TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c55a5b7d6f15c175ad0ec6bd982a1c005a1b4543 / . / tests / ssl-opt.sh
blob: ac38f042fe1bef67ad2ce8b9bee10997daf376ad [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]1#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
11PROGS_DIR='../programs/ssl'
12SRV_CMD="$PROGS_DIR/ssl_server2"
13CLI_CMD="$PROGS_DIR/ssl_client2"
14
15# Usage: run_test name srv_args cli_args cli_exit [option [...]]
16# Options: -s pattern pattern that must be present in server output
17# -c pattern pattern that must be present in client output
18# -S pattern pattern that must be absent in server output
19# -C pattern pattern that must be absent in client output
20run_test() {
21 echo -n "$1: "
22 shift
23
24 # run the commands
25 $SRV_CMD $1 > srv_out &
26 SRV_PID=$!
27 sleep 1
28 $CLI_CMD $2 > cli_out
29 CLI_EXIT=$?
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]30 echo SERVERQUIT | openssl s_client -no_ticket >/dev/null 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]31 wait $SRV_PID
32 shift 2
33
34 # check client exit code
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]35 if [ \( "$1" = 0 -a "$CLI_EXIT" != 0 \) -o \
36 \( "$1" != 0 -a "$CLI_EXIT" = 0 \) ]
37 then
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]38 echo "FAIL - client exit"
39 return
40 fi
41 shift
42
43 # check options
44 while [ $# -gt 0 ]
45 do
46 case $1 in
47 "-s")
48 if grep "$2" srv_out >/dev/null; then :; else
49 echo "FAIL - -s $2"
50 return
51 fi
52 ;;
53
54 "-c")
55 if grep "$2" cli_out >/dev/null; then :; else
56 echo "FAIL - -c $2"
57 return
58 fi
59 ;;
60
61 "-S")
62 if grep "$2" srv_out >/dev/null; then
63 echo "FAIL - -S $2"
64 return
65 fi
66 ;;
67
68 "-C")
69 if grep "$2" cli_out >/dev/null; then
70 echo "FAIL - -C $2"
71 return
72 fi
73 ;;
74
75 *)
76 echo "Unkown test: $1" >&2
77 exit 1
78 esac
79 shift 2
80 done
81
82 # if we're here, everything is ok
83 echo "PASS"
84 rm -r srv_out cli_out
85}
86
87killall -q openssl ssl_server ssl_server2
88
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]89# Tests for Truncated HMAC extension
90
91run_test "Truncated HMAC #0" \
92 "debug_level=5" \
93 "trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
94 0 \
95 -s "dumping 'computed mac' (20 bytes)"
96
97run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]98 "debug_level=5" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]99 "trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100[diff] [blame]100 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]101 -s "dumping 'computed mac' (10 bytes)"
102
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]103# Tests for Session Tickets
104
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]105run_test "Session resume using tickets #1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]106 "debug_level=4 tickets=1" \
107 "debug_level=4 reconnect=1 tickets=1" \
108 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]109 -c "client hello, adding session ticket extension" \
110 -s "found session ticket extension" \
111 -s "server hello, adding session ticket extension" \
112 -c "found session_ticket extension" \
113 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]114 -S "session successfully restored from cache" \
115 -s "session successfully restored from ticket" \
116 -s "a session has been resumed" \
117 -c "a session has been resumed"
118
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]119run_test "Session resume using tickets #2" \
120 "debug_level=4 tickets=1 cache_max=0" \
121 "debug_level=4 reconnect=1 tickets=1" \
122 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]123 -c "client hello, adding session ticket extension" \
124 -s "found session ticket extension" \
125 -s "server hello, adding session ticket extension" \
126 -c "found session_ticket extension" \
127 -c "parse new session ticket" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]128 -S "session successfully restored from cache" \
129 -s "session successfully restored from ticket" \
130 -s "a session has been resumed" \
131 -c "a session has been resumed"
132
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]133# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]134
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]135run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]136 "debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]137 "debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]138 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]139 -c "client hello, adding session ticket extension" \
140 -s "found session ticket extension" \
141 -S "server hello, adding session ticket extension" \
142 -C "found session_ticket extension" \
143 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]144 -s "session successfully restored from cache" \
145 -S "session successfully restored from ticket" \
146 -s "a session has been resumed" \
147 -c "a session has been resumed"
148
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]149run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]150 "debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]151 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]152 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]153 -C "client hello, adding session ticket extension" \
154 -S "found session ticket extension" \
155 -S "server hello, adding session ticket extension" \
156 -C "found session_ticket extension" \
157 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100[diff] [blame]158 -s "session successfully restored from cache" \
159 -S "session successfully restored from ticket" \
160 -s "a session has been resumed" \
161 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]162
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]163run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]164 "debug_level=4 tickets=0 cache_max=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]165 "debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]166 0 \
