TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / da782c945898dc428a6791d1732863f683b49060 / . / tests / ssl-opt.sh
blob: 08b30202f07653df0c136fa898386d374d65a692 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
12SRV_CMD="$PROGS_DIR/ssl_server2"
13CLI_CMD="$PROGS_DIR/ssl_client2"
14
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]15TESTS=0
16FAILS=0
17
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]18# print_name <name>
19print_name() {
20 echo -n "$1 "
21 LEN=`echo "$1" | wc -c`
22 LEN=`echo 72 - $LEN | bc`
23 for i in `seq 1 $LEN`; do echo -n '.'; done
24 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]25
26 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]27}
28
29# fail <message>
30fail() {
31 echo "FAIL"
32 echo " $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]33
34 cp srv_out srv-${TESTS}.log
35 cp cli_out cli-${TESTS}.log
36 echo " outputs saved to srv-${TESTS}.log and cli-${TESTS}.log"
37
38 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]39}
40
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]41# Usage: run_test name srv_args cli_args cli_exit [option [...]]
42# Options: -s pattern pattern that must be present in server output
43# -c pattern pattern that must be present in client output
44# -S pattern pattern that must be absent in server output
45# -C pattern pattern that must be absent in client output
46run_test() {
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]47 print_name "$1"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]48 shift
49
50 # run the commands
51 $SRV_CMD $1 > srv_out &
52 SRV_PID=$!
53 sleep 1
54 $CLI_CMD $2 > cli_out
55 CLI_EXIT=$?
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]56 echo SERVERQUIT | openssl s_client -no_ticket >/dev/null 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]57 wait $SRV_PID
58 shift 2
59
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]60 # check server exit code
61 if [ $? != 0 ]; then
62 fail "server fail"
63 return
64 fi
65
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]66 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]67 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
68 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
69 then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]70 fail "client exit"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]71 return
72 fi
73 shift
74
75 # check options
76 while [ $# -gt 0 ]
77 do
78 case $1 in
79 "-s")
80 if grep "$2" srv_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]81 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]82 return
83 fi
84 ;;
85
86 "-c")
87 if grep "$2" cli_out >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]88 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]89 return
90 fi
91 ;;
92
93 "-S")
94 if grep "$2" srv_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]95 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]96 return
97 fi
98 ;;
99
100 "-C")
101 if grep "$2" cli_out >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100[diff] [blame]102 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]103 return
104 fi
105 ;;
106
107 *)
108 echo "Unkown test: $1" >&2
109 exit 1
110 esac
111 shift 2
112 done
113
114 # if we're here, everything is ok
115 echo "PASS"
116 rm -r srv_out cli_out
117}
118
119killall -q openssl ssl_server ssl_server2
120
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]121# Tests for Truncated HMAC extension
122
123run_test "Truncated HMAC #0" \
124 "debug_level=5" \
125 "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
126 0 \
127 -s "dumping 'computed mac' (20 bytes)"
128
129run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]130 "debug_level=5" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]131 "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]132 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]133 -s "dumping 'computed mac' (10 bytes)"
134
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]135# Tests for Session Tickets
136
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]137run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]138 "debug_level=4 tickets=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]139 "debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]140 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]141 -c "client hello, adding session ticket extension" \
142 -s "found session ticket extension" \
143 -s "server hello, adding session ticket extension" \
144 -c "found session_ticket extension" \
145 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]146 -S "session successfully restored from cache" \
147 -s "session successfully restored from ticket" \
148 -s "a session has been resumed" \
149 -c "a session has been resumed"
150
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]151run_test "Session resume using tickets #2" \
