blob: ed0f19cb0af81c7cfd37e6b756ea2b36af577937 [file] [log] [blame]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +01001#!/bin/sh
2
3# Test various options that are not covered by compat.sh
4#
5# Here the goal is not to cover every ciphersuite/version, but
6# rather specific options (max fragment length, truncated hmac, etc)
7# or procedures (session resumption from cache or ticket, renego, etc).
8#
9# Assumes all options are compiled in.
10
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +010011set -u
12
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +010013# default values, can be overriden by the environment
14: ${P_SRV:=../programs/ssl/ssl_server2}
15: ${P_CLI:=../programs/ssl/ssl_client2}
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +010016: ${OPENSSL_CMD:=openssl} # OPENSSL would conflict with the build system
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +010017
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +010018O_SRV="$OPENSSL_CMD s_server -www -cert data_files/server5.crt -key data_files/server5.key"
19O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_CMD s_client"
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +010020
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +010021TESTS=0
22FAILS=0
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +020023SKIPS=0
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +010024
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +020025CONFIG_H='../include/polarssl/config.h'
26
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +010027MEMCHECK=0
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +010028FILTER='.*'
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +020029EXCLUDE='^$'
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +010030
31print_usage() {
32 echo "Usage: $0 [options]"
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +010033 echo -e " -h|--help\tPrint this help."
34 echo -e " -m|--memcheck\tCheck memory leaks and errors."
35 echo -e " -f|--filter\tOnly matching tests are executed (default: '$FILTER')"
36 echo -e " -e|--exclude\tMatching tests are excluded (default: '$EXCLUDE')"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +010037}
38
39get_options() {
40 while [ $# -gt 0 ]; do
41 case "$1" in
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +010042 -f|--filter)
43 shift; FILTER=$1
44 ;;
45 -e|--exclude)
46 shift; EXCLUDE=$1
47 ;;
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +010048 -m|--memcheck)
49 MEMCHECK=1
50 ;;
51 -h|--help)
52 print_usage
53 exit 0
54 ;;
55 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +020056 echo "Unknown argument: '$1'"
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +010057 print_usage
58 exit 1
59 ;;
60 esac
61 shift
62 done
63}
64
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +020065# skip next test if OpenSSL can't send SSLv2 ClientHello
66requires_openssl_with_sslv2() {
67 if [ -z "${OPENSSL_HAS_SSL2:-}" ]; then
68 if openssl ciphers -ssl2 >/dev/null 2>&1; then
69 OPENSSL_HAS_SSL2="YES"
70 else
71 OPENSSL_HAS_SSL2="NO"
72 fi
73 fi
74 if [ "$OPENSSL_HAS_SSL2" = "NO" ]; then
75 SKIP_NEXT="YES"
76 fi
77}
78
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +010079# print_name <name>
80print_name() {
81 echo -n "$1 "
82 LEN=`echo "$1" | wc -c`
83 LEN=`echo 72 - $LEN | bc`
84 for i in `seq 1 $LEN`; do echo -n '.'; done
85 echo -n ' '
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +010086
87 TESTS=`echo $TESTS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +010088}
89
90# fail <message>
91fail() {
92 echo "FAIL"
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +010093 echo " ! $1"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +010094
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +020095 cp $SRV_OUT o-srv-${TESTS}.log
96 cp $CLI_OUT o-cli-${TESTS}.log
Manuel Pégourié-Gonnard3eec6042014-02-27 15:37:24 +010097 echo " ! outputs saved to o-srv-${TESTS}.log and o-cli-${TESTS}.log"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +010098
99 FAILS=`echo $FAILS + 1 | bc`
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100100}
101
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100102# is_polar <cmd_line>
103is_polar() {
104 echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
105}
106
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100107# has_mem_err <log_file_name>
108has_mem_err() {
109 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" &&
110 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null
111 then
112 return 1 # false: does not have errors
113 else
114 return 0 # true: has errors
115 fi
116}
117
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200118# wait for server to start: two versions depending on lsof availability
119wait_server_start() {
120 if which lsof >/dev/null; then
121 # make sure we don't loop forever
122 ( sleep "$DOG_DELAY"; echo "SERVERSTART TIMEOUT"; kill $MAIN_PID ) &
123 WATCHDOG_PID=$!
124
125 # make a tight loop, server usually takes less than 1 sec to start
126 until lsof -nbi TCP:"$PORT" | grep LISTEN >/dev/null; do :; done
127
128 kill $WATCHDOG_PID
129 wait $WATCHDOG_PID
130 else
131 sleep "$START_DELAY"
132 fi
133}
134
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100135# Usage: run_test name srv_cmd cli_cmd cli_exit [option [...]]
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100136# Options: -s pattern pattern that must be present in server output
137# -c pattern pattern that must be present in client output
138# -S pattern pattern that must be absent in server output
139# -C pattern pattern that must be absent in client output
140run_test() {
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100141 NAME="$1"
142 SRV_CMD="$2"
143 CLI_CMD="$3"
144 CLI_EXPECT="$4"
145 shift 4
146
Manuel Pégourié-Gonnard417d46c2014-03-13 19:17:53 +0100147 if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
148 else
149 return
150 fi
151
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100152 print_name "$NAME"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100153
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200154 # should we skip?
155 if [ "X$SKIP_NEXT" = "XYES" ]; then
156 SKIP_NEXT="NO"
157 echo "SKIP"
158 SKIPS=`echo $SKIPS + 1 | bc`
159 return
160 fi
161
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100162 # prepend valgrind to our commands if active
163 if [ "$MEMCHECK" -gt 0 ]; then
164 if is_polar "$SRV_CMD"; then
165 SRV_CMD="valgrind --leak-check=full $SRV_CMD"
166 fi
167 if is_polar "$CLI_CMD"; then
168 CLI_CMD="valgrind --leak-check=full $CLI_CMD"
169 fi
170 fi
171
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100172 # run the commands
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200173 echo "$SRV_CMD" > $SRV_OUT
174 $SRV_CMD >> $SRV_OUT 2>&1 &
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100175 SRV_PID=$!
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200176 wait_server_start
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200177 echo "$CLI_CMD" > $CLI_OUT
178 eval "$CLI_CMD" >> $CLI_OUT 2>&1
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100179 CLI_EXIT=$?
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200180 echo "EXIT: $CLI_EXIT" >> $CLI_OUT
Manuel Pégourié-Gonnarde01af4c2014-03-25 14:16:44 +0100181
Manuel Pégourié-Gonnard74b11702014-08-14 15:47:33 +0200182 # kill the server
183 kill $SRV_PID
184 wait $SRV_PID
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100185
186 # check if the client and server went at least to the handshake stage
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200187 # (useful to avoid tests with only negative assertions and non-zero
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100188 # expected client exit to incorrectly succeed in case of catastrophic
189 # failure)
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100190 if is_polar "$SRV_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200191 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100192 else
193 fail "server failed to start"
194 return
195 fi
196 fi
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100197 if is_polar "$CLI_CMD"; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200198 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :;
Manuel Pégourié-Gonnard677884d2014-02-25 16:42:31 +0100199 else
200 fail "client failed to start"
201 return
202 fi
203 fi
204
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100205 # check server exit code
206 if [ $? != 0 ]; then
207 fail "server fail"
208 return
209 fi
210
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100211 # check client exit code
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100212 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \
213 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ]
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100214 then
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100215 fail "bad client exit code"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100216 return
217 fi
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100218
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100219 # check other assertions
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100220 while [ $# -gt 0 ]
221 do
222 case $1 in
223 "-s")
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200224 if grep "$2" $SRV_OUT >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100225 fail "-s $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100226 return
227 fi
228 ;;
229
230 "-c")
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200231 if grep "$2" $CLI_OUT >/dev/null; then :; else
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100232 fail "-c $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100233 return
234 fi
235 ;;
236
237 "-S")
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200238 if grep "$2" $SRV_OUT >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100239 fail "-S $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100240 return
241 fi
242 ;;
243
244 "-C")
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200245 if grep "$2" $CLI_OUT >/dev/null; then
Manuel Pégourié-Gonnardf8bdbb52014-02-21 09:20:14 +0100246 fail "-C $2"
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100247 return
248 fi
249 ;;
250
251 *)
Paul Bakker1ebc0c52014-05-22 15:47:58 +0200252 echo "Unknown test: $1" >&2
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100253 exit 1
254 esac
255 shift 2
256 done
257
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100258 # check valgrind's results
259 if [ "$MEMCHECK" -gt 0 ]; then
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200260 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100261 fail "Server has memory errors"
262 return
263 fi
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200264 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100265 fail "Client has memory errors"
266 return
267 fi
268 fi
269
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100270 # if we're here, everything is ok
271 echo "PASS"
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200272 rm -f $SRV_OUT $CLI_OUT
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100273}
274
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100275cleanup() {
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200276 rm -f $CLI_OUT $SRV_OUT $SESSION
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200277 kill $SRV_PID >/dev/null 2>&1
278 kill $WATCHDOG_PID >/dev/null 2>&1
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100279 exit 1
280}
281
Manuel Pégourié-Gonnard9dea8bd2014-02-26 18:21:02 +0100282#
283# MAIN
284#
285
Manuel Pégourié-Gonnard913030c2014-03-28 10:12:38 +0100286get_options "$@"
287
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100288# sanity checks, avoid an avalanche of errors
289if [ ! -x "$P_SRV" ]; then
290 echo "Command '$P_SRV' is not an executable file"
291 exit 1
292fi
293if [ ! -x "$P_CLI" ]; then
294 echo "Command '$P_CLI' is not an executable file"
295 exit 1
296fi
Manuel Pégourié-Gonnard74faf3c2014-03-13 18:47:44 +0100297if which $OPENSSL_CMD >/dev/null 2>&1; then :; else
298 echo "Command '$OPENSSL_CMD' not found"
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100299 exit 1
300fi
301
Manuel Pégourié-Gonnard32f8f4d2014-05-29 11:31:20 +0200302# used by watchdog
303MAIN_PID="$$"
304
Manuel Pégourié-Gonnard0c1ec472014-06-20 18:41:11 +0200305# be more patient with valgrind
306if [ "$MEMCHECK" -gt 0 ]; then
307 START_DELAY=3
308 DOG_DELAY=30
309else
310 START_DELAY=1
311 DOG_DELAY=10
312fi
313
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200314# Pick a "unique" port in the range 10000-19999.
