1#!/bin/sh 2 3# ssl-opt.sh 4# 5# Copyright The Mbed TLS Contributors 6# SPDX-License-Identifier: Apache-2.0 OR GPL-2.0-or-later 7# 8# Purpose 9# 10# Executes tests to prove various TLS/SSL options and extensions. 11# 12# The goal is not to cover every ciphersuite/version, but instead to cover 13# specific options (max fragment length, truncated hmac, etc) or procedures 14# (session resumption from cache or ticket, renego, etc). 15# 16# The tests assume a build with default options, with exceptions expressed 17# with a dependency. The tests focus on functionality and do not consider 18# performance. 19# 20 21set -u 22 23# Limit the size of each log to 10 GiB, in case of failures with this script 24# where it may output seemingly unlimited length error logs. 25ulimit -f 20971520 26 27ORIGINAL_PWD=$PWD 28if ! cd "$(dirname "$0")"; then 29 exit 125 30fi 31 32# default values, can be overridden by the environment 33: ${P_SRV:=../programs/ssl/ssl_server2} 34: ${P_CLI:=../programs/ssl/ssl_client2} 35: ${P_PXY:=../programs/test/udp_proxy} 36: ${P_QUERY:=../programs/test/query_compile_time_config} 37: ${OPENSSL:=openssl} 38: ${GNUTLS_CLI:=gnutls-cli} 39: ${GNUTLS_SERV:=gnutls-serv} 40: ${PERL:=perl} 41 42# The OPENSSL variable used to be OPENSSL_CMD for historical reasons. 43# To help the migration, error out if the old variable is set, 44# but only if it has a different value than the new one. 45if [ "${OPENSSL_CMD+set}" = set ]; then 46 # the variable is set, we can now check its value 47 if [ "$OPENSSL_CMD" != "$OPENSSL" ]; then 48 echo "Please use OPENSSL instead of OPENSSL_CMD." >&2 49 exit 125 50 fi 51fi 52 53guess_config_name() { 54 if git diff --quiet ../include/mbedtls/mbedtls_config.h 2>/dev/null; then 55 echo "default" 56 else 57 echo "unknown" 58 fi 59} 60: ${MBEDTLS_TEST_OUTCOME_FILE=} 61: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"} 62: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"} 63 64O_SRV="$OPENSSL s_server -www -cert data_files/server5.crt -key data_files/server5.key" 65O_CLI="echo 'GET / HTTP/1.0' | $OPENSSL s_client" 66G_SRV="$GNUTLS_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 67G_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_CLI --x509cafile data_files/test-ca_cat12.crt" 68TCP_CLIENT="$PERL scripts/tcp_client.pl" 69 70# alternative versions of OpenSSL and GnuTLS (no default path) 71 72if [ -n "${OPENSSL_LEGACY:-}" ]; then 73 O_LEGACY_SRV="$OPENSSL_LEGACY s_server -www -cert data_files/server5.crt -key data_files/server5.key" 74 O_LEGACY_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_LEGACY s_client" 75else 76 O_LEGACY_SRV=false 77 O_LEGACY_CLI=false 78fi 79 80if [ -n "${OPENSSL_NEXT:-}" ]; then 81 O_NEXT_SRV="$OPENSSL_NEXT s_server -www -cert data_files/server5.crt -key data_files/server5.key" 82 O_NEXT_SRV_EARLY_DATA="$OPENSSL_NEXT s_server -early_data -cert data_files/server5.crt -key data_files/server5.key" 83 O_NEXT_SRV_NO_CERT="$OPENSSL_NEXT s_server -www " 84 O_NEXT_CLI="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client -CAfile data_files/test-ca_cat12.crt" 85 O_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $OPENSSL_NEXT s_client" 86else 87 O_NEXT_SRV=false 88 O_NEXT_SRV_NO_CERT=false 89 O_NEXT_SRV_EARLY_DATA=false 90 O_NEXT_CLI_NO_CERT=false 91 O_NEXT_CLI=false 92fi 93 94if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 95 G_NEXT_SRV="$GNUTLS_NEXT_SERV --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key" 96 G_NEXT_SRV_NO_CERT="$GNUTLS_NEXT_SERV" 97else 98 G_NEXT_SRV=false 99 G_NEXT_SRV_NO_CERT=false 100fi 101 102if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 103 G_NEXT_CLI="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI --x509cafile data_files/test-ca_cat12.crt" 104 G_NEXT_CLI_NO_CERT="echo 'GET / HTTP/1.0' | $GNUTLS_NEXT_CLI" 105else 106 G_NEXT_CLI=false 107 G_NEXT_CLI_NO_CERT=false 108fi 109 110TESTS=0 111FAILS=0 112SKIPS=0 113 114CONFIG_H='../include/mbedtls/mbedtls_config.h' 115 116MEMCHECK=0 117FILTER='.*' 118EXCLUDE='^$' 119 120SHOW_TEST_NUMBER=0 121RUN_TEST_NUMBER='' 122 123PRESERVE_LOGS=0 124 125# Pick a "unique" server port in the range 10000-19999, and a proxy 126# port which is this plus 10000. Each port number may be independently 127# overridden by a command line option. 128SRV_PORT=$(($$ % 10000 + 10000)) 129PXY_PORT=$((SRV_PORT + 10000)) 130 131print_usage() { 132 echo "Usage: $0 [options]" 133 printf " -h|--help\tPrint this help.\n" 134 printf " -m|--memcheck\tCheck memory leaks and errors.\n" 135 printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" 136 printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" 137 printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" 138 printf " -s|--show-numbers\tShow test numbers in front of test names\n" 139 printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" 140 printf " --outcome-file\tFile where test outcomes are written\n" 141 printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n" 142 printf " --port \tTCP/UDP port (default: randomish 1xxxx)\n" 143 printf " --proxy-port\tTCP/UDP proxy port (default: randomish 2xxxx)\n" 144 printf " --seed \tInteger seed value to use for this test run\n" 145} 146 147get_options() { 148 while [ $# -gt 0 ]; do 149 case "$1" in 150 -f|--filter) 151 shift; FILTER=$1 152 ;; 153 -e|--exclude) 154 shift; EXCLUDE=$1 155 ;; 156 -m|--memcheck) 157 MEMCHECK=1 158 ;; 159 -n|--number) 160 shift; RUN_TEST_NUMBER=$1 161 ;; 162 -s|--show-numbers) 163 SHOW_TEST_NUMBER=1 164 ;; 165 -p|--preserve-logs) 166 PRESERVE_LOGS=1 167 ;; 168 --outcome-file) 169 shift; MBEDTLS_TEST_OUTCOME_FILE=$1 170 ;; 171 --port) 172 shift; SRV_PORT=$1 173 ;; 174 --proxy-port) 175 shift; PXY_PORT=$1 176 ;; 177 --seed) 178 shift; SEED="$1" 179 ;; 180 -h|--help) 181 print_usage 182 exit 0 183 ;; 184 *) 185 echo "Unknown argument: '$1'" 186 print_usage 187 exit 1 188 ;; 189 esac 190 shift 191 done 192} 193 194# Read boolean configuration options from mbedtls_config.h for easy and quick 195# testing. Skip non-boolean options (with something other than spaces 196# and a comment after "#define SYMBOL"). The variable contains a 197# space-separated list of symbols. 198CONFIGS_ENABLED=" $(echo `$P_QUERY -l` )" 199# Skip next test; use this macro to skip tests which are legitimate 200# in theory and expected to be re-introduced at some point, but 201# aren't expected to succeed at the moment due to problems outside 202# our control (such as bugs in other TLS implementations). 