152 "debug_level=4 tickets=1 cache_max=0" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100[diff] [blame]153 "debug_level=4 tickets=1 reconnect=1" \
154 0 \
155 -c "client hello, adding session ticket extension" \
156 -s "found session ticket extension" \
157 -s "server hello, adding session ticket extension" \
158 -c "found session_ticket extension" \
159 -c "parse new session ticket" \
160 -S "session successfully restored from cache" \
161 -s "session successfully restored from ticket" \
162 -s "a session has been resumed" \
163 -c "a session has been resumed"
164
165run_test "Session resume using tickets #3" \
166 "debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
167 "debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
168 0 \
169 -c "client hello, adding session ticket extension" \
170 -s "found session ticket extension" \
171 -s "server hello, adding session ticket extension" \
172 -c "found session_ticket extension" \
173 -c "parse new session ticket" \
174 -S "session successfully restored from cache" \
175 -S "session successfully restored from ticket" \
176 -S "a session has been resumed" \
177 -C "a session has been resumed"
178
179run_test "Session resume using tickets #4" \
180 "debug_level=4 tickets=1 cache_max=0 ticket_timeout=2" \
181 "debug_level=4 tickets=1 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]182 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]183 -c "client hello, adding session ticket extension" \
184 -s "found session ticket extension" \
185 -s "server hello, adding session ticket extension" \
186 -c "found session_ticket extension" \
187 -c "parse new session ticket" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]188 -S "session successfully restored from cache" \
189 -s "session successfully restored from ticket" \
190 -s "a session has been resumed" \
191 -c "a session has been resumed"
192
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]193# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]194
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]195run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]196 "debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]197 "debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]198 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]199 -c "client hello, adding session ticket extension" \
200 -s "found session ticket extension" \
201 -S "server hello, adding session ticket extension" \
202 -C "found session_ticket extension" \
203 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]204 -s "session successfully restored from cache" \
205 -S "session successfully restored from ticket" \
206 -s "a session has been resumed" \
207 -c "a session has been resumed"
208
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]209run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]210 "debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]211 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]212 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]213 -C "client hello, adding session ticket extension" \
214 -S "found session ticket extension" \
215 -S "server hello, adding session ticket extension" \
216 -C "found session_ticket extension" \
217 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]218 -s "session successfully restored from cache" \
219 -S "session successfully restored from ticket" \
220 -s "a session has been resumed" \
221 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]222
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]223run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]224 "debug_level=4 tickets=0 cache_max=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]225 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]226 0 \
227 -S "session successfully restored from cache" \
228 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]229 -S "a session has been resumed" \
230 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]231
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame]232run_test "Session resume using cache #4 (cache_max=1)" \
233 "debug_level=4 tickets=0 cache_max=1" \
234 "debug_level=4 tickets=0 reconnect=1" \
235 0 \
236 -s "session successfully restored from cache" \
237 -S "session successfully restored from ticket" \
238 -s "a session has been resumed" \
239 -c "a session has been resumed"
240
241run_test "Session resume using cache #5 (timemout > delay)" \
242 "debug_level=4 tickets=0 cache_timeout=1" \
243 "debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
244 0 \
245 -s "session successfully restored from cache" \
246 -S "session successfully restored from ticket" \
247 -s "a session has been resumed" \
248 -c "a session has been resumed"
249
250run_test "Session resume using cache #6 (timeout < delay)" \
251 "debug_level=4 tickets=0 cache_timeout=1" \
252 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