315PORT="0000$$"
Manuel Pégourié-Gonnardfab2a3c2014-06-16 16:54:36 +0200316PORT="1$(echo $PORT | tail -c 5)"
Manuel Pégourié-Gonnard8066b812014-05-28 22:59:30 +0200317
318# fix commands to use this port
319P_SRV="$P_SRV server_port=$PORT"
320P_CLI="$P_CLI server_port=$PORT"
321O_SRV="$O_SRV -accept $PORT"
322O_CLI="$O_CLI -connect localhost:$PORT"
323
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200324# Also pick a unique name for intermediate files
325SRV_OUT="srv_out.$$"
326CLI_OUT="cli_out.$$"
327SESSION="session.$$"
328
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200329SKIP_NEXT="NO"
330
Manuel Pégourié-Gonnarda9062e92014-02-25 16:21:22 +0100331trap cleanup INT TERM HUP
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100332
Manuel Pégourié-Gonnarde73b2632014-07-12 04:00:00 +0200333# Basic test
334
335run_test "Default" \
336 "$P_SRV" \
337 "$P_CLI" \
338 0 \
339 -S "Last error was" \
340 -C "Last error was"
341
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100342# Test for SSLv2 ClientHello
343
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200344requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100345run_test "SSLv2 ClientHello #0 (reference)" \
346 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100347 "$O_CLI -no_ssl2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100348 0 \
349 -S "parse client hello v2" \
350 -S "ssl_handshake returned"
351
352# Adding a SSL2-only suite makes OpenSSL client send SSLv2 ClientHello
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +0200353requires_openssl_with_sslv2
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100354run_test "SSLv2 ClientHello #1 (actual test)" \
355 "$P_SRV debug_level=3" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100356 "$O_CLI -cipher 'DES-CBC-MD5:ALL'" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100357 0 \
358 -s "parse client hello v2" \
359 -S "ssl_handshake returned"
360
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100361# Tests for Truncated HMAC extension
362
363run_test "Truncated HMAC #0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100364 "$P_SRV debug_level=5" \
365 "$P_CLI trunc_hmac=0 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100366 0 \
367 -s "dumping 'computed mac' (20 bytes)"
368
369run_test "Truncated HMAC #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100370 "$P_SRV debug_level=5" \
371 "$P_CLI trunc_hmac=1 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
Manuel Pégourié-Gonnardeaadc502014-02-20 11:01:30 +0100372 0 \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100373 -s "dumping 'computed mac' (10 bytes)"
374
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100375# Tests for Session Tickets
376
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100377run_test "Session resume using tickets #1 (basic)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100378 "$P_SRV debug_level=4 tickets=1" \
379 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100380 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100381 -c "client hello, adding session ticket extension" \
382 -s "found session ticket extension" \
383 -s "server hello, adding session ticket extension" \
384 -c "found session_ticket extension" \
385 -c "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100386 -S "session successfully restored from cache" \
387 -s "session successfully restored from ticket" \
388 -s "a session has been resumed" \
389 -c "a session has been resumed"
390
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100391run_test "Session resume using tickets #2 (cache disabled)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100392 "$P_SRV debug_level=4 tickets=1 cache_max=0" \
393 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100394 0 \
395 -c "client hello, adding session ticket extension" \
396 -s "found session ticket extension" \
397 -s "server hello, adding session ticket extension" \
398 -c "found session_ticket extension" \
399 -c "parse new session ticket" \
400 -S "session successfully restored from cache" \
401 -s "session successfully restored from ticket" \
402 -s "a session has been resumed" \
403 -c "a session has been resumed"
404
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100405run_test "Session resume using tickets #3 (timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100406 "$P_SRV debug_level=4 tickets=1 cache_max=0 ticket_timeout=1" \
407 "$P_CLI debug_level=4 tickets=1 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnarddbe1ee12014-02-21 09:18:13 +0100408 0 \
409 -c "client hello, adding session ticket extension" \
410 -s "found session ticket extension" \
411 -s "server hello, adding session ticket extension" \
412 -c "found session_ticket extension" \
413 -c "parse new session ticket" \
414 -S "session successfully restored from cache" \
415 -S "session successfully restored from ticket" \
416 -S "a session has been resumed" \
417 -C "a session has been resumed"
418
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100419run_test "Session resume using tickets #4 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100420 "$O_SRV" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100421 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
422 0 \
423 -c "client hello, adding session ticket extension" \
424 -c "found session_ticket extension" \
425 -c "parse new session ticket" \
426 -c "a session has been resumed"
427
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100428run_test "Session resume using tickets #5 (openssl client)" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100429 "$P_SRV debug_level=4 tickets=1" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200430 "( $O_CLI -sess_out $SESSION; \
431 $O_CLI -sess_in $SESSION; \
432 rm -f $SESSION )" \
Manuel Pégourié-Gonnardfccd3252014-02-25 17:14:15 +0100433 0 \
434 -s "found session ticket extension" \
435 -s "server hello, adding session ticket extension" \
436 -S "session successfully restored from cache" \
437 -s "session successfully restored from ticket" \
438 -s "a session has been resumed"
439
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100440# Tests for Session Resume based on session-ID and cache
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100441
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100442run_test "Session resume using cache #1 (tickets enabled on client)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100443 "$P_SRV debug_level=4 tickets=0" \
444 "$P_CLI debug_level=4 tickets=1 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100445 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100446 -c "client hello, adding session ticket extension" \
447 -s "found session ticket extension" \
448 -S "server hello, adding session ticket extension" \
449 -C "found session_ticket extension" \
450 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100451 -s "session successfully restored from cache" \
452 -S "session successfully restored from ticket" \
453 -s "a session has been resumed" \
454 -c "a session has been resumed"
455
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100456run_test "Session resume using cache #2 (tickets enabled on server)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100457 "$P_SRV debug_level=4 tickets=1" \
458 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100459 0 \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100460 -C "client hello, adding session ticket extension" \
461 -S "found session ticket extension" \
462 -S "server hello, adding session ticket extension" \
463 -C "found session_ticket extension" \
464 -C "parse new session ticket" \
Manuel Pégourié-Gonnardf7c52012014-02-20 11:43:46 +0100465 -s "session successfully restored from cache" \
466 -S "session successfully restored from ticket" \
467 -s "a session has been resumed" \
468 -c "a session has been resumed"
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100469
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100470run_test "Session resume using cache #3 (cache_max=0)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100471 "$P_SRV debug_level=4 tickets=0 cache_max=0" \
472 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100473 0 \
474 -S "session successfully restored from cache" \
475 -S "session successfully restored from ticket" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100476 -S "a session has been resumed" \
477 -C "a session has been resumed"
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100478
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100479run_test "Session resume using cache #4 (cache_max=1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100480 "$P_SRV debug_level=4 tickets=0 cache_max=1" \
481 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100482 0 \
483 -s "session successfully restored from cache" \
484 -S "session successfully restored from ticket" \
485 -s "a session has been resumed" \
