TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 51362961b8800e13e81e036662f2a817b4763ad7 / . / tests / ssl-opt.sh
blob: 7986af1e044a30799e74449b36489eaa903a289c [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]11set -u
12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]13# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]16: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]17: ${GNUTLS_CLI:=gnutls-cli}
18: ${GNUTLS_SERV:=gnutls-serv}
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]19
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]20O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
21O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]22G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key"
23G_CLI="$GNUTLS_CLI"
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]24
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]25TESTS=0
26FAILS=0
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]27SKIPS=0
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]28
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]29CONFIG_H='../include/polarssl/config.h'
30
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]31MEMCHECK=0
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]32FILTER='.*'
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]33EXCLUDE='^$'
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]34
35print_usage() {
36 echo "Usage: $0 [options]"
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]37 echo -e " -h|--help\tPrint this help."
38 echo -e " -m|--memcheck\tCheck memory leaks and errors."
39 echo -e " -f|--filter\tOnly matching tests are executed (default: '$FILTER')"
40 echo -e " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]41}
42
43get_options() {
44 while [ $# -gt 0 ]; do
45 case "$1" in
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]46 -f|--filter)
47 shift; FILTER=$1
48 ;;
49 -e|--exclude)
50 shift; EXCLUDE=$1
51 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]52 -m|--memcheck)
53 MEMCHECK=1
54 ;;
55 -h|--help)
56 print_usage
57 exit 0
58 ;;
59 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]60 echo "Unknown argument: '$1'"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]61 print_usage
62 exit 1
63 ;;
64 esac
65 shift
66 done
67}
68
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]69# skip next test if OpenSSL can't send SSLv2 ClientHello
70requires_openssl_with_sslv2() {
71 if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then
72 if openssl ciphers -ssl2 >/dev/null 2>&1; then
73 OPENSSL_HAS_SSL2="YES"
74 else
75 OPENSSL_HAS_SSL2="NO"
76 fi
77 fi
78 if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then
79 SKIP_NEXT="YES"
80 fi
81}
82
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]83# skip next test if GnuTLS isn't available
84requires_gnutls() {
85 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then
86 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null; then
87 GNUTLS_AVAILABLE="YES"
88 else
89 GNUTLS_AVAILABLE="NO"
90 fi
91 fi
92 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then
93 SKIP_NEXT="YES"
94 fi
95}
96
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]97# print_name <name>
98print_name() {
99 echo -n "$1 "
100 LEN=`echo "$1" | wc -c`
101 LEN=`echo 72 - $LEN | bc`
102 for i in `seq 1 $LEN`; do echo -n '.'; done
103 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]104
105 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]106}
107
108# fail <message>
109fail() {
110 echo "FAIL"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]111 echo " ! $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]112
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]113 cp $SRV_OUT o-srv-${TESTS}.log
114 cp $CLI_OUT o-cli-${TESTS}.log
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +0100[diff] [blame]115 echo " ! outputs saved to o-srv-${TESTS}.log and o-cli-${TESTS}.log"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]116
117 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]118}
119
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]120# is_polar <cmd_line>
121is_polar() {
122 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
123}
124
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]125# has_mem_err <log_file_name>
126has_mem_err() {
127 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
128 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
129 then
130 return 1 # false: does not have errors
131 else
132 return 0 # true: has errors
133 fi
134}
135
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]136# wait for server to start: two versions depending on lsof availability
137wait_server_start() {
138 if which lsof >/dev/null; then
139 # make sure we don't loop forever
140 ( sleep "$DOG_DELAY"; echo "SERVERSTART TIMEOUT"; kill $MAIN_PID ) &
141 WATCHDOG_PID=$!
142
143 # make a tight loop, server usually takes less than 1 sec to start
144 until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
145
146 kill $WATCHDOG_PID
147 wait $WATCHDOG_PID
148 else
149 sleep "$START_DELAY"
150 fi
151}
152
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]153# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]154# Options: -s pattern pattern that must be present in server output
155# -c pattern pattern that must be present in client output
156# -S pattern pattern that must be absent in server output
157# -C pattern pattern that must be absent in client output
158run_test() {
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]159 NAME="$1"
160 SRV_CMD="$2"
161 CLI_CMD="$3"
162 CLI_EXPECT="$4"
163 shift 4
164
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100[diff] [blame]165 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
166 else
167 return
168 fi
169
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]170 print_name "$NAME"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]171
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]172 # should we skip?
173 if [ "X$SKIP_NEXT" = "XYES" ]; then
174 SKIP_NEXT="NO"
175 echo "SKIP"
176 SKIPS=`echo $SKIPS + 1 | bc`
177 return
178 fi
179
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]180 # prepend valgrind to our commands if active
181 if [ "$MEMCHECK" -gt 0 ]; then
182 if is_polar "$SRV_CMD"; then
183 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
184 fi
185 if is_polar "$CLI_CMD"; then
186 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
187 fi
188 fi
189
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]190 # run the commands
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]191 echo "$SRV_CMD" > $SRV_OUT
192 $SRV_CMD >> $SRV_OUT 2>&1 &
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]193 SRV_PID=$!
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]194 wait_server_start
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]195 echo "$CLI_CMD" > $CLI_OUT
196 eval "$CLI_CMD" >> $CLI_OUT 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]197 CLI_EXIT=$?
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]198 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100[diff] [blame]199
Manuel Pégourié-Gonnard74b11702014-08-14 15:47:33 +0200[diff] [blame]200 # kill the server
201 kill $SRV_PID
202 wait $SRV_PID
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]203
204 # check if the client and server went at least to the handshake stage
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]205 # (useful to avoid tests with only negative assertions and non-zero
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]206 # expected client exit to incorrectly succeed in case of catastrophic
207 # failure)
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]208 if is_polar "$SRV_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]209 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]210 else
211 fail "server failed to start"
212 return
213 fi
214 fi
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]215 if is_polar "$CLI_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]216 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100[diff] [blame]217 else
218 fail "client failed to start"
219 return
220 fi
221 fi
222
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]223 # check server exit code
224 if [ $? != 0 ]; then
225 fail "server fail"
226 return
227 fi
228
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]229 # check client exit code
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]230 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
231 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]232 then
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]233 fail "bad client exit code"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]234 return
235 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]236
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]237 # check other assertions
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]238 # lines beginning with == are added by valgrind, ignore them
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]239 while [ $# -gt 0 ]
240 do
241 case $1 in
242 "-s")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]243 if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]244 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]245 return
246 fi
247 ;;
248
249 "-c")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]250 if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]251 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]252 return
253 fi
254 ;;
255
256 "-S")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]257 if grep -v '^==' $SRV_OUT | grep "$2" >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]258 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]259 return
260 fi
261 ;;
262
263 "-C")
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]264 if grep -v '^==' $CLI_OUT | grep "$2" >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]265 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]266 return
267 fi
268 ;;
269
270 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200[diff] [blame]271 echo "Unknown test: $1" >&2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]272 exit 1
273 esac
274 shift 2
275 done
276
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]277 # check valgrind's results
278 if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]279 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]280 fail "Server has memory errors"
281 return
282 fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]283 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]284 fail "Client has memory errors"
285 return
286 fi
287 fi
288
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]289 # if we're here, everything is ok
290 echo "PASS"
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]291 rm -f $SRV_OUT $CLI_OUT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]292}
293
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]294cleanup() {
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]295 rm -f $CLI_OUT $SRV_OUT $SESSION
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]296 kill $SRV_PID >/dev/null 2>&1
297 kill $WATCHDOG_PID >/dev/null 2>&1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]298 exit 1
299}
300
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100[diff] [blame]301#
302# MAIN
303#
304
Manuel Pégourié-Gonnard913030c2014-03-28 10:12:38 +0100[diff] [blame]305get_options "$@"
306
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]307# sanity checks, avoid an avalanche of errors
308if [ ! -x "$P_SRV" ]; then
309 echo "Command '$P_SRV' is not an executable file"
310 exit 1
311fi
312if [ ! -x "$P_CLI" ]; then
313 echo "Command '$P_CLI' is not an executable file"
314 exit 1
315fi
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100[diff] [blame]316if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
317 echo "Command '$OPENSSL_CMD' not found"
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]318 exit 1
319fi
320
Manuel Pégourié-Gonnard32f8f4d2014-05-29 11:31:20 +0200[diff] [blame]321# used by watchdog
322MAIN_PID="$$"
323
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200[diff] [blame]324# be more patient with valgrind
325if [ "$MEMCHECK" -gt 0 ]; then
326 START_DELAY=3
327 DOG_DELAY=30
328else
329 START_DELAY=1
330 DOG_DELAY=10
331fi
332
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]333# Pick a "unique" port in the range 10000-19999.