203skip_next_test() { 204 SKIP_NEXT="YES" 205} 206 207# Check if the required configuration ($1) is enabled 208is_config_enabled() 209{ 210 case $CONFIGS_ENABLED in 211 *" $1"[\ =]*) return 0;; 212 *) return 1;; 213 esac 214} 215 216# skip next test if the flag is not enabled in mbedtls_config.h 217requires_config_enabled() { 218 case $CONFIGS_ENABLED in 219 *" $1"[\ =]*) :;; 220 *) SKIP_NEXT="YES";; 221 esac 222} 223 224# skip next test if the flag is enabled in mbedtls_config.h 225requires_config_disabled() { 226 case $CONFIGS_ENABLED in 227 *" $1"[\ =]*) SKIP_NEXT="YES";; 228 esac 229} 230 231requires_all_configs_enabled() { 232 if ! $P_QUERY -all $* 233 then 234 SKIP_NEXT="YES" 235 fi 236} 237 238requires_all_configs_disabled() { 239 if $P_QUERY -any $* 240 then 241 SKIP_NEXT="YES" 242 fi 243} 244 245requires_any_configs_enabled() { 246 if ! $P_QUERY -any $* 247 then 248 SKIP_NEXT="YES" 249 fi 250} 251 252requires_any_configs_disabled() { 253 if $P_QUERY -all $* 254 then 255 SKIP_NEXT="YES" 256 fi 257} 258 259TLS1_2_KEY_EXCHANGES_WITH_CERT="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ 260 MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ 261 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 262 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 263 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED \ 264 MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED \ 265 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" 266 267TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT="MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 268 MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED" 269 270TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH="MBEDTLS_KEY_EXCHANGE_RSA_ENABLED \ 271 MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED \ 272 MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED \ 273 MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED \ 274 MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED" 275 276requires_key_exchange_with_cert_in_tls12_or_tls13_enabled() { 277 if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_2 278 then 279 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 280 elif ! $P_QUERY -all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 281 then 282 SKIP_NEXT="YES" 283 fi 284} 285 286get_config_value_or_default() { 287 # This function uses the query_config command line option to query the 288 # required Mbed TLS compile time configuration from the ssl_server2 289 # program. The command will always return a success value if the 290 # configuration is defined and the value will be printed to stdout. 291 # 292 # Note that if the configuration is not defined or is defined to nothing, 293 # the output of this function will be an empty string. 294 ${P_SRV} "query_config=${1}" 295} 296 297requires_config_value_at_least() { 298 VAL="$( get_config_value_or_default "$1" )" 299 if [ -z "$VAL" ]; then 300 # Should never happen 301 echo "Mbed TLS configuration $1 is not defined" 302 exit 1 303 elif [ "$VAL" -lt "$2" ]; then 304 SKIP_NEXT="YES" 305 fi 306} 307 308requires_config_value_at_most() { 309 VAL=$( get_config_value_or_default "$1" ) 310 if [ -z "$VAL" ]; then 311 # Should never happen 312 echo "Mbed TLS configuration $1 is not defined" 313 exit 1 314 elif [ "$VAL" -gt "$2" ]; then 315 SKIP_NEXT="YES" 316 fi 317} 318 319requires_config_value_equals() { 320 VAL=$( get_config_value_or_default "$1" ) 321 if [ -z "$VAL" ]; then 322 # Should never happen 323 echo "Mbed TLS configuration $1 is not defined" 324 exit 1 325 elif [ "$VAL" -ne "$2" ]; then 326 SKIP_NEXT="YES" 327 fi 328} 329 330# Require Mbed TLS to support the given protocol version. 331# 332# Inputs: 333# * $1: protocol version in mbedtls syntax (argument to force_version=) 334requires_protocol_version() { 335 # Support for DTLS is detected separately in detect_dtls(). 336 case "$1" in 337 tls12|dtls12) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2;; 338 tls13|dtls13) requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3;; 339 *) echo "Unknown required protocol version: $1"; exit 1;; 340 esac 341} 342 343# Space-separated list of ciphersuites supported by this build of 344# Mbed TLS. 345P_CIPHERSUITES=" $($P_CLI --help 2>/dev/null | 346 grep 'TLS-\|TLS1-3' | 347 tr -s ' \n' ' ')" 348requires_ciphersuite_enabled() { 349 case $P_CIPHERSUITES in 350 *" $1 "*) :;; 351 *) SKIP_NEXT="YES";; 352 esac 353} 354 355# Automatically detect required features based on command line parameters. 356# Parameters are: 357# - $1 = command line (call to a TLS client or server program) 358# - $2 = client/server 359# - $3 = TLS version (TLS12 or TLS13) 360# - $4 = Use an external tool without ECDH support 361# - $5 = run test options 362detect_required_features() { 363 CMD_LINE=$1 364 ROLE=$2 365 TLS_VERSION=$3 366 EXT_WO_ECDH=$4 367 TEST_OPTIONS=${5:-} 368 369 case "$CMD_LINE" in 370 *\ force_version=*) 371 tmp="${CMD_LINE##*\ force_version=}" 372 tmp="${tmp%%[!-0-9A-Z_a-z]*}" 373 requires_protocol_version "$tmp";; 374 esac 375 376 case "$CMD_LINE" in 377 *\ force_ciphersuite=*) 378 tmp="${CMD_LINE##*\ force_ciphersuite=}" 379 tmp="${tmp%%[!-0-9A-Z_a-z]*}" 380 requires_ciphersuite_enabled "$tmp";; 381 esac 382 383 case " $CMD_LINE " in 384 *[-_\ =]tickets=[^0]*) 385 requires_config_enabled MBEDTLS_SSL_TICKET_C;; 386 esac 387 case " $CMD_LINE " in 388 *[-_\ =]alpn=*) 389 requires_config_enabled MBEDTLS_SSL_ALPN;; 390 esac 391 392 case "$CMD_LINE" in 393 *server5*|\ 394 *server7*|\ 395 *dir-maxpath*) 396 if [ "$TLS_VERSION" = "TLS13" ]; then 397 # In case of TLS13 the support for ECDSA is enough 398 requires_pk_alg "ECDSA" 399 else 400 # For TLS12 requirements are different between server and client 401 if [ "$ROLE" = "server" ]; then 402 # If the server uses "server5*" certificates, then an ECDSA based 403 # key exchange is required. However gnutls also does not 404 # support ECDH, so this limit the choice to ECDHE-ECDSA 405 if [ "$EXT_WO_ECDH" = "yes" ]; then 406 requires_any_configs_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 407 else 408 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT 409 fi 410 elif [ "$ROLE" = "client" ]; then 411 # On the client side it is enough to have any certificate 412 # based authentication together with support for ECDSA. 413 # Of course the GnuTLS limitation mentioned above applies 414 # also here. 415 if [ "$EXT_WO_ECDH" = "yes" ]; then 416 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT_WO_ECDH 417 else 418 requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 419 fi 420 requires_pk_alg "ECDSA" 421 fi 422 fi 423 ;; 424 esac 425 426 case "$CMD_LINE" in 427 *server2*|\ 428 *server7*) 429 # server2 and server7 certificates use RSA encryption 430 requires_config_enabled "MBEDTLS_RSA_C" 431 esac 432 433 unset tmp 434} 435 436requires_certificate_authentication () { 437 if [ "$PSK_ONLY" = "YES" ]; then 438 SKIP_NEXT="YES" 439 fi 440} 441 442adapt_cmd_for_psk () { 443 case "$2" in 444 *openssl*) s='-psk abc123 -nocert';; 445 *gnutls-*) s='--pskkey=abc123';; 446 *) s='psk=abc123';; 447 esac 448 eval $1='"$2 $s"' 449 unset s 450} 451 452# maybe_adapt_for_psk [RUN_TEST_OPTION...] 