MBEDTLS_SSL_ALPN
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012171requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
lhuang0486cacac2022-01-21 07:34:27 -080012172run_test "TLS 1.3: alpn - openssl" \
12173 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012174 "$P_CLI debug_level=3 alpn=h2" \
lhuang0486cacac2022-01-21 07:34:27 -080012175 0 \
Ronald Cron27c85e72022-03-08 11:37:55 +010012176 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
12177 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
12178 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12179 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12180 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12181 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12182 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
12183 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
12184 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
12185 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
lhuang0486cacac2022-01-21 07:34:27 -080012186 -c "<= ssl_tls13_process_server_hello" \
Ronald Cron4bb67732023-02-16 15:51:18 +010012187 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +020012188 -c "DHE group name: " \
lhuang0486cacac2022-01-21 07:34:27 -080012189 -c "=> ssl_tls13_process_server_hello" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012190 -c "<= parse encrypted extensions" \
lhuang0486cacac2022-01-21 07:34:27 -080012191 -c "Certificate verification flags clear" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012192 -c "=> parse certificate verify" \
12193 -c "<= parse certificate verify" \
lhuang0486cacac2022-01-21 07:34:27 -080012194 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
12195 -c "<= parse finished message" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012196 -c "Protocol is TLSv1.3" \
lhuang0486cacac2022-01-21 07:34:27 -080012197 -c "HTTP/1.0 200 ok" \
12198 -c "Application Layer Protocol is h2"
12199
12200requires_gnutls_tls1_3
12201requires_gnutls_next_no_ticket
lhuang0486cacac2022-01-21 07:34:27 -080012202requires_config_enabled MBEDTLS_DEBUG_C
12203requires_config_enabled MBEDTLS_SSL_CLI_C
12204requires_config_enabled MBEDTLS_SSL_ALPN
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
lhuang0486cacac2022-01-21 07:34:27 -080012206run_test "TLS 1.3: alpn - gnutls" \
12207 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012208 "$P_CLI debug_level=3 alpn=h2" \
lhuang0486cacac2022-01-21 07:34:27 -080012209 0 \
Ronald Cron27c85e72022-03-08 11:37:55 +010012210 -s "SERVER HELLO was queued" \
12211 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \
12212 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \
12213 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12214 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12215 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12216 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12217 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \
12218 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \
12219 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \
12220 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
lhuang0486cacac2022-01-21 07:34:27 -080012221 -c "<= ssl_tls13_process_server_hello" \
Ronald Cron4bb67732023-02-16 15:51:18 +010012222 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \
Przemek Stekiel1f5c2ba2023-06-15 17:04:44 +020012223 -c "DHE group name: " \
lhuang0486cacac2022-01-21 07:34:27 -080012224 -c "=> ssl_tls13_process_server_hello" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012225 -c "<= parse encrypted extensions" \
lhuang0486cacac2022-01-21 07:34:27 -080012226 -c "Certificate verification flags clear" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012227 -c "=> parse certificate verify" \
12228 -c "<= parse certificate verify" \
lhuang0486cacac2022-01-21 07:34:27 -080012229 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \
12230 -c "<= parse finished message" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012231 -c "Protocol is TLSv1.3" \
lhuang0486cacac2022-01-21 07:34:27 -080012232 -c "HTTP/1.0 200 OK" \
12233 -c "Application Layer Protocol is h2"
12234
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012235requires_openssl_tls1_3_with_compatible_ephemeral
XiaokangQianacb39922022-06-17 10:18:48 +000012236requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian95d5f542022-06-24 02:29:26 +000012237requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQianacb39922022-06-17 10:18:48 +000012238requires_config_enabled MBEDTLS_SSL_ALPN
Ronald Cron928cbd32022-10-04 16:14:26 +020012239requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianacb39922022-06-17 10:18:48 +000012240run_test "TLS 1.3: server alpn - openssl" \
David Horstmann184c4f02024-07-01 17:01:28 +010012241 "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \
XiaokangQianacb39922022-06-17 10:18:48 +000012242 "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \
12243 0 \
XiaokangQianc7403452022-06-23 03:24:12 +000012244 -s "found alpn extension" \
12245 -s "server side, adding alpn extension" \
12246 -s "Protocol is TLSv1.3" \
12247 -s "HTTP/1.0 200 OK" \
12248 -s "Application Layer Protocol is h2"
12249
12250requires_gnutls_tls1_3
XiaokangQianc7403452022-06-23 03:24:12 +000012251requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQian95d5f542022-06-24 02:29:26 +000012252requires_config_enabled MBEDTLS_SSL_SRV_C
XiaokangQianc7403452022-06-23 03:24:12 +000012253requires_config_enabled MBEDTLS_SSL_ALPN
Ronald Cron928cbd32022-10-04 16:14:26 +020012254requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianc7403452022-06-23 03:24:12 +000012255run_test "TLS 1.3: server alpn - gnutls" \
David Horstmann184c4f02024-07-01 17:01:28 +010012256 "$P_SRV debug_level=3 tickets=0 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key alpn=h2" \
XiaokangQianc7403452022-06-23 03:24:12 +000012257 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \
12258 0 \
XiaokangQianacb39922022-06-17 10:18:48 +000012259 -s "found alpn extension" \
12260 -s "server side, adding alpn extension" \
12261 -s "Protocol is TLSv1.3" \
12262 -s "HTTP/1.0 200 OK" \
12263 -s "Application Layer Protocol is h2"
12264
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012265requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaa6214a2022-01-30 19:53:28 +080012266requires_config_enabled MBEDTLS_DEBUG_C
12267requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012268requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012269run_test "TLS 1.3: Client authentication, no client certificate - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012270 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012271 "$P_CLI debug_level=4 crt_file=none key_file=none" \
Jerry Yuaa6214a2022-01-30 19:53:28 +080012272 0 \
Jerry Yuaa6214a2022-01-30 19:53:28 +080012273 -c "got a certificate request" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012274 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12275 -s "TLS 1.3" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012276 -c "HTTP/1.0 200 ok" \
12277 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012278
12279requires_gnutls_tls1_3
12280requires_gnutls_next_no_ticket
Jerry Yu6c3d8212022-02-18 15:23:23 +080012281requires_config_enabled MBEDTLS_DEBUG_C
12282requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012284run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \
Jerry Yu819f2972022-02-22 10:14:24 +080012285 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012286 "$P_CLI debug_level=3 crt_file=none key_file=none" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012287 0 \
12288 -c "got a certificate request" \
12289 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\
12290 -s "Version: TLS1.3" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012291 -c "HTTP/1.0 200 OK" \
12292 -c "Protocol is TLSv1.3"
12293
Jerry Yuaa6214a2022-01-30 19:53:28 +080012294
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012295requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu960bc282022-01-26 11:12:34 +080012296requires_config_enabled MBEDTLS_DEBUG_C
12297requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012298requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu819f2972022-02-22 10:14:24 +080012299run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \
Jerry Yu960bc282022-01-26 11:12:34 +080012300 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
David Horstmann184c4f02024-07-01 17:01:28 +010012301 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key" \
Jerry Yuc19884f2022-01-29 10:44:44 +080012302 0 \
Jerry Yu960bc282022-01-26 11:12:34 +080012303 -c "got a certificate request" \
Jerry Yu200b47b2022-01-28 14:26:30 +080012304 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012305 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12306 -c "Protocol is TLSv1.3"
Jerry Yu960bc282022-01-26 11:12:34 +080012307
12308requires_gnutls_tls1_3
12309requires_gnutls_next_no_ticket
Jerry Yu960bc282022-01-26 11:12:34 +080012310requires_config_enabled MBEDTLS_DEBUG_C
12311requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu819f2972022-02-22 10:14:24 +080012313run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \
Jerry Yu960bc282022-01-26 11:12:34 +080012314 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
David Horstmann184c4f02024-07-01 17:01:28 +010012315 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \
12316 key_file=$DATA_FILES_PATH/cli2.key" \
Jerry Yuc19884f2022-01-29 10:44:44 +080012317 0 \
Jerry Yu960bc282022-01-26 11:12:34 +080012318 -c "got a certificate request" \
Jerry Yu200b47b2022-01-28 14:26:30 +080012319 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012320 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12321 -c "Protocol is TLSv1.3"
Jerry Yu200b47b2022-01-28 14:26:30 +080012322
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012323requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu200b47b2022-01-28 14:26:30 +080012324requires_config_enabled MBEDTLS_DEBUG_C
12325requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012326requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012327run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012328 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012329 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
12330 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012331 0 \
12332 -c "got a certificate request" \
12333 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012334 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12335 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012336
12337requires_gnutls_tls1_3
12338requires_gnutls_next_no_ticket
Jerry Yu6c3d8212022-02-18 15:23:23 +080012339requires_config_enabled MBEDTLS_DEBUG_C
12340requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012341requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012342run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \
Jerry Yu819f2972022-02-22 10:14:24 +080012343 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012344 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
12345 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012346 0 \
12347 -c "got a certificate request" \
12348 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012349 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12350 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012351
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012352requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu6c3d8212022-02-18 15:23:23 +080012353requires_config_enabled MBEDTLS_DEBUG_C
12354requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012355requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012356run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012357 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012358 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
12359 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012360 0 \
12361 -c "got a certificate request" \
12362 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012363 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12364 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012365
12366requires_gnutls_tls1_3
12367requires_gnutls_next_no_ticket
Jerry Yu6c3d8212022-02-18 15:23:23 +080012368requires_config_enabled MBEDTLS_DEBUG_C
12369requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012371run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \
Jerry Yu819f2972022-02-22 10:14:24 +080012372 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012373 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
12374 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012375 0 \
12376 -c "got a certificate request" \
12377 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012378 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12379 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012380
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012381requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu6c3d8212022-02-18 15:23:23 +080012382requires_config_enabled MBEDTLS_DEBUG_C
12383requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012384requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012385run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012386 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012387 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12388 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012389 0 \
12390 -c "got a certificate request" \
12391 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012392 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12393 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012394
12395requires_gnutls_tls1_3
12396requires_gnutls_next_no_ticket
Jerry Yu6c3d8212022-02-18 15:23:23 +080012397requires_config_enabled MBEDTLS_DEBUG_C
12398requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012399requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012400run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \
Jerry Yu819f2972022-02-22 10:14:24 +080012401 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012402 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12403 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key" \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012404 0 \
12405 -c "got a certificate request" \
12406 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012407 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12408 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012409
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012410requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu6c3d8212022-02-18 15:23:23 +080012411requires_config_enabled MBEDTLS_DEBUG_C
12412requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012413requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012414requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012415run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012416 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012417 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12418 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
Jerry Yu919130c2022-02-23 10:40:19 +080012419 0 \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012420 -c "got a certificate request" \
12421 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012422 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Jerry Yu919130c2022-02-23 10:40:19 +080012423 -c "Protocol is TLSv1.3"
Jerry Yu6c3d8212022-02-18 15:23:23 +080012424
12425requires_gnutls_tls1_3
12426requires_gnutls_next_no_ticket
Jerry Yu6c3d8212022-02-18 15:23:23 +080012427requires_config_enabled MBEDTLS_DEBUG_C
12428requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012429requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012430requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu6c3d8212022-02-18 15:23:23 +080012431run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \
Jerry Yu819f2972022-02-22 10:14:24 +080012432 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012433 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12434 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \
Jerry Yu919130c2022-02-23 10:40:19 +080012435 0 \
Jerry Yu6c3d8212022-02-18 15:23:23 +080012436 -c "got a certificate request" \
12437 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
Jerry Yu562a0fd2022-02-18 15:35:11 +080012438 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Jerry Yu919130c2022-02-23 10:40:19 +080012439 -c "Protocol is TLSv1.3"
Jerry Yu960bc282022-01-26 11:12:34 +080012440
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012441requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu2124d052022-02-18 21:07:18 +080012442requires_config_enabled MBEDTLS_DEBUG_C
12443requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012444requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012445requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu3a58b462022-02-22 16:42:29 +080012446run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \
12447 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012448 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12449 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
Jerry Yu3a58b462022-02-22 16:42:29 +080012450 0 \
12451 -c "got a certificate request" \
12452 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12453 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12454 -c "Protocol is TLSv1.3"
12455
12456requires_gnutls_tls1_3
12457requires_gnutls_next_no_ticket
Jerry Yu3a58b462022-02-22 16:42:29 +080012458requires_config_enabled MBEDTLS_DEBUG_C
12459requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012460requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012461requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu3a58b462022-02-22 16:42:29 +080012462run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \
12463 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012464 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12465 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \
Jerry Yu3a58b462022-02-22 16:42:29 +080012466 0 \
12467 -c "got a certificate request" \
12468 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12469 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12470 -c "Protocol is TLSv1.3"
12471
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012472requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu3a58b462022-02-22 16:42:29 +080012473requires_config_enabled MBEDTLS_DEBUG_C
12474requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012475requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012476requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu3a58b462022-02-22 16:42:29 +080012477run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \
12478 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012479 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12480 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
Jerry Yu3a58b462022-02-22 16:42:29 +080012481 0 \
12482 -c "got a certificate request" \
12483 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12484 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12485 -c "Protocol is TLSv1.3"
12486
12487requires_gnutls_tls1_3
12488requires_gnutls_next_no_ticket
Jerry Yu3a58b462022-02-22 16:42:29 +080012489requires_config_enabled MBEDTLS_DEBUG_C
12490requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012491requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012492requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu3a58b462022-02-22 16:42:29 +080012493run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \
12494 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012495 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12496 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \
Jerry Yu3a58b462022-02-22 16:42:29 +080012497 0 \
12498 -c "got a certificate request" \
12499 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12500 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12501 -c "Protocol is TLSv1.3"
12502
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012503requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu3a58b462022-02-22 16:42:29 +080012504requires_config_enabled MBEDTLS_DEBUG_C
12505requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012506requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012507requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuccb005e2022-02-22 17:38:34 +080012508run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \
Jerry Yu819f2972022-02-22 10:14:24 +080012509 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
Jerry Yu2124d052022-02-18 21:07:18 +080012510 -sigalgs ecdsa_secp256r1_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010012511 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12512 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
Jerry Yu2124d052022-02-18 21:07:18 +080012513 1 \
12514 -c "got a certificate request" \
12515 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12516 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Xiaokang Qianea3d9332022-12-07 06:19:49 +000012517 -c "no suitable signature algorithm"
Jerry Yu2124d052022-02-18 21:07:18 +080012518
12519requires_gnutls_tls1_3
12520requires_gnutls_next_no_ticket
Jerry Yu2124d052022-02-18 21:07:18 +080012521requires_config_enabled MBEDTLS_DEBUG_C
12522requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012523requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012524requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu819f2972022-02-22 10:14:24 +080012525run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \
12526 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012527 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12528 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \
Jerry Yu2124d052022-02-18 21:07:18 +080012529 1 \
12530 -c "got a certificate request" \
12531 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12532 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Xiaokang Qianea3d9332022-12-07 06:19:49 +000012533 -c "no suitable signature algorithm"
Jerry Yu2124d052022-02-18 21:07:18 +080012534
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012535# Test using an opaque private key for client authentication
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012536requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012537requires_config_enabled MBEDTLS_DEBUG_C
12538requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012539requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012540run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \
12541 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \
David Horstmann184c4f02024-07-01 17:01:28 +010012542 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cli2.crt key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012543 0 \
12544 -c "got a certificate request" \
12545 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12546 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12547 -c "Protocol is TLSv1.3"
12548
12549requires_gnutls_tls1_3
12550requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012551requires_config_enabled MBEDTLS_DEBUG_C
12552requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012553requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012554run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \
12555 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \
David Horstmann184c4f02024-07-01 17:01:28 +010012556 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/cli2.crt \
12557 key_file=$DATA_FILES_PATH/cli2.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012558 0 \
12559 -c "got a certificate request" \
12560 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12561 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12562 -c "Protocol is TLSv1.3"
12563
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012564requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012565requires_config_enabled MBEDTLS_DEBUG_C
12566requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012567requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012568run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \
12569 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012570 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
12571 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012572 0 \
12573 -c "got a certificate request" \
12574 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12575 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12576 -c "Protocol is TLSv1.3"
12577
12578requires_gnutls_tls1_3
12579requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012580requires_config_enabled MBEDTLS_DEBUG_C
12581requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012582requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012583run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \
12584 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012585 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp256r1.crt \
12586 key_file=$DATA_FILES_PATH/ecdsa_secp256r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012587 0 \
12588 -c "got a certificate request" \
12589 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12590 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12591 -c "Protocol is TLSv1.3"
12592
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012593requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012594requires_config_enabled MBEDTLS_DEBUG_C
12595requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012596requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012597run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \
12598 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012599 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
12600 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012601 0 \
12602 -c "got a certificate request" \
12603 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12604 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12605 -c "Protocol is TLSv1.3"
12606
12607requires_gnutls_tls1_3
12608requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012609requires_config_enabled MBEDTLS_DEBUG_C
12610requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012611requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012612run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \
12613 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012614 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp384r1.crt \
12615 key_file=$DATA_FILES_PATH/ecdsa_secp384r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012616 0 \
12617 -c "got a certificate request" \
12618 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12619 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12620 -c "Protocol is TLSv1.3"
12621
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012622requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012623requires_config_enabled MBEDTLS_DEBUG_C
12624requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012626run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \
12627 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012628 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12629 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012630 0 \
12631 -c "got a certificate request" \
12632 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12633 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12634 -c "Protocol is TLSv1.3"
12635
12636requires_gnutls_tls1_3
12637requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012638requires_config_enabled MBEDTLS_DEBUG_C
12639requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012640requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012641run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \
12642 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012643 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12644 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012645 0 \
12646 -c "got a certificate request" \
12647 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12648 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12649 -c "Protocol is TLSv1.3"
12650
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012651requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012652requires_config_enabled MBEDTLS_DEBUG_C
12653requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012654requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012655requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012656run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \
12657 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012658 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12659 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012660 0 \
12661 -c "got a certificate request" \
12662 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12663 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12664 -c "Protocol is TLSv1.3"
12665
12666requires_gnutls_tls1_3
12667requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012668requires_config_enabled MBEDTLS_DEBUG_C
12669requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012670requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012671requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012672run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \
12673 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012674 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12675 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012676 0 \
12677 -c "got a certificate request" \
12678 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12679 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12680 -c "Protocol is TLSv1.3"
12681
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012682requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012683requires_config_enabled MBEDTLS_DEBUG_C
12684requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012685requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012686requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012687run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \
12688 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012689 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12690 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012691 0 \
12692 -c "got a certificate request" \
12693 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12694 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12695 -c "Protocol is TLSv1.3"
12696
12697requires_gnutls_tls1_3
12698requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012699requires_config_enabled MBEDTLS_DEBUG_C
12700requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012701requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012702requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012703run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \
12704 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012705 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12706 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012707 0 \
12708 -c "got a certificate request" \
12709 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12710 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12711 -c "Protocol is TLSv1.3"
12712
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012713requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012714requires_config_enabled MBEDTLS_DEBUG_C
12715requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012716requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012717requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012718run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \
12719 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \
David Horstmann184c4f02024-07-01 17:01:28 +010012720 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/cert_sha256.crt \
12721 key_file=$DATA_FILES_PATH/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012722 0 \
12723 -c "got a certificate request" \
12724 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12725 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12726 -c "Protocol is TLSv1.3"
12727
12728requires_gnutls_tls1_3
12729requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012730requires_config_enabled MBEDTLS_DEBUG_C
12731requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012732requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012733requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012734run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \
12735 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012736 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/server2-sha256.crt \
12737 key_file=$DATA_FILES_PATH/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012738 0 \
12739 -c "got a certificate request" \
12740 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12741 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
12742 -c "Protocol is TLSv1.3"
12743
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012744requires_openssl_tls1_3_with_compatible_ephemeral
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012745requires_config_enabled MBEDTLS_DEBUG_C
12746requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012747requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012748requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012749run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \
12750 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10
12751 -sigalgs ecdsa_secp256r1_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010012752 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12753 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012754 1 \
12755 -c "got a certificate request" \
12756 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12757 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Xiaokang Qianea3d9332022-12-07 06:19:49 +000012758 -c "no suitable signature algorithm"
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012759
12760requires_gnutls_tls1_3
12761requires_gnutls_next_no_ticket
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012762requires_config_enabled MBEDTLS_DEBUG_C