334PORT="0000$$"
Manuel Pégourié-Gonnardfab2a3c2014-06-16 16:54:36 +0200[diff] [blame]335PORT="1$(echo $PORT | tail -c 5)"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]336
337# fix commands to use this port
338P_SRV="$P_SRV server_port=$PORT"
339P_CLI="$P_CLI server_port=$PORT"
340O_SRV="$O_SRV -accept $PORT"
341O_CLI="$O_CLI -connect localhost:$PORT"
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]342G_SRV="$G_SRV -p $PORT"
343G_CLI="$G_CLI -p $PORT"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200[diff] [blame]344
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]345# Also pick a unique name for intermediate files
346SRV_OUT="srv_out.$$"
347CLI_OUT="cli_out.$$"
348SESSION="session.$$"
349
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]350SKIP_NEXT="NO"
351
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100[diff] [blame]352trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]353
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]354# Basic test
355
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]356# Checks that:
357# - things work with all ciphersuites active (used with config-full in all.sh)
358# - the expected (highest security) parameters are selected
359# ("signature_algorithm ext: 6" means SHA-512 (highest common hash))
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]360run_test "Default" \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]361 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]362 "$P_CLI" \
363 0 \
Manuel Pégourié-Gonnard480905d2014-08-21 19:38:32 +0200[diff] [blame]364 -s "Protocol is TLSv1.2" \
365 -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \
366 -s "client hello v3, signature_algorithm ext: 6" \
367 -s "ECDHE curve: secp521r1" \
368 -S "error" \
369 -C "error"
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200[diff] [blame]370
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]371# Test for SSLv2 ClientHello
372
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]373requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]374run_test "SSLv2 ClientHello #0 (reference)" \
375 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]376 "$O_CLI -no_ssl2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]377 0 \
378 -S "parse client hello v2" \
379 -S "ssl_handshake returned"
380
381# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]382requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]383run_test "SSLv2 ClientHello #1 (actual test)" \
384 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]385 "$O_CLI -cipher 'DES-CBC-MD5:ALL'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]386 0 \
387 -s "parse client hello v2" \
388 -S "ssl_handshake returned"
389
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]390# Tests for Truncated HMAC extension
391
392run_test "Truncated HMAC #0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]393 "$P_SRV debug_level=5" \
394 "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]395 0 \
396 -s "dumping 'computed mac' (20 bytes)"
397
398run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]399 "$P_SRV debug_level=5" \
400 "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]401 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]402 -s "dumping 'computed mac' (10 bytes)"
403
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]404# Tests for Session Tickets
405
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]406run_test "Session resume using tickets #1 (basic)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]407 "$P_SRV debug_level=4 tickets=1" \
408 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]409 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]410 -c "client hello, adding session ticket extension" \
411 -s "found session ticket extension" \
412 -s "server hello, adding session ticket extension" \
413 -c "found session_ticket extension" \
414 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]415 -S "session successfully restored from cache" \
416 -s "session successfully restored from ticket" \
417 -s "a session has been resumed" \
418 -c "a session has been resumed"
419
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]420run_test "Session resume using tickets #2 (cache disabled)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]421 "$P_SRV debug_level=4 tickets=1 cache_max=0" \
422 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]423 0 \
424 -c "client hello, adding session ticket extension" \
425 -s "found session ticket extension" \
426 -s "server hello, adding session ticket extension" \
427 -c "found session_ticket extension" \
428 -c "parse new session ticket" \
429 -S "session successfully restored from cache" \
430 -s "session successfully restored from ticket" \
431 -s "a session has been resumed" \
432 -c "a session has been resumed"
433
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]434run_test "Session resume using tickets #3 (timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]435 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
436 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]437 0 \
438 -c "client hello, adding session ticket extension" \
439 -s "found session ticket extension" \
440 -s "server hello, adding session ticket extension" \
441 -c "found session_ticket extension" \
442 -c "parse new session ticket" \
443 -S "session successfully restored from cache" \
444 -S "session successfully restored from ticket" \
445 -S "a session has been resumed" \
446 -C "a session has been resumed"
447
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]448run_test "Session resume using tickets #4 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]449 "$O_SRV" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]450 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
451 0 \
452 -c "client hello, adding session ticket extension" \
453 -c "found session_ticket extension" \
454 -c "parse new session ticket" \
455 -c "a session has been resumed"
456
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]457run_test "Session resume using tickets #5 (openssl client)" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]458 "$P_SRV debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]459 "( $O_CLI -sess_out $SESSION; \
460 $O_CLI -sess_in $SESSION; \
461 rm -f $SESSION )" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100[diff] [blame]462 0 \
463 -s "found session ticket extension" \
464 -s "server hello, adding session ticket extension" \
465 -S "session successfully restored from cache" \
466 -s "session successfully restored from ticket" \
467 -s "a session has been resumed"
468
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]469# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]470
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]471run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]472 "$P_SRV debug_level=4 tickets=0" \
473 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]474 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]475 -c "client hello, adding session ticket extension" \
476 -s "found session ticket extension" \
477 -S "server hello, adding session ticket extension" \
478 -C "found session_ticket extension" \
479 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]480 -s "session successfully restored from cache" \
481 -S "session successfully restored from ticket" \
482 -s "a session has been resumed" \
483 -c "a session has been resumed"
484
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]485run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]486 "$P_SRV debug_level=4 tickets=1" \
487 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]488 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]489 -C "client hello, adding session ticket extension" \
490 -S "found session ticket extension" \
491 -S "server hello, adding session ticket extension" \
492 -C "found session_ticket extension" \
493 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]494 -s "session successfully restored from cache" \
495 -S "session successfully restored from ticket" \
496 -s "a session has been resumed" \
497 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]498
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]499run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]500 "$P_SRV debug_level=4 tickets=0 cache_max=0" \
501 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]502 0 \
503 -S "session successfully restored from cache" \
504 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]505 -S "a session has been resumed" \
506 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]507
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]508run_test "Session resume using cache #4 (cache_max=1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]509 "$P_SRV debug_level=4 tickets=0 cache_max=1" \
510 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]511 0 \