453# If running in a PSK-only build, maybe adapt the test to use a pre-shared key. 454# 455# If not running in a PSK-only build, do nothing. 456# If the test looks like it doesn't use a pre-shared key but can run with a 457# pre-shared key, pass a pre-shared key. If the test looks like it can't run 458# with a pre-shared key, skip it. If the test looks like it's already using 459# a pre-shared key, do nothing. 460# 461# This code does not consider builds with ECDHE-PSK or RSA-PSK. 462# 463# Inputs: 464# * $CLI_CMD, $SRV_CMD, $PXY_CMD: client/server/proxy commands. 465# * $PSK_ONLY: YES if running in a PSK-only build (no asymmetric key exchanges). 466# * "$@": options passed to run_test. 467# 468# Outputs: 469# * $CLI_CMD, $SRV_CMD: may be modified to add PSK-relevant arguments. 470# * $SKIP_NEXT: set to YES if the test can't run with PSK. 471maybe_adapt_for_psk() { 472 if [ "$PSK_ONLY" != "YES" ]; then 473 return 474 fi 475 if [ "$SKIP_NEXT" = "YES" ]; then 476 return 477 fi 478 case "$CLI_CMD $SRV_CMD" in 479 *[-_\ =]psk*|*[-_\ =]PSK*) 480 return;; 481 *force_ciphersuite*) 482 # The test case forces a non-PSK cipher suite. In some cases, a 483 # PSK cipher suite could be substituted, but we're not ready for 484 # that yet. 485 SKIP_NEXT="YES" 486 return;; 487 *\ auth_mode=*|*[-_\ =]crt[_=]*) 488 # The test case involves certificates. PSK won't do. 489 SKIP_NEXT="YES" 490 return;; 491 esac 492 adapt_cmd_for_psk CLI_CMD "$CLI_CMD" 493 adapt_cmd_for_psk SRV_CMD "$SRV_CMD" 494} 495 496case " $CONFIGS_ENABLED " in 497 *\ MBEDTLS_KEY_EXCHANGE_[^P]*) PSK_ONLY="NO";; 498 *\ MBEDTLS_KEY_EXCHANGE_P[^S]*) PSK_ONLY="NO";; 499 *\ MBEDTLS_KEY_EXCHANGE_PS[^K]*) PSK_ONLY="NO";; 500 *\ MBEDTLS_KEY_EXCHANGE_PSK[^_]*) PSK_ONLY="NO";; 501 *\ MBEDTLS_KEY_EXCHANGE_PSK_ENABLED\ *) PSK_ONLY="YES";; 502 *) PSK_ONLY="NO";; 503esac 504 505HAS_ALG_SHA_1="NO" 506HAS_ALG_SHA_224="NO" 507HAS_ALG_SHA_256="NO" 508HAS_ALG_SHA_384="NO" 509HAS_ALG_SHA_512="NO" 510 511check_for_hash_alg() 512{ 513 CURR_ALG="INVALID"; 514 USE_PSA="NO" 515 if is_config_enabled "MBEDTLS_USE_PSA_CRYPTO"; then 516 USE_PSA="YES"; 517 fi 518 if [ $USE_PSA = "YES" ]; then 519 CURR_ALG=PSA_WANT_ALG_${1} 520 else 521 CURR_ALG=MBEDTLS_${1}_C 522 # Remove the second underscore to match MBEDTLS_* naming convention 523 CURR_ALG=$(echo "$CURR_ALG" | sed 's/_//2') 524 fi 525 526 case $CONFIGS_ENABLED in 527 *" $CURR_ALG"[\ =]*) 528 return 0 529 ;; 530 *) :;; 531 esac 532 return 1 533} 534 535populate_enabled_hash_algs() 536{ 537 for hash_alg in SHA_1 SHA_224 SHA_256 SHA_384 SHA_512; do 538 if check_for_hash_alg "$hash_alg"; then 539 hash_alg_variable=HAS_ALG_${hash_alg} 540 eval ${hash_alg_variable}=YES 541 fi 542 done 543} 544 545# skip next test if the given hash alg is not supported 546requires_hash_alg() { 547 HASH_DEFINE="Invalid" 548 HAS_HASH_ALG="NO" 549 case $1 in 550 SHA_1):;; 551 SHA_224):;; 552 SHA_256):;; 553 SHA_384):;; 554 SHA_512):;; 555 *) 556 echo "Unsupported hash alg - $1" 557 exit 1 558 ;; 559 esac 560 561 HASH_DEFINE=HAS_ALG_${1} 562 eval "HAS_HASH_ALG=\${${HASH_DEFINE}}" 563 if [ "$HAS_HASH_ALG" = "NO" ] 564 then 565 SKIP_NEXT="YES" 566 fi 567} 568 569# Skip next test if the given pk alg is not enabled 570requires_pk_alg() { 571 case $1 in 572 ECDSA) 573 if is_config_enabled MBEDTLS_USE_PSA_CRYPTO; then 574 requires_config_enabled PSA_WANT_ALG_ECDSA 575 else 576 requires_config_enabled MBEDTLS_ECDSA_C 577 fi 578 ;; 579 *) 580 echo "Unknown/unimplemented case $1 in requires_pk_alg" 581 exit 1 582 ;; 583 esac 584} 585 586# skip next test if OpenSSL doesn't support FALLBACK_SCSV 587requires_openssl_with_fallback_scsv() { 588 if [ -z "${OPENSSL_HAS_FBSCSV:-}" ]; then 589 if $OPENSSL s_client -help 2>&1 | grep fallback_scsv >/dev/null 590 then 591 OPENSSL_HAS_FBSCSV="YES" 592 else 593 OPENSSL_HAS_FBSCSV="NO" 594 fi 595 fi 596 if [ "$OPENSSL_HAS_FBSCSV" = "NO" ]; then 597 SKIP_NEXT="YES" 598 fi 599} 600 601# skip next test if either IN_CONTENT_LEN or MAX_CONTENT_LEN are below a value 602requires_max_content_len() { 603 requires_config_value_at_least "MBEDTLS_SSL_IN_CONTENT_LEN" $1 604 requires_config_value_at_least "MBEDTLS_SSL_OUT_CONTENT_LEN" $1 605} 606 607# skip next test if GnuTLS isn't available 608requires_gnutls() { 609 if [ -z "${GNUTLS_AVAILABLE:-}" ]; then 610 if ( which "$GNUTLS_CLI" && which "$GNUTLS_SERV" ) >/dev/null 2>&1; then 611 GNUTLS_AVAILABLE="YES" 612 else 613 GNUTLS_AVAILABLE="NO" 614 fi 615 fi 616 if [ "$GNUTLS_AVAILABLE" = "NO" ]; then 617 SKIP_NEXT="YES" 618 fi 619} 620 621# skip next test if GnuTLS-next isn't available 622requires_gnutls_next() { 623 if [ -z "${GNUTLS_NEXT_AVAILABLE:-}" ]; then 624 if ( which "${GNUTLS_NEXT_CLI:-}" && which "${GNUTLS_NEXT_SERV:-}" ) >/dev/null 2>&1; then 625 GNUTLS_NEXT_AVAILABLE="YES" 626 else 627 GNUTLS_NEXT_AVAILABLE="NO" 628 fi 629 fi 630 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 631 SKIP_NEXT="YES" 632 fi 633} 634 635# skip next test if OpenSSL-legacy isn't available 636requires_openssl_legacy() { 637 if [ -z "${OPENSSL_LEGACY_AVAILABLE:-}" ]; then 638 if which "${OPENSSL_LEGACY:-}" >/dev/null 2>&1; then 639 OPENSSL_LEGACY_AVAILABLE="YES" 640 else 641 OPENSSL_LEGACY_AVAILABLE="NO" 642 fi 643 fi 644 if [ "$OPENSSL_LEGACY_AVAILABLE" = "NO" ]; then 645 SKIP_NEXT="YES" 646 fi 647} 648 649requires_openssl_next() { 650 if [ -z "${OPENSSL_NEXT_AVAILABLE:-}" ]; then 651 if which "${OPENSSL_NEXT:-}" >/dev/null 2>&1; then 652 OPENSSL_NEXT_AVAILABLE="YES" 653 else 654 OPENSSL_NEXT_AVAILABLE="NO" 655 fi 656 fi 657 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 658 SKIP_NEXT="YES" 659 fi 660} 661 662# skip next test if openssl version is lower than 3.0 663requires_openssl_3_x() { 664 requires_openssl_next 665 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 666 OPENSSL_3_X_AVAILABLE="NO" 667 fi 668 if [ -z "${OPENSSL_3_X_AVAILABLE:-}" ]; then 669 if $OPENSSL_NEXT version 2>&1 | grep "OpenSSL 3." >/dev/null 670 then 671 OPENSSL_3_X_AVAILABLE="YES" 672 else 673 OPENSSL_3_X_AVAILABLE="NO" 674 fi 675 fi 676 if [ "$OPENSSL_3_X_AVAILABLE" = "NO" ]; then 677 SKIP_NEXT="YES" 678 fi 679} 680 681# skip next test if openssl does not support ffdh keys 682requires_openssl_tls1_3_with_ffdh() { 683 requires_openssl_3_x 684} 685 686# skip next test if openssl cannot handle ephemeral key exchange 687requires_openssl_tls1_3_with_compatible_ephemeral() { 688 requires_openssl_next 689 690 if !