12763requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron68ba7f72025-06-30 07:45:17 +020012764requires_config_enabled PSA_WANT_KEY_TYPE_RSA_KEY_PAIR_BASIC
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012765requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012766run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \
12767 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \
David Horstmann184c4f02024-07-01 17:01:28 +010012768 "$P_CLI debug_level=3 crt_file=$DATA_FILES_PATH/ecdsa_secp521r1.crt \
12769 key_file=$DATA_FILES_PATH/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012770 1 \
12771 -c "got a certificate request" \
12772 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \
12773 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \
Xiaokang Qianea3d9332022-12-07 06:19:49 +000012774 -c "no suitable signature algorithm"
Neil Armstrong7f6f6722022-04-15 10:09:11 +020012775
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012776requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cron7c0185f2021-11-30 09:16:24 +010012777requires_config_enabled MBEDTLS_DEBUG_C
12778requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012779requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crondf5f8682022-04-05 16:01:03 +020012780run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012781 "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012782 "$P_CLI debug_level=4" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012783 0 \
12784 -c "received HelloRetryRequest message" \
XiaokangQiana9090612022-01-27 03:48:27 +000012785 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012786 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012787 -c "Protocol is TLSv1.3" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012788 -c "HTTP/1.0 200 ok"
12789
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012790requires_openssl_tls1_3_with_compatible_ephemeral
XiaokangQian7bae3b62022-01-26 06:31:39 +000012791requires_config_enabled MBEDTLS_DEBUG_C
12792requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012793requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crondf5f8682022-04-05 16:01:03 +020012794run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010012795 "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012796 "$P_CLI debug_level=4" \
XiaokangQian6db08dd2022-01-18 06:36:23 +000012797 0 \
Jerry Yu8c5559d2021-11-22 21:15:41 +080012798 -c "received HelloRetryRequest message" \
XiaokangQiana9090612022-01-27 03:48:27 +000012799 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012800 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012801 -c "Protocol is TLSv1.3" \
XiaokangQian6db08dd2022-01-18 06:36:23 +000012802 -c "HTTP/1.0 200 ok"
Jerry Yu8c5559d2021-11-22 21:15:41 +080012803
12804requires_gnutls_tls1_3
12805requires_gnutls_next_no_ticket
Ronald Cron7c0185f2021-11-30 09:16:24 +010012806requires_config_enabled MBEDTLS_DEBUG_C
12807requires_config_enabled MBEDTLS_SSL_CLI_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020012808requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012809requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crondf5f8682022-04-05 16:01:03 +020012810run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012811 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012812 "$P_CLI debug_level=4" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012813 0 \
12814 -c "received HelloRetryRequest message" \
XiaokangQiana9090612022-01-27 03:48:27 +000012815 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012816 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012817 -c "Protocol is TLSv1.3" \
XiaokangQian7bae3b62022-01-26 06:31:39 +000012818 -c "HTTP/1.0 200 OK"
12819
12820requires_gnutls_tls1_3
12821requires_gnutls_next_no_ticket
XiaokangQian7bae3b62022-01-26 06:31:39 +000012822requires_config_enabled MBEDTLS_DEBUG_C
12823requires_config_enabled MBEDTLS_SSL_CLI_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020012824requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020012825requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crondf5f8682022-04-05 16:01:03 +020012826run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \
XiaokangQian355e09a2022-01-20 11:14:50 +000012827 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012828 "$P_CLI debug_level=4" \
XiaokangQian355e09a2022-01-20 11:14:50 +000012829 0 \
Jerry Yu8c5559d2021-11-22 21:15:41 +080012830 -c "received HelloRetryRequest message" \
XiaokangQiana9090612022-01-27 03:48:27 +000012831 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \
Ronald Cron27c85e72022-03-08 11:37:55 +010012832 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010012833 -c "Protocol is TLSv1.3" \
XiaokangQian355e09a2022-01-20 11:14:50 +000012834 -c "HTTP/1.0 200 OK"
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010012835
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012836requires_openssl_tls1_3_with_compatible_ephemeral
XiaokangQian5e4528c2022-02-17 07:51:12 +000012837requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQiane8ff3502022-04-22 02:34:40 +000012838requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012839requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian318dc762022-04-20 09:43:51 +000012840run_test "TLS 1.3: Server side check - openssl" \
David Horstmann184c4f02024-07-01 17:01:28 +010012841 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Jerry Yu66220492022-04-23 13:53:36 +080012842 "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \
Jerry Yu4d8567f2022-04-17 10:57:57 +080012843 0 \
Jerry Yuabf20c72022-04-14 18:36:14 +080012844 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12845 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12846 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
Jerry Yucef55db2022-04-23 11:02:05 +080012847 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yuc8bdbf72022-04-23 12:37:35 +080012848 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12849 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
Jerry Yu66220492022-04-23 13:53:36 +080012850 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
Jerry Yu155493d2022-04-25 13:30:18 +080012851 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP"
XiaokangQian5e4528c2022-02-17 07:51:12 +000012852
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020012853requires_openssl_tls1_3_with_compatible_ephemeral
XiaokangQian2f150e12022-04-29 02:01:19 +000012854requires_config_enabled MBEDTLS_DEBUG_C
12855requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012856requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQiana987e1d2022-05-07 01:25:58 +000012857run_test "TLS 1.3: Server side check - openssl with client authentication" \
David Horstmann184c4f02024-07-01 17:01:28 +010012858 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
12859 "$O_NEXT_CLI -msg -debug -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3 -no_middlebox" \
XiaokangQian9a4e1dd2022-05-26 00:58:11 +000012860 0 \
XiaokangQian2f150e12022-04-29 02:01:19 +000012861 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12862 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12863 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12864 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12865 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yuc4505662022-05-10 20:39:21 +080012866 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12867 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
XiaokangQiana987e1d2022-05-07 01:25:58 +000012868 -s "=> write certificate request" \
XiaokangQian2f150e12022-04-29 02:01:19 +000012869 -s "=> parse client hello" \
12870 -s "<= parse client hello"
12871
XiaokangQian5e4528c2022-02-17 07:51:12 +000012872requires_gnutls_tls1_3
12873requires_gnutls_next_no_ticket
XiaokangQian5e4528c2022-02-17 07:51:12 +000012874requires_config_enabled MBEDTLS_DEBUG_C
XiaokangQiane8ff3502022-04-22 02:34:40 +000012875requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012876requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian318dc762022-04-20 09:43:51 +000012877run_test "TLS 1.3: Server side check - gnutls" \
David Horstmann184c4f02024-07-01 17:01:28 +010012878 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
XiaokangQian3f84d5d2022-04-19 06:36:17 +000012879 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Jerry Yu66220492022-04-23 13:53:36 +080012880 0 \
Jerry Yuabf20c72022-04-14 18:36:14 +080012881 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12882 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12883 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
Jerry Yucef55db2022-04-23 11:02:05 +080012884 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yuc8bdbf72022-04-23 12:37:35 +080012885 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12886 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
Jerry Yu66220492022-04-23 13:53:36 +080012887 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
12888 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
12889 -c "HTTP/1.0 200 OK"
XiaokangQian5e4528c2022-02-17 07:51:12 +000012890
XiaokangQian2f150e12022-04-29 02:01:19 +000012891requires_gnutls_tls1_3
12892requires_gnutls_next_no_ticket
XiaokangQian2f150e12022-04-29 02:01:19 +000012893requires_config_enabled MBEDTLS_DEBUG_C
12894requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012895requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQiana987e1d2022-05-07 01:25:58 +000012896run_test "TLS 1.3: Server side check - gnutls with client authentication" \
David Horstmann184c4f02024-07-01 17:01:28 +010012897 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
12898 "$G_NEXT_CLI localhost -d 4 --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
XiaokangQianc3017f62022-05-13 05:55:41 +000012899 0 \
XiaokangQian2f150e12022-04-29 02:01:19 +000012900 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12901 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12902 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12903 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12904 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yuc4505662022-05-10 20:39:21 +080012905 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12906 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
XiaokangQiana987e1d2022-05-07 01:25:58 +000012907 -s "=> write certificate request" \
XiaokangQian2f150e12022-04-29 02:01:19 +000012908 -s "=> parse client hello" \
12909 -s "<= parse client hello"
12910
Jerry Yu8b9fd372022-04-14 20:55:12 +080012911requires_config_enabled MBEDTLS_DEBUG_C
12912requires_config_enabled MBEDTLS_SSL_SRV_C
Jerry Yu955ddd72022-04-22 22:27:33 +080012913requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012914requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yu8b9fd372022-04-14 20:55:12 +080012915run_test "TLS 1.3: Server side check - mbedtls" \
David Horstmann184c4f02024-07-01 17:01:28 +010012916 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Ronald Cron65f90292023-03-13 17:38:12 +010012917 "$P_CLI debug_level=4" \
XiaokangQianc3017f62022-05-13 05:55:41 +000012918 0 \
Jerry Yu8b9fd372022-04-14 20:55:12 +080012919 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12920 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12921 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
Jerry Yua7abc5e2022-05-11 13:32:03 +080012922 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
Jerry Yucef55db2022-04-23 11:02:05 +080012923 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yua7abc5e2022-05-11 13:32:03 +080012924 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \
12925 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \
12926 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \
12927 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \
12928 -c "HTTP/1.0 200 OK"
Jerry Yu8b9fd372022-04-14 20:55:12 +080012929
XiaokangQian45c22202022-05-06 06:54:09 +000012930requires_config_enabled MBEDTLS_DEBUG_C
12931requires_config_enabled MBEDTLS_SSL_SRV_C
12932requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012933requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQiana987e1d2022-05-07 01:25:58 +000012934run_test "TLS 1.3: Server side check - mbedtls with client authentication" \
David Horstmann184c4f02024-07-01 17:01:28 +010012935 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
12936 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
XiaokangQianc3017f62022-05-13 05:55:41 +000012937 0 \
XiaokangQian45c22202022-05-06 06:54:09 +000012938 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12939 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12940 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12941 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
Jerry Yua7abc5e2022-05-11 13:32:03 +080012942 -s "=> write certificate request" \
XiaokangQian45c22202022-05-06 06:54:09 +000012943 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
XiaokangQian45c22202022-05-06 06:54:09 +000012944 -s "=> parse client hello" \
12945 -s "<= parse client hello"
12946
XiaokangQianaca90482022-05-19 07:19:31 +000012947requires_config_enabled MBEDTLS_DEBUG_C
12948requires_config_enabled MBEDTLS_SSL_SRV_C
12949requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012950requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianaca90482022-05-19 07:19:31 +000012951run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \
David Horstmann184c4f02024-07-01 17:01:28 +010012952 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Ronald Cron65f90292023-03-13 17:38:12 +010012953 "$P_CLI debug_level=4 crt_file=none key_file=none" \
XiaokangQianaca90482022-05-19 07:19:31 +000012954 1 \
12955 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12956 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12957 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12958 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12959 -s "=> write certificate request" \
12960 -s "SSL - No client certification received from the client, but required by the authentication mode" \
12961 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12962 -s "=> parse client hello" \
12963 -s "<= parse client hello"
12964
XiaokangQianaca90482022-05-19 07:19:31 +000012965requires_config_enabled MBEDTLS_DEBUG_C
12966requires_config_enabled MBEDTLS_SSL_SRV_C
12967requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012968requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQianaca90482022-05-19 07:19:31 +000012969run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \
David Horstmann184c4f02024-07-01 17:01:28 +010012970 "$P_SRV debug_level=4 auth_mode=optional crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Ronald Cron65f90292023-03-13 17:38:12 +010012971 "$P_CLI debug_level=4 crt_file=none key_file=none" \
XiaokangQianaca90482022-05-19 07:19:31 +000012972 0 \
12973 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12974 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12975 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12976 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
12977 -s "=> write certificate request" \
12978 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \
12979 -s "=> parse client hello" \
12980 -s "<= parse client hello"
Jerry Yuede50ea2022-05-05 11:21:20 +080012981
12982requires_config_enabled MBEDTLS_DEBUG_C
12983requires_config_enabled MBEDTLS_SSL_CLI_C
12984requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020012985requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekielc31a7982023-06-27 10:53:33 +020012986requires_config_enabled PSA_WANT_ALG_ECDH
Jerry Yuede50ea2022-05-05 11:21:20 +080012987run_test "TLS 1.3: server: HRR check - mbedtls" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020012988 "$P_SRV debug_level=4 groups=secp384r1" \
12989 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Jerry Yu36becb12022-05-12 16:57:20 +080012990 0 \
Jerry Yuede50ea2022-05-05 11:21:20 +080012991 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \
12992 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \
12993 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12994 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
12995 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \
12996 -s "selected_group: secp384r1" \
Jerry Yuede50ea2022-05-05 11:21:20 +080012997 -s "=> write hello retry request" \
12998 -s "<= write hello retry request"
12999
Jerry Yub89125b2022-05-13 15:45:49 +080013000requires_config_enabled MBEDTLS_DEBUG_C
13001requires_config_enabled MBEDTLS_SSL_SRV_C
13002requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013003requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yub89125b2022-05-13 15:45:49 +080013004run_test "TLS 1.3: Server side check, no server certificate available" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013005 "$P_SRV debug_level=4 crt_file=none key_file=none" \
Ronald Cron65f90292023-03-13 17:38:12 +010013006 "$P_CLI debug_level=4" \
Jerry Yub89125b2022-05-13 15:45:49 +080013007 1 \
13008 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \
13009 -s "No certificate available."