512 -s "session successfully restored from cache" \
513 -S "session successfully restored from ticket" \
514 -s "a session has been resumed" \
515 -c "a session has been resumed"
516
517run_test "Session resume using cache #5 (timemout > delay)" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]518 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]519 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]520 0 \
521 -s "session successfully restored from cache" \
522 -S "session successfully restored from ticket" \
523 -s "a session has been resumed" \
524 -c "a session has been resumed"
525
526run_test "Session resume using cache #6 (timeout < delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]527 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
528 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]529 0 \
530 -S "session successfully restored from cache" \
531 -S "session successfully restored from ticket" \
532 -S "a session has been resumed" \
533 -C "a session has been resumed"
534
535run_test "Session resume using cache #7 (no timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]536 "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
537 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]538 0 \
539 -s "session successfully restored from cache" \
540 -S "session successfully restored from ticket" \
541 -s "a session has been resumed" \
542 -c "a session has been resumed"
543
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]544run_test "Session resume using cache #8 (openssl client)" \
545 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200[diff] [blame]546 "( $O_CLI -sess_out $SESSION; \
547 $O_CLI -sess_in $SESSION; \
548 rm -f $SESSION )" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]549 0 \
550 -s "found session ticket extension" \
551 -S "server hello, adding session ticket extension" \
552 -s "session successfully restored from cache" \
553 -S "session successfully restored from ticket" \
554 -s "a session has been resumed"
555
556run_test "Session resume using cache #9 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100[diff] [blame]557 "$O_SRV" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100[diff] [blame]558 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
559 0 \
560 -C "found session_ticket extension" \
561 -C "parse new session ticket" \
562 -c "a session has been resumed"
563
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]564# Tests for Max Fragment Length extension
565
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]566run_test "Max fragment length #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]567 "$P_SRV debug_level=4" \
568 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]569 0 \
570 -C "client hello, adding max_fragment_length extension" \
571 -S "found max fragment length extension" \
572 -S "server hello, max_fragment_length extension" \
573 -C "found max_fragment_length extension"
574
575run_test "Max fragment length #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]576 "$P_SRV debug_level=4" \
577 "$P_CLI debug_level=4 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]578 0 \
579 -c "client hello, adding max_fragment_length extension" \
580 -s "found max fragment length extension" \
581 -s "server hello, max_fragment_length extension" \
582 -c "found max_fragment_length extension"
583
584run_test "Max fragment length #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]585 "$P_SRV debug_level=4 max_frag_len=4096" \
586 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]587 0 \
588 -C "client hello, adding max_fragment_length extension" \
589 -S "found max fragment length extension" \
590 -S "server hello, max_fragment_length extension" \
591 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]592
Manuel Pégourié-Gonnardbaa7f072014-08-20 20:15:53 +0200[diff] [blame]593run_test "Max fragment length #4 (GnuTLS server)" \
594 "$G_SRV" \
595 "$P_CLI debug_level=4 max_frag_len=4096" \
596 0 \
597 -c "client hello, adding max_fragment_length extension" \
598 -c "found max_fragment_length extension"
599
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]600# Tests for renegotiation
601
602run_test "Renegotiation #0 (none)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]603 "$P_SRV debug_level=4 exchanges=2" \
604 "$P_CLI debug_level=4 exchanges=2" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]605 0 \
606 -C "client hello, adding renegotiation extension" \
607 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
608 -S "found renegotiation extension" \
609 -s "server hello, secure renegotiation extension" \
610 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]611 -C "=> renegotiate" \
612 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]613 -S "write hello request"
614
615run_test "Renegotiation #1 (enabled, client-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]616 "$P_SRV debug_level=4 exchanges=2 renegotiation=1" \
617 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]618 0 \
619 -c "client hello, adding renegotiation extension" \
620 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
621 -s "found renegotiation extension" \
622 -s "server hello, secure renegotiation extension" \
623 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]624 -c "=> renegotiate" \
625 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]626 -S "write hello request"
627
628run_test "Renegotiation #2 (enabled, server-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]629 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
630 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]631 0 \
632 -c "client hello, adding renegotiation extension" \
633 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
634 -s "found renegotiation extension" \
635 -s "server hello, secure renegotiation extension" \
636 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]637 -c "=> renegotiate" \
638 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]639 -s "write hello request"
640
641run_test "Renegotiation #3 (enabled, double)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]642 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
643 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]644 0 \
645 -c "client hello, adding renegotiation extension" \
646 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
647 -s "found renegotiation extension" \
648 -s "server hello, secure renegotiation extension" \
649 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]650 -c "=> renegotiate" \
651 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]652 -s "write hello request"
653
654run_test "Renegotiation #4 (client-initiated, server-rejected)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]655 "$P_SRV debug_level=4 exchanges=2 renegotiation=0" \
656 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]657 1 \
658 -c "client hello, adding renegotiation extension" \
659 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
660 -S "found renegotiation extension" \
661 -s "server hello, secure renegotiation extension" \
662 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]663 -c "=> renegotiate" \
664 -S "=> renegotiate" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]665 -S "write hello request" \
Manuel Pégourié-Gonnard65919622014-08-19 12:50:30 +0200[diff] [blame]666 -c "SSL - Unexpected message at ServerHello in renegotiation" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]667 -c "failed"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]668
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]669run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]670 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
671 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]672 0 \
673 -C "client hello, adding renegotiation extension" \
674 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
675 -S "found renegotiation extension" \
676 -s "server hello, secure renegotiation extension" \
677 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100[diff] [blame]678 -C "=> renegotiate" \
679 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]680 -s "write hello request" \
Manuel Pégourié-Gonnarda9964db2014-07-03 19:29:16 +0200[diff] [blame]681 -S "SSL - An unexpected message was received from our peer" \
682 -S "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]683
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]684run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]685 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]686 renego_delay=-1" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]687 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]688 0 \
689 -C "client hello, adding renegotiation extension" \
690 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
691 -S "found renegotiation extension" \
692 -s "server hello, secure renegotiation extension" \
693 -c "found renegotiation extension" \
694 -C "=> renegotiate" \