(is_config_enabled "PSA_WANT_ALG_ECDH"); then 691 requires_openssl_tls1_3_with_ffdh 692 fi 693} 694 695# skip next test if tls1_3 is not available 696requires_openssl_tls1_3() { 697 requires_openssl_next 698 if [ "$OPENSSL_NEXT_AVAILABLE" = "NO" ]; then 699 OPENSSL_TLS1_3_AVAILABLE="NO" 700 fi 701 if [ -z "${OPENSSL_TLS1_3_AVAILABLE:-}" ]; then 702 if $OPENSSL_NEXT s_client -help 2>&1 | grep tls1_3 >/dev/null 703 then 704 OPENSSL_TLS1_3_AVAILABLE="YES" 705 else 706 OPENSSL_TLS1_3_AVAILABLE="NO" 707 fi 708 fi 709 if [ "$OPENSSL_TLS1_3_AVAILABLE" = "NO" ]; then 710 SKIP_NEXT="YES" 711 fi 712} 713 714# skip next test if tls1_3 is not available 715requires_gnutls_tls1_3() { 716 requires_gnutls_next 717 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 718 GNUTLS_TLS1_3_AVAILABLE="NO" 719 fi 720 if [ -z "${GNUTLS_TLS1_3_AVAILABLE:-}" ]; then 721 if $GNUTLS_NEXT_CLI -l 2>&1 | grep VERS-TLS1.3 >/dev/null 722 then 723 GNUTLS_TLS1_3_AVAILABLE="YES" 724 else 725 GNUTLS_TLS1_3_AVAILABLE="NO" 726 fi 727 fi 728 if [ "$GNUTLS_TLS1_3_AVAILABLE" = "NO" ]; then 729 SKIP_NEXT="YES" 730 fi 731} 732 733# Check %NO_TICKETS option 734requires_gnutls_next_no_ticket() { 735 requires_gnutls_next 736 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 737 GNUTLS_NO_TICKETS_AVAILABLE="NO" 738 fi 739 if [ -z "${GNUTLS_NO_TICKETS_AVAILABLE:-}" ]; then 740 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep NO_TICKETS >/dev/null 741 then 742 GNUTLS_NO_TICKETS_AVAILABLE="YES" 743 else 744 GNUTLS_NO_TICKETS_AVAILABLE="NO" 745 fi 746 fi 747 if [ "$GNUTLS_NO_TICKETS_AVAILABLE" = "NO" ]; then 748 SKIP_NEXT="YES" 749 fi 750} 751 752# Check %DISABLE_TLS13_COMPAT_MODE option 753requires_gnutls_next_disable_tls13_compat() { 754 requires_gnutls_next 755 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 756 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 757 fi 758 if [ -z "${GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE:-}" ]; then 759 if $GNUTLS_NEXT_CLI --priority-list 2>&1 | grep DISABLE_TLS13_COMPAT_MODE >/dev/null 760 then 761 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="YES" 762 else 763 GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE="NO" 764 fi 765 fi 766 if [ "$GNUTLS_DISABLE_TLS13_COMPAT_MODE_AVAILABLE" = "NO" ]; then 767 SKIP_NEXT="YES" 768 fi 769} 770 771# skip next test if GnuTLS does not support the record size limit extension 772requires_gnutls_record_size_limit() { 773 requires_gnutls_next 774 if [ "$GNUTLS_NEXT_AVAILABLE" = "NO" ]; then 775 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="NO" 776 else 777 GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE="YES" 778 fi 779 if [ "$GNUTLS_RECORD_SIZE_LIMIT_AVAILABLE" = "NO" ]; then 780 SKIP_NEXT="YES" 781 fi 782} 783 784# skip next test if IPv6 isn't available on this host 785requires_ipv6() { 786 if [ -z "${HAS_IPV6:-}" ]; then 787 $P_SRV server_addr='::1' > $SRV_OUT 2>&1 & 788 SRV_PID=$! 789 sleep 1 790 kill $SRV_PID >/dev/null 2>&1 791 if grep "NET - Binding of the socket failed" $SRV_OUT >/dev/null; then 792 HAS_IPV6="NO" 793 else 794 HAS_IPV6="YES" 795 fi 796 rm -r $SRV_OUT 797 fi 798 799 if [ "$HAS_IPV6" = "NO" ]; then 800 SKIP_NEXT="YES" 801 fi 802} 803 804# skip next test if it's i686 or uname is not available 805requires_not_i686() { 806 if [ -z "${IS_I686:-}" ]; then 807 IS_I686="YES" 808 if which "uname" >/dev/null 2>&1; then 809 if [ -z "$(uname -a | grep i686)" ]; then 810 IS_I686="NO" 811 fi 812 fi 813 fi 814 if [ "$IS_I686" = "YES" ]; then 815 SKIP_NEXT="YES" 816 fi 817} 818 819# Calculate the input & output maximum content lengths set in the config 820MAX_CONTENT_LEN=16384 821MAX_IN_LEN=$( get_config_value_or_default "MBEDTLS_SSL_IN_CONTENT_LEN" ) 822MAX_OUT_LEN=$( get_config_value_or_default "MBEDTLS_SSL_OUT_CONTENT_LEN" ) 823 824# Calculate the maximum content length that fits both 825if [ "$MAX_IN_LEN" -lt "$MAX_CONTENT_LEN" ]; then 826 MAX_CONTENT_LEN="$MAX_IN_LEN" 827fi 828if [ "$MAX_OUT_LEN" -lt "$MAX_CONTENT_LEN" ]; then 829 MAX_CONTENT_LEN="$MAX_OUT_LEN" 830fi 831 832# skip the next test if the SSL output buffer is less than 16KB 833requires_full_size_output_buffer() { 834 if [ "$MAX_OUT_LEN" -ne 16384 ]; then 835 SKIP_NEXT="YES" 836 fi 837} 838 839# skip the next test if valgrind is in use 840not_with_valgrind() { 841 if [ "$MEMCHECK" -gt 0 ]; then 842 SKIP_NEXT="YES" 843 fi 844} 845 846# skip the next test if valgrind is NOT in use 847only_with_valgrind() { 848 if [ "$MEMCHECK" -eq 0 ]; then 849 SKIP_NEXT="YES" 850 fi 851} 852 853# multiply the client timeout delay by the given factor for the next test 854client_needs_more_time() { 855 CLI_DELAY_FACTOR=$1 856} 857 858# wait for the given seconds after the client finished in the next test 859server_needs_more_time() { 860 SRV_DELAY_SECONDS=$1 861} 862 863# print_name <name> 864print_name() { 865 TESTS=$(( $TESTS + 1 )) 866 LINE="" 867 868 if [ "$SHOW_TEST_NUMBER" -gt 0 ]; then 869 LINE="$TESTS " 870 fi 871 872 LINE="$LINE$1" 873 printf "%s " "$LINE" 874 LEN=$(( 72 - `echo "$LINE" | wc -c` )) 875 for i in `seq 1 $LEN`; do printf '.'; done 876 printf ' ' 877 878} 879 880# record_outcome <outcome> [<failure-reason>] 881# The test name must be in $NAME. 882# Use $TEST_SUITE_NAME as the test suite name if set. 883record_outcome() { 884 echo "$1" 885 if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then 886 printf '%s;%s;%s;%s;%s;%s\n' \ 887 "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \ 888 "${TEST_SUITE_NAME:-ssl-opt}" "$NAME" \ 889 "$1" "${2-}" \ 890 >>"$MBEDTLS_TEST_OUTCOME_FILE" 891 fi 892} 893unset TEST_SUITE_NAME 894 895# True if the presence of the given pattern in a log definitely indicates 896# that the test has failed. False if the presence is inconclusive. 897# 898# Inputs: 899# * $1: pattern found in the logs 900# * $TIMES_LEFT: >0 if retrying is an option 901# 902# Outputs: 903# * $outcome: set to a retry reason if the pattern is inconclusive, 904# unchanged otherwise. 905# * Return value: 1 if the pattern is inconclusive, 906# 0 if the failure is definitive. 