486 -c "a session has been resumed"
487
488run_test "Session resume using cache #5 (timemout > delay)" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100489 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100490 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=0" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100491 0 \
492 -s "session successfully restored from cache" \
493 -S "session successfully restored from ticket" \
494 -s "a session has been resumed" \
495 -c "a session has been resumed"
496
497run_test "Session resume using cache #6 (timeout < delay)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100498 "$P_SRV debug_level=4 tickets=0 cache_timeout=1" \
499 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnardc55a5b72014-02-20 22:50:56 +0100500 0 \
501 -S "session successfully restored from cache" \
502 -S "session successfully restored from ticket" \
503 -S "a session has been resumed" \
504 -C "a session has been resumed"
505
506run_test "Session resume using cache #7 (no timeout)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100507 "$P_SRV debug_level=4 tickets=0 cache_timeout=0" \
508 "$P_CLI debug_level=4 tickets=0 reconnect=1 reco_delay=2" \
Manuel Pégourié-Gonnard4c883452014-02-20 21:32:41 +0100509 0 \
510 -s "session successfully restored from cache" \
511 -S "session successfully restored from ticket" \
512 -s "a session has been resumed" \
513 -c "a session has been resumed"
514
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100515run_test "Session resume using cache #8 (openssl client)" \
516 "$P_SRV debug_level=4 tickets=0" \
Manuel Pégourié-Gonnardbc3b16c2014-05-28 23:06:50 +0200517 "( $O_CLI -sess_out $SESSION; \
518 $O_CLI -sess_in $SESSION; \
519 rm -f $SESSION )" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100520 0 \
521 -s "found session ticket extension" \
522 -S "server hello, adding session ticket extension" \
523 -s "session successfully restored from cache" \
524 -S "session successfully restored from ticket" \
525 -s "a session has been resumed"
526
527run_test "Session resume using cache #9 (openssl server)" \
Manuel Pégourié-Gonnardf7a26902014-02-27 12:25:54 +0100528 "$O_SRV" \
Manuel Pégourié-Gonnarddb735f62014-02-25 17:57:59 +0100529 "$P_CLI debug_level=4 tickets=0 reconnect=1" \
530 0 \
531 -C "found session_ticket extension" \
532 -C "parse new session ticket" \
533 -c "a session has been resumed"
534
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100535# Tests for Max Fragment Length extension
536
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100537run_test "Max fragment length #1" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100538 "$P_SRV debug_level=4" \
539 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100540 0 \
541 -C "client hello, adding max_fragment_length extension" \
542 -S "found max fragment length extension" \
543 -S "server hello, max_fragment_length extension" \
544 -C "found max_fragment_length extension"
545
546run_test "Max fragment length #2" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100547 "$P_SRV debug_level=4" \
548 "$P_CLI debug_level=4 max_frag_len=4096" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100549 0 \
550 -c "client hello, adding max_fragment_length extension" \
551 -s "found max fragment length extension" \
552 -s "server hello, max_fragment_length extension" \
553 -c "found max_fragment_length extension"
554
555run_test "Max fragment length #3" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100556 "$P_SRV debug_level=4 max_frag_len=4096" \
557 "$P_CLI debug_level=4" \
Manuel Pégourié-Gonnardde143782014-02-20 14:50:42 +0100558 0 \
559 -C "client hello, adding max_fragment_length extension" \
560 -S "found max fragment length extension" \
561 -S "server hello, max_fragment_length extension" \
562 -C "found max_fragment_length extension"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100563
564# Tests for renegotiation
565
566run_test "Renegotiation #0 (none)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200567 "$P_SRV debug_level=4 exchanges=2" \
568 "$P_CLI debug_level=4 exchanges=2" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100569 0 \
570 -C "client hello, adding renegotiation extension" \
571 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
572 -S "found renegotiation extension" \
573 -s "server hello, secure renegotiation extension" \
574 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100575 -C "=> renegotiate" \
576 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100577 -S "write hello request"
578
579run_test "Renegotiation #1 (enabled, client-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200580 "$P_SRV debug_level=4 exchanges=2 renegotiation=1" \
581 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100582 0 \
583 -c "client hello, adding renegotiation extension" \
584 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
585 -s "found renegotiation extension" \
586 -s "server hello, secure renegotiation extension" \
587 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100588 -c "=> renegotiate" \
589 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100590 -S "write hello request"
591
592run_test "Renegotiation #2 (enabled, server-initiated)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200593 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
594 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100595 0 \
596 -c "client hello, adding renegotiation extension" \
597 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
598 -s "found renegotiation extension" \
599 -s "server hello, secure renegotiation extension" \
600 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100601 -c "=> renegotiate" \
602 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100603 -s "write hello request"
604
605run_test "Renegotiation #3 (enabled, double)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200606 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
607 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100608 0 \
609 -c "client hello, adding renegotiation extension" \
610 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
611 -s "found renegotiation extension" \
612 -s "server hello, secure renegotiation extension" \
613 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100614 -c "=> renegotiate" \
615 -s "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100616 -s "write hello request"
617
618run_test "Renegotiation #4 (client-initiated, server-rejected)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200619 "$P_SRV debug_level=4 exchanges=2 renegotiation=0" \
620 "$P_CLI debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100621 1 \
622 -c "client hello, adding renegotiation extension" \
623 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
624 -S "found renegotiation extension" \
625 -s "server hello, secure renegotiation extension" \
626 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100627 -c "=> renegotiate" \
628 -S "=> renegotiate" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200629 -S "write hello request" \
Manuel Pégourié-Gonnard65919622014-08-19 12:50:30 +0200630 -c "SSL - Unexpected message at ServerHello in renegotiation" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200631 -c "failed"
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100632
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200633run_test "Renegotiation #5 (server-initiated, client-rejected, default)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200634 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1" \
635 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100636 0 \
637 -C "client hello, adding renegotiation extension" \
638 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
639 -S "found renegotiation extension" \
640 -s "server hello, secure renegotiation extension" \
641 -c "found renegotiation extension" \
Manuel Pégourié-Gonnardc73339f2014-02-26 16:35:27 +0100642 -C "=> renegotiate" \
643 -S "=> renegotiate" \
Manuel Pégourié-Gonnard780d6712014-02-20 17:19:59 +0100644 -s "write hello request" \
Manuel Pégourié-Gonnarda9964db2014-07-03 19:29:16 +0200645 -S "SSL - An unexpected message was received from our peer" \
646 -S "failed"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +0100647
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200648run_test "Renegotiation #6 (server-initiated, client-rejected, not enforced)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200649 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200650 renego_delay=-1" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200651 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200652 0 \
653 -C "client hello, adding renegotiation extension" \
654 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
655 -S "found renegotiation extension" \
656 -s "server hello, secure renegotiation extension" \
657 -c "found renegotiation extension" \