695 -S "=> renegotiate" \
696 -s "write hello request" \
697 -S "SSL - An unexpected message was received from our peer" \
698 -S "failed"
699
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]700# delay 2 for 1 alert record + 1 application data record
701run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \
702 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
703 renego_delay=2" \
704 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]705 0 \
706 -C "client hello, adding renegotiation extension" \
707 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
708 -S "found renegotiation extension" \
709 -s "server hello, secure renegotiation extension" \
710 -c "found renegotiation extension" \
711 -C "=> renegotiate" \
712 -S "=> renegotiate" \
713 -s "write hello request" \
714 -S "SSL - An unexpected message was received from our peer" \
715 -S "failed"
716
717run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]718 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]719 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]720 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]721 0 \
722 -C "client hello, adding renegotiation extension" \
723 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
724 -S "found renegotiation extension" \
725 -s "server hello, secure renegotiation extension" \
726 -c "found renegotiation extension" \
727 -C "=> renegotiate" \
728 -S "=> renegotiate" \
729 -s "write hello request" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]730 -s "SSL - An unexpected message was received from our peer"
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]731
732run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]733 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]734 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200[diff] [blame]735 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200[diff] [blame]736 0 \
737 -c "client hello, adding renegotiation extension" \
738 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
739 -s "found renegotiation extension" \
740 -s "server hello, secure renegotiation extension" \
741 -c "found renegotiation extension" \
742 -c "=> renegotiate" \
743 -s "=> renegotiate" \
744 -s "write hello request" \
745 -S "SSL - An unexpected message was received from our peer" \
746 -S "failed"
747
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +0200[diff] [blame]748run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
749 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
750 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
751 0 \
752 -c "client hello, adding renegotiation extension" \
753 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
754 -s "found renegotiation extension" \
755 -s "server hello, secure renegotiation extension" \
756 -c "found renegotiation extension" \
757 -c "=> renegotiate" \
758 -s "=> renegotiate" \
759 -S "write hello request"
760
761run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
762 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
763 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
764 0 \
765 -c "client hello, adding renegotiation extension" \
766 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
767 -s "found renegotiation extension" \
768 -s "server hello, secure renegotiation extension" \
769 -c "found renegotiation extension" \
770 -c "=> renegotiate" \
771 -s "=> renegotiate" \
772 -s "write hello request"
773
Manuel Pégourié-Gonnard51362962014-08-30 21:22:47 +0200[diff] [blame^]774run_test "Renegotiation #12 (openssl server)" \
775 "$O_SRV" \
776 "$P_CLI debug_level=4 exchanges=1 renegotiation=1 renegotiate=1" \
777 0 \
778 -c "client hello, adding renegotiation extension" \
779 -c "found renegotiation extension" \
780 -c "=> renegotiate" \
781 -C "ssl_handshake returned" \
782 -C "error" \
783 -c "HTTP/1.0 200 [Oo][Kk]"
784
785run_test "Renegotiation #13 (gnutls server)" \
786 "$G_SRV" \
787 "$P_CLI debug_level=4 exchanges=1 renegotiation=1 renegotiate=1" \
788 0 \
789 -c "client hello, adding renegotiation extension" \
790 -c "found renegotiation extension" \
791 -c "=> renegotiate" \
792 -C "ssl_handshake returned" \
793 -C "error" \
794 -c "HTTP/1.0 200 [Oo][Kk]"
795
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]796# Tests for auth_mode
797
798run_test "Authentication #1 (server badcert, client required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]799 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]800 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]801 "$P_CLI debug_level=2 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]802 1 \
803 -c "x509_verify_cert() returned" \
804 -c "! self-signed or not signed by a trusted CA" \
805 -c "! ssl_handshake returned" \
806 -c "X509 - Certificate verification failed"
807
808run_test "Authentication #2 (server badcert, client optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]809 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]810 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]811 "$P_CLI debug_level=2 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]812 0 \
813 -c "x509_verify_cert() returned" \
814 -c "! self-signed or not signed by a trusted CA" \
815 -C "! ssl_handshake returned" \
816 -C "X509 - Certificate verification failed"
817
818run_test "Authentication #3 (server badcert, client none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]819 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]820 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]821 "$P_CLI debug_level=2 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]822 0 \
823 -C "x509_verify_cert() returned" \
824 -C "! self-signed or not signed by a trusted CA" \
825 -C "! ssl_handshake returned" \
826 -C "X509 - Certificate verification failed"
827
828run_test "Authentication #4 (client badcert, server required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]829 "$P_SRV debug_level=4 auth_mode=required" \
830 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]831 key_file=data_files/server5.key" \
832 1 \
833 -S "skip write certificate request" \
834 -C "skip parse certificate request" \
835 -c "got a certificate request" \
836 -C "skip write certificate" \
837 -C "skip write certificate verify" \
838 -S "skip parse certificate verify" \
839 -s "x509_verify_cert() returned" \
840 -S "! self-signed or not signed by a trusted CA" \
841 -s "! ssl_handshake returned" \
842 -c "! ssl_handshake returned" \
843 -s "X509 - Certificate verification failed"
844
845run_test "Authentication #5 (client badcert, server optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]846 "$P_SRV debug_level=4 auth_mode=optional" \
847 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]848 key_file=data_files/server5.key" \
849 0 \
850 -S "skip write certificate request" \
851 -C "skip parse certificate request" \
852 -c "got a certificate request" \
853 -C "skip write certificate" \
854 -C "skip write certificate verify" \
855 -S "skip parse certificate verify" \
856 -s "x509_verify_cert() returned" \
857 -s "! self-signed or not signed by a trusted CA" \
858 -S "! ssl_handshake returned" \
859 -C "! ssl_handshake returned" \
860 -S "X509 - Certificate verification failed"
861
862run_test "Authentication #6 (client badcert, server none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]863 "$P_SRV debug_level=4 auth_mode=none" \
864 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]865 key_file=data_files/server5.key" \
866 0 \
867 -s "skip write certificate request" \
868 -C "skip parse certificate request" \
869 -c "got no certificate request" \
870 -c "skip write certificate" \
871 -c "skip write certificate verify" \
872 -s "skip parse certificate verify" \
873 -S "x509_verify_cert() returned" \
874 -S "! self-signed or not signed by a trusted CA" \
875 -S "! ssl_handshake returned" \
876 -C "! ssl_handshake returned" \
877 -S "X509 - Certificate verification failed"
878
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100[diff] [blame]879run_test "Authentication #7 (client no cert, server optional)" \
880 "$P_SRV debug_level=4 auth_mode=optional" \
881 "$P_CLI debug_level=4 crt_file=none key_file=none" \
882 0 \
883 -S "skip write certificate request" \
884 -C "skip parse certificate request" \
885 -c "got a certificate request" \
886 -C "skip write certificate$" \
887 -C "got no certificate to send" \
888 -S "SSLv3 client has no certificate" \
889 -c "skip write certificate verify" \
890 -s "skip parse certificate verify" \
891 -s "! no client certificate sent" \
892 -S "! ssl_handshake returned" \
893 -C "! ssl_handshake returned" \
894 -S "X509 - Certificate verification failed"
895
896run_test "Authentication #8 (openssl client no cert, server optional)" \
897 "$P_SRV debug_level=4 auth_mode=optional" \
898 "$O_CLI" \
899 0 \
900 -S "skip write certificate request" \
901 -s "skip parse certificate verify" \