907log_pattern_presence_is_conclusive() { 908 # If we've run out of attempts, then don't retry no matter what. 909 if [ $TIMES_LEFT -eq 0 ]; then 910 return 0 911 fi 912 case $1 in 913 "resend") 914 # An undesired resend may have been caused by the OS dropping or 915 # delaying a packet at an inopportune time. 916 outcome="RETRY(resend)" 917 return 1;; 918 esac 919} 920 921# fail <message> 922fail() { 923 record_outcome "FAIL" "$1" 924 echo " ! $1" 925 926 mv $SRV_OUT o-srv-${TESTS}.log 927 mv $CLI_OUT o-cli-${TESTS}.log 928 if [ -n "$PXY_CMD" ]; then 929 mv $PXY_OUT o-pxy-${TESTS}.log 930 fi 931 echo " ! outputs saved to o-XXX-${TESTS}.log" 932 933 if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then 934 echo " ! server output:" 935 cat o-srv-${TESTS}.log 936 echo " ! ========================================================" 937 echo " ! client output:" 938 cat o-cli-${TESTS}.log 939 if [ -n "$PXY_CMD" ]; then 940 echo " ! ========================================================" 941 echo " ! proxy output:" 942 cat o-pxy-${TESTS}.log 943 fi 944 echo "" 945 fi 946 947 FAILS=$(( $FAILS + 1 )) 948} 949 950# is_polar <cmd_line> 951is_polar() { 952 case "$1" in 953 *ssl_client2*) true;; 954 *ssl_server2*) true;; 955 *) false;; 956 esac 957} 958 959# openssl s_server doesn't have -www with DTLS 960check_osrv_dtls() { 961 case "$SRV_CMD" in 962 *s_server*-dtls*) 963 NEEDS_INPUT=1 964 SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; 965 *) NEEDS_INPUT=0;; 966 esac 967} 968 969# provide input to commands that need it 970provide_input() { 971 if [ $NEEDS_INPUT -eq 0 ]; then 972 return 973 fi 974 975 while true; do 976 echo "HTTP/1.0 200 OK" 977 sleep 1 978 done 979} 980 981# has_mem_err <log_file_name> 982has_mem_err() { 983 if ( grep -F 'All heap blocks were freed -- no leaks are possible' "$1" && 984 grep -F 'ERROR SUMMARY: 0 errors from 0 contexts' "$1" ) > /dev/null 985 then 986 return 1 # false: does not have errors 987 else 988 return 0 # true: has errors 989 fi 990} 991 992# Wait for process $2 named $3 to be listening on port $1. Print error to $4. 993if type lsof >/dev/null 2>/dev/null; then 994 wait_app_start() { 995 newline=' 996' 997 START_TIME=$(date +%s) 998 if [ "$DTLS" -eq 1 ]; then 999 proto=UDP 1000 else 1001 proto=TCP 1002 fi 1003 # Make a tight loop, server normally takes less than 1s to start. 1004 while true; do 1005 SERVER_PIDS=$(lsof -a -n -b -i "$proto:$1" -t) 1006 # When we use a proxy, it will be listening on the same port we 1007 # are checking for as well as the server and lsof will list both. 1008 case ${newline}${SERVER_PIDS}${newline} in 1009 *${newline}${2}${newline}*) break;; 1010 esac 1011 if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then 1012 echo "$3 START TIMEOUT" 1013 echo "$3 START TIMEOUT" >> $4 1014 break 1015 fi 1016 # Linux and *BSD support decimal arguments to sleep. On other 1017 # OSes this may be a tight loop. 1018 sleep 0.1 2>/dev/null || true 1019 done 1020 } 1021else 1022 echo "Warning: lsof not available, wait_app_start = sleep" 1023 wait_app_start() { 1024 sleep "$START_DELAY" 1025 } 1026fi 1027 1028# Wait for server process $2 to be listening on port $1. 1029wait_server_start() { 1030 wait_app_start $1 $2 "SERVER" $SRV_OUT 1031} 1032 1033# Wait for proxy process $2 to be listening on port $1. 1034wait_proxy_start() { 1035 wait_app_start $1 $2 "PROXY" $PXY_OUT 1036} 1037 1038# Given the client or server debug output, parse the unix timestamp that is 1039# included in the first 4 bytes of the random bytes and check that it's within 1040# acceptable bounds 1041check_server_hello_time() { 1042 # Extract the time from the debug (lvl 3) output of the client 1043 SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" 1044 # Get the Unix timestamp for now 1045 CUR_TIME=$(date +'%s') 1046 THRESHOLD_IN_SECS=300 1047 1048 # Check if the ServerHello time was printed 1049 if [ -z "$SERVER_HELLO_TIME" ]; then 1050 return 1 1051 fi 1052 1053 # Check the time in ServerHello is within acceptable bounds 1054 if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then 1055 # The time in ServerHello is at least 5 minutes before now 1056 return 1 1057 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then 1058 # The time in ServerHello is at least 5 minutes later than now 1059 return 1 1060 else 1061 return 0 1062 fi 1063} 1064 1065# Get handshake memory usage from server or client output and put it into the variable specified by the first argument 1066handshake_memory_get() { 1067 OUTPUT_VARIABLE="$1" 1068 OUTPUT_FILE="$2" 1069 1070 # Get memory usage from a pattern like "Heap memory usage after handshake: 23112 bytes. Peak memory usage was 33112" 1071 MEM_USAGE=$(sed -n 's/.*Heap memory usage after handshake: //p' < "$OUTPUT_FILE" | grep -o "[0-9]*" | head -1) 1072 1073 # Check if memory usage was read 1074 if [ -z "$MEM_USAGE" ]; then 1075 echo "Error: Can not read the value of handshake memory usage" 1076 return 1 1077 else 1078 eval "$OUTPUT_VARIABLE=$MEM_USAGE" 1079 return 0 1080 fi 1081} 1082 1083# Get handshake memory usage from server or client output and check if this value 1084# is not higher than the maximum given by the first argument 1085handshake_memory_check() { 1086 MAX_MEMORY="$1" 1087 OUTPUT_FILE="$2" 1088 1089 # Get memory usage 1090 if ! handshake_memory_get "MEMORY_USAGE" "$OUTPUT_FILE"; then 1091 return 1 1092 fi 1093 1094 # Check if memory usage is below max value 1095 if [ "$MEMORY_USAGE" -gt "$MAX_MEMORY" ]; then 1096 echo "\nFailed: Handshake memory usage was $MEMORY_USAGE bytes," \ 1097 "but should be below $MAX_MEMORY bytes" 1098 return 1 1099 else 1100 return 0 1101 fi 1102} 1103 1104# wait for client to terminate and set CLI_EXIT 1105# must be called right after starting the client 1106wait_client_done() { 1107 CLI_PID=$! 1108 1109 CLI_DELAY=$(( $DOG_DELAY * $CLI_DELAY_FACTOR )) 1110 CLI_DELAY_FACTOR=1 1111 1112 ( sleep $CLI_DELAY; echo "===CLIENT_TIMEOUT===" >> $CLI_OUT; kill $CLI_PID ) & 1113 DOG_PID=$! 1114 1115 # For Ubuntu 22.04, `Terminated` message is outputed by wait command. 1116 # To remove it from stdout, redirect stdout/stderr to CLI_OUT 1117 wait $CLI_PID >> $CLI_OUT 2>&1 1118 CLI_EXIT=$? 1119 1120 kill $DOG_PID >/dev/null 2>&1 1121 wait $DOG_PID >> $CLI_OUT 2>&1 1122 1123 echo "EXIT: $CLI_EXIT" >> $CLI_OUT 1124 1125 sleep $SRV_DELAY_SECONDS 1126 SRV_DELAY_SECONDS=0 1127} 1128 1129# check if the given command uses dtls and sets global variable DTLS 1130detect_dtls() { 1131 case "$1" in 1132 *dtls=1*|*-dtls*|*-u*) DTLS=1;; 1133 *) DTLS=0;; 1134 esac 1135} 1136 1137# check if the given command uses gnutls and sets global variable CMD_IS_GNUTLS 1138is_gnutls() { 1139 case "$1" in 1140 *gnutls-cli*) 1141 CMD_IS_GNUTLS=1 1142 ;; 1143 *gnutls-serv*) 1144 CMD_IS_GNUTLS=1 1145 ;; 1146 *) 1147 CMD_IS_GNUTLS=0 1148 ;; 1149 esac 1150} 1151 1152# Some external tools (gnutls or openssl) might not have support for static ECDH 1153# and this limit the tests that can be run with them. This function checks server 1154# and client command lines, given as input, to verify if the current test 1155# is using one of these tools. 