13010
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013011requires_openssl_tls1_3_with_compatible_ephemeral
XiaokangQianf2a94202022-05-20 06:44:24 +000013012requires_config_enabled MBEDTLS_DEBUG_C
13013requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013014requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2ccd97b2022-05-31 08:30:17 +000013015run_test "TLS 1.3: Server side check - openssl with sni" \
David Horstmann184c4f02024-07-01 17:01:28 +010013016 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
13017 sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
13018 "$O_NEXT_CLI -msg -debug -servername localhost -CAfile $DATA_FILES_PATH/test-ca_cat12.crt -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key -tls1_3" \
XiaokangQianf2a94202022-05-20 06:44:24 +000013019 0 \
XiaokangQianf2a94202022-05-20 06:44:24 +000013020 -s "parse ServerName extension" \
XiaokangQian129aeb92022-06-02 09:29:18 +000013021 -s "HTTP/1.0 200 OK"
XiaokangQianf2a94202022-05-20 06:44:24 +000013022
XiaokangQianac41edf2022-05-31 13:22:13 +000013023requires_gnutls_tls1_3
XiaokangQianf2a94202022-05-20 06:44:24 +000013024requires_config_enabled MBEDTLS_DEBUG_C
13025requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013026requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2ccd97b2022-05-31 08:30:17 +000013027run_test "TLS 1.3: Server side check - gnutls with sni" \
David Horstmann184c4f02024-07-01 17:01:28 +010013028 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
13029 sni=localhost,$DATA_FILES_PATH/server5.crt,$DATA_FILES_PATH/server5.key,$DATA_FILES_PATH/test-ca_cat12.crt,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
13030 "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile $DATA_FILES_PATH/server5.crt --x509keyfile $DATA_FILES_PATH/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \
XiaokangQianf2a94202022-05-20 06:44:24 +000013031 0 \
XiaokangQianf2a94202022-05-20 06:44:24 +000013032 -s "parse ServerName extension" \
XiaokangQian129aeb92022-06-02 09:29:18 +000013033 -s "HTTP/1.0 200 OK"
XiaokangQianf2a94202022-05-20 06:44:24 +000013034
XiaokangQian40a35232022-05-07 09:02:40 +000013035requires_config_enabled MBEDTLS_DEBUG_C
13036requires_config_enabled MBEDTLS_SSL_SRV_C
13037requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013038requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
XiaokangQian2ccd97b2022-05-31 08:30:17 +000013039run_test "TLS 1.3: Server side check - mbedtls with sni" \
David Horstmann184c4f02024-07-01 17:01:28 +010013040 "$P_SRV debug_level=4 auth_mode=required crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0 \
13041 sni=localhost,$DATA_FILES_PATH/server2.crt,$DATA_FILES_PATH/server2.key,-,-,-,polarssl.example,$DATA_FILES_PATH/server1-nospace.crt,$DATA_FILES_PATH/server1.key,-,-,-" \
13042 "$P_CLI debug_level=4 server_name=localhost crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key" \
XiaokangQianf2a94202022-05-20 06:44:24 +000013043 0 \
XiaokangQianf2a94202022-05-20 06:44:24 +000013044 -s "parse ServerName extension" \
XiaokangQian129aeb92022-06-02 09:29:18 +000013045 -s "HTTP/1.0 200 OK"
XiaokangQian40a35232022-05-07 09:02:40 +000013046
Gilles Peskine2baaf602022-01-07 15:46:12 +010013047for i in opt-testcases/*.sh
Jerry Yucdcb6832021-11-29 16:50:13 +080013048do
Gilles Peskine5eb2b022022-01-07 15:47:02 +010013049 TEST_SUITE_NAME=${i##*/}
13050 TEST_SUITE_NAME=${TEST_SUITE_NAME%.*}
13051 . "$i"
Jerry Yucdcb6832021-11-29 16:50:13 +080013052done
Gilles Peskine5eb2b022022-01-07 15:47:02 +010013053unset TEST_SUITE_NAME
Jerry Yu305bfc32021-11-24 16:04:47 +080013054
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013055# Test 1.3 compatibility mode
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013056requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13057requires_config_enabled MBEDTLS_DEBUG_C
13058requires_config_enabled MBEDTLS_SSL_SRV_C
13059requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013060requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013061run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013062 "$P_SRV debug_level=4 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013063 "$P_CLI debug_level=4" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013064 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013065 -s "Protocol is TLSv1.3" \
13066 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013067 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13068 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13069
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013070requires_config_enabled MBEDTLS_DEBUG_C
13071requires_config_enabled MBEDTLS_SSL_SRV_C
13072requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013073requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13074requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013075run_test "TLS 1.3 m->m both with middlebox compat support" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013076 "$P_SRV debug_level=4 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013077 "$P_CLI debug_level=4" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013078 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013079 -s "Protocol is TLSv1.3" \
13080 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013081 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13082 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13083
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013084requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013085requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron7c0185f2021-11-30 09:16:24 +010013086requires_config_enabled MBEDTLS_DEBUG_C
13087requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013088requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona55c5a12021-11-30 09:32:47 +010013089run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013090 "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013091 "$P_CLI debug_level=4" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013092 0 \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010013093 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013094 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
13095 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013096
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013097requires_openssl_tls1_3_with_compatible_ephemeral
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013098requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
Ronald Cron7c0185f2021-11-30 09:16:24 +010013099requires_config_enabled MBEDTLS_DEBUG_C
13100requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013101requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona55c5a12021-11-30 09:32:47 +010013102run_test "TLS 1.3 m->O server with middlebox compat support, not client" \
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013103 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013104 "$P_CLI debug_level=4" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013105 0 \
13106 -c "Protocol is TLSv1.3" \
13107 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Ronald Cronfdb0e3f2021-12-09 10:39:19 +010013108
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013109requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013110requires_config_enabled MBEDTLS_DEBUG_C
13111requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013112requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13113requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013114run_test "TLS 1.3 m->O both with middlebox compat support" \
13115 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013116 "$P_CLI debug_level=4" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013117 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013118 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013119 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13120
Ronald Crona55c5a12021-11-30 09:32:47 +010013121requires_gnutls_tls1_3
13122requires_gnutls_next_no_ticket
13123requires_gnutls_next_disable_tls13_compat
Ronald Crona55c5a12021-11-30 09:32:47 +010013124requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13125requires_config_enabled MBEDTLS_DEBUG_C
13126requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013127requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona55c5a12021-11-30 09:32:47 +010013128run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \
13129 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013130 "$P_CLI debug_level=4" \
Ronald Crona55c5a12021-11-30 09:32:47 +010013131 0 \
Ronald Crona1b8f6e2022-03-18 14:04:12 +010013132 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013133 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
13134 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Ronald Crona55c5a12021-11-30 09:32:47 +010013135
13136requires_gnutls_tls1_3
13137requires_gnutls_next_no_ticket
Ronald Crona55c5a12021-11-30 09:32:47 +010013138requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13139requires_config_enabled MBEDTLS_DEBUG_C
13140requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013141requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Ronald Crona55c5a12021-11-30 09:32:47 +010013142run_test "TLS 1.3 m->G server with middlebox compat support, not client" \
13143 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013144 "$P_CLI debug_level=4" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013145 0 \
13146 -c "Protocol is TLSv1.3" \
13147 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Ronald Crona55c5a12021-11-30 09:32:47 +010013148
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013149requires_gnutls_tls1_3
13150requires_gnutls_next_no_ticket
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013151requires_config_enabled MBEDTLS_DEBUG_C
13152requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013153requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13154requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013155run_test "TLS 1.3 m->G both with middlebox compat support" \
13156 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013157 "$P_CLI debug_level=4" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013158 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013159 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013160 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13161
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013162requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013163requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13164requires_config_enabled MBEDTLS_DEBUG_C
13165requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013166requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013167run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \
David Horstmann184c4f02024-07-01 17:01:28 +010013168 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013169 "$O_NEXT_CLI -msg -debug -no_middlebox" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013170 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013171 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013172 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13173 -C "14 03 03 00 01"
13174
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013175requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013176requires_config_enabled MBEDTLS_DEBUG_C
13177requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013178requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13179requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013180run_test "TLS 1.3 O->m server with middlebox compat support, not client" \
David Horstmann184c4f02024-07-01 17:01:28 +010013181 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013182 "$O_NEXT_CLI -msg -debug -no_middlebox" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013183 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013184 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013185 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO"
13186
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013187requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013188requires_config_enabled MBEDTLS_DEBUG_C
13189requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013190requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13191requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013192run_test "TLS 1.3 O->m both with middlebox compat support" \
David Horstmann184c4f02024-07-01 17:01:28 +010013193 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013194 "$O_NEXT_CLI -msg -debug" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013195 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013196 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013197 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13198 -c "14 03 03 00 01"
13199
13200requires_gnutls_tls1_3
13201requires_gnutls_next_no_ticket
13202requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013203requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13204requires_config_enabled MBEDTLS_DEBUG_C
13205requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013206requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013207run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \
David Horstmann184c4f02024-07-01 17:01:28 +010013208 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013209 "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013210 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013211 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013212 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13213 -C "SSL 3.3 ChangeCipherSpec packet received"
13214
13215requires_gnutls_tls1_3
13216requires_gnutls_next_no_ticket
13217requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013218requires_config_enabled MBEDTLS_DEBUG_C
13219requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013220requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13221requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013222run_test "TLS 1.3 G->m server with middlebox compat support, not client" \
David Horstmann184c4f02024-07-01 17:01:28 +010013223 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013224 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013225 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013226 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013227 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13228 -c "SSL 3.3 ChangeCipherSpec packet received" \
13229 -c "discarding change cipher spec in TLS1.3"
13230
13231requires_gnutls_tls1_3
13232requires_gnutls_next_no_ticket
13233requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013234requires_config_enabled MBEDTLS_DEBUG_C
13235requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013236requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13237requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013238run_test "TLS 1.3 G->m both with middlebox compat support" \
David Horstmann184c4f02024-07-01 17:01:28 +010013239 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013240 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013241 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013242 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013243 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \
13244 -c "SSL 3.3 ChangeCipherSpec packet received"
13245
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013246requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13247requires_config_enabled MBEDTLS_DEBUG_C
13248requires_config_enabled MBEDTLS_SSL_SRV_C
13249requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013250requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013251run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013252 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