658 -C "=> renegotiate" \
659 -S "=> renegotiate" \
660 -s "write hello request" \
661 -S "SSL - An unexpected message was received from our peer" \
662 -S "failed"
663
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200664# delay 2 for 1 alert record + 1 application data record
665run_test "Renegotiation #7 (server-initiated, client-rejected, delay 2)" \
666 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
667 renego_delay=2" \
668 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200669 0 \
670 -C "client hello, adding renegotiation extension" \
671 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
672 -S "found renegotiation extension" \
673 -s "server hello, secure renegotiation extension" \
674 -c "found renegotiation extension" \
675 -C "=> renegotiate" \
676 -S "=> renegotiate" \
677 -s "write hello request" \
678 -S "SSL - An unexpected message was received from our peer" \
679 -S "failed"
680
681run_test "Renegotiation #8 (server-initiated, client-rejected, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200682 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200683 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200684 "$P_CLI debug_level=4 exchanges=2 renegotiation=0" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200685 0 \
686 -C "client hello, adding renegotiation extension" \
687 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
688 -S "found renegotiation extension" \
689 -s "server hello, secure renegotiation extension" \
690 -c "found renegotiation extension" \
691 -C "=> renegotiate" \
692 -S "=> renegotiate" \
693 -s "write hello request" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200694 -s "SSL - An unexpected message was received from our peer"
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200695
696run_test "Renegotiation #9 (server-initiated, client-accepted, delay 0)" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200697 "$P_SRV debug_level=4 exchanges=2 renegotiation=1 renegotiate=1 \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200698 renego_delay=0" \
Manuel Pégourié-Gonnarda8c0a0d2014-08-15 12:07:38 +0200699 "$P_CLI debug_level=4 exchanges=2 renegotiation=1" \
Manuel Pégourié-Gonnardfae355e2014-07-04 14:32:27 +0200700 0 \
701 -c "client hello, adding renegotiation extension" \
702 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
703 -s "found renegotiation extension" \
704 -s "server hello, secure renegotiation extension" \
705 -c "found renegotiation extension" \
706 -c "=> renegotiate" \
707 -s "=> renegotiate" \
708 -s "write hello request" \
709 -S "SSL - An unexpected message was received from our peer" \
710 -S "failed"
711
Manuel Pégourié-Gonnardf07f4212014-08-15 19:04:47 +0200712run_test "Renegotiation #10 (nbio, enabled, client-initiated)" \
713 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
714 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
715 0 \
716 -c "client hello, adding renegotiation extension" \
717 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
718 -s "found renegotiation extension" \
719 -s "server hello, secure renegotiation extension" \
720 -c "found renegotiation extension" \
721 -c "=> renegotiate" \
722 -s "=> renegotiate" \
723 -S "write hello request"
724
725run_test "Renegotiation #11 (nbio, enabled, server-initiated)" \
726 "$P_SRV debug_level=4 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \
727 "$P_CLI debug_level=4 nbio=2 exchanges=2 renegotiation=1" \
728 0 \
729 -c "client hello, adding renegotiation extension" \
730 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \
731 -s "found renegotiation extension" \
732 -s "server hello, secure renegotiation extension" \
733 -c "found renegotiation extension" \
734 -c "=> renegotiate" \
735 -s "=> renegotiate" \
736 -s "write hello request"
737
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100738# Tests for auth_mode
739
740run_test "Authentication #1 (server badcert, client required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100741 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100742 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100743 "$P_CLI debug_level=2 auth_mode=required" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100744 1 \
745 -c "x509_verify_cert() returned" \
746 -c "! self-signed or not signed by a trusted CA" \
747 -c "! ssl_handshake returned" \
748 -c "X509 - Certificate verification failed"
749
750run_test "Authentication #2 (server badcert, client optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100751 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100752 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100753 "$P_CLI debug_level=2 auth_mode=optional" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100754 0 \
755 -c "x509_verify_cert() returned" \
756 -c "! self-signed or not signed by a trusted CA" \
757 -C "! ssl_handshake returned" \
758 -C "X509 - Certificate verification failed"
759
760run_test "Authentication #3 (server badcert, client none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100761 "$P_SRV crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100762 key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100763 "$P_CLI debug_level=2 auth_mode=none" \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100764 0 \
765 -C "x509_verify_cert() returned" \
766 -C "! self-signed or not signed by a trusted CA" \
767 -C "! ssl_handshake returned" \
768 -C "X509 - Certificate verification failed"
769
770run_test "Authentication #4 (client badcert, server required)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100771 "$P_SRV debug_level=4 auth_mode=required" \
772 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100773 key_file=data_files/server5.key" \
774 1 \
775 -S "skip write certificate request" \
776 -C "skip parse certificate request" \
777 -c "got a certificate request" \
778 -C "skip write certificate" \
779 -C "skip write certificate verify" \
780 -S "skip parse certificate verify" \
781 -s "x509_verify_cert() returned" \
782 -S "! self-signed or not signed by a trusted CA" \
783 -s "! ssl_handshake returned" \
784 -c "! ssl_handshake returned" \
785 -s "X509 - Certificate verification failed"
786
787run_test "Authentication #5 (client badcert, server optional)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100788 "$P_SRV debug_level=4 auth_mode=optional" \
789 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100790 key_file=data_files/server5.key" \
791 0 \
792 -S "skip write certificate request" \
793 -C "skip parse certificate request" \
794 -c "got a certificate request" \
795 -C "skip write certificate" \
796 -C "skip write certificate verify" \
797 -S "skip parse certificate verify" \
798 -s "x509_verify_cert() returned" \
799 -s "! self-signed or not signed by a trusted CA" \
800 -S "! ssl_handshake returned" \
801 -C "! ssl_handshake returned" \
802 -S "X509 - Certificate verification failed"
803
804run_test "Authentication #6 (client badcert, server none)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100805 "$P_SRV debug_level=4 auth_mode=none" \
806 "$P_CLI debug_level=4 crt_file=data_files/server5-badsign.crt \
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +0100807 key_file=data_files/server5.key" \
808 0 \
809 -s "skip write certificate request" \
810 -C "skip parse certificate request" \
811 -c "got no certificate request" \
812 -c "skip write certificate" \
813 -c "skip write certificate verify" \
814 -s "skip parse certificate verify" \
815 -S "x509_verify_cert() returned" \
816 -S "! self-signed or not signed by a trusted CA" \
817 -S "! ssl_handshake returned" \
818 -C "! ssl_handshake returned" \
819 -S "X509 - Certificate verification failed"
820
Manuel Pégourié-Gonnardde515cc2014-02-27 14:58:26 +0100821run_test "Authentication #7 (client no cert, server optional)" \
822 "$P_SRV debug_level=4 auth_mode=optional" \
823 "$P_CLI debug_level=4 crt_file=none key_file=none" \
824 0 \
825 -S "skip write certificate request" \
826 -C "skip parse certificate request" \
827 -c "got a certificate request" \
828 -C "skip write certificate$" \
829 -C "got no certificate to send" \
830 -S "SSLv3 client has no certificate" \
831 -c "skip write certificate verify" \
832 -s "skip parse certificate verify" \
833 -s "! no client certificate sent" \
834 -S "! ssl_handshake returned" \
835 -C "! ssl_handshake returned" \
836 -S "X509 - Certificate verification failed"
837
838run_test "Authentication #8 (openssl client no cert, server optional)" \
839 "$P_SRV debug_level=4 auth_mode=optional" \
840 "$O_CLI" \
841 0 \
842 -S "skip write certificate request" \
843 -s "skip parse certificate verify" \
844 -s "! no client certificate sent" \
845 -S "! ssl_handshake returned" \
846 -S "X509 - Certificate verification failed"
847
848run_test "Authentication #9 (client no cert, openssl server optional)" \
849 "$O_SRV -verify 10" \
850 "$P_CLI debug_level=4 crt_file=none key_file=none" \
851 0 \