1156use_ext_tool_without_ecdh_support() { 1157 case "$1" in 1158 *$GNUTLS_SERV*|\ 1159 *${GNUTLS_NEXT_SERV:-"gnutls-serv-dummy"}*|\ 1160 *${OPENSSL_NEXT:-"openssl-dummy"}*) 1161 echo "yes" 1162 return;; 1163 esac 1164 case "$2" in 1165 *$GNUTLS_CLI*|\ 1166 *${GNUTLS_NEXT_CLI:-"gnutls-cli-dummy"}*|\ 1167 *${OPENSSL_NEXT:-"openssl-dummy"}*) 1168 echo "yes" 1169 return;; 1170 esac 1171 echo "no" 1172} 1173 1174# Generate random psk_list argument for ssl_server2 1175get_srv_psk_list () 1176{ 1177 case $(( TESTS % 3 )) in 1178 0) echo "psk_list=abc,dead,def,beef,Client_identity,6162636465666768696a6b6c6d6e6f70";; 1179 1) echo "psk_list=abc,dead,Client_identity,6162636465666768696a6b6c6d6e6f70,def,beef";; 1180 2) echo "psk_list=Client_identity,6162636465666768696a6b6c6d6e6f70,abc,dead,def,beef";; 1181 esac 1182} 1183 1184# Determine what calc_verify trace is to be expected, if any. 1185# 1186# calc_verify is only called for two things: to calculate the 1187# extended master secret, and to process client authentication. 1188# 1189# Warning: the current implementation assumes that extended_ms is not 1190# disabled on the client or on the server. 1191# 1192# Inputs: 1193# * $1: the value of the server auth_mode parameter. 1194# 'required' if client authentication is expected, 1195# 'none' or absent if not. 1196# * $CONFIGS_ENABLED 1197# 1198# Outputs: 1199# * $maybe_calc_verify: set to a trace expected in the debug logs 1200set_maybe_calc_verify() { 1201 maybe_calc_verify= 1202 case $CONFIGS_ENABLED in 1203 *\ MBEDTLS_SSL_EXTENDED_MASTER_SECRET\ *) :;; 1204 *) 1205 case ${1-} in 1206 ''|none) return;; 1207 required) :;; 1208 *) echo "Bad parameter 1 to set_maybe_calc_verify: $1"; exit 1;; 1209 esac 1210 esac 1211 case $CONFIGS_ENABLED in 1212 *\ MBEDTLS_USE_PSA_CRYPTO\ *) maybe_calc_verify="PSA calc verify";; 1213 *) maybe_calc_verify="<= calc verify";; 1214 esac 1215} 1216 1217# Compare file content 1218# Usage: find_in_both pattern file1 file2 1219# extract from file1 the first line matching the pattern 1220# check in file2 that the same line can be found 1221find_in_both() { 1222 srv_pattern=$(grep -m 1 "$1" "$2"); 1223 if [ -z "$srv_pattern" ]; then 1224 return 1; 1225 fi 1226 1227 if grep "$srv_pattern" $3 >/dev/null; then : 1228 return 0; 1229 else 1230 return 1; 1231 fi 1232} 1233 1234SKIP_HANDSHAKE_CHECK="NO" 1235skip_handshake_stage_check() { 1236 SKIP_HANDSHAKE_CHECK="YES" 1237} 1238 1239# Analyze the commands that will be used in a test. 1240# 1241# Analyze and possibly instrument $PXY_CMD, $CLI_CMD, $SRV_CMD to pass 1242# extra arguments or go through wrappers. 1243# 1244# Inputs: 1245# * $@: supplemental options to run_test() (after the mandatory arguments). 1246# * $CLI_CMD, $PXY_CMD, $SRV_CMD: the client, proxy and server commands. 1247# * $DTLS: 1 if DTLS, otherwise 0. 1248# 1249# Outputs: 1250# * $CLI_CMD, $PXY_CMD, $SRV_CMD: may be tweaked. 1251analyze_test_commands() { 1252 # if the test uses DTLS but no custom proxy, add a simple proxy 1253 # as it provides timing info that's useful to debug failures 1254 if [ -z "$PXY_CMD" ] && [ "$DTLS" -eq 1 ]; then 1255 PXY_CMD="$P_PXY" 1256 case " $SRV_CMD " in 1257 *' server_addr=::1 '*) 1258 PXY_CMD="$PXY_CMD server_addr=::1 listen_addr=::1";; 1259 esac 1260 fi 1261 1262 # update CMD_IS_GNUTLS variable 1263 is_gnutls "$SRV_CMD" 1264 1265 # if the server uses gnutls but doesn't set priority, explicitly 1266 # set the default priority 1267 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 1268 case "$SRV_CMD" in 1269 *--priority*) :;; 1270 *) SRV_CMD="$SRV_CMD --priority=NORMAL";; 1271 esac 1272 fi 1273 1274 # update CMD_IS_GNUTLS variable 1275 is_gnutls "$CLI_CMD" 1276 1277 # if the client uses gnutls but doesn't set priority, explicitly 1278 # set the default priority 1279 if [ "$CMD_IS_GNUTLS" -eq 1 ]; then 1280 case "$CLI_CMD" in 1281 *--priority*) :;; 1282 *) CLI_CMD="$CLI_CMD --priority=NORMAL";; 1283 esac 1284 fi 1285 1286 # fix client port 1287 if [ -n "$PXY_CMD" ]; then 1288 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) 1289 else 1290 CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$SRV_PORT/g ) 1291 fi 1292 1293 # prepend valgrind to our commands if active 1294 if [ "$MEMCHECK" -gt 0 ]; then 1295 if is_polar "$SRV_CMD"; then 1296 SRV_CMD="valgrind --leak-check=full $SRV_CMD" 1297 fi 1298 if is_polar "$CLI_CMD"; then 1299 CLI_CMD="valgrind --leak-check=full $CLI_CMD" 1300 fi 1301 fi 1302} 1303 1304# Check for failure conditions after a test case. 1305# 1306# Inputs from run_test: 1307# * positional parameters: test options (see run_test documentation) 1308# * $CLI_EXIT: client return code 1309# * $CLI_EXPECT: expected client return code 1310# * $SRV_RET: server return code 1311# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files containing client/server/proxy logs 1312# * $TIMES_LEFT: if nonzero, a RETRY outcome is allowed 1313# 1314# Outputs: 1315# * $outcome: one of PASS/RETRY*/FAIL 1316check_test_failure() { 1317 outcome=FAIL 1318 1319 if [ $TIMES_LEFT -gt 0 ] && 1320 grep '===CLIENT_TIMEOUT===' $CLI_OUT >/dev/null 1321 then 1322 outcome="RETRY(client-timeout)" 1323 return 1324 fi 1325 1326 # check if the client and server went at least to the handshake stage 1327 # (useful to avoid tests with only negative assertions and non-zero 1328 # expected client exit to incorrectly succeed in case of catastrophic 1329 # failure) 1330 if [ "X$SKIP_HANDSHAKE_CHECK" != "XYES" ] 1331 then 1332 if is_polar "$SRV_CMD"; then 1333 if grep "Performing the SSL/TLS handshake" $SRV_OUT >/dev/null; then :; 1334 else 1335 fail "server or client failed to reach handshake stage" 1336 return 1337 fi 1338 fi 1339 if is_polar "$CLI_CMD"; then 1340 if grep "Performing the SSL/TLS handshake" $CLI_OUT >/dev/null; then :; 1341 else 1342 fail "server or client failed to reach handshake stage" 1343 return 1344 fi 1345 fi 1346 fi 1347 1348 SKIP_HANDSHAKE_CHECK="NO" 1349 # Check server exit code (only for Mbed TLS: GnuTLS and OpenSSL don't 1350 # exit with status 0 when interrupted by a signal, and we don't really 1351 # care anyway), in case e.g. the server reports a memory leak. 1352 if [ $SRV_RET != 0 ] && is_polar "$SRV_CMD"; then 1353 fail "Server exited with status $SRV_RET" 1354 return 1355 fi 1356 1357 # check client exit code 1358 if [ \( "$CLI_EXPECT" = 0 -a "$CLI_EXIT" != 0 \) -o \ 1359 \( "$CLI_EXPECT" != 0 -a "$CLI_EXIT" = 0 \) ] 1360 then 1361 fail "bad client exit code (expected $CLI_EXPECT, got $CLI_EXIT)" 1362 return 1363 fi 1364 1365 # check other assertions 1366 # lines beginning with == are added by valgrind, ignore them 1367 # lines with 'Serious error when reading debug info', are valgrind issues as well 1368 while [ $# -gt 0 ] 1369 do 1370 case $1 in 1371 "-s") 1372 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 1373 fail "pattern '$2' MUST be present in the Server output" 1374 return 1375 fi 1376 ;; 1377 1378 "-c") 1379 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then :; else 1380 fail "pattern '$2' MUST be present in the Client output" 1381 return 1382 fi 1383 ;; 1384 1385 "-S") 1386 if grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 1387 if log_pattern_presence_is_conclusive "$2"; then 1388 fail "pattern '$2' MUST NOT be present in the Server output" 1389 fi 1390 return 1391 fi 1392 ;; 1393 1394 "-C") 1395 if grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep "$2" >/dev/null; then 1396 if log_pattern_presence_is_conclusive "$2"; then 1397 fail "pattern '$2' MUST NOT be present in the Client output" 1398 fi 1399 return 1400 fi 1401 ;; 1402 1403 # The filtering in the following two options (-u and -U) do the following 1404 # - ignore valgrind output 1405 # - filter out everything but lines right after the pattern occurrences 1406 # - keep one of each non-unique line 1407 # - count how many lines remain 1408 # A line with '--' will remain in the result from previous outputs, so the number of lines in the result will be 1 1409 # if there were no duplicates. 