167 -S "session successfully restored from cache" \
168 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]169 -S "a session has been resumed" \
170 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]171
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100[diff] [blame^]172run_test "Session resume using cache #4 (cache_max=1)" \
173 "debug_level=4 tickets=0 cache_max=1" \
174 "debug_level=4 tickets=0 reconnect=1" \
175 0 \
176 -s "session successfully restored from cache" \
177 -S "session successfully restored from ticket" \
178 -s "a session has been resumed" \
179 -c "a session has been resumed"
180
181run_test "Session resume using cache #5 (timemout > delay)" \
182 "debug_level=4 tickets=0 cache_timeout=1" \
183 "debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
184 0 \
185 -s "session successfully restored from cache" \
186 -S "session successfully restored from ticket" \
187 -s "a session has been resumed" \
188 -c "a session has been resumed"
189
190run_test "Session resume using cache #6 (timeout < delay)" \
191 "debug_level=4 tickets=0 cache_timeout=1" \
192 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
193 0 \
194 -S "session successfully restored from cache" \
195 -S "session successfully restored from ticket" \
196 -S "a session has been resumed" \
197 -C "a session has been resumed"
198
199run_test "Session resume using cache #7 (no timeout)" \
200 "debug_level=4 tickets=0 cache_timeout=0" \
201 "debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100[diff] [blame]202 0 \
203 -s "session successfully restored from cache" \
204 -S "session successfully restored from ticket" \
205 -s "a session has been resumed" \
206 -c "a session has been resumed"
207
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]208# Tests for Max Fragment Length extension
209
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100[diff] [blame]210run_test "Max fragment length #1" \
211 "debug_level=4" \
212 "debug_level=4" \
213 0 \
214 -C "client hello, adding max_fragment_length extension" \
215 -S "found max fragment length extension" \
216 -S "server hello, max_fragment_length extension" \
217 -C "found max_fragment_length extension"
218
219run_test "Max fragment length #2" \
220 "debug_level=4" \
221 "debug_level=4 max_frag_len=4096" \
222 0 \
223 -c "client hello, adding max_fragment_length extension" \
224 -s "found max fragment length extension" \
225 -s "server hello, max_fragment_length extension" \
226 -c "found max_fragment_length extension"
227
228run_test "Max fragment length #3" \
229 "debug_level=4 max_frag_len=4096" \
230 "debug_level=4" \
231 0 \
232 -C "client hello, adding max_fragment_length extension" \
233 -S "found max fragment length extension" \
234 -S "server hello, max_fragment_length extension" \
235 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100[diff] [blame]236
237# Tests for renegotiation
238
239run_test "Renegotiation #0 (none)" \
240 "debug_level=4" \
241 "debug_level=4" \
242 0 \
243 -C "client hello, adding renegotiation extension" \
244 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
245 -S "found renegotiation extension" \
246 -s "server hello, secure renegotiation extension" \
247 -c "found renegotiation extension" \
248 -C "renegotiate" \
249 -S "renegotiate" \
250 -S "write hello request"
251
252run_test "Renegotiation #1 (enabled, client-initiated)" \
253 "debug_level=4" \
254 "debug_level=4 renegotiate=1" \
255 0 \
256 -c "client hello, adding renegotiation extension" \
257 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
258 -s "found renegotiation extension" \
259 -s "server hello, secure renegotiation extension" \
260 -c "found renegotiation extension" \
261 -c "renegotiate" \
262 -s "renegotiate" \
263 -S "write hello request"
264
265run_test "Renegotiation #2 (enabled, server-initiated)" \
266 "debug_level=4 renegotiate=1" \
267 "debug_level=4" \
268 0 \
269 -c "client hello, adding renegotiation extension" \
270 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
271 -s "found renegotiation extension" \
272 -s "server hello, secure renegotiation extension" \
273 -c "found renegotiation extension" \
274 -c "renegotiate" \
275 -s "renegotiate" \
276 -s "write hello request"
277
278run_test "Renegotiation #3 (enabled, double)" \
279 "debug_level=4 renegotiate=1" \
280 "debug_level=4 renegotiate=1" \
281 0 \
282 -c "client hello, adding renegotiation extension" \
283 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
284 -s "found renegotiation extension" \
285 -s "server hello, secure renegotiation extension" \
286 -c "found renegotiation extension" \
287 -c "renegotiate" \
288 -s "renegotiate" \
289 -s "write hello request"
290
291run_test "Renegotiation #4 (client-initiated, server-rejected)" \
292 "debug_level=4 renegotiation=0" \
293 "debug_level=4 renegotiate=1" \
294 1 \
295 -c "client hello, adding renegotiation extension" \
296 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
297 -S "found renegotiation extension" \
298 -s "server hello, secure renegotiation extension" \
299 -c "found renegotiation extension" \
300 -c "renegotiate" \
301 -S "renegotiate" \
302 -S "write hello request"
303
304run_test "Renegotiation #5 (server-initiated, client-rejected)" \
305 "debug_level=4 renegotiate=1" \
306 "debug_level=4 renegotiation=0" \
307 0 \
308 -C "client hello, adding renegotiation extension" \
309 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
310 -S "found renegotiation extension" \
311 -s "server hello, secure renegotiation extension" \
312 -c "found renegotiation extension" \
313 -C "renegotiate" \
314 -S "renegotiate" \
315 -s "write hello request" \
316 -s "SSL - An unexpected message was received from our peer" \
317 -s "failed"