13253 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013254 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013255 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013256 -c "Protocol is TLSv1.3" \
13257 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013258 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013259 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13260
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013261requires_config_enabled MBEDTLS_DEBUG_C
13262requires_config_enabled MBEDTLS_SSL_SRV_C
13263requires_config_enabled MBEDTLS_SSL_CLI_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020013264requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013265requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13266requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013267run_test "TLS 1.3 m->m HRR both with middlebox compat support" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013268 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \
13269 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013270 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013271 -s "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013272 -c "Protocol is TLSv1.3" \
13273 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013274 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013275 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13276
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013277requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013278requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13279requires_config_enabled MBEDTLS_DEBUG_C
13280requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013281requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013282run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \
13283 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013284 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013285 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013286 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013287 -c "received HelloRetryRequest message" \
13288 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
13289 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13290
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013291requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013292requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13293requires_config_enabled MBEDTLS_DEBUG_C
13294requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013295requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013296run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \
13297 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013298 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013299 0 \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013300 -c "received HelloRetryRequest message" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013301 -c "Protocol is TLSv1.3" \
13302 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013303
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013304requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013305requires_config_enabled MBEDTLS_DEBUG_C
13306requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013307requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13308requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013309run_test "TLS 1.3 m->O HRR both with middlebox compat support" \
13310 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013311 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013312 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013313 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013314 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13315
13316requires_gnutls_tls1_3
13317requires_gnutls_next_no_ticket
13318requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013319requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13320requires_config_enabled MBEDTLS_DEBUG_C
13321requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013322requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013323run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \
13324 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013325 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013326 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013327 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013328 -c "received HelloRetryRequest message" \
13329 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \
13330 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13331
13332requires_gnutls_tls1_3
13333requires_gnutls_next_no_ticket
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013334requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13335requires_config_enabled MBEDTLS_DEBUG_C
13336requires_config_enabled MBEDTLS_SSL_CLI_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013337requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013338run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \
13339 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013340 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013341 0 \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013342 -c "received HelloRetryRequest message" \
Gilles Peskine671a4392024-09-13 13:46:37 +020013343 -c "Protocol is TLSv1.3" \
13344 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013345
13346requires_gnutls_tls1_3
13347requires_gnutls_next_no_ticket
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013348requires_config_enabled MBEDTLS_DEBUG_C
13349requires_config_enabled MBEDTLS_SSL_CLI_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020013350requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013351requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13352requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013353run_test "TLS 1.3 m->G HRR both with middlebox compat support" \
13354 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \
Przemek Stekiel45255e42023-06-29 13:56:36 +020013355 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013356 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013357 -c "Protocol is TLSv1.3" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013358 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode"
13359
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013360requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013361requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13362requires_config_enabled MBEDTLS_DEBUG_C
13363requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013364requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013365run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \
David Horstmann184c4f02024-07-01 17:01:28 +010013366 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013367 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013368 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013369 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013370 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013371 -C "14 03 03 00 01"
13372
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013373requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013374requires_config_enabled MBEDTLS_DEBUG_C
13375requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013376requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13377requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013378run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \
David Horstmann184c4f02024-07-01 17:01:28 +010013379 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013380 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013381 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013382 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013383 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013384
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013385requires_openssl_tls1_3_with_compatible_ephemeral
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013386requires_config_enabled MBEDTLS_DEBUG_C
13387requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013388requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13389requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013390run_test "TLS 1.3 O->m HRR both with middlebox compat support" \
David Horstmann184c4f02024-07-01 17:01:28 +010013391 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013392 "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013393 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013394 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013395 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013396 -c "14 03 03 00 01"
13397
13398requires_gnutls_tls1_3
13399requires_gnutls_next_no_ticket
13400requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013401requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13402requires_config_enabled MBEDTLS_DEBUG_C
13403requires_config_enabled MBEDTLS_SSL_SRV_C
Ronald Cron928cbd32022-10-04 16:14:26 +020013404requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013405run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \
David Horstmann184c4f02024-07-01 17:01:28 +010013406 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013407 "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013408 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013409 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013410 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013411 -C "SSL 3.3 ChangeCipherSpec packet received"
13412
13413requires_gnutls_tls1_3
13414requires_gnutls_next_no_ticket
13415requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013416requires_config_enabled MBEDTLS_DEBUG_C
13417requires_config_enabled MBEDTLS_SSL_SRV_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020013418requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013419requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13420requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013421run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \
David Horstmann184c4f02024-07-01 17:01:28 +010013422 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013423 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013424 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013425 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013426 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013427 -c "SSL 3.3 ChangeCipherSpec packet received" \
13428 -c "discarding change cipher spec in TLS1.3"
13429
13430requires_gnutls_tls1_3
13431requires_gnutls_next_no_ticket
13432requires_gnutls_next_disable_tls13_compat
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013433requires_config_enabled MBEDTLS_DEBUG_C
13434requires_config_enabled MBEDTLS_SSL_SRV_C
Przemek Stekielc31a7982023-06-27 10:53:33 +020013435requires_config_enabled PSA_WANT_ALG_ECDH
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013436requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
13437requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013438run_test "TLS 1.3 G->m HRR both with middlebox compat support" \
David Horstmann184c4f02024-07-01 17:01:28 +010013439 "$P_SRV debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key groups=secp384r1 tickets=0" \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013440 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013441 0 \
Gabor Mezei9e4b7bd2022-06-28 16:22:14 +020013442 -s "Protocol is TLSv1.3" \
Gabor Mezeif7044ea2022-06-28 16:01:49 +020013443 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \
Gabor Mezei7e2dbaf2022-05-24 16:05:29 +020013444 -c "SSL 3.3 ChangeCipherSpec packet received"
13445
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013446requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaae28f12022-06-29 16:21:32 +080013447requires_config_enabled MBEDTLS_DEBUG_C
13448requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013449requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013450run_test "TLS 1.3: Check signature algorithm order, m->O" \
David Horstmann184c4f02024-07-01 17:01:28 +010013451 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013452 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
13453 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013454 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013455 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013456 0 \
13457 -c "Protocol is TLSv1.3" \
Ronald Cron067a1e72022-09-16 13:44:49 +020013458 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013459 -c "HTTP/1.0 200 [Oo][Kk]"
13460
13461requires_gnutls_tls1_3
Jerry Yuaae28f12022-06-29 16:21:32 +080013462requires_config_enabled MBEDTLS_DEBUG_C
13463requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013464requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013465run_test "TLS 1.3: Check signature algorithm order, m->G" \
David Horstmann184c4f02024-07-01 17:01:28 +010013466 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013467 -d 4
13468 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
David Horstmann184c4f02024-07-01 17:01:28 +010013469 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013470 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013471 0 \
13472 -c "Protocol is TLSv1.3" \
Ronald Cron067a1e72022-09-16 13:44:49 +020013473 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013474 -c "HTTP/1.0 200 [Oo][Kk]"
13475
Jerry Yuaae28f12022-06-29 16:21:32 +080013476requires_config_enabled MBEDTLS_DEBUG_C
13477requires_config_enabled MBEDTLS_SSL_SRV_C
13478requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013479requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013480run_test "TLS 1.3: Check signature algorithm order, m->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013481 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013482 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13483 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013484 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013485 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013486 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013487 0 \
13488 -c "Protocol is TLSv1.3" \
Ronald Cron067a1e72022-09-16 13:44:49 +020013489 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \
13490 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013491 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \
13492 -c "HTTP/1.0 200 [Oo][Kk]"
13493
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013494requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaae28f12022-06-29 16:21:32 +080013495requires_config_enabled MBEDTLS_DEBUG_C
13496requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013497requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013498run_test "TLS 1.3: Check signature algorithm order, O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013499 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013500 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13501 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013502 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013503 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
13504 -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \
Jerry Yuaae28f12022-06-29 16:21:32 +080013505 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \
13506 0 \
13507 -c "TLSv1.3" \
Ronald Cron067a1e72022-09-16 13:44:49 +020013508 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013509 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
13510
13511requires_gnutls_tls1_3
Jerry Yuaae28f12022-06-29 16:21:32 +080013512requires_config_enabled MBEDTLS_DEBUG_C