902 -s "! no client certificate sent" \
903 -S "! ssl_handshake returned" \
904 -S "X509 - Certificate verification failed"
905
906run_test "Authentication #9 (client no cert, openssl server optional)" \
907 "$O_SRV -verify 10" \
908 "$P_CLI debug_level=4 crt_file=none key_file=none" \
909 0 \
910 -C "skip parse certificate request" \
911 -c "got a certificate request" \
912 -C "skip write certificate$" \
913 -c "skip write certificate verify" \
914 -C "! ssl_handshake returned"
915
916run_test "Authentication #10 (client no cert, ssl3)" \
917 "$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \
918 "$P_CLI debug_level=4 crt_file=none key_file=none" \
919 0 \
920 -S "skip write certificate request" \
921 -C "skip parse certificate request" \
922 -c "got a certificate request" \
923 -C "skip write certificate$" \
924 -c "skip write certificate verify" \
925 -c "got no certificate to send" \
926 -s "SSLv3 client has no certificate" \
927 -s "skip parse certificate verify" \
928 -s "! no client certificate sent" \
929 -S "! ssl_handshake returned" \
930 -C "! ssl_handshake returned" \
931 -S "X509 - Certificate verification failed"
932
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]933# tests for SNI
934
935run_test "SNI #0 (no SNI callback)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]936 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]937 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]938 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]939 server_name=localhost" \
940 0 \
941 -S "parse ServerName extension" \
942 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
943 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
944
945run_test "SNI #1 (matching cert 1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]946 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]947 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]948 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]949 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]950 server_name=localhost" \
951 0 \
952 -s "parse ServerName extension" \
953 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
954 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
955
956run_test "SNI #2 (matching cert 2)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]957 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]958 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]959 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]960 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]961 server_name=polarssl.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]962 0 \
963 -s "parse ServerName extension" \
964 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]965 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]966
967run_test "SNI #3 (no matching cert)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]968 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]969 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]970 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100[diff] [blame]971 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100[diff] [blame]972 server_name=nonesuch.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100[diff] [blame]973 1 \
974 -s "parse ServerName extension" \
975 -s "ssl_sni_wrapper() returned" \
976 -s "ssl_handshake returned" \
977 -c "ssl_handshake returned" \
978 -c "SSL - A fatal alert message was received from our peer"
979
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100[diff] [blame]980# Tests for non-blocking I/O: exercise a variety of handshake flows
981
982run_test "Non-blocking I/O #1 (basic handshake)" \
983 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
984 "$P_CLI nbio=2 tickets=0" \
985 0 \
986 -S "ssl_handshake returned" \
987 -C "ssl_handshake returned" \
988 -c "Read from server: .* bytes read"
989
990run_test "Non-blocking I/O #2 (client auth)" \
991 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
992 "$P_CLI nbio=2 tickets=0" \
993 0 \
994 -S "ssl_handshake returned" \
995 -C "ssl_handshake returned" \
996 -c "Read from server: .* bytes read"
997
998run_test "Non-blocking I/O #3 (ticket)" \
999 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
1000 "$P_CLI nbio=2 tickets=1" \
1001 0 \
1002 -S "ssl_handshake returned" \
1003 -C "ssl_handshake returned" \
1004 -c "Read from server: .* bytes read"
1005
1006run_test "Non-blocking I/O #4 (ticket + client auth)" \
1007 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
1008 "$P_CLI nbio=2 tickets=1" \
1009 0 \
1010 -S "ssl_handshake returned" \
1011 -C "ssl_handshake returned" \
1012 -c "Read from server: .* bytes read"
1013
1014run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \
1015 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
1016 "$P_CLI nbio=2 tickets=1 reconnect=1" \
1017 0 \
1018 -S "ssl_handshake returned" \
1019 -C "ssl_handshake returned" \
1020 -c "Read from server: .* bytes read"
1021
1022run_test "Non-blocking I/O #6 (ticket + resume)" \
1023 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
1024 "$P_CLI nbio=2 tickets=1 reconnect=1" \
1025 0 \
1026 -S "ssl_handshake returned" \
1027 -C "ssl_handshake returned" \
1028 -c "Read from server: .* bytes read"
1029
1030run_test "Non-blocking I/O #7 (session-id resume)" \
1031 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
1032 "$P_CLI nbio=2 tickets=0 reconnect=1" \
1033 0 \
1034 -S "ssl_handshake returned" \
1035 -C "ssl_handshake returned" \
1036 -c "Read from server: .* bytes read"
1037
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1038# Tests for version negotiation
1039
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100[diff] [blame]1040run_test "Version check #1 (all -> 1.2)" \
1041 "$P_SRV" \
1042 "$P_CLI" \
1043 0 \
1044 -S "ssl_handshake returned" \
1045 -C "ssl_handshake returned" \
1046 -s "Protocol is TLSv1.2" \
1047 -c "Protocol is TLSv1.2"
1048
1049run_test "Version check #2 (cli max 1.1 -> 1.1)" \
1050 "$P_SRV" \
1051 "$P_CLI max_version=tls1_1" \
1052 0 \
1053 -S "ssl_handshake returned" \
1054 -C "ssl_handshake returned" \
1055 -s "Protocol is TLSv1.1" \
1056 -c "Protocol is TLSv1.1"
1057
1058run_test "Version check #3 (srv max 1.1 -> 1.1)" \
1059 "$P_SRV max_version=tls1_1" \
1060 "$P_CLI" \
1061 0 \
1062 -S "ssl_handshake returned" \
1063 -C "ssl_handshake returned" \
1064 -s "Protocol is TLSv1.1" \
1065 -c "Protocol is TLSv1.1"
1066
1067run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \
1068 "$P_SRV max_version=tls1_1" \
1069 "$P_CLI max_version=tls1_1" \
1070 0 \
1071 -S "ssl_handshake returned" \
1072 -C "ssl_handshake returned" \
1073 -s "Protocol is TLSv1.1" \
1074 -c "Protocol is TLSv1.1"
1075
1076run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \
1077 "$P_SRV min_version=tls1_1" \
1078 "$P_CLI max_version=tls1_1" \
1079 0 \
1080 -S "ssl_handshake returned" \
1081 -C "ssl_handshake returned" \
1082 -s "Protocol is TLSv1.1" \
1083 -c "Protocol is TLSv1.1"
1084
1085run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \
1086 "$P_SRV max_version=tls1_1" \
1087 "$P_CLI min_version=tls1_1" \
1088 0 \
1089 -S "ssl_handshake returned" \
1090 -C "ssl_handshake returned" \
1091 -s "Protocol is TLSv1.1" \
1092 -c "Protocol is TLSv1.1"
1093
1094run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \
1095 "$P_SRV max_version=tls1_1" \
1096 "$P_CLI min_version=tls1_2" \
1097 1 \
1098 -s "ssl_handshake returned" \
1099 -c "ssl_handshake returned" \
1100 -c "SSL - Handshake protocol not within min/max boundaries"
1101
1102run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \
1103 "$P_SRV min_version=tls1_2" \
1104 "$P_CLI max_version=tls1_1" \
1105 1 \
1106 -s "ssl_handshake returned" \
1107 -c "ssl_handshake returned" \
1108 -s "SSL - Handshake protocol not within min/max boundaries"
1109
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1110# Tests for ALPN extension
1111
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]1112if grep '^#define POLARSSL_SSL_ALPN' $CONFIG_H >/dev/null; then
1113
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200[diff] [blame]1114run_test "ALPN #0 (none)" \
1115 "$P_SRV debug_level=4" \
1116 "$P_CLI debug_level=4" \
1117 0 \
1118 -C "client hello, adding alpn extension" \
1119 -S "found alpn extension" \
1120 -C "got an alert message, type: \\[2:120]" \
1121 -S "server hello, adding alpn extension" \
1122 -C "found alpn extension " \
1123 -C "Application Layer Protocol is" \
1124 -S "Application Layer Protocol is"
1125
1126run_test "ALPN #1 (client only)" \
1127 "$P_SRV debug_level=4" \
1128 "$P_CLI debug_level=4 alpn=abc,1234" \
1129 0 \
1130 -c "client hello, adding alpn extension" \
1131 -s "found alpn extension" \
1132 -C "got an alert message, type: \\[2:120]" \
1133 -S "server hello, adding alpn extension" \
1134 -C "found alpn extension " \
1135 -c "Application Layer Protocol is (none)" \
1136 -S "Application Layer Protocol is"
1137
1138run_test "ALPN #2 (server only)" \
