TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 274a12e17c7e0f173e997450a4e8125b11e8be85 / . / tests / ssl-opt.sh
blob: 0dd072b3d2fc458d4aa2f2f8c1f83e99023b935f [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
12SRV_CMD="$PROGS_DIR/ssl_server2"
13CLI_CMD="$PROGS_DIR/ssl_client2"
14
15# Usage: run_test name srv_args cli_args cli_exit [option [...]]
16# Options: -s pattern pattern that must be present in server output
17# -c pattern pattern that must be present in client output
18# -S pattern pattern that must be absent in server output
19# -C pattern pattern that must be absent in client output
20run_test() {
21 echo -n "$1: "
22 shift
23
24 # run the commands
25 $SRV_CMD $1 > srv_out &
26 SRV_PID=$!
27 sleep 1
28 $CLI_CMD $2 > cli_out
29 CLI_EXIT=$?
30 echo SERVERQUIT | openssl s_client >/dev/null 2>&1
31 wait $SRV_PID
32 shift 2
33
34 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]35 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
36 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
37 then
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]38 echo "FAIL - client exit"
39 return
40 fi
41 shift
42
43 # check options
44 while [ $# -gt 0 ]
45 do
46 case $1 in
47 "-s")
48 if grep "$2" srv_out >/dev/null; then :; else
49 echo "FAIL - -s $2"
50 return
51 fi
52 ;;
53
54 "-c")
55 if grep "$2" cli_out >/dev/null; then :; else
56 echo "FAIL - -c $2"
57 return
58 fi
59 ;;
60
61 "-S")
62 if grep "$2" srv_out >/dev/null; then
63 echo "FAIL - -S $2"
64 return
65 fi
66 ;;
67
68 "-C")
69 if grep "$2" cli_out >/dev/null; then
70 echo "FAIL - -C $2"
71 return
72 fi
73 ;;
74
75 *)
76 echo "Unkown test: $1" >&2
77 exit 1
78 esac
79 shift 2
80 done
81
82 # if we're here, everything is ok
83 echo "PASS"
84 rm -r srv_out cli_out
85}
86
87killall -q openssl ssl_server ssl_server2
88
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]89# Tests for Truncated HMAC extension
90
91run_test "Truncated HMAC #0" \
92 "debug_level=5" \
93 "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
94 0 \
95 -s "dumping 'computed mac' (20 bytes)"
96
97run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]98 "debug_level=5" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]99 "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]100 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]101 -s "dumping 'computed mac' (10 bytes)"
102
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]103# Tests for Session Tickets
104
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]105run_test "Session resume using tickets" \
106 "debug_level=4 tickets=1" \
107 "debug_level=4 reconnect=1 tickets=1" \
108 0 \
109 -S "session successfully restored from cache" \
110 -s "session successfully restored from ticket" \
111 -s "a session has been resumed" \
112 -c "a session has been resumed"
113
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]114# Test for Session Resume base in session-ID and cache
115
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]116run_test "Session resume using cache #1" \
117 "debug_level=4 tickets=0" \
118 "debug_level=4 reconnect=1 tickets=1" \
119 0 \
120 -s "session successfully restored from cache" \
121 -S "session successfully restored from ticket" \
122 -s "a session has been resumed" \
123 -c "a session has been resumed"
124
125run_test "Session resume using cache #2" \
126 "debug_level=4 tickets=1" \
127 "debug_level=4 reconnect=1 tickets=0" \
128 0 \
129 -s "session successfully restored from cache" \
130 -S "session successfully restored from ticket" \
131 -s "a session has been resumed" \
132 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]133
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]134# Tests for Max Fragment Length extension
135
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]136run_test "Max fragment length #1" \
137 "debug_level=4" \
138 "debug_level=4" \
139 0 \
140 -C "client hello, adding max_fragment_length extension" \
141 -S "found max fragment length extension" \
142 -S "server hello, max_fragment_length extension" \
143 -C "found max_fragment_length extension"
144
145run_test "Max fragment length #2" \
146 "debug_level=4" \
147 "debug_level=4 max_frag_len=4096" \
148 0 \
149 -c "client hello, adding max_fragment_length extension" \
150 -s "found max fragment length extension" \
151 -s "server hello, max_fragment_length extension" \
152 -c "found max_fragment_length extension"
153
154run_test "Max fragment length #3" \
155 "debug_level=4 max_frag_len=4096" \
156 "debug_level=4" \
157 0 \
158 -C "client hello, adding max_fragment_length extension" \
159 -S "found max fragment length extension" \
160 -S "server hello, max_fragment_length extension" \
161 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]162
163# Tests for renegotiation
164
165run_test "Renegotiation #0 (none)" \
166 "debug_level=4" \
167 "debug_level=4" \
168 0 \
169 -C "client hello, adding renegotiation extension" \
170 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
171 -S "found renegotiation extension" \
172 -s "server hello, secure renegotiation extension" \
173 -c "found renegotiation extension" \
174 -C "renegotiate" \
175 -S "renegotiate" \
176 -S "write hello request"
177
178run_test "Renegotiation #1 (enabled, client-initiated)" \
179 "debug_level=4" \
180 "debug_level=4 renegotiate=1" \
181 0 \
182 -c "client hello, adding renegotiation extension" \
183 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
184 -s "found renegotiation extension" \
185 -s "server hello, secure renegotiation extension" \
186 -c "found renegotiation extension" \
187 -c "renegotiate" \
188 -s "renegotiate" \
189 -S "write hello request"
190
191run_test "Renegotiation #2 (enabled, server-initiated)" \
192 "debug_level=4 renegotiate=1" \
193 "debug_level=4" \
194 0 \
195 -c "client hello, adding renegotiation extension" \
196 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
197 -s "found renegotiation extension" \
198 -s "server hello, secure renegotiation extension" \
199 -c "found renegotiation extension" \
200 -c "renegotiate" \
201 -s "renegotiate" \
202 -s "write hello request"
203
204run_test "Renegotiation #3 (enabled, double)" \
205 "debug_level=4 renegotiate=1" \
206 "debug_level=4 renegotiate=1" \
207 0 \
208 -c "client hello, adding renegotiation extension" \
209 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
210 -s "found renegotiation extension" \
211 -s "server hello, secure renegotiation extension" \
212 -c "found renegotiation extension" \
213 -c "renegotiate" \
214 -s "renegotiate" \
215 -s "write hello request"
216
217run_test "Renegotiation #4 (client-initiated, server-rejected)" \
218 "debug_level=4 renegotiation=0" \
219 "debug_level=4 renegotiate=1" \
220 1 \
221 -c "client hello, adding renegotiation extension" \
222 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
223 -S "found renegotiation extension" \
224 -s "server hello, secure renegotiation extension" \
225 -c "found renegotiation extension" \
226 -c "renegotiate" \
227 -S "renegotiate" \
228 -S "write hello request"
229
230run_test "Renegotiation #5 (server-initiated, client-rejected)" \
231 "debug_level=4 renegotiate=1" \
232 "debug_level=4 renegotiation=0" \
233 0 \
234 -C "client hello, adding renegotiation extension" \
235 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
236 -S "found renegotiation extension" \
237 -s "server hello, secure renegotiation extension" \
238 -c "found renegotiation extension" \
239 -C "renegotiate" \
240 -S "renegotiate" \
241 -s "write hello request" \
242 -s "SSL - An unexpected message was received from our peer" \
243 -s "failed"