13513requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013514requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013515run_test "TLS 1.3: Check signature algorithm order, G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013516 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013517 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13518 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013519 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013520 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
13521 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \
Jerry Yuaae28f12022-06-29 16:21:32 +080013522 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \
13523 0 \
13524 -c "Negotiated version: 3.4" \
13525 -c "HTTP/1.0 200 [Oo][Kk]" \
Ronald Cron067a1e72022-09-16 13:44:49 +020013526 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013527 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512"
13528
13529requires_gnutls_tls1_3
Jerry Yuaae28f12022-06-29 16:21:32 +080013530requires_config_enabled MBEDTLS_DEBUG_C
13531requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013532requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013533run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013534 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013535 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13536 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013537 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013538 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
13539 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key \
Jerry Yuaae28f12022-06-29 16:21:32 +080013540 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \
13541 1 \
Ronald Cron67ea2542022-09-15 17:34:42 +020013542 -S "ssl_tls13_pick_key_cert:check signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013543
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013544requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaae28f12022-06-29 16:21:32 +080013545requires_config_enabled MBEDTLS_DEBUG_C
13546requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013547requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013548run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013549 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013550 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13551 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013552 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013553 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
13554 -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key \
Jerry Yuaae28f12022-06-29 16:21:32 +080013555 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \
13556 1 \
Ronald Cron67ea2542022-09-15 17:34:42 +020013557 -S "ssl_tls13_pick_key_cert:check signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013558
Jerry Yuaae28f12022-06-29 16:21:32 +080013559requires_config_enabled MBEDTLS_DEBUG_C
13560requires_config_enabled MBEDTLS_SSL_SRV_C
13561requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013562requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013563run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013564 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013565 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13566 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013567 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013568 "$P_CLI allow_sha1=0 debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013569 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013570 1 \
Ronald Cron67ea2542022-09-15 17:34:42 +020013571 -S "ssl_tls13_pick_key_cert:check signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013572
13573requires_gnutls_tls1_3
Jerry Yuaae28f12022-06-29 16:21:32 +080013574requires_config_enabled MBEDTLS_DEBUG_C
13575requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013576requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013577run_test "TLS 1.3: Check server no suitable certificate, G->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013578 "$P_SRV debug_level=4
David Horstmann184c4f02024-07-01 17:01:28 +010013579 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013580 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013581 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt \
Jerry Yuaae28f12022-06-29 16:21:32 +080013582 --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \
13583 1 \
13584 -s "ssl_tls13_pick_key_cert:no suitable certificate found"
13585
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013586requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaae28f12022-06-29 16:21:32 +080013587requires_config_enabled MBEDTLS_DEBUG_C
13588requires_config_enabled MBEDTLS_SSL_SRV_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013589requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013590run_test "TLS 1.3: Check server no suitable certificate, O->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013591 "$P_SRV debug_level=4
David Horstmann184c4f02024-07-01 17:01:28 +010013592 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013593 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013594 "$O_NEXT_CLI_NO_CERT -msg -CAfile $DATA_FILES_PATH/test-ca_cat12.crt \
Jerry Yuaae28f12022-06-29 16:21:32 +080013595 -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \
13596 1 \
13597 -s "ssl_tls13_pick_key_cert:no suitable certificate found"
13598
Jerry Yuaae28f12022-06-29 16:21:32 +080013599requires_config_enabled MBEDTLS_DEBUG_C
13600requires_config_enabled MBEDTLS_SSL_SRV_C
13601requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013602requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013603run_test "TLS 1.3: Check server no suitable certificate, m->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013604 "$P_SRV debug_level=4
David Horstmann184c4f02024-07-01 17:01:28 +010013605 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013606 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \
13607 "$P_CLI allow_sha1=0 debug_level=4 \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013608 sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013609 1 \
13610 -s "ssl_tls13_pick_key_cert:no suitable certificate found"
13611
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013612requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yuaae28f12022-06-29 16:21:32 +080013613requires_config_enabled MBEDTLS_DEBUG_C
13614requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013615requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013616run_test "TLS 1.3: Check client no signature algorithm, m->O" \
David Horstmann184c4f02024-07-01 17:01:28 +010013617 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013618 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache
13619 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \
David Horstmann184c4f02024-07-01 17:01:28 +010013620 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013621 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013622 1 \
Ronald Cron067a1e72022-09-16 13:44:49 +020013623 -c "no suitable signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013624
13625requires_gnutls_tls1_3
Jerry Yuaae28f12022-06-29 16:21:32 +080013626requires_config_enabled MBEDTLS_DEBUG_C
13627requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013628requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013629run_test "TLS 1.3: Check client no signature algorithm, m->G" \
David Horstmann184c4f02024-07-01 17:01:28 +010013630 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013631 -d 4
13632 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \
David Horstmann184c4f02024-07-01 17:01:28 +010013633 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013634 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013635 1 \
Ronald Cron067a1e72022-09-16 13:44:49 +020013636 -c "no suitable signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013637
Jerry Yuaae28f12022-06-29 16:21:32 +080013638requires_config_enabled MBEDTLS_DEBUG_C
13639requires_config_enabled MBEDTLS_SSL_SRV_C
13640requires_config_enabled MBEDTLS_SSL_CLI_C
Gilles Peskine7b02c1f2024-09-13 14:15:46 +020013641requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Jerry Yuaae28f12022-06-29 16:21:32 +080013642run_test "TLS 1.3: Check client no signature algorithm, m->m" \
Ronald Cron50ae84e2023-03-14 08:59:56 +010013643 "$P_SRV debug_level=4 auth_mode=required
David Horstmann184c4f02024-07-01 17:01:28 +010013644 crt_file2=$DATA_FILES_PATH/server2-sha256.crt key_file2=$DATA_FILES_PATH/server2.key
13645 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key
Jerry Yuaae28f12022-06-29 16:21:32 +080013646 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \
David Horstmann184c4f02024-07-01 17:01:28 +010013647 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server5.crt key_file=$DATA_FILES_PATH/server5.key \
Jerry Yu7ac0d492022-07-01 19:29:30 +080013648 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \
Jerry Yuaae28f12022-06-29 16:21:32 +080013649 1 \
Ronald Cron067a1e72022-09-16 13:44:49 +020013650 -c "no suitable signature algorithm"
Jerry Yuaae28f12022-06-29 16:21:32 +080013651
Przemek Stekiel8bfe8972023-06-26 12:59:45 +020013652requires_openssl_tls1_3_with_compatible_ephemeral
Jerry Yu6455b682022-06-27 14:18:29 +080013653requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
13654requires_config_enabled MBEDTLS_DEBUG_C
13655requires_config_enabled MBEDTLS_SSL_CLI_C
Jerry Yueec4f032022-07-23 11:31:51 +080013656run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \
David Horstmann184c4f02024-07-01 17:01:28 +010013657 "$O_NEXT_SRV_NO_CERT -cert $DATA_FILES_PATH/server2-sha256.crt -key $DATA_FILES_PATH/server2.key
Jerry Yu6455b682022-06-27 14:18:29 +080013658 -msg -tls1_2
13659 -Verify 10 " \
David Horstmann184c4f02024-07-01 17:01:28 +010013660 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
Jerry Yu6455b682022-06-27 14:18:29 +080013661 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
13662 min_version=tls12 max_version=tls13 " \
13663 0 \
13664 -c "Protocol is TLSv1.2" \
13665 -c "HTTP/1.0 200 [Oo][Kk]"
13666
13667
13668requires_gnutls_tls1_3
13669requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
13670requires_config_enabled MBEDTLS_DEBUG_C
13671requires_config_enabled MBEDTLS_SSL_CLI_C
Jerry Yueec4f032022-07-23 11:31:51 +080013672run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \
David Horstmann184c4f02024-07-01 17:01:28 +010013673 "$G_NEXT_SRV_NO_CERT --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key
Jerry Yu6455b682022-06-27 14:18:29 +080013674 -d 4
13675 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \
David Horstmann184c4f02024-07-01 17:01:28 +010013676 "$P_CLI debug_level=4 crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key
Jerry Yu6455b682022-06-27 14:18:29 +080013677 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512
13678 min_version=tls12 max_version=tls13 " \
13679 0 \
13680 -c "Protocol is TLSv1.2" \
13681 -c "HTTP/1.0 200 [Oo][Kk]"
13682
Przemek Stekiel3484db42023-06-28 13:31:38 +020013683requires_config_enabled MBEDTLS_SSL_SRV_C
13684requires_config_enabled MBEDTLS_DEBUG_C
13685requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013686requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13687requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013688requires_config_enabled PSA_WANT_DH_RFC7919_3072
Przemek Stekiel3484db42023-06-28 13:31:38 +020013689requires_gnutls_tls1_3
13690requires_gnutls_next_no_ticket
13691requires_gnutls_next_disable_tls13_compat
13692run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013693 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13694 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013695 0 \
13696 -s "Protocol is TLSv1.3" \
13697 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
13698 -s "received signature algorithm: 0x804" \
13699 -s "got named group: ffdhe3072(0101)" \
13700 -s "Certificate verification was skipped" \
13701 -C "received HelloRetryRequest message"
13702
13703
13704requires_gnutls_tls1_3
13705requires_gnutls_next_no_ticket
13706requires_gnutls_next_disable_tls13_compat
13707requires_config_enabled MBEDTLS_SSL_CLI_C
13708requires_config_enabled MBEDTLS_DEBUG_C
13709requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013710requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13711requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013712requires_config_enabled PSA_WANT_DH_RFC7919_3072
Przemek Stekiel3484db42023-06-28 13:31:38 +020013713run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013714 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \
13715 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013716 0 \
13717 -c "HTTP/1.0 200 OK" \
13718 -c "Protocol is TLSv1.3" \
13719 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
13720 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13721 -c "NamedGroup: ffdhe3072 ( 101 )" \
13722 -c "Verifying peer X.509 certificate... ok" \
13723 -C "received HelloRetryRequest message"
13724
13725requires_config_enabled MBEDTLS_SSL_SRV_C
13726requires_config_enabled MBEDTLS_DEBUG_C
13727requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013728requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13729requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013730requires_config_enabled PSA_WANT_DH_RFC7919_4096
Przemek Stekiel3484db42023-06-28 13:31:38 +020013731requires_gnutls_tls1_3
13732requires_gnutls_next_no_ticket
13733requires_gnutls_next_disable_tls13_compat
13734run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013735 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13736 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013737 0 \
13738 -s "Protocol is TLSv1.3" \
13739 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
13740 -s "received signature algorithm: 0x804" \
13741 -s "got named group: ffdhe4096(0102)" \
13742 -s "Certificate verification was skipped" \
13743 -C "received HelloRetryRequest message"
13744
13745
13746requires_gnutls_tls1_3
13747requires_gnutls_next_no_ticket
13748requires_gnutls_next_disable_tls13_compat
13749requires_config_enabled MBEDTLS_SSL_CLI_C
13750requires_config_enabled MBEDTLS_DEBUG_C
13751requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013752requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13753requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013754requires_config_enabled PSA_WANT_DH_RFC7919_4096
Przemek Stekiel3484db42023-06-28 13:31:38 +020013755run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013756 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \
13757 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013758 0 \
13759 -c "HTTP/1.0 200 OK" \
13760 -c "Protocol is TLSv1.3" \
13761 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
13762 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13763 -c "NamedGroup: ffdhe4096 ( 102 )" \
13764 -c "Verifying peer X.509 certificate... ok" \
13765 -C "received HelloRetryRequest message"
13766
13767requires_config_enabled MBEDTLS_SSL_SRV_C
13768requires_config_enabled MBEDTLS_DEBUG_C
13769requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013770requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13771requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013772requires_config_enabled PSA_WANT_DH_RFC7919_6144
Przemek Stekiel3484db42023-06-28 13:31:38 +020013773requires_gnutls_tls1_3
13774requires_gnutls_next_no_ticket
13775requires_gnutls_next_disable_tls13_compat
Gilles Peskine05030d42024-10-31 18:52:40 +010013776# Tests using FFDH with a large prime take a long time to run with a memory
13777# sanitizer. GnuTLS <=3.8.1 has a hard-coded timeout and gives up after
13778# 30s (since 3.8.1, it can be configured with --timeout). We've observed
13779# 8192-bit FFDH test cases failing intermittently on heavily loaded CI
13780# executors (https://github.com/Mbed-TLS/mbedtls/issues/9742),
13781# when using MSan. As a workaround, skip them.
