TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / dfbf9c711d07a82463110ea618d7ffa0c85b8cc7 / . / tests / ssl-opt.sh
blob: a60248d757a45714c2cdcd020bb576f9c5ece974 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
12SRV_CMD="$PROGS_DIR/ssl_server2"
13CLI_CMD="$PROGS_DIR/ssl_client2"
14
15# Usage: run_test name srv_args cli_args cli_exit [option [...]]
16# Options: -s pattern pattern that must be present in server output
17# -c pattern pattern that must be present in client output
18# -S pattern pattern that must be absent in server output
19# -C pattern pattern that must be absent in client output
20run_test() {
21 echo -n "$1: "
22 shift
23
24 # run the commands
25 $SRV_CMD $1 > srv_out &
26 SRV_PID=$!
27 sleep 1
28 $CLI_CMD $2 > cli_out
29 CLI_EXIT=$?
30 echo SERVERQUIT | openssl s_client >/dev/null 2>&1
31 wait $SRV_PID
32 shift 2
33
34 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]35 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
36 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
37 then
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]38 echo "FAIL - client exit"
39 return
40 fi
41 shift
42
43 # check options
44 while [ $# -gt 0 ]
45 do
46 case $1 in
47 "-s")
48 if grep "$2" srv_out >/dev/null; then :; else
49 echo "FAIL - -s $2"
50 return
51 fi
52 ;;
53
54 "-c")
55 if grep "$2" cli_out >/dev/null; then :; else
56 echo "FAIL - -c $2"
57 return
58 fi
59 ;;
60
61 "-S")
62 if grep "$2" srv_out >/dev/null; then
63 echo "FAIL - -S $2"
64 return
65 fi
66 ;;
67
68 "-C")
69 if grep "$2" cli_out >/dev/null; then
70 echo "FAIL - -C $2"
71 return
72 fi
73 ;;
74
75 *)
76 echo "Unkown test: $1" >&2
77 exit 1
78 esac
79 shift 2
80 done
81
82 # if we're here, everything is ok
83 echo "PASS"
84 rm -r srv_out cli_out
85}
86
87killall -q openssl ssl_server ssl_server2
88
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]89# Tests for Truncated HMAC extension
90
91run_test "Truncated HMAC #0" \
92 "debug_level=5" \
93 "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
94 0 \
95 -s "dumping 'computed mac' (20 bytes)"
96
97run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]98 "debug_level=5" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]99 "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]100 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]101 -s "dumping 'computed mac' (10 bytes)"
102
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]103# Tests for Session Tickets
104
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]105run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]106 "debug_level=4 tickets=1" \
107 "debug_level=4 reconnect=1 tickets=1" \
108 0 \
109 -S "session successfully restored from cache" \
110 -s "session successfully restored from ticket" \
111 -s "a session has been resumed" \
112 -c "a session has been resumed"
113
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]114run_test "Session resume using tickets #2" \
115 "debug_level=4 tickets=1 cache_max=0" \
116 "debug_level=4 reconnect=1 tickets=1" \
117 0 \
118 -S "session successfully restored from cache" \
119 -s "session successfully restored from ticket" \
120 -s "a session has been resumed" \
121 -c "a session has been resumed"
122
123# Test for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]124
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]125run_test "Session resume using cache #1" \
126 "debug_level=4 tickets=0" \
127 "debug_level=4 reconnect=1 tickets=1" \
128 0 \
129 -s "session successfully restored from cache" \
130 -S "session successfully restored from ticket" \
131 -s "a session has been resumed" \
132 -c "a session has been resumed"
133
134run_test "Session resume using cache #2" \
135 "debug_level=4 tickets=1" \
136 "debug_level=4 reconnect=1 tickets=0" \
137 0 \
138 -s "session successfully restored from cache" \
139 -S "session successfully restored from ticket" \
140 -s "a session has been resumed" \
141 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]142
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]143run_test "Session resume using cache #3" \
144 "debug_level=4 tickets=0 cache_max=0" \
145 "debug_level=4 reconnect=1 tickets=0" \
146 0 \
147 -S "session successfully restored from cache" \
148 -S "session successfully restored from ticket" \
149 -s "no session has been resumed" \