852 -C "skip parse certificate request" \
853 -c "got a certificate request" \
854 -C "skip write certificate$" \
855 -c "skip write certificate verify" \
856 -C "! ssl_handshake returned"
857
858run_test "Authentication #10 (client no cert, ssl3)" \
859 "$P_SRV debug_level=4 auth_mode=optional force_version=ssl3" \
860 "$P_CLI debug_level=4 crt_file=none key_file=none" \
861 0 \
862 -S "skip write certificate request" \
863 -C "skip parse certificate request" \
864 -c "got a certificate request" \
865 -C "skip write certificate$" \
866 -c "skip write certificate verify" \
867 -c "got no certificate to send" \
868 -s "SSLv3 client has no certificate" \
869 -s "skip parse certificate verify" \
870 -s "! no client certificate sent" \
871 -S "! ssl_handshake returned" \
872 -C "! ssl_handshake returned" \
873 -S "X509 - Certificate verification failed"
874
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100875# tests for SNI
876
877run_test "SNI #0 (no SNI callback)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100878 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100879 crt_file=data_files/server5.crt key_file=data_files/server5.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100880 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100881 server_name=localhost" \
882 0 \
883 -S "parse ServerName extension" \
884 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \
885 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
886
887run_test "SNI #1 (matching cert 1)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100888 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100889 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100890 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100891 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100892 server_name=localhost" \
893 0 \
894 -s "parse ServerName extension" \
895 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
896 -c "subject name *: C=NL, O=PolarSSL, CN=localhost"
897
898run_test "SNI #2 (matching cert 2)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100899 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100900 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100901 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100902 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100903 server_name=polarssl.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100904 0 \
905 -s "parse ServerName extension" \
906 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100907 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example"
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100908
909run_test "SNI #3 (no matching cert)" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100910 "$P_SRV debug_level=4 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100911 crt_file=data_files/server5.crt key_file=data_files/server5.key \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100912 sni=localhost,data_files/server2.crt,data_files/server2.key,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key" \
Manuel Pégourié-Gonnardc1da6642014-02-25 14:18:30 +0100913 "$P_CLI debug_level=0 server_addr=127.0.0.1 \
Manuel Pégourié-Gonnard76b8ab72014-03-26 09:31:35 +0100914 server_name=nonesuch.example" \
Manuel Pégourié-Gonnard96ea2f22014-02-25 12:26:29 +0100915 1 \
916 -s "parse ServerName extension" \
917 -s "ssl_sni_wrapper() returned" \
918 -s "ssl_handshake returned" \
919 -c "ssl_handshake returned" \
920 -c "SSL - A fatal alert message was received from our peer"
921
Manuel Pégourié-Gonnard0b6609b2014-02-26 14:45:12 +0100922# Tests for non-blocking I/O: exercise a variety of handshake flows
923
924run_test "Non-blocking I/O #1 (basic handshake)" \
925 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
926 "$P_CLI nbio=2 tickets=0" \
927 0 \
928 -S "ssl_handshake returned" \
929 -C "ssl_handshake returned" \
930 -c "Read from server: .* bytes read"
931
932run_test "Non-blocking I/O #2 (client auth)" \
933 "$P_SRV nbio=2 tickets=0 auth_mode=required" \
934 "$P_CLI nbio=2 tickets=0" \
935 0 \
936 -S "ssl_handshake returned" \
937 -C "ssl_handshake returned" \
938 -c "Read from server: .* bytes read"
939
940run_test "Non-blocking I/O #3 (ticket)" \
941 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
942 "$P_CLI nbio=2 tickets=1" \
943 0 \
944 -S "ssl_handshake returned" \
945 -C "ssl_handshake returned" \
946 -c "Read from server: .* bytes read"
947
948run_test "Non-blocking I/O #4 (ticket + client auth)" \
949 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
950 "$P_CLI nbio=2 tickets=1" \
951 0 \
952 -S "ssl_handshake returned" \
953 -C "ssl_handshake returned" \
954 -c "Read from server: .* bytes read"
955
956run_test "Non-blocking I/O #5 (ticket + client auth + resume)" \
957 "$P_SRV nbio=2 tickets=1 auth_mode=required" \
958 "$P_CLI nbio=2 tickets=1 reconnect=1" \
959 0 \
960 -S "ssl_handshake returned" \
961 -C "ssl_handshake returned" \
962 -c "Read from server: .* bytes read"
963
964run_test "Non-blocking I/O #6 (ticket + resume)" \
965 "$P_SRV nbio=2 tickets=1 auth_mode=none" \
966 "$P_CLI nbio=2 tickets=1 reconnect=1" \
967 0 \
968 -S "ssl_handshake returned" \
969 -C "ssl_handshake returned" \
970 -c "Read from server: .* bytes read"
971
972run_test "Non-blocking I/O #7 (session-id resume)" \
973 "$P_SRV nbio=2 tickets=0 auth_mode=none" \
974 "$P_CLI nbio=2 tickets=0 reconnect=1" \
975 0 \
976 -S "ssl_handshake returned" \
977 -C "ssl_handshake returned" \
978 -c "Read from server: .* bytes read"
979
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +0200980# Tests for version negotiation
981
Manuel Pégourié-Gonnarda3d808e2014-02-26 16:33:03 +0100982run_test "Version check #1 (all -> 1.2)" \
983 "$P_SRV" \
984 "$P_CLI" \
985 0 \
986 -S "ssl_handshake returned" \
987 -C "ssl_handshake returned" \
988 -s "Protocol is TLSv1.2" \
989 -c "Protocol is TLSv1.2"
990
991run_test "Version check #2 (cli max 1.1 -> 1.1)" \
992 "$P_SRV" \
993 "$P_CLI max_version=tls1_1" \
994 0 \
995 -S "ssl_handshake returned" \
996 -C "ssl_handshake returned" \
997 -s "Protocol is TLSv1.1" \
998 -c "Protocol is TLSv1.1"
999
1000run_test "Version check #3 (srv max 1.1 -> 1.1)" \
1001 "$P_SRV max_version=tls1_1" \
1002 "$P_CLI" \
1003 0 \
1004 -S "ssl_handshake returned" \
1005 -C "ssl_handshake returned" \
1006 -s "Protocol is TLSv1.1" \
1007 -c "Protocol is TLSv1.1"
1008
1009run_test "Version check #4 (cli+srv max 1.1 -> 1.1)" \
1010 "$P_SRV max_version=tls1_1" \
1011 "$P_CLI max_version=tls1_1" \
1012 0 \
1013 -S "ssl_handshake returned" \
1014 -C "ssl_handshake returned" \
1015 -s "Protocol is TLSv1.1" \
1016 -c "Protocol is TLSv1.1"
1017
1018run_test "Version check #5 (cli max 1.1, srv min 1.1 -> 1.1)" \
1019 "$P_SRV min_version=tls1_1" \
1020 "$P_CLI max_version=tls1_1" \
1021 0 \
1022 -S "ssl_handshake returned" \
1023 -C "ssl_handshake returned" \
1024 -s "Protocol is TLSv1.1" \
1025 -c "Protocol is TLSv1.1"
1026
1027run_test "Version check #6 (cli min 1.1, srv max 1.1 -> 1.1)" \
1028 "$P_SRV max_version=tls1_1" \
1029 "$P_CLI min_version=tls1_1" \
1030 0 \
1031 -S "ssl_handshake returned" \
1032 -C "ssl_handshake returned" \
1033 -s "Protocol is TLSv1.1" \
1034 -c "Protocol is TLSv1.1"
1035
1036run_test "Version check #7 (cli min 1.2, srv max 1.1 -> fail)" \
1037 "$P_SRV max_version=tls1_1" \
1038 "$P_CLI min_version=tls1_2" \
1039 1 \
1040 -s "ssl_handshake returned" \
1041 -c "ssl_handshake returned" \
1042 -c "SSL - Handshake protocol not within min/max boundaries"
1043
1044run_test "Version check #8 (srv min 1.2, cli max 1.1 -> fail)" \
1045 "$P_SRV min_version=tls1_2" \
1046 "$P_CLI max_version=tls1_1" \
1047 1 \
1048 -s "ssl_handshake returned" \
1049 -c "ssl_handshake returned" \
1050 -s "SSL - Handshake protocol not within min/max boundaries"
1051
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02001052# Tests for ALPN extension
1053
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +02001054if grep '^#define POLARSSL_SSL_ALPN' $CONFIG_H >/dev/null; then
1055
Manuel Pégourié-Gonnardf6521de2014-04-07 12:42:04 +02001056run_test "ALPN #0 (none)" \
1057 "$P_SRV debug_level=4" \
1058 "$P_CLI debug_level=4" \
1059 0 \
1060 -C "client hello, adding alpn extension" \
1061 -S "found alpn extension" \
1062 -C "got an alert message, type: \\[2:120]" \
1063 -S "server hello, adding alpn extension" \
1064 -C "found alpn extension " \
1065 -C "Application Layer Protocol is" \
1066 -S "Application Layer Protocol is"
1067
1068run_test "ALPN #1 (client only)" \
1069 "$P_SRV debug_level=4" \
1070 "$P_CLI debug_level=4 alpn=abc,1234" \
1071 0 \
1072 -c "client hello, adding alpn extension" \
1073 -s "found alpn extension" \
1074 -C "got an alert message, type: \\[2:120]" \
1075 -S "server hello, adding alpn extension" \
1076 -C "found alpn extension " \
1077 -c "Application Layer Protocol is (none)" \
1078 -S "Application Layer Protocol is"
1079
1080run_test "ALPN #2 (server only)" \
1081 "$P_SRV debug_level=4 alpn=abc,1234" \