1139 "$P_SRV debug_level=4 alpn=abc,1234" \
1140 "$P_CLI debug_level=4" \
1141 0 \
1142 -C "client hello, adding alpn extension" \
1143 -S "found alpn extension" \
1144 -C "got an alert message, type: \\[2:120]" \
1145 -S "server hello, adding alpn extension" \
1146 -C "found alpn extension " \
1147 -C "Application Layer Protocol is" \
1148 -s "Application Layer Protocol is (none)"
1149
1150run_test "ALPN #3 (both, common cli1-srv1)" \
1151 "$P_SRV debug_level=4 alpn=abc,1234" \
1152 "$P_CLI debug_level=4 alpn=abc,1234" \
1153 0 \
1154 -c "client hello, adding alpn extension" \
1155 -s "found alpn extension" \
1156 -C "got an alert message, type: \\[2:120]" \
1157 -s "server hello, adding alpn extension" \
1158 -c "found alpn extension" \
1159 -c "Application Layer Protocol is abc" \
1160 -s "Application Layer Protocol is abc"
1161
1162run_test "ALPN #4 (both, common cli2-srv1)" \
1163 "$P_SRV debug_level=4 alpn=abc,1234" \
1164 "$P_CLI debug_level=4 alpn=1234,abc" \
1165 0 \
1166 -c "client hello, adding alpn extension" \
1167 -s "found alpn extension" \
1168 -C "got an alert message, type: \\[2:120]" \
1169 -s "server hello, adding alpn extension" \
1170 -c "found alpn extension" \
1171 -c "Application Layer Protocol is abc" \
1172 -s "Application Layer Protocol is abc"
1173
1174run_test "ALPN #5 (both, common cli1-srv2)" \
1175 "$P_SRV debug_level=4 alpn=abc,1234" \
1176 "$P_CLI debug_level=4 alpn=1234,abcde" \
1177 0 \
1178 -c "client hello, adding alpn extension" \
1179 -s "found alpn extension" \
1180 -C "got an alert message, type: \\[2:120]" \
1181 -s "server hello, adding alpn extension" \
1182 -c "found alpn extension" \
1183 -c "Application Layer Protocol is 1234" \
1184 -s "Application Layer Protocol is 1234"
1185
1186run_test "ALPN #6 (both, no common)" \
1187 "$P_SRV debug_level=4 alpn=abc,123" \
1188 "$P_CLI debug_level=4 alpn=1234,abcde" \
1189 1 \
1190 -c "client hello, adding alpn extension" \
1191 -s "found alpn extension" \
1192 -c "got an alert message, type: \\[2:120]" \
1193 -S "server hello, adding alpn extension" \
1194 -C "found alpn extension" \
1195 -C "Application Layer Protocol is 1234" \
1196 -S "Application Layer Protocol is 1234"
1197
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +0200[diff] [blame]1198fi
1199
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1200# Tests for keyUsage in leaf certificates, part 1:
1201# server-side certificate/suite selection
1202
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +0200[diff] [blame]1203run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1204 "$P_SRV key_file=data_files/server2.key \
1205 crt_file=data_files/server2.ku-ds.crt" \
1206 "$P_CLI" \
1207 0 \
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +0200[diff] [blame]1208 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1209
1210
1211run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \
1212 "$P_SRV key_file=data_files/server2.key \
1213 crt_file=data_files/server2.ku-ke.crt" \
1214 "$P_CLI" \
1215 0 \
1216 -c "Ciphersuite is TLS-RSA-WITH-"
1217
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1218run_test "keyUsage srv #3 (RSA, keyAgreement -> fail)" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]1219 "$P_SRV key_file=data_files/server2.key \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1220 crt_file=data_files/server2.ku-ka.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]1221 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1222 1 \
1223 -C "Ciphersuite is "
1224
1225run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \
1226 "$P_SRV key_file=data_files/server5.key \
1227 crt_file=data_files/server5.ku-ds.crt" \
1228 "$P_CLI" \
1229 0 \
1230 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
1231
1232
1233run_test "keyUsage srv #5 (ECDSA, keyAgreement -> ECDH-)" \
1234 "$P_SRV key_file=data_files/server5.key \
1235 crt_file=data_files/server5.ku-ka.crt" \
1236 "$P_CLI" \
1237 0 \
1238 -c "Ciphersuite is TLS-ECDH-"
1239
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1240run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]1241 "$P_SRV key_file=data_files/server5.key \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1242 crt_file=data_files/server5.ku-ke.crt" \
Manuel Pégourié-Gonnardf2629b92014-08-30 14:20:14 +0200[diff] [blame]1243 "$P_CLI" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1244 1 \
1245 -C "Ciphersuite is "
1246
1247# Tests for keyUsage in leaf certificates, part 2:
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1248# client-side checking of server cert
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1249
1250run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
1251 "$O_SRV -key data_files/server2.key \
1252 -cert data_files/server2.ku-ds_ke.crt" \
1253 "$P_CLI debug_level=2 \
1254 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1255 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1256 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1257 -C "Processing of the Certificate handshake message failed" \
1258 -c "Ciphersuite is TLS-"
1259
1260run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
1261 "$O_SRV -key data_files/server2.key \
1262 -cert data_files/server2.ku-ds_ke.crt" \
1263 "$P_CLI debug_level=2 \
1264 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1265 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1266 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1267 -C "Processing of the Certificate handshake message failed" \
1268 -c "Ciphersuite is TLS-"
1269
1270run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
1271 "$O_SRV -key data_files/server2.key \
1272 -cert data_files/server2.ku-ke.crt" \
1273 "$P_CLI debug_level=2 \
1274 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1275 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1276 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1277 -C "Processing of the Certificate handshake message failed" \
1278 -c "Ciphersuite is TLS-"
1279
1280run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
1281 "$O_SRV -key data_files/server2.key \
1282 -cert data_files/server2.ku-ke.crt" \
1283 "$P_CLI debug_level=2 \
1284 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1285 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1286 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1287 -c "Processing of the Certificate handshake message failed" \
1288 -C "Ciphersuite is TLS-"
1289
1290run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
1291 "$O_SRV -key data_files/server2.key \
1292 -cert data_files/server2.ku-ds.crt" \
1293 "$P_CLI debug_level=2 \
1294 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1295 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1296 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1297 -C "Processing of the Certificate handshake message failed" \
1298 -c "Ciphersuite is TLS-"
1299
1300run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
1301 "$O_SRV -key data_files/server2.key \
1302 -cert data_files/server2.ku-ds.crt" \
1303 "$P_CLI debug_level=2 \
1304 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1305 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1306 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +0200[diff] [blame]1307 -c "Processing of the Certificate handshake message failed" \
1308 -C "Ciphersuite is TLS-"
1309
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +0200[diff] [blame]1310# Tests for keyUsage in leaf certificates, part 3:
1311# server-side checking of client cert
1312
1313run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
1314 "$P_SRV debug_level=2 auth_mode=optional" \
1315 "$O_CLI -key data_files/server2.key \
1316 -cert data_files/server2.ku-ds.crt" \
1317 0 \
1318 -S "bad certificate (usage extensions)" \
1319 -S "Processing of the Certificate handshake message failed"
1320
1321run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
1322 "$P_SRV debug_level=2 auth_mode=optional" \
1323 "$O_CLI -key data_files/server2.key \
1324 -cert data_files/server2.ku-ke.crt" \
1325 0 \
1326 -s "bad certificate (usage extensions)" \
1327 -S "Processing of the Certificate handshake message failed"
1328
1329run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
1330 "$P_SRV debug_level=2 auth_mode=required" \
1331 "$O_CLI -key data_files/server2.key \
1332 -cert data_files/server2.ku-ke.crt" \
1333 1 \
1334 -s "bad certificate (usage extensions)" \
1335 -s "Processing of the Certificate handshake message failed"
1336
1337run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
1338 "$P_SRV debug_level=2 auth_mode=optional" \
1339 "$O_CLI -key data_files/server5.key \
1340 -cert data_files/server5.ku-ds.crt" \
1341 0 \
1342 -S "bad certificate (usage extensions)" \
1343 -S "Processing of the Certificate handshake message failed"
1344
1345run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
1346 "$P_SRV debug_level=2 auth_mode=optional" \