253 0 \
254 -S "session successfully restored from cache" \
255 -S "session successfully restored from ticket" \
256 -S "a session has been resumed" \
257 -C "a session has been resumed"
258
259run_test "Session resume using cache #7 (no timeout)" \
260 "debug_level=4 tickets=0 cache_timeout=0" \
261 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]262 0 \
263 -s "session successfully restored from cache" \
264 -S "session successfully restored from ticket" \
265 -s "a session has been resumed" \
266 -c "a session has been resumed"
267
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]268# Tests for Max Fragment Length extension
269
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]270run_test "Max fragment length #1" \
271 "debug_level=4" \
272 "debug_level=4" \
273 0 \
274 -C "client hello, adding max_fragment_length extension" \
275 -S "found max fragment length extension" \
276 -S "server hello, max_fragment_length extension" \
277 -C "found max_fragment_length extension"
278
279run_test "Max fragment length #2" \
280 "debug_level=4" \
281 "debug_level=4 max_frag_len=4096" \
282 0 \
283 -c "client hello, adding max_fragment_length extension" \
284 -s "found max fragment length extension" \
285 -s "server hello, max_fragment_length extension" \
286 -c "found max_fragment_length extension"
287
288run_test "Max fragment length #3" \
289 "debug_level=4 max_frag_len=4096" \
290 "debug_level=4" \
291 0 \
292 -C "client hello, adding max_fragment_length extension" \
293 -S "found max fragment length extension" \
294 -S "server hello, max_fragment_length extension" \
295 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]296
297# Tests for renegotiation
298
299run_test "Renegotiation #0 (none)" \
300 "debug_level=4" \
301 "debug_level=4" \
302 0 \
303 -C "client hello, adding renegotiation extension" \
304 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
305 -S "found renegotiation extension" \
306 -s "server hello, secure renegotiation extension" \
307 -c "found renegotiation extension" \
308 -C "renegotiate" \
309 -S "renegotiate" \
310 -S "write hello request"
311
312run_test "Renegotiation #1 (enabled, client-initiated)" \
313 "debug_level=4" \
314 "debug_level=4 renegotiate=1" \
315 0 \
316 -c "client hello, adding renegotiation extension" \
317 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
318 -s "found renegotiation extension" \
319 -s "server hello, secure renegotiation extension" \
320 -c "found renegotiation extension" \
321 -c "renegotiate" \
322 -s "renegotiate" \
323 -S "write hello request"
324
325run_test "Renegotiation #2 (enabled, server-initiated)" \
326 "debug_level=4 renegotiate=1" \
327 "debug_level=4" \
328 0 \
329 -c "client hello, adding renegotiation extension" \
330 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
331 -s "found renegotiation extension" \
332 -s "server hello, secure renegotiation extension" \
333 -c "found renegotiation extension" \
334 -c "renegotiate" \
335 -s "renegotiate" \
336 -s "write hello request"
337
338run_test "Renegotiation #3 (enabled, double)" \
339 "debug_level=4 renegotiate=1" \
340 "debug_level=4 renegotiate=1" \
341 0 \
342 -c "client hello, adding renegotiation extension" \
343 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
344 -s "found renegotiation extension" \
345 -s "server hello, secure renegotiation extension" \
346 -c "found renegotiation extension" \
347 -c "renegotiate" \
348 -s "renegotiate" \
349 -s "write hello request"
350
351run_test "Renegotiation #4 (client-initiated, server-rejected)" \
352 "debug_level=4 renegotiation=0" \
353 "debug_level=4 renegotiate=1" \
354 1 \
355 -c "client hello, adding renegotiation extension" \
356 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
357 -S "found renegotiation extension" \
358 -s "server hello, secure renegotiation extension" \
359 -c "found renegotiation extension" \
360 -c "renegotiate" \
361 -S "renegotiate" \
362 -S "write hello request"
363
364run_test "Renegotiation #5 (server-initiated, client-rejected)" \
365 "debug_level=4 renegotiate=1" \
366 "debug_level=4 renegotiation=0" \
367 0 \
368 -C "client hello, adding renegotiation extension" \
369 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
370 -S "found renegotiation extension" \
371 -s "server hello, secure renegotiation extension" \
372 -c "found renegotiation extension" \
373 -C "renegotiate" \
374 -S "renegotiate" \
375 -s "write hello request" \
376 -s "SSL - An unexpected message was received from our peer" \
377 -s "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100[diff] [blame]378
379echo "------------------------------------------------------------------------"
380
381if [ $FAILS = 0 ]; then
382 echo -n "PASSED"
383else
384 echo -n "FAILED"
385fi
386PASSES=`echo $TESTS - $FAILS | bc`
387echo " ($PASSES / $TESTS)"
388
389exit $FAILS