1082 "$P_CLI debug_level=4" \
1083 0 \
1084 -C "client hello, adding alpn extension" \
1085 -S "found alpn extension" \
1086 -C "got an alert message, type: \\[2:120]" \
1087 -S "server hello, adding alpn extension" \
1088 -C "found alpn extension " \
1089 -C "Application Layer Protocol is" \
1090 -s "Application Layer Protocol is (none)"
1091
1092run_test "ALPN #3 (both, common cli1-srv1)" \
1093 "$P_SRV debug_level=4 alpn=abc,1234" \
1094 "$P_CLI debug_level=4 alpn=abc,1234" \
1095 0 \
1096 -c "client hello, adding alpn extension" \
1097 -s "found alpn extension" \
1098 -C "got an alert message, type: \\[2:120]" \
1099 -s "server hello, adding alpn extension" \
1100 -c "found alpn extension" \
1101 -c "Application Layer Protocol is abc" \
1102 -s "Application Layer Protocol is abc"
1103
1104run_test "ALPN #4 (both, common cli2-srv1)" \
1105 "$P_SRV debug_level=4 alpn=abc,1234" \
1106 "$P_CLI debug_level=4 alpn=1234,abc" \
1107 0 \
1108 -c "client hello, adding alpn extension" \
1109 -s "found alpn extension" \
1110 -C "got an alert message, type: \\[2:120]" \
1111 -s "server hello, adding alpn extension" \
1112 -c "found alpn extension" \
1113 -c "Application Layer Protocol is abc" \
1114 -s "Application Layer Protocol is abc"
1115
1116run_test "ALPN #5 (both, common cli1-srv2)" \
1117 "$P_SRV debug_level=4 alpn=abc,1234" \
1118 "$P_CLI debug_level=4 alpn=1234,abcde" \
1119 0 \
1120 -c "client hello, adding alpn extension" \
1121 -s "found alpn extension" \
1122 -C "got an alert message, type: \\[2:120]" \
1123 -s "server hello, adding alpn extension" \
1124 -c "found alpn extension" \
1125 -c "Application Layer Protocol is 1234" \
1126 -s "Application Layer Protocol is 1234"
1127
1128run_test "ALPN #6 (both, no common)" \
1129 "$P_SRV debug_level=4 alpn=abc,123" \
1130 "$P_CLI debug_level=4 alpn=1234,abcde" \
1131 1 \
1132 -c "client hello, adding alpn extension" \
1133 -s "found alpn extension" \
1134 -c "got an alert message, type: \\[2:120]" \
1135 -S "server hello, adding alpn extension" \
1136 -C "found alpn extension" \
1137 -C "Application Layer Protocol is 1234" \
1138 -S "Application Layer Protocol is 1234"
1139
Manuel Pégourié-Gonnard83d8c732014-04-07 13:24:21 +02001140fi
1141
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001142# Tests for keyUsage in leaf certificates, part 1:
1143# server-side certificate/suite selection
1144
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +02001145run_test "keyUsage srv #1 (RSA, digitalSignature -> (EC)DHE-RSA)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001146 "$P_SRV key_file=data_files/server2.key \
1147 crt_file=data_files/server2.ku-ds.crt" \
1148 "$P_CLI" \
1149 0 \
Manuel Pégourié-Gonnard17cde5f2014-05-22 14:42:39 +02001150 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-"
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001151
1152
1153run_test "keyUsage srv #2 (RSA, keyEncipherment -> RSA)" \
1154 "$P_SRV key_file=data_files/server2.key \
1155 crt_file=data_files/server2.ku-ke.crt" \
1156 "$P_CLI" \
1157 0 \
1158 -c "Ciphersuite is TLS-RSA-WITH-"
1159
1160# add psk to leave an option for client to send SERVERQUIT
1161run_test "keyUsage srv #3 (RSA, keyAgreement -> fail)" \
1162 "$P_SRV psk=abc123 key_file=data_files/server2.key \
1163 crt_file=data_files/server2.ku-ka.crt" \
1164 "$P_CLI psk=badbad" \
1165 1 \
1166 -C "Ciphersuite is "
1167
1168run_test "keyUsage srv #4 (ECDSA, digitalSignature -> ECDHE-ECDSA)" \
1169 "$P_SRV key_file=data_files/server5.key \
1170 crt_file=data_files/server5.ku-ds.crt" \
1171 "$P_CLI" \
1172 0 \
1173 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-"
1174
1175
1176run_test "keyUsage srv #5 (ECDSA, keyAgreement -> ECDH-)" \
1177 "$P_SRV key_file=data_files/server5.key \
1178 crt_file=data_files/server5.ku-ka.crt" \
1179 "$P_CLI" \
1180 0 \
1181 -c "Ciphersuite is TLS-ECDH-"
1182
1183# add psk to leave an option for client to send SERVERQUIT
1184run_test "keyUsage srv #6 (ECDSA, keyEncipherment -> fail)" \
1185 "$P_SRV psk=abc123 key_file=data_files/server5.key \
1186 crt_file=data_files/server5.ku-ke.crt" \
1187 "$P_CLI psk=badbad" \
1188 1 \
1189 -C "Ciphersuite is "
1190
1191# Tests for keyUsage in leaf certificates, part 2:
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001192# client-side checking of server cert
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001193
1194run_test "keyUsage cli #1 (DigitalSignature+KeyEncipherment, RSA: OK)" \
1195 "$O_SRV -key data_files/server2.key \
1196 -cert data_files/server2.ku-ds_ke.crt" \
1197 "$P_CLI debug_level=2 \
1198 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1199 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001200 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001201 -C "Processing of the Certificate handshake message failed" \
1202 -c "Ciphersuite is TLS-"
1203
1204run_test "keyUsage cli #2 (DigitalSignature+KeyEncipherment, DHE-RSA: OK)" \
1205 "$O_SRV -key data_files/server2.key \
1206 -cert data_files/server2.ku-ds_ke.crt" \
1207 "$P_CLI debug_level=2 \
1208 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1209 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001210 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001211 -C "Processing of the Certificate handshake message failed" \
1212 -c "Ciphersuite is TLS-"
1213
1214run_test "keyUsage cli #3 (KeyEncipherment, RSA: OK)" \
1215 "$O_SRV -key data_files/server2.key \
1216 -cert data_files/server2.ku-ke.crt" \
1217 "$P_CLI debug_level=2 \
1218 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1219 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001220 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001221 -C "Processing of the Certificate handshake message failed" \
1222 -c "Ciphersuite is TLS-"
1223
1224run_test "keyUsage cli #4 (KeyEncipherment, DHE-RSA: fail)" \
1225 "$O_SRV -key data_files/server2.key \
1226 -cert data_files/server2.ku-ke.crt" \
1227 "$P_CLI debug_level=2 \
1228 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1229 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001230 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001231 -c "Processing of the Certificate handshake message failed" \
1232 -C "Ciphersuite is TLS-"
1233
1234run_test "keyUsage cli #5 (DigitalSignature, DHE-RSA: OK)" \
1235 "$O_SRV -key data_files/server2.key \
1236 -cert data_files/server2.ku-ds.crt" \
1237 "$P_CLI debug_level=2 \
1238 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \
1239 0 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001240 -C "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001241 -C "Processing of the Certificate handshake message failed" \
1242 -c "Ciphersuite is TLS-"
1243
1244run_test "keyUsage cli #5 (DigitalSignature, RSA: fail)" \
1245 "$O_SRV -key data_files/server2.key \
1246 -cert data_files/server2.ku-ds.crt" \
1247 "$P_CLI debug_level=2 \
1248 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \
1249 1 \
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001250 -c "bad certificate (usage extensions)" \
Manuel Pégourié-Gonnard7f2a07d2014-04-09 09:50:57 +02001251 -c "Processing of the Certificate handshake message failed" \
1252 -C "Ciphersuite is TLS-"
1253
Manuel Pégourié-Gonnarda9db85d2014-04-09 14:53:05 +02001254# Tests for keyUsage in leaf certificates, part 3:
1255# server-side checking of client cert
1256
1257run_test "keyUsage cli-auth #1 (RSA, DigitalSignature: OK)" \
1258 "$P_SRV debug_level=2 auth_mode=optional" \
1259 "$O_CLI -key data_files/server2.key \
1260 -cert data_files/server2.ku-ds.crt" \
1261 0 \
1262 -S "bad certificate (usage extensions)" \
1263 -S "Processing of the Certificate handshake message failed"
1264
1265run_test "keyUsage cli-auth #2 (RSA, KeyEncipherment: fail (soft))" \
1266 "$P_SRV debug_level=2 auth_mode=optional" \
1267 "$O_CLI -key data_files/server2.key \
1268 -cert data_files/server2.ku-ke.crt" \
1269 0 \
1270 -s "bad certificate (usage extensions)" \
1271 -S "Processing of the Certificate handshake message failed"
1272
1273run_test "keyUsage cli-auth #3 (RSA, KeyEncipherment: fail (hard))" \
1274 "$P_SRV debug_level=2 auth_mode=required" \
1275 "$O_CLI -key data_files/server2.key \
1276 -cert data_files/server2.ku-ke.crt" \
1277 1 \
1278 -s "bad certificate (usage extensions)" \
1279 -s "Processing of the Certificate handshake message failed"
1280
1281run_test "keyUsage cli-auth #4 (ECDSA, DigitalSignature: OK)" \
1282 "$P_SRV debug_level=2 auth_mode=optional" \
1283 "$O_CLI -key data_files/server5.key \
1284 -cert data_files/server5.ku-ds.crt" \
1285 0 \
1286 -S "bad certificate (usage extensions)" \
1287 -S "Processing of the Certificate handshake message failed"
1288
1289run_test "keyUsage cli-auth #5 (ECDSA, KeyAgreement: fail (soft))" \
1290 "$P_SRV debug_level=2 auth_mode=optional" \
1291 "$O_CLI -key data_files/server5.key \
1292 -cert data_files/server5.ku-ka.crt" \
1293 0 \
1294 -s "bad certificate (usage extensions)" \