150 -c "no session has been resumed"
151
152run_test "Session resume using cache #4" \
153 "debug_level=4 tickets=1 cache_max=1" \
154 "debug_level=4 reconnect=1 tickets=0" \
155 0 \
156 -s "session successfully restored from cache" \
157 -S "session successfully restored from ticket" \
158 -s "a session has been resumed" \
159 -c "a session has been resumed"
160
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]161# Tests for Max Fragment Length extension
162
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]163run_test "Max fragment length #1" \
164 "debug_level=4" \
165 "debug_level=4" \
166 0 \
167 -C "client hello, adding max_fragment_length extension" \
168 -S "found max fragment length extension" \
169 -S "server hello, max_fragment_length extension" \
170 -C "found max_fragment_length extension"
171
172run_test "Max fragment length #2" \
173 "debug_level=4" \
174 "debug_level=4 max_frag_len=4096" \
175 0 \
176 -c "client hello, adding max_fragment_length extension" \
177 -s "found max fragment length extension" \
178 -s "server hello, max_fragment_length extension" \
179 -c "found max_fragment_length extension"
180
181run_test "Max fragment length #3" \
182 "debug_level=4 max_frag_len=4096" \
183 "debug_level=4" \
184 0 \
185 -C "client hello, adding max_fragment_length extension" \
186 -S "found max fragment length extension" \
187 -S "server hello, max_fragment_length extension" \
188 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]189
190# Tests for renegotiation
191
192run_test "Renegotiation #0 (none)" \
193 "debug_level=4" \
194 "debug_level=4" \
195 0 \
196 -C "client hello, adding renegotiation extension" \
197 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
198 -S "found renegotiation extension" \
199 -s "server hello, secure renegotiation extension" \
200 -c "found renegotiation extension" \
201 -C "renegotiate" \
202 -S "renegotiate" \
203 -S "write hello request"
204
205run_test "Renegotiation #1 (enabled, client-initiated)" \
206 "debug_level=4" \
207 "debug_level=4 renegotiate=1" \
208 0 \
209 -c "client hello, adding renegotiation extension" \
210 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
211 -s "found renegotiation extension" \
212 -s "server hello, secure renegotiation extension" \
213 -c "found renegotiation extension" \
214 -c "renegotiate" \
215 -s "renegotiate" \
216 -S "write hello request"
217
218run_test "Renegotiation #2 (enabled, server-initiated)" \
219 "debug_level=4 renegotiate=1" \
220 "debug_level=4" \
221 0 \
222 -c "client hello, adding renegotiation extension" \
223 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
224 -s "found renegotiation extension" \
225 -s "server hello, secure renegotiation extension" \
226 -c "found renegotiation extension" \
227 -c "renegotiate" \
228 -s "renegotiate" \
229 -s "write hello request"
230
231run_test "Renegotiation #3 (enabled, double)" \
232 "debug_level=4 renegotiate=1" \
233 "debug_level=4 renegotiate=1" \
234 0 \
235 -c "client hello, adding renegotiation extension" \
236 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
237 -s "found renegotiation extension" \
238 -s "server hello, secure renegotiation extension" \
239 -c "found renegotiation extension" \
240 -c "renegotiate" \
241 -s "renegotiate" \
242 -s "write hello request"
243
244run_test "Renegotiation #4 (client-initiated, server-rejected)" \
245 "debug_level=4 renegotiation=0" \
246 "debug_level=4 renegotiate=1" \
247 1 \
248 -c "client hello, adding renegotiation extension" \
249 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
250 -S "found renegotiation extension" \
251 -s "server hello, secure renegotiation extension" \
252 -c "found renegotiation extension" \
253 -c "renegotiate" \
254 -S "renegotiate" \
255 -S "write hello request"
256
257run_test "Renegotiation #5 (server-initiated, client-rejected)" \
258 "debug_level=4 renegotiate=1" \
259 "debug_level=4 renegotiation=0" \
260 0 \
261 -C "client hello, adding renegotiation extension" \
262 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
263 -S "found renegotiation extension" \
264 -s "server hello, secure renegotiation extension" \
265 -c "found renegotiation extension" \
266 -C "renegotiate" \
267 -S "renegotiate" \
268 -s "write hello request" \
269 -s "SSL - An unexpected message was received from our peer" \
270 -s "failed"