13782# Also skip 6144-bit FFDH to have a bit of safety margin.
13783not_with_msan_or_valgrind
Przemek Stekiel3484db42023-06-28 13:31:38 +020013784run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013785 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13786 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013787 0 \
13788 -s "Protocol is TLSv1.3" \
13789 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
13790 -s "received signature algorithm: 0x804" \
13791 -s "got named group: ffdhe6144(0103)" \
13792 -s "Certificate verification was skipped" \
13793 -C "received HelloRetryRequest message"
13794
13795requires_gnutls_tls1_3
13796requires_gnutls_next_no_ticket
13797requires_gnutls_next_disable_tls13_compat
13798requires_config_enabled MBEDTLS_SSL_CLI_C
13799requires_config_enabled MBEDTLS_DEBUG_C
13800requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013801requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13802requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013803requires_config_enabled PSA_WANT_DH_RFC7919_6144
Gilles Peskine05030d42024-10-31 18:52:40 +010013804not_with_msan_or_valgrind
Przemek Stekiel3484db42023-06-28 13:31:38 +020013805run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013806 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \
13807 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013808 0 \
13809 -c "HTTP/1.0 200 OK" \
13810 -c "Protocol is TLSv1.3" \
13811 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
13812 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13813 -c "NamedGroup: ffdhe6144 ( 103 )" \
13814 -c "Verifying peer X.509 certificate... ok" \
13815 -C "received HelloRetryRequest message"
13816
13817requires_config_enabled MBEDTLS_SSL_SRV_C
13818requires_config_enabled MBEDTLS_DEBUG_C
13819requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013820requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13821requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013822requires_config_enabled PSA_WANT_DH_RFC7919_8192
Przemek Stekiel3484db42023-06-28 13:31:38 +020013823requires_gnutls_tls1_3
13824requires_gnutls_next_no_ticket
13825requires_gnutls_next_disable_tls13_compat
Gilles Peskine05030d42024-10-31 18:52:40 +010013826not_with_msan_or_valgrind
Przemek Stekiel3484db42023-06-28 13:31:38 +020013827client_needs_more_time 4
13828run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013829 "$P_SRV crt_file=$DATA_FILES_PATH/server2-sha256.crt key_file=$DATA_FILES_PATH/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \
13830 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile $DATA_FILES_PATH/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013831 0 \
13832 -s "Protocol is TLSv1.3" \
13833 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \
13834 -s "received signature algorithm: 0x804" \
13835 -s "got named group: ffdhe8192(0104)" \
13836 -s "Certificate verification was skipped" \
13837 -C "received HelloRetryRequest message"
13838
13839requires_gnutls_tls1_3
13840requires_gnutls_next_no_ticket
13841requires_gnutls_next_disable_tls13_compat
13842requires_config_enabled MBEDTLS_SSL_CLI_C
13843requires_config_enabled MBEDTLS_DEBUG_C
13844requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
Przemek Stekiel3484db42023-06-28 13:31:38 +020013845requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT
13846requires_config_enabled PSA_WANT_ALG_FFDH
Valerio Setti05754d82024-01-18 09:47:00 +010013847requires_config_enabled PSA_WANT_DH_RFC7919_8192
Gilles Peskine05030d42024-10-31 18:52:40 +010013848not_with_msan_or_valgrind
Przemek Stekiel3484db42023-06-28 13:31:38 +020013849client_needs_more_time 4
13850run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \
David Horstmann184c4f02024-07-01 17:01:28 +010013851 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile $DATA_FILES_PATH/server2-sha256.crt --x509keyfile $DATA_FILES_PATH/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \
13852 "$P_CLI ca_file=$DATA_FILES_PATH/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \
Przemek Stekiel3484db42023-06-28 13:31:38 +020013853 0 \
13854 -c "HTTP/1.0 200 OK" \
13855 -c "Protocol is TLSv1.3" \
13856 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \
13857 -c "Certificate Verify: Signature algorithm ( 0804 )" \
13858 -c "NamedGroup: ffdhe8192 ( 104 )" \
13859 -c "Verifying peer X.509 certificate... ok" \
13860 -C "received HelloRetryRequest message"
13861
Ronald Cron8a74f072023-06-14 17:59:29 +020013862requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
13863requires_config_enabled MBEDTLS_SSL_SRV_C
13864requires_config_enabled MBEDTLS_SSL_CLI_C
13865requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED
13866requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
13867run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \
Gilles Peskinef9f3d212024-05-13 21:06:26 +020013868 "$P_SRV nbio=2 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \
13869 "$P_CLI nbio=2 debug_level=3 psk=73776f726466697368 psk_identity=0a0b0c tls13_kex_modes=all" \
Ronald Cron8a74f072023-06-14 17:59:29 +020013870 0 \
13871 -C "received HelloRetryRequest message" \
13872 -c "Selected key exchange mode: psk$" \
13873 -c "HTTP/1.0 200 OK"
13874
Waleed Elmelegy0b190f12024-07-04 16:38:04 +000013875# Legacy_compression_methods testing
13876
13877requires_gnutls
Waleed Elmelegydc99c892024-07-15 17:25:04 +000013878requires_config_enabled MBEDTLS_SSL_SRV_C
Waleed Elmelegy0b190f12024-07-04 16:38:04 +000013879requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Waleed Elmelegydc99c892024-07-15 17:25:04 +000013880run_test "TLS 1.2 ClientHello indicating support for deflate compression method" \
13881 "$P_SRV debug_level=3" \
13882 "$G_CLI --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+COMP-DEFLATE localhost" \
13883 0 \
13884 -c "Handshake was completed" \
13885 -s "dumping .client hello, compression. (2 bytes)"
Waleed Elmelegy0b190f12024-07-04 16:38:04 +000013886
Waleed Elmelegy79a8ded2025-01-24 17:39:58 +000013887# Handshake defragmentation testing
Minos Galanakisd708a632025-02-18 17:28:27 +000013888
Gilles Peskineb40d33b2025-03-01 14:26:51 +010013889# Most test cases are in opt-testcases/handshake-generated.sh
Minos Galanakis74ce7492025-02-18 17:41:18 +000013890
Minos Galanakis74ce7492025-02-18 17:41:18 +000013891requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakis74ce7492025-02-18 17:41:18 +000013892requires_certificate_authentication
Minos Galanakisdaa14a42025-02-12 16:20:01 +000013893run_test "Handshake defragmentation on server: len=32, TLS 1.2 ClientHello (unsupported)" \
Minos Galanakis74ce7492025-02-18 17:41:18 +000013894 "$P_SRV debug_level=4 force_version=tls12 auth_mode=required" \
13895 "$O_NEXT_CLI -tls1_2 -split_send_frag 32 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
13896 1 \
13897 -s "The SSL configuration is tls12 only" \
13898 -s "bad client hello message" \
13899 -s "SSL - A message could not be parsed due to a syntactic error"
13900
Minos Galanakis990a1092025-03-11 14:06:38 +000013901# Test server-side buffer resizing with fragmented handshake on TLS1.2
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013902requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakisdaa14a42025-02-12 16:20:01 +000013903requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
13904requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
13905requires_max_content_len 1025
Minos Galanakisaf0e60b2025-03-11 17:08:01 +000013906run_test "Handshake defragmentation on server: len=256, buffer resizing with MFL=1024" \
Minos Galanakisdaa14a42025-02-12 16:20:01 +000013907 "$P_SRV debug_level=4 auth_mode=required" \
13908 "$O_NEXT_CLI -tls1_2 -split_send_frag 256 -maxfraglen 1024 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
13909 0 \
13910 -s "Reallocating in_buf" \
13911 -s "Reallocating out_buf" \
13912 -s "reassembled record" \
Minos Galanakis70be67b2025-03-11 17:00:45 +000013913 -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \
13914 -s "Prepare: waiting for more handshake fragments 256/" \
13915 -s "Consume: waiting for more handshake fragments 256/"
Minos Galanakisdaa14a42025-02-12 16:20:01 +000013916
Minos Galanakis990a1092025-03-11 14:06:38 +000013917# Test client-initiated renegotiation with fragmented handshake on TLS1.2
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013918requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakis5aaa6e02025-02-12 18:23:09 +000013919requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000013920run_test "Handshake defragmentation on server: len=512, client-initiated renegotiation" \
Minos Galanakis5aaa6e02025-02-12 18:23:09 +000013921 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
Minos Galanakisa8f14382025-03-11 17:29:33 +000013922 "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 512 -connect 127.0.0.1:+$SRV_PORT" \
Minos Galanakis5aaa6e02025-02-12 18:23:09 +000013923 0 \
13924 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
13925 -s "found renegotiation extension" \
13926 -s "server hello, secure renegotiation extension" \
13927 -s "=> renegotiate" \
13928 -S "write hello request" \
13929 -s "reassembled record" \
Minos Galanakis70be67b2025-03-11 17:00:45 +000013930 -s "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \
13931 -s "Prepare: waiting for more handshake fragments 512/" \
13932 -s "Consume: waiting for more handshake fragments 512/" \
Minos Galanakis5aaa6e02025-02-12 18:23:09 +000013933
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013934requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakis529188f2025-03-06 15:09:39 +000013935requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000013936run_test "Handshake defragmentation on server: len=256, client-initiated renegotiation" \
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013937 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
Minos Galanakisa8f14382025-03-11 17:29:33 +000013938 "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 256 -connect 127.0.0.1:+$SRV_PORT" \
Minos Galanakis529188f2025-03-06 15:09:39 +000013939 0 \