1347 "$O_CLI -key data_files/server5.key \
1348 -cert data_files/server5.ku-ka.crt" \
1349 0 \
1350 -s "bad certificate (usage extensions)" \
1351 -S "Processing of the Certificate handshake message failed"
1352
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +0200[diff] [blame]1353# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
1354
1355run_test "extKeyUsage srv #1 (serverAuth -> OK)" \
1356 "$P_SRV key_file=data_files/server5.key \
1357 crt_file=data_files/server5.eku-srv.crt" \
1358 "$P_CLI" \
1359 0
1360
1361run_test "extKeyUsage srv #2 (serverAuth,clientAuth -> OK)" \
1362 "$P_SRV key_file=data_files/server5.key \
1363 crt_file=data_files/server5.eku-srv.crt" \
1364 "$P_CLI" \
1365 0
1366
1367run_test "extKeyUsage srv #3 (codeSign,anyEKU -> OK)" \
1368 "$P_SRV key_file=data_files/server5.key \
1369 crt_file=data_files/server5.eku-cs_any.crt" \
1370 "$P_CLI" \
1371 0
1372
1373# add psk to leave an option for client to send SERVERQUIT
1374run_test "extKeyUsage srv #4 (codeSign -> fail)" \
1375 "$P_SRV psk=abc123 key_file=data_files/server5.key \
1376 crt_file=data_files/server5.eku-cli.crt" \
1377 "$P_CLI psk=badbad" \
1378 1
1379
1380# Tests for extendedKeyUsage, part 2: client-side checking of server cert
1381
1382run_test "extKeyUsage cli #1 (serverAuth -> OK)" \
1383 "$O_SRV -key data_files/server5.key \
1384 -cert data_files/server5.eku-srv.crt" \
1385 "$P_CLI debug_level=2" \
1386 0 \
1387 -C "bad certificate (usage extensions)" \
1388 -C "Processing of the Certificate handshake message failed" \
1389 -c "Ciphersuite is TLS-"
1390
1391run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \
1392 "$O_SRV -key data_files/server5.key \
1393 -cert data_files/server5.eku-srv_cli.crt" \
1394 "$P_CLI debug_level=2" \
1395 0 \
1396 -C "bad certificate (usage extensions)" \
1397 -C "Processing of the Certificate handshake message failed" \
1398 -c "Ciphersuite is TLS-"
1399
1400run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \
1401 "$O_SRV -key data_files/server5.key \
1402 -cert data_files/server5.eku-cs_any.crt" \
1403 "$P_CLI debug_level=2" \
1404 0 \
1405 -C "bad certificate (usage extensions)" \
1406 -C "Processing of the Certificate handshake message failed" \
1407 -c "Ciphersuite is TLS-"
1408
1409run_test "extKeyUsage cli #4 (codeSign -> fail)" \
1410 "$O_SRV -key data_files/server5.key \
1411 -cert data_files/server5.eku-cs.crt" \
1412 "$P_CLI debug_level=2" \
1413 1 \
1414 -c "bad certificate (usage extensions)" \
1415 -c "Processing of the Certificate handshake message failed" \
1416 -C "Ciphersuite is TLS-"
1417
1418# Tests for extendedKeyUsage, part 3: server-side checking of client cert
1419
1420run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \
1421 "$P_SRV debug_level=2 auth_mode=optional" \
1422 "$O_CLI -key data_files/server5.key \
1423 -cert data_files/server5.eku-cli.crt" \
1424 0 \
1425 -S "bad certificate (usage extensions)" \
1426 -S "Processing of the Certificate handshake message failed"
1427
1428run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \
1429 "$P_SRV debug_level=2 auth_mode=optional" \
1430 "$O_CLI -key data_files/server5.key \
1431 -cert data_files/server5.eku-srv_cli.crt" \
1432 0 \
1433 -S "bad certificate (usage extensions)" \
1434 -S "Processing of the Certificate handshake message failed"
1435
1436run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \
1437 "$P_SRV debug_level=2 auth_mode=optional" \
1438 "$O_CLI -key data_files/server5.key \
1439 -cert data_files/server5.eku-cs_any.crt" \
1440 0 \
1441 -S "bad certificate (usage extensions)" \
1442 -S "Processing of the Certificate handshake message failed"
1443
1444run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \
1445 "$P_SRV debug_level=2 auth_mode=optional" \
1446 "$O_CLI -key data_files/server5.key \
1447 -cert data_files/server5.eku-cs.crt" \
1448 0 \
1449 -s "bad certificate (usage extensions)" \
1450 -S "Processing of the Certificate handshake message failed"
1451
1452run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \
1453 "$P_SRV debug_level=2 auth_mode=required" \
1454 "$O_CLI -key data_files/server5.key \
1455 -cert data_files/server5.eku-cs.crt" \
1456 1 \
1457 -s "bad certificate (usage extensions)" \
1458 -s "Processing of the Certificate handshake message failed"
1459
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]1460# Tests for DHM parameters loading
1461
1462run_test "DHM parameters #0 (reference)" \
1463 "$P_SRV" \
1464 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1465 debug_level=3" \
1466 0 \
1467 -c "value of 'DHM: P ' (2048 bits)" \
1468 -c "value of 'DHM: G ' (2048 bits)"
1469
1470run_test "DHM parameters #1 (other parameters)" \
1471 "$P_SRV dhm_file=data_files/dhparams.pem" \
1472 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1473 debug_level=3" \
1474 0 \
1475 -c "value of 'DHM: P ' (1024 bits)" \
1476 -c "value of 'DHM: G ' (2 bits)"
1477
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1478# Tests for PSK callback
1479
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1480run_test "PSK callback #0a (psk, no callback)" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1481 "$P_SRV psk=abc123 psk_identity=foo" \
1482 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1483 psk_identity=foo psk=abc123" \
1484 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1485 -S "SSL - The server has no ciphersuites in common" \
1486 -S "SSL - Unknown identity received" \
1487 -S "SSL - Verification of the message MAC failed"
1488
1489run_test "PSK callback #0b (no psk, no callback)" \
1490 "$P_SRV" \
1491 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1492 psk_identity=foo psk=abc123" \
1493 1 \
1494 -s "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1495 -S "SSL - Unknown identity received" \
1496 -S "SSL - Verification of the message MAC failed"
1497
1498run_test "PSK callback #1 (callback overrides other settings)" \
1499 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
1500 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1501 psk_identity=foo psk=abc123" \
1502 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1503 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1504 -s "SSL - Unknown identity received" \
1505 -S "SSL - Verification of the message MAC failed"
1506
1507run_test "PSK callback #2 (first id matches)" \
1508 "$P_SRV psk_list=abc,dead,def,beef" \
1509 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1510 psk_identity=abc psk=dead" \
1511 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1512 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1513 -S "SSL - Unknown identity received" \
1514 -S "SSL - Verification of the message MAC failed"
1515
1516run_test "PSK callback #3 (second id matches)" \
1517 "$P_SRV psk_list=abc,dead,def,beef" \
1518 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1519 psk_identity=def psk=beef" \
1520 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1521 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1522 -S "SSL - Unknown identity received" \
1523 -S "SSL - Verification of the message MAC failed"
1524
1525run_test "PSK callback #4 (no match)" \
1526 "$P_SRV psk_list=abc,dead,def,beef" \
1527 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1528 psk_identity=ghi psk=beef" \
1529 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1530 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1531 -s "SSL - Unknown identity received" \
1532 -S "SSL - Verification of the message MAC failed"
1533
1534run_test "PSK callback #5 (wrong key)" \
1535 "$P_SRV psk_list=abc,dead,def,beef" \
1536 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1537 psk_identity=abc psk=beef" \
1538 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +0200[diff] [blame]1539 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +0200[diff] [blame]1540 -S "SSL - Unknown identity received" \
1541 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +0200[diff] [blame]1542
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]1543# Tests for ciphersuites per version
1544
1545run_test "Per-version suites #1" \
1546 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1547 "$P_CLI force_version=ssl3" \
1548 0 \
1549 -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
1550
1551run_test "Per-version suites #2" \
1552 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1553 "$P_CLI force_version=tls1" \
1554 0 \
1555 -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
1556
1557run_test "Per-version suites #3" \
1558 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1559 "$P_CLI force_version=tls1_1" \
1560 0 \
1561 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
1562
1563run_test "Per-version suites #4" \
1564 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1565 "$P_CLI force_version=tls1_2" \
1566 0 \
1567 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
1568
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +0200[diff] [blame]1569# Tests for ssl_get_bytes_avail()