1295 -S "Processing of the Certificate handshake message failed"
1296
Manuel Pégourié-Gonnard0408fd12014-04-11 11:06:22 +02001297# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection
1298
1299run_test "extKeyUsage srv #1 (serverAuth -> OK)" \
1300 "$P_SRV key_file=data_files/server5.key \
1301 crt_file=data_files/server5.eku-srv.crt" \
1302 "$P_CLI" \
1303 0
1304
1305run_test "extKeyUsage srv #2 (serverAuth,clientAuth -> OK)" \
1306 "$P_SRV key_file=data_files/server5.key \
1307 crt_file=data_files/server5.eku-srv.crt" \
1308 "$P_CLI" \
1309 0
1310
1311run_test "extKeyUsage srv #3 (codeSign,anyEKU -> OK)" \
1312 "$P_SRV key_file=data_files/server5.key \
1313 crt_file=data_files/server5.eku-cs_any.crt" \
1314 "$P_CLI" \
1315 0
1316
1317# add psk to leave an option for client to send SERVERQUIT
1318run_test "extKeyUsage srv #4 (codeSign -> fail)" \
1319 "$P_SRV psk=abc123 key_file=data_files/server5.key \
1320 crt_file=data_files/server5.eku-cli.crt" \
1321 "$P_CLI psk=badbad" \
1322 1
1323
1324# Tests for extendedKeyUsage, part 2: client-side checking of server cert
1325
1326run_test "extKeyUsage cli #1 (serverAuth -> OK)" \
1327 "$O_SRV -key data_files/server5.key \
1328 -cert data_files/server5.eku-srv.crt" \
1329 "$P_CLI debug_level=2" \
1330 0 \
1331 -C "bad certificate (usage extensions)" \
1332 -C "Processing of the Certificate handshake message failed" \
1333 -c "Ciphersuite is TLS-"
1334
1335run_test "extKeyUsage cli #2 (serverAuth,clientAuth -> OK)" \
1336 "$O_SRV -key data_files/server5.key \
1337 -cert data_files/server5.eku-srv_cli.crt" \
1338 "$P_CLI debug_level=2" \
1339 0 \
1340 -C "bad certificate (usage extensions)" \
1341 -C "Processing of the Certificate handshake message failed" \
1342 -c "Ciphersuite is TLS-"
1343
1344run_test "extKeyUsage cli #3 (codeSign,anyEKU -> OK)" \
1345 "$O_SRV -key data_files/server5.key \
1346 -cert data_files/server5.eku-cs_any.crt" \
1347 "$P_CLI debug_level=2" \
1348 0 \
1349 -C "bad certificate (usage extensions)" \
1350 -C "Processing of the Certificate handshake message failed" \
1351 -c "Ciphersuite is TLS-"
1352
1353run_test "extKeyUsage cli #4 (codeSign -> fail)" \
1354 "$O_SRV -key data_files/server5.key \
1355 -cert data_files/server5.eku-cs.crt" \
1356 "$P_CLI debug_level=2" \
1357 1 \
1358 -c "bad certificate (usage extensions)" \
1359 -c "Processing of the Certificate handshake message failed" \
1360 -C "Ciphersuite is TLS-"
1361
1362# Tests for extendedKeyUsage, part 3: server-side checking of client cert
1363
1364run_test "extKeyUsage cli-auth #1 (clientAuth -> OK)" \
1365 "$P_SRV debug_level=2 auth_mode=optional" \
1366 "$O_CLI -key data_files/server5.key \
1367 -cert data_files/server5.eku-cli.crt" \
1368 0 \
1369 -S "bad certificate (usage extensions)" \
1370 -S "Processing of the Certificate handshake message failed"
1371
1372run_test "extKeyUsage cli-auth #2 (serverAuth,clientAuth -> OK)" \
1373 "$P_SRV debug_level=2 auth_mode=optional" \
1374 "$O_CLI -key data_files/server5.key \
1375 -cert data_files/server5.eku-srv_cli.crt" \
1376 0 \
1377 -S "bad certificate (usage extensions)" \
1378 -S "Processing of the Certificate handshake message failed"
1379
1380run_test "extKeyUsage cli-auth #3 (codeSign,anyEKU -> OK)" \
1381 "$P_SRV debug_level=2 auth_mode=optional" \
1382 "$O_CLI -key data_files/server5.key \
1383 -cert data_files/server5.eku-cs_any.crt" \
1384 0 \
1385 -S "bad certificate (usage extensions)" \
1386 -S "Processing of the Certificate handshake message failed"
1387
1388run_test "extKeyUsage cli-auth #4 (codeSign -> fail (soft))" \
1389 "$P_SRV debug_level=2 auth_mode=optional" \
1390 "$O_CLI -key data_files/server5.key \
1391 -cert data_files/server5.eku-cs.crt" \
1392 0 \
1393 -s "bad certificate (usage extensions)" \
1394 -S "Processing of the Certificate handshake message failed"
1395
1396run_test "extKeyUsage cli-auth #4b (codeSign -> fail (hard))" \
1397 "$P_SRV debug_level=2 auth_mode=required" \
1398 "$O_CLI -key data_files/server5.key \
1399 -cert data_files/server5.eku-cs.crt" \
1400 1 \
1401 -s "bad certificate (usage extensions)" \
1402 -s "Processing of the Certificate handshake message failed"
1403
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +02001404# Tests for DHM parameters loading
1405
1406run_test "DHM parameters #0 (reference)" \
1407 "$P_SRV" \
1408 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1409 debug_level=3" \
1410 0 \
1411 -c "value of 'DHM: P ' (2048 bits)" \
1412 -c "value of 'DHM: G ' (2048 bits)"
1413
1414run_test "DHM parameters #1 (other parameters)" \
1415 "$P_SRV dhm_file=data_files/dhparams.pem" \
1416 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
1417 debug_level=3" \
1418 0 \
1419 -c "value of 'DHM: P ' (1024 bits)" \
1420 -c "value of 'DHM: G ' (2 bits)"
1421
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001422# Tests for PSK callback
1423
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001424run_test "PSK callback #0a (psk, no callback)" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001425 "$P_SRV psk=abc123 psk_identity=foo" \
1426 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1427 psk_identity=foo psk=abc123" \
1428 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001429 -S "SSL - The server has no ciphersuites in common" \
1430 -S "SSL - Unknown identity received" \
1431 -S "SSL - Verification of the message MAC failed"
1432
1433run_test "PSK callback #0b (no psk, no callback)" \
1434 "$P_SRV" \
1435 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1436 psk_identity=foo psk=abc123" \
1437 1 \
1438 -s "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001439 -S "SSL - Unknown identity received" \
1440 -S "SSL - Verification of the message MAC failed"
1441
1442run_test "PSK callback #1 (callback overrides other settings)" \
1443 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \
1444 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1445 psk_identity=foo psk=abc123" \
1446 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001447 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001448 -s "SSL - Unknown identity received" \
1449 -S "SSL - Verification of the message MAC failed"
1450
1451run_test "PSK callback #2 (first id matches)" \
1452 "$P_SRV psk_list=abc,dead,def,beef" \
1453 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1454 psk_identity=abc psk=dead" \
1455 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001456 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001457 -S "SSL - Unknown identity received" \
1458 -S "SSL - Verification of the message MAC failed"
1459
1460run_test "PSK callback #3 (second id matches)" \
1461 "$P_SRV psk_list=abc,dead,def,beef" \
1462 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1463 psk_identity=def psk=beef" \
1464 0 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001465 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001466 -S "SSL - Unknown identity received" \
1467 -S "SSL - Verification of the message MAC failed"
1468
1469run_test "PSK callback #4 (no match)" \
1470 "$P_SRV psk_list=abc,dead,def,beef" \
1471 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1472 psk_identity=ghi psk=beef" \
1473 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001474 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001475 -s "SSL - Unknown identity received" \
1476 -S "SSL - Verification of the message MAC failed"
1477
1478run_test "PSK callback #5 (wrong key)" \
1479 "$P_SRV psk_list=abc,dead,def,beef" \
1480 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \
1481 psk_identity=abc psk=beef" \
1482 1 \
Manuel Pégourié-Gonnard10c3c9f2014-06-10 15:28:52 +02001483 -S "SSL - The server has no ciphersuites in common" \
Manuel Pégourié-Gonnarda6781c92014-06-10 15:00:46 +02001484 -S "SSL - Unknown identity received" \
1485 -s "SSL - Verification of the message MAC failed"
Manuel Pégourié-Gonnard0cc7e312014-06-09 11:36:47 +02001486
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +02001487# Tests for ciphersuites per version
1488
1489run_test "Per-version suites #1" \
1490 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1491 "$P_CLI force_version=ssl3" \
1492 0 \
1493 -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA"
1494
1495run_test "Per-version suites #2" \
1496 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1497 "$P_CLI force_version=tls1" \
1498 0 \
1499 -c "Ciphersuite is TLS-RSA-WITH-RC4-128-SHA"
1500
1501run_test "Per-version suites #3" \
1502 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1503 "$P_CLI force_version=tls1_1" \
1504 0 \
1505 -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA"
1506
1507run_test "Per-version suites #4" \
1508 "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-RC4-128-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \
1509 "$P_CLI force_version=tls1_2" \
1510 0 \
1511 -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256"
1512
Manuel Pégourié-Gonnard95c0a632014-06-11 18:32:36 +02001513# Tests for ssl_get_bytes_avail()