1410 "-U") 1411 if [ $(grep -v '^==' $SRV_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1412 fail "lines following pattern '$2' must be unique in Server output" 1413 return 1414 fi 1415 ;; 1416 1417 "-u") 1418 if [ $(grep -v '^==' $CLI_OUT | grep -v 'Serious error when reading debug info' | grep -A1 "$2" | grep -v "$2" | sort | uniq -d | wc -l) -gt 1 ]; then 1419 fail "lines following pattern '$2' must be unique in Client output" 1420 return 1421 fi 1422 ;; 1423 "-F") 1424 if ! $2 "$SRV_OUT"; then 1425 fail "function call to '$2' failed on Server output" 1426 return 1427 fi 1428 ;; 1429 "-f") 1430 if ! $2 "$CLI_OUT"; then 1431 fail "function call to '$2' failed on Client output" 1432 return 1433 fi 1434 ;; 1435 "-g") 1436 if ! eval "$2 '$SRV_OUT' '$CLI_OUT'"; then 1437 fail "function call to '$2' failed on Server and Client output" 1438 return 1439 fi 1440 ;; 1441 1442 *) 1443 echo "Unknown test: $1" >&2 1444 exit 1 1445 esac 1446 shift 2 1447 done 1448 1449 # check valgrind's results 1450 if [ "$MEMCHECK" -gt 0 ]; then 1451 if is_polar "$SRV_CMD" && has_mem_err $SRV_OUT; then 1452 fail "Server has memory errors" 1453 return 1454 fi 1455 if is_polar "$CLI_CMD" && has_mem_err $CLI_OUT; then 1456 fail "Client has memory errors" 1457 return 1458 fi 1459 fi 1460 1461 # if we're here, everything is ok 1462 outcome=PASS 1463} 1464 1465# Run the current test case: start the server and if applicable the proxy, run 1466# the client, wait for all processes to finish or time out. 1467# 1468# Inputs: 1469# * $NAME: test case name 1470# * $CLI_CMD, $SRV_CMD, $PXY_CMD: commands to run 1471# * $CLI_OUT, $SRV_OUT, $PXY_OUT: files to contain client/server/proxy logs 1472# 1473# Outputs: 1474# * $CLI_EXIT: client return code 1475# * $SRV_RET: server return code 1476do_run_test_once() { 1477 # run the commands 1478 if [ -n "$PXY_CMD" ]; then 1479 printf "# %s\n%s\n" "$NAME" "$PXY_CMD" > $PXY_OUT 1480 $PXY_CMD >> $PXY_OUT 2>&1 & 1481 PXY_PID=$! 1482 wait_proxy_start "$PXY_PORT" "$PXY_PID" 1483 fi 1484 1485 check_osrv_dtls 1486 printf '# %s\n%s\n' "$NAME" "$SRV_CMD" > $SRV_OUT 1487 provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & 1488 SRV_PID=$! 1489 wait_server_start "$SRV_PORT" "$SRV_PID" 1490 1491 printf '# %s\n%s\n' "$NAME" "$CLI_CMD" > $CLI_OUT 1492 # The client must be a subprocess of the script in order for killing it to 1493 # work properly, that's why the ampersand is placed inside the eval command, 1494 # not at the end of the line: the latter approach will spawn eval as a 1495 # subprocess, and the $CLI_CMD as a grandchild. 1496 eval "$CLI_CMD &" >> $CLI_OUT 2>&1 1497 wait_client_done 1498 1499 sleep 0.05 1500 1501 # terminate the server (and the proxy) 1502 kill $SRV_PID 1503 # For Ubuntu 22.04, `Terminated` message is outputed by wait command. 1504 # To remove it from stdout, redirect stdout/stderr to SRV_OUT 1505 wait $SRV_PID >> $SRV_OUT 2>&1 1506 SRV_RET=$? 1507 1508 if [ -n "$PXY_CMD" ]; then 1509 kill $PXY_PID >/dev/null 2>&1 1510 wait $PXY_PID >> $PXY_OUT 2>&1 1511 fi 1512} 1513 1514# Detect if the current test is going to use TLS 1.3 or TLS 1.2. 1515# $1 and $2 contain the server and client command lines, respectively. 1516# 1517# Note: this function only provides some guess about TLS version by simply 1518# looking at the server/client command lines. Even thought this works 1519# for the sake of tests' filtering (especially in conjunction with the 1520# detect_required_features() function), it does NOT guarantee that the 1521# result is accurate. It does not check other conditions, such as: 1522# - we can force a ciphersuite which contains "WITH" in its name, meaning 1523# that we are going to use TLS 1.2 1524# - etc etc 1525get_tls_version() { 1526 # First check if the version is forced on an Mbed TLS peer 1527 case $1 in 1528 *tls12*) 1529 echo "TLS12" 1530 return;; 1531 *tls13*) 1532 echo "TLS13" 1533 return;; 1534 esac 1535 case $2 in 1536 *tls12*) 1537 echo "TLS12" 1538 return;; 1539 *tls13*) 1540 echo "TLS13" 1541 return;; 1542 esac 1543 # Second check if the version is forced on an OpenSSL or GnuTLS peer 1544 case $1 in 1545 tls1_2*) 1546 echo "TLS12" 1547 return;; 1548 *tls1_3) 1549 echo "TLS13" 1550 return;; 1551 esac 1552 case $2 in 1553 *tls1_2) 1554 echo "TLS12" 1555 return;; 1556 *tls1_3) 1557 echo "TLS13" 1558 return;; 1559 esac 1560 # Third if the version is not forced, if TLS 1.3 is enabled then the test 1561 # is aimed to run a TLS 1.3 handshake. 1562 if $P_QUERY -all MBEDTLS_SSL_PROTO_TLS1_3 1563 then 1564 echo "TLS13" 1565 else 1566 echo "TLS12" 1567 fi 1568} 1569 1570# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] 1571# Options: -s pattern pattern that must be present in server output 1572# -c pattern pattern that must be present in client output 1573# -u pattern lines after pattern must be unique in client output 1574# -f call shell function on client output 1575# -S pattern pattern that must be absent in server output 1576# -C pattern pattern that must be absent in client output 1577# -U pattern lines after pattern must be unique in server output 1578# -F call shell function on server output 1579# -g call shell function on server and client output 1580run_test() { 1581 NAME="$1" 1582 shift 1 1583 1584 if is_excluded "$NAME"; then 1585 SKIP_NEXT="NO" 1586 # There was no request to run the test, so don't record its outcome. 1587 return 1588 fi 1589 1590 print_name "$NAME" 1591 1592 # Do we only run numbered tests? 1593 if [ -n "$RUN_TEST_NUMBER" ]; then 1594 case ",$RUN_TEST_NUMBER," in 1595 *",$TESTS,"*) :;; 1596 *) SKIP_NEXT="YES";; 1597 esac 1598 fi 1599 1600 # does this test use a proxy? 