1570
1571run_test "ssl_get_bytes_avail #1 (no extra data)" \
1572 "$P_SRV" \
1573 "$P_CLI request_size=100" \
1574 0 \
1575 -s "Read from client: 100 bytes read$"
1576
1577run_test "ssl_get_bytes_avail #2 (extra data)" \
1578 "$P_SRV" \
1579 "$P_CLI request_size=500" \
1580 0 \
1581 -s "Read from client: 500 bytes read (.*+.*)"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +0200[diff] [blame]1582
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +0200[diff] [blame]1583# Tests for small packets
1584
1585run_test "Small packet SSLv3 BlockCipher" \
1586 "$P_SRV" \
1587 "$P_CLI request_size=1 force_version=ssl3 \
1588 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1589 0 \
1590 -s "Read from client: 1 bytes read"
1591
1592run_test "Small packet SSLv3 StreamCipher" \
1593 "$P_SRV" \
1594 "$P_CLI request_size=1 force_version=ssl3 \
1595 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1596 0 \
1597 -s "Read from client: 1 bytes read"
1598
1599run_test "Small packet TLS 1.0 BlockCipher" \
1600 "$P_SRV" \
1601 "$P_CLI request_size=1 force_version=tls1 \
1602 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1603 0 \
1604 -s "Read from client: 1 bytes read"
1605
1606run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
1607 "$P_SRV" \
1608 "$P_CLI request_size=1 force_version=tls1 \
1609 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1610 trunc_hmac=1" \
1611 0 \
1612 -s "Read from client: 1 bytes read"
1613
1614run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
1615 "$P_SRV" \
1616 "$P_CLI request_size=1 force_version=tls1 \
1617 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1618 trunc_hmac=1" \
1619 0 \
1620 -s "Read from client: 1 bytes read"
1621
1622run_test "Small packet TLS 1.1 BlockCipher" \
1623 "$P_SRV" \
1624 "$P_CLI request_size=1 force_version=tls1_1 \
1625 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1626 0 \
1627 -s "Read from client: 1 bytes read"
1628
1629run_test "Small packet TLS 1.1 StreamCipher" \
1630 "$P_SRV" \
1631 "$P_CLI request_size=1 force_version=tls1_1 \
1632 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1633 0 \
1634 -s "Read from client: 1 bytes read"
1635
1636run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
1637 "$P_SRV" \
1638 "$P_CLI request_size=1 force_version=tls1_1 \
1639 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1640 trunc_hmac=1" \
1641 0 \
1642 -s "Read from client: 1 bytes read"
1643
1644run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
1645 "$P_SRV" \
1646 "$P_CLI request_size=1 force_version=tls1_1 \
1647 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1648 trunc_hmac=1" \
1649 0 \
1650 -s "Read from client: 1 bytes read"
1651
1652run_test "Small packet TLS 1.2 BlockCipher" \
1653 "$P_SRV" \
1654 "$P_CLI request_size=1 force_version=tls1_2 \
1655 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1656 0 \
1657 -s "Read from client: 1 bytes read"
1658
1659run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
1660 "$P_SRV" \
1661 "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1662 0 \
1663 -s "Read from client: 1 bytes read"
1664
1665run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
1666 "$P_SRV" \
1667 "$P_CLI request_size=1 force_version=tls1_2 \
1668 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1669 trunc_hmac=1" \
1670 0 \
1671 -s "Read from client: 1 bytes read"
1672
1673run_test "Small packet TLS 1.2 StreamCipher" \
1674 "$P_SRV" \
1675 "$P_CLI request_size=1 force_version=tls1_2 \
1676 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1677 0 \
1678 -s "Read from client: 1 bytes read"
1679
1680run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
1681 "$P_SRV" \
1682 "$P_CLI request_size=1 force_version=tls1_2 \
1683 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1684 trunc_hmac=1" \
1685 0 \
1686 -s "Read from client: 1 bytes read"
1687
1688run_test "Small packet TLS 1.2 AEAD" \
1689 "$P_SRV" \
1690 "$P_CLI request_size=1 force_version=tls1_2 \
1691 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1692 0 \
1693 -s "Read from client: 1 bytes read"
1694
1695run_test "Small packet TLS 1.2 AEAD shorter tag" \
1696 "$P_SRV" \
1697 "$P_CLI request_size=1 force_version=tls1_2 \
1698 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1699 0 \
1700 -s "Read from client: 1 bytes read"
1701
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +0200[diff] [blame]1702# Test for large packets
1703
1704run_test "Large packet SSLv3 BlockCipher" \
1705 "$P_SRV" \
1706 "$P_CLI request_size=16384 force_version=ssl3 \
1707 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1708 0 \
1709 -s "Read from client: 16384 bytes read"
1710
1711run_test "Large packet SSLv3 StreamCipher" \
1712 "$P_SRV" \
1713 "$P_CLI request_size=16384 force_version=ssl3 \
1714 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1715 0 \
1716 -s "Read from client: 16384 bytes read"
1717
1718run_test "Large packet TLS 1.0 BlockCipher" \
1719 "$P_SRV" \
1720 "$P_CLI request_size=16384 force_version=tls1 \
1721 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1722 0 \
1723 -s "Read from client: 16384 bytes read"
1724
1725run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
1726 "$P_SRV" \
1727 "$P_CLI request_size=16384 force_version=tls1 \
1728 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1729 trunc_hmac=1" \
1730 0 \
1731 -s "Read from client: 16384 bytes read"
1732
1733run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
1734 "$P_SRV" \
1735 "$P_CLI request_size=16384 force_version=tls1 \
1736 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1737 trunc_hmac=1" \
1738 0 \
1739 -s "Read from client: 16384 bytes read"
1740
1741run_test "Large packet TLS 1.1 BlockCipher" \
1742 "$P_SRV" \
1743 "$P_CLI request_size=16384 force_version=tls1_1 \
1744 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1745 0 \
1746 -s "Read from client: 16384 bytes read"
1747
1748run_test "Large packet TLS 1.1 StreamCipher" \
1749 "$P_SRV" \
1750 "$P_CLI request_size=16384 force_version=tls1_1 \
1751 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1752 0 \
1753 -s "Read from client: 16384 bytes read"
1754
1755run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
1756 "$P_SRV" \
1757 "$P_CLI request_size=16384 force_version=tls1_1 \
1758 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1759 trunc_hmac=1" \
1760 0 \
1761 -s "Read from client: 16384 bytes read"
1762
1763run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
1764 "$P_SRV" \
1765 "$P_CLI request_size=16384 force_version=tls1_1 \
1766 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1767 trunc_hmac=1" \
1768 0 \
1769 -s "Read from client: 16384 bytes read"
1770
1771run_test "Large packet TLS 1.2 BlockCipher" \
1772 "$P_SRV" \
1773 "$P_CLI request_size=16384 force_version=tls1_2 \
1774 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1775 0 \
1776 -s "Read from client: 16384 bytes read"
1777
1778run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
1779 "$P_SRV" \
1780 "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1781 0 \
1782 -s "Read from client: 16384 bytes read"
1783
1784run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
1785 "$P_SRV" \
1786 "$P_CLI request_size=16384 force_version=tls1_2 \
1787 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1788 trunc_hmac=1" \
1789 0 \
1790 -s "Read from client: 16384 bytes read"
1791
1792run_test "Large packet TLS 1.2 StreamCipher" \
1793 "$P_SRV" \
1794 "$P_CLI request_size=16384 force_version=tls1_2 \
1795 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1796 0 \
1797 -s "Read from client: 16384 bytes read"
1798
1799run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
1800 "$P_SRV" \
1801 "$P_CLI request_size=16384 force_version=tls1_2 \
1802 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1803 trunc_hmac=1" \
1804 0 \
1805 -s "Read from client: 16384 bytes read"
1806
1807run_test "Large packet TLS 1.2 AEAD" \
1808 "$P_SRV" \
1809 "$P_CLI request_size=16384 force_version=tls1_2 \
1810 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1811 0 \
1812 -s "Read from client: 16384 bytes read"
1813
1814run_test "Large packet TLS 1.2 AEAD shorter tag" \
1815 "$P_SRV" \
1816 "$P_CLI request_size=16384 force_version=tls1_2 \
1817 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1818 0 \
1819 -s "Read from client: 16384 bytes read"
1820
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100[diff] [blame]1821# Final report
1822
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]1823echo "------------------------------------------------------------------------"
1824
1825if [ $FAILS = 0 ]; then
1826 echo -n "PASSED"
1827else
1828 echo -n "FAILED"
1829fi
1830PASSES=`echo $TESTS - $FAILS | bc`
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200[diff] [blame]1831echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]1832
1833exit $FAILS