commit 9687029d22b11edbdb3cfd46936a9080bc21e80d
author Hanno Becker <hanno.becker@arm.com> Fri May 03 17:30:59 2019 +0100
committer Hanno Becker <hanno.becker@arm.com> Mon May 20 15:32:36 2019 +0100
tree 1563c1822d6bd9ff625b927d4684837e42ffd9bf
parent b7f9e9c9a50f2bf821354d9a743d90c30693b6d0

Add support for change of CID to ssl_client2 / ssl_server2

And add tests for various CID configuration changes during
renegotiation to ssl-opt.sh.

tests/ssl-opt.sh

diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 020abd2..ebee0fd 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1385,24 +1385,93 @@
 
 requires_config_enabled MBEDTLS_SSL_CID
 requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
-run_test    "(STUB) Connection ID: Client+Server enabled, renegotiate" \
+run_test    "(STUB) Connection ID: Client+Server enabled, renegotiate without change of CID" \
             "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
             "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
             0 \
-            -c "Enable use of CID extension." \
-            -s "Enable use of CID extension." \
-            -c "client hello, adding CID extension" \
-            -s "found CID extension"           \
-            -s "Use of CID extension negotiated" \
-            -s "server hello, adding CID extension" \
-            -c "found CID extension" \
-            -c "Use of CID extension negotiated" \
-            -s "Copy CIDs into SSL transform" \
-            -c "Copy CIDs into SSL transform" \
-            -c "Peer CID (length 2 Bytes): de ad" \
-            -s "Peer CID (length 2 Bytes): be ef" \
-            -s "Use of Connection ID has been negotiated" \
-            -c "Use of Connection ID has been negotiated"
+            -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+            -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+            -s "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -s "(after renegotiation) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_CID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "(STUB) Connection ID: Client+Server enabled, renegotiate with different CID" \
+            "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \
+            0 \
+            -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+            -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+            -s "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -s "(after renegotiation) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_CID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "(STUB) Connection ID: Client+Server enabled, renegotiate without CID" \
+            "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+            0 \
+            -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+            -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+            -s "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(initial handshake) Use of Connection ID has been negotiated" \
+            -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -C "(after renegotiation) Use of Connection ID has been negotiated" \
+            -S "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_CID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "(STUB) Connection ID: Client+Server enabled, CID on renegotiation" \
+            "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \
+            0 \
+            -S "(initial handshake) Use of Connection ID has been negotiated" \
+            -C "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -c "(after renegotiation) Use of Connection ID has been negotiated" \
+            -s "(after renegotiation) Use of Connection ID has been negotiated"
+
+requires_config_enabled MBEDTLS_SSL_CID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "(STUB) Connection ID: Client+Server enabled, client disables on renegotiation" \
+            "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \
+            0 \
+            -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+            -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+            -s "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(initial handshake) Use of Connection ID has been negotiated" \
+            -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -C "(after renegotiation) Use of Connection ID has been negotiated" \
+            -S "(after renegotiation) Use of Connection ID has been negotiated" \
+            -s "(after renegotiation) Use of Connection ID was not offered by client"
+
+requires_config_enabled MBEDTLS_SSL_CID
+requires_config_enabled MBEDTLS_SSL_RENEGOTIATION
+run_test    "(STUB) Connection ID: Client+Server enabled, server disables on renegotiation" \
+            "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \
+            "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \
+            0 \
+            -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \
+            -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \
+            -s "(initial handshake) Use of Connection ID has been negotiated" \
+            -c "(initial handshake) Use of Connection ID has been negotiated" \
+            -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \
+            -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \
+            -C "(after renegotiation) Use of Connection ID has been negotiated" \
+            -S "(after renegotiation) Use of Connection ID has been negotiated" \
+            -c "(after renegotiation) Use of Connection ID was rejected by the server"
 
 # Tests for Encrypt-then-MAC extension