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013940 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
13941 -s "found renegotiation extension" \
13942 -s "server hello, secure renegotiation extension" \
13943 -s "=> renegotiate" \
13944 -S "write hello request" \
13945 -s "reassembled record" \
Minos Galanakis70be67b2025-03-11 17:00:45 +000013946 -s "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \
13947 -s "Prepare: waiting for more handshake fragments 256/" \
13948 -s "Consume: waiting for more handshake fragments 256/" \
Minos Galanakis529188f2025-03-06 15:09:39 +000013949
Minos Galanakisae54c742025-03-11 14:19:48 +000013950requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
13951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
Minos Galanakisae54c742025-03-11 14:19:48 +000013952requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000013953run_test "Handshake defragmentation on server: len=128, client-initiated renegotiation" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013954 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
Minos Galanakisa8f14382025-03-11 17:29:33 +000013955 "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 128 -connect 127.0.0.1:+$SRV_PORT" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013956 0 \
13957 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
13958 -s "found renegotiation extension" \
13959 -s "server hello, secure renegotiation extension" \
13960 -s "=> renegotiate" \
13961 -S "write hello request" \
13962 -s "reassembled record" \
Minos Galanakis70be67b2025-03-11 17:00:45 +000013963 -s "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \
13964 -s "Prepare: waiting for more handshake fragments 128/" \
13965 -s "Consume: waiting for more handshake fragments 128/" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013966
Minos Galanakisae54c742025-03-11 14:19:48 +000013967requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
13968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
13969requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000013970run_test "Handshake defragmentation on server: len=4, client-initiated renegotiation" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013971 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 auth_mode=required" \
Minos Galanakisa8f14382025-03-11 17:29:33 +000013972 "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013973 0 \
13974 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
13975 -s "found renegotiation extension" \
13976 -s "server hello, secure renegotiation extension" \
13977 -s "=> renegotiate" \
13978 -S "write hello request" \
13979 -s "reassembled record" \
Minos Galanakis70be67b2025-03-11 17:00:45 +000013980 -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \
13981 -s "Prepare: waiting for more handshake fragments 4/" \
13982 -s "Consume: waiting for more handshake fragments 4/" \
Minos Galanakisae54c742025-03-11 14:19:48 +000013983
Minos Galanakis1d78c7d2025-03-12 01:07:58 +000013984requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
13985requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
13986requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000013987run_test "Handshake defragmentation on server: len=4, client-initiated server-rejected renegotiation" \
Minos Galanakis1d78c7d2025-03-12 01:07:58 +000013988 "$P_SRV debug_level=4 exchanges=2 renegotiation=0 auth_mode=required" \
13989 "$O_NEXT_CLI_RENEGOTIATE -tls1_2 -split_send_frag 4 -connect 127.0.0.1:+$SRV_PORT" \
13990 1 \
13991 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
13992 -s "refusing renegotiation, sending alert" \
13993 -s "server hello, secure renegotiation extension" \
13994 -s "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \
13995 -s "Prepare: waiting for more handshake fragments 4/" \
13996 -s "Consume: waiting for more handshake fragments 4/" \
13997
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000013998# Test server-initiated renegotiation with fragmented handshake on TLS1.2
Minos Galanakis625c8fd2025-03-18 10:31:37 +000013999
14000# Note: The /reneg endpoint serves as a directive for OpenSSL's s_server
14001# to initiate a handshake renegotiation.
14002# Note: Adjusting the renegotiation delay beyond the library's default
14003# value of 16 is necessary. This parameter defines the maximum
14004# number of records received before renegotiation is completed.
14005# By fragmenting records and thereby increasing their quantity,
14006# the default threshold can be reached more quickly.
14007# Setting it to -1 disables that policy's enforment.
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000014008requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakis529188f2025-03-06 15:09:39 +000014009requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000014010run_test "Handshake defragmentation on client: len=512, server-initiated renegotiation" \
Minos Galanakisdf4ddfd2025-03-11 17:24:04 +000014011 "$O_NEXT_SRV -tls1_2 -split_send_frag 512 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
Minos Galanakis529188f2025-03-06 15:09:39 +000014012 "$P_CLI debug_level=3 renegotiation=1 request_page=/reneg" \
14013 0 \
Minos Galanakis70be67b2025-03-11 17:00:45 +000014014 -c "initial handshake fragment: 512, 0\\.\\.512 of [0-9]\\+" \
14015 -c "Prepare: waiting for more handshake fragments 512/" \
14016 -c "Consume: waiting for more handshake fragments 512/" \
Minos Galanakis529188f2025-03-06 15:09:39 +000014017 -c "client hello, adding renegotiation extension" \
14018 -c "found renegotiation extension" \
14019 -c "=> renegotiate"
14020
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000014021requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000014022requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
Minos Galanakisdfc082e2025-03-18 10:25:24 +000014023run_test "Handshake defragmentation on client: len=256, server-initiated renegotiation" \
Minos Galanakisdf4ddfd2025-03-11 17:24:04 +000014024 "$O_NEXT_SRV -tls1_2 -split_send_frag 256 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
Minos Galanakisf475a152025-03-13 11:43:53 +000014025 "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000014026 0 \
Minos Galanakis70be67b2025-03-11 17:00:45 +000014027 -c "initial handshake fragment: 256, 0\\.\\.256 of [0-9]\\+" \
14028 -c "Prepare: waiting for more handshake fragments 256/" \
14029 -c "Consume: waiting for more handshake fragments 256/" \
Minos Galanakisa7b19aa2025-03-11 14:17:25 +000014030 -c "client hello, adding renegotiation extension" \
14031 -c "found renegotiation extension" \
14032 -c "=> renegotiate"
14033
Minos Galanakis625c8fd2025-03-18 10:31:37 +000014034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
14035requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
14036run_test "Handshake defragmentation on client: len=128, server-initiated renegotiation" \
14037 "$O_NEXT_SRV -tls1_2 -split_send_frag 128 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
14038 "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \
14039 0 \
14040 -c "initial handshake fragment: 128, 0\\.\\.128 of [0-9]\\+" \
14041 -c "Prepare: waiting for more handshake fragments 128/" \
14042 -c "Consume: waiting for more handshake fragments 128/" \
14043 -c "client hello, adding renegotiation extension" \
14044 -c "found renegotiation extension" \
14045 -c "=> renegotiate"
14046
14047requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
14048requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
14049run_test "Handshake defragmentation on client: len=4, server-initiated renegotiation" \
14050 "$O_NEXT_SRV -tls1_2 -split_send_frag 4 -cert $DATA_FILES_PATH/server5.crt -key $DATA_FILES_PATH/server5.key" \
14051 "$P_CLI debug_level=3 renegotiation=1 renego_delay=-1 request_page=/reneg" \
14052 0 \
14053 -c "initial handshake fragment: 4, 0\\.\\.4 of [0-9]\\+" \
14054 -c "Prepare: waiting for more handshake fragments 4/" \
14055 -c "Consume: waiting for more handshake fragments 4/" \
14056 -c "client hello, adding renegotiation extension" \
14057 -c "found renegotiation extension" \
14058 -c "=> renegotiate"
14059
Piotr Nowicki0937ed22019-11-26 16:32:40 +010014060# Test heap memory usage after handshake
Jerry Yuab082902021-12-23 18:02:22 +080014061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
Piotr Nowicki0937ed22019-11-26 16:32:40 +010014062requires_config_enabled MBEDTLS_MEMORY_DEBUG
14063requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C
14064requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
Yuto Takanobc87b1d2021-07-08 15:56:33 +010014065requires_max_content_len 16384
Wenxing Houb4d03cc2024-06-19 11:04:13 +080014066run_tests_memory_after_handshake
Piotr Nowicki0937ed22019-11-26 16:32:40 +010014067
Tomás González24552ff2023-08-17 15:10:03 +010014068if [ "$LIST_TESTS" -eq 0 ]; then
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010014069
Tomás González24552ff2023-08-17 15:10:03 +010014070 # Final report
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010014071
Tomás González24552ff2023-08-17 15:10:03 +010014072 echo "------------------------------------------------------------------------"
14073
14074 if [ $FAILS = 0 ]; then
14075 printf "PASSED"
14076 else
14077 printf "FAILED"
14078 fi
14079 PASSES=$(( $TESTS - $FAILS ))
14080 echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
14081
Gilles Peskine39c52072024-05-17 11:55:15 +020014082 if [ $((TESTS - SKIPS)) -lt $MIN_TESTS ]; then
14083 cat <<EOF
14084Error: Expected to run at least $MIN_TESTS, but only ran $((TESTS - SKIPS)).
14085Maybe a bad filter ('$FILTER') or a bad configuration?
14086EOF
14087 if [ $FAILS -eq 0 ]; then
14088 FAILS=1
14089 fi
14090 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010014091fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010014092
Tom Cosgrovefc0e79e2023-01-13 12:13:41 +000014093if [ $FAILS -gt 255 ]; then
14094 # Clamp at 255 as caller gets exit code & 0xFF
14095 # (so 256 would be 0, or success, etc)
14096 FAILS=255
14097fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010014098exit $FAILS