1514
1515run_test "ssl_get_bytes_avail #1 (no extra data)" \
1516 "$P_SRV" \
1517 "$P_CLI request_size=100" \
1518 0 \
1519 -s "Read from client: 100 bytes read$"
1520
1521run_test "ssl_get_bytes_avail #2 (extra data)" \
1522 "$P_SRV" \
1523 "$P_CLI request_size=500" \
1524 0 \
1525 -s "Read from client: 500 bytes read (.*+.*)"
Manuel Pégourié-Gonnard90805a82014-06-11 14:06:01 +02001526
Manuel Pégourié-Gonnardee415032014-06-18 15:08:56 +02001527# Tests for small packets
1528
1529run_test "Small packet SSLv3 BlockCipher" \
1530 "$P_SRV" \
1531 "$P_CLI request_size=1 force_version=ssl3 \
1532 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1533 0 \
1534 -s "Read from client: 1 bytes read"
1535
1536run_test "Small packet SSLv3 StreamCipher" \
1537 "$P_SRV" \
1538 "$P_CLI request_size=1 force_version=ssl3 \
1539 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1540 0 \
1541 -s "Read from client: 1 bytes read"
1542
1543run_test "Small packet TLS 1.0 BlockCipher" \
1544 "$P_SRV" \
1545 "$P_CLI request_size=1 force_version=tls1 \
1546 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1547 0 \
1548 -s "Read from client: 1 bytes read"
1549
1550run_test "Small packet TLS 1.0 BlockCipher truncated MAC" \
1551 "$P_SRV" \
1552 "$P_CLI request_size=1 force_version=tls1 \
1553 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1554 trunc_hmac=1" \
1555 0 \
1556 -s "Read from client: 1 bytes read"
1557
1558run_test "Small packet TLS 1.0 StreamCipher truncated MAC" \
1559 "$P_SRV" \
1560 "$P_CLI request_size=1 force_version=tls1 \
1561 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1562 trunc_hmac=1" \
1563 0 \
1564 -s "Read from client: 1 bytes read"
1565
1566run_test "Small packet TLS 1.1 BlockCipher" \
1567 "$P_SRV" \
1568 "$P_CLI request_size=1 force_version=tls1_1 \
1569 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1570 0 \
1571 -s "Read from client: 1 bytes read"
1572
1573run_test "Small packet TLS 1.1 StreamCipher" \
1574 "$P_SRV" \
1575 "$P_CLI request_size=1 force_version=tls1_1 \
1576 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1577 0 \
1578 -s "Read from client: 1 bytes read"
1579
1580run_test "Small packet TLS 1.1 BlockCipher truncated MAC" \
1581 "$P_SRV" \
1582 "$P_CLI request_size=1 force_version=tls1_1 \
1583 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1584 trunc_hmac=1" \
1585 0 \
1586 -s "Read from client: 1 bytes read"
1587
1588run_test "Small packet TLS 1.1 StreamCipher truncated MAC" \
1589 "$P_SRV" \
1590 "$P_CLI request_size=1 force_version=tls1_1 \
1591 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1592 trunc_hmac=1" \
1593 0 \
1594 -s "Read from client: 1 bytes read"
1595
1596run_test "Small packet TLS 1.2 BlockCipher" \
1597 "$P_SRV" \
1598 "$P_CLI request_size=1 force_version=tls1_2 \
1599 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1600 0 \
1601 -s "Read from client: 1 bytes read"
1602
1603run_test "Small packet TLS 1.2 BlockCipher larger MAC" \
1604 "$P_SRV" \
1605 "$P_CLI request_size=1 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1606 0 \
1607 -s "Read from client: 1 bytes read"
1608
1609run_test "Small packet TLS 1.2 BlockCipher truncated MAC" \
1610 "$P_SRV" \
1611 "$P_CLI request_size=1 force_version=tls1_2 \
1612 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1613 trunc_hmac=1" \
1614 0 \
1615 -s "Read from client: 1 bytes read"
1616
1617run_test "Small packet TLS 1.2 StreamCipher" \
1618 "$P_SRV" \
1619 "$P_CLI request_size=1 force_version=tls1_2 \
1620 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1621 0 \
1622 -s "Read from client: 1 bytes read"
1623
1624run_test "Small packet TLS 1.2 StreamCipher truncated MAC" \
1625 "$P_SRV" \
1626 "$P_CLI request_size=1 force_version=tls1_2 \
1627 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1628 trunc_hmac=1" \
1629 0 \
1630 -s "Read from client: 1 bytes read"
1631
1632run_test "Small packet TLS 1.2 AEAD" \
1633 "$P_SRV" \
1634 "$P_CLI request_size=1 force_version=tls1_2 \
1635 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1636 0 \
1637 -s "Read from client: 1 bytes read"
1638
1639run_test "Small packet TLS 1.2 AEAD shorter tag" \
1640 "$P_SRV" \
1641 "$P_CLI request_size=1 force_version=tls1_2 \
1642 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1643 0 \
1644 -s "Read from client: 1 bytes read"
1645
Manuel Pégourié-Gonnard8920f692014-06-18 22:05:08 +02001646# Test for large packets
1647
1648run_test "Large packet SSLv3 BlockCipher" \
1649 "$P_SRV" \
1650 "$P_CLI request_size=16384 force_version=ssl3 \
1651 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1652 0 \
1653 -s "Read from client: 16384 bytes read"
1654
1655run_test "Large packet SSLv3 StreamCipher" \
1656 "$P_SRV" \
1657 "$P_CLI request_size=16384 force_version=ssl3 \
1658 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1659 0 \
1660 -s "Read from client: 16384 bytes read"
1661
1662run_test "Large packet TLS 1.0 BlockCipher" \
1663 "$P_SRV" \
1664 "$P_CLI request_size=16384 force_version=tls1 \
1665 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1666 0 \
1667 -s "Read from client: 16384 bytes read"
1668
1669run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \
1670 "$P_SRV" \
1671 "$P_CLI request_size=16384 force_version=tls1 \
1672 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1673 trunc_hmac=1" \
1674 0 \
1675 -s "Read from client: 16384 bytes read"
1676
1677run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \
1678 "$P_SRV" \
1679 "$P_CLI request_size=16384 force_version=tls1 \
1680 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1681 trunc_hmac=1" \
1682 0 \
1683 -s "Read from client: 16384 bytes read"
1684
1685run_test "Large packet TLS 1.1 BlockCipher" \
1686 "$P_SRV" \
1687 "$P_CLI request_size=16384 force_version=tls1_1 \
1688 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1689 0 \
1690 -s "Read from client: 16384 bytes read"
1691
1692run_test "Large packet TLS 1.1 StreamCipher" \
1693 "$P_SRV" \
1694 "$P_CLI request_size=16384 force_version=tls1_1 \
1695 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1696 0 \
1697 -s "Read from client: 16384 bytes read"
1698
1699run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \
1700 "$P_SRV" \
1701 "$P_CLI request_size=16384 force_version=tls1_1 \
1702 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1703 trunc_hmac=1" \
1704 0 \
1705 -s "Read from client: 16384 bytes read"
1706
1707run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \
1708 "$P_SRV" \
1709 "$P_CLI request_size=16384 force_version=tls1_1 \
1710 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1711 trunc_hmac=1" \
1712 0 \
1713 -s "Read from client: 16384 bytes read"
1714
1715run_test "Large packet TLS 1.2 BlockCipher" \
1716 "$P_SRV" \
1717 "$P_CLI request_size=16384 force_version=tls1_2 \
1718 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \
1719 0 \
1720 -s "Read from client: 16384 bytes read"
1721
1722run_test "Large packet TLS 1.2 BlockCipher larger MAC" \
1723 "$P_SRV" \
1724 "$P_CLI request_size=16384 force_version=tls1_2 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \
1725 0 \
1726 -s "Read from client: 16384 bytes read"
1727
1728run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \
1729 "$P_SRV" \
1730 "$P_CLI request_size=16384 force_version=tls1_2 \
1731 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \
1732 trunc_hmac=1" \
1733 0 \
1734 -s "Read from client: 16384 bytes read"
1735
1736run_test "Large packet TLS 1.2 StreamCipher" \
1737 "$P_SRV" \
1738 "$P_CLI request_size=16384 force_version=tls1_2 \
1739 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \
1740 0 \
1741 -s "Read from client: 16384 bytes read"
1742
1743run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \
1744 "$P_SRV" \
1745 "$P_CLI request_size=16384 force_version=tls1_2 \
1746 force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \
1747 trunc_hmac=1" \
1748 0 \
1749 -s "Read from client: 16384 bytes read"
1750
1751run_test "Large packet TLS 1.2 AEAD" \
1752 "$P_SRV" \
1753 "$P_CLI request_size=16384 force_version=tls1_2 \
1754 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \
1755 0 \
1756 -s "Read from client: 16384 bytes read"
1757
1758run_test "Large packet TLS 1.2 AEAD shorter tag" \
1759 "$P_SRV" \
1760 "$P_CLI request_size=16384 force_version=tls1_2 \
1761 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \
1762 0 \
1763 -s "Read from client: 16384 bytes read"
1764
Manuel Pégourié-Gonnard8520dac2014-02-21 12:12:23 +01001765# Final report
1766
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +01001767echo "------------------------------------------------------------------------"
1768
1769if [ $FAILS = 0 ]; then
1770 echo -n "PASSED"
1771else
1772 echo -n "FAILED"
1773fi
1774PASSES=`echo $TESTS - $FAILS | bc`
Manuel Pégourié-Gonnard6f4fbbb2014-08-14 14:31:29 +02001775echo " ($PASSES / $TESTS tests ($SKIPS skipped))"
Manuel Pégourié-Gonnard33a752e2014-02-21 09:47:37 +01001776
1777exit $FAILS