1601 if [ "X$1" = "X-p" ]; then 1602 PXY_CMD="$2" 1603 shift 2 1604 else 1605 PXY_CMD="" 1606 fi 1607 1608 # get commands and client output 1609 SRV_CMD="$1" 1610 CLI_CMD="$2" 1611 CLI_EXPECT="$3" 1612 shift 3 1613 1614 # Check if test uses files 1615 case "$SRV_CMD $CLI_CMD" in 1616 *data_files/*) 1617 requires_config_enabled MBEDTLS_FS_IO;; 1618 esac 1619 1620 # Check if the test uses DTLS. 1621 detect_dtls "$SRV_CMD" 1622 if [ "$DTLS" -eq 1 ]; then 1623 requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 1624 fi 1625 1626 # Check if we are trying to use an external tool wich does not support ECDH 1627 EXT_WO_ECDH=$(use_ext_tool_without_ecdh_support "$SRV_CMD" "$CLI_CMD") 1628 1629 # Guess the TLS version which is going to be used 1630 if [ "$EXT_WO_ECDH" = "no" ]; then 1631 TLS_VERSION=$(get_tls_version "$SRV_CMD" "$CLI_CMD") 1632 else 1633 TLS_VERSION="TLS12" 1634 fi 1635 1636 # If the client or server requires certain features that can be detected 1637 # from their command-line arguments, check whether they're enabled. 1638 detect_required_features "$SRV_CMD" "server" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" 1639 detect_required_features "$CLI_CMD" "client" "$TLS_VERSION" "$EXT_WO_ECDH" "$@" 1640 1641 # If we're in a PSK-only build and the test can be adapted to PSK, do that. 1642 maybe_adapt_for_psk "$@" 1643 1644 # should we skip? 1645 if [ "X$SKIP_NEXT" = "XYES" ]; then 1646 SKIP_NEXT="NO" 1647 record_outcome "SKIP" 1648 SKIPS=$(( $SKIPS + 1 )) 1649 return 1650 fi 1651 1652 analyze_test_commands "$@" 1653 1654 # One regular run and two retries 1655 TIMES_LEFT=3 1656 while [ $TIMES_LEFT -gt 0 ]; do 1657 TIMES_LEFT=$(( $TIMES_LEFT - 1 )) 1658 1659 do_run_test_once 1660 1661 check_test_failure "$@" 1662 case $outcome in 1663 PASS) break;; 1664 RETRY*) printf "$outcome ";; 1665 FAIL) return;; 1666 esac 1667 done 1668 1669 # If we get this far, the test case passed. 1670 record_outcome "PASS" 1671 if [ "$PRESERVE_LOGS" -gt 0 ]; then 1672 mv $SRV_OUT o-srv-${TESTS}.log 1673 mv $CLI_OUT o-cli-${TESTS}.log 1674 if [ -n "$PXY_CMD" ]; then 1675 mv $PXY_OUT o-pxy-${TESTS}.log 1676 fi 1677 fi 1678 1679 rm -f $SRV_OUT $CLI_OUT $PXY_OUT 1680} 1681 1682run_test_psa() { 1683 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1684 set_maybe_calc_verify none 1685 run_test "PSA-supported ciphersuite: $1" \ 1686 "$P_SRV debug_level=3 force_version=tls12" \ 1687 "$P_CLI debug_level=3 force_ciphersuite=$1" \ 1688 0 \ 1689 -c "$maybe_calc_verify" \ 1690 -c "calc PSA finished" \ 1691 -s "$maybe_calc_verify" \ 1692 -s "calc PSA finished" \ 1693 -s "Protocol is TLSv1.2" \ 1694 -c "Perform PSA-based ECDH computation."\ 1695 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1696 -S "error" \ 1697 -C "error" 1698 unset maybe_calc_verify 1699} 1700 1701run_test_psa_force_curve() { 1702 requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 1703 set_maybe_calc_verify none 1704 run_test "PSA - ECDH with $1" \ 1705 "$P_SRV debug_level=4 force_version=tls12 groups=$1" \ 1706 "$P_CLI debug_level=4 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 groups=$1" \ 1707 0 \ 1708 -c "$maybe_calc_verify" \ 1709 -c "calc PSA finished" \ 1710 -s "$maybe_calc_verify" \ 1711 -s "calc PSA finished" \ 1712 -s "Protocol is TLSv1.2" \ 1713 -c "Perform PSA-based ECDH computation."\ 1714 -c "Perform PSA-based computation of digest of ServerKeyExchange" \ 1715 -S "error" \ 1716 -C "error" 1717 unset maybe_calc_verify 1718} 1719 1720# Test that the server's memory usage after a handshake is reduced when a client specifies 1721# a maximum fragment length. 1722# first argument ($1) is MFL for SSL client 1723# second argument ($2) is memory usage for SSL client with default MFL (16k) 1724run_test_memory_after_hanshake_with_mfl() 1725{ 1726 # The test passes if the difference is around 2*(16k-MFL) 1727 MEMORY_USAGE_LIMIT="$(( $2 - ( 2 * ( 16384 - $1 )) ))" 1728 1729 # Leave some margin for robustness 1730 MEMORY_USAGE_LIMIT="$(( ( MEMORY_USAGE_LIMIT * 110 ) / 100 ))" 1731 1732 run_test "Handshake memory usage (MFL $1)" \ 1733 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1734 "$P_CLI debug_level=3 \ 1735 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 1736 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM max_frag_len=$1" \ 1737 0 \ 1738 -F "handshake_memory_check $MEMORY_USAGE_LIMIT" 1739} 1740 1741 1742# Test that the server's memory usage after a handshake is reduced when a client specifies 1743# different values of Maximum Fragment Length: default (16k), 4k, 2k, 1k and 512 bytes 1744run_tests_memory_after_hanshake() 1745{ 1746 # all tests in this sequence requires the same configuration (see requires_config_enabled()) 1747 SKIP_THIS_TESTS="$SKIP_NEXT" 1748 1749 # first test with default MFU is to get reference memory usage 1750 MEMORY_USAGE_MFL_16K=0 1751 run_test "Handshake memory usage initial (MFL 16384 - default)" \ 1752 "$P_SRV debug_level=3 auth_mode=required force_version=tls12" \ 1753 "$P_CLI debug_level=3 \ 1754 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 1755 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM" \ 1756 0 \ 1757 -F "handshake_memory_get MEMORY_USAGE_MFL_16K" 1758 1759 SKIP_NEXT="$SKIP_THIS_TESTS" 1760 run_test_memory_after_hanshake_with_mfl 4096 "$MEMORY_USAGE_MFL_16K" 1761 1762 SKIP_NEXT="$SKIP_THIS_TESTS" 1763 run_test_memory_after_hanshake_with_mfl 2048 "$MEMORY_USAGE_MFL_16K" 1764 1765 SKIP_NEXT="$SKIP_THIS_TESTS" 1766 run_test_memory_after_hanshake_with_mfl 1024 "$MEMORY_USAGE_MFL_16K" 1767 1768 SKIP_NEXT="$SKIP_THIS_TESTS" 1769 run_test_memory_after_hanshake_with_mfl 512 "$MEMORY_USAGE_MFL_16K" 1770} 1771 1772cleanup() { 1773 rm -f $CLI_OUT $SRV_OUT $PXY_OUT $SESSION 1774 rm -f context_srv.txt 1775 rm -f context_cli.txt 1776 test -n "${SRV_PID:-}" && kill $SRV_PID >/dev/null 2>&1 1777 test -n "${PXY_PID:-}" && kill $PXY_PID >/dev/null 2>&1 1778 test -n "${CLI_PID:-}" && kill $CLI_PID >/dev/null 2>&1 1779 test -n "${DOG_PID:-}" && kill $DOG_PID >/dev/null 2>&1 1780 exit 1 1781} 1782 1783# 1784# MAIN 1785# 1786 1787get_options "$@" 1788 1789# Make the outcome file path relative to the original directory, not 1790# to .../tests 1791case "$MBEDTLS_TEST_OUTCOME_FILE" in 1792 [!/]*) 1793 MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE" 1794 ;; 1795esac 1796 1797populate_enabled_hash_algs 1798 1799# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell 1800# patterns rather than regular expressions, use a case statement instead 1801# of calling grep. To keep the optimizer simple, it is incomplete and only 1802# detects simple cases: plain substring, everything, nothing. 1803# 1804# As an exception, the character '.' is treated as an ordinary character 1805# if it is the only special character in the string. This is because it's 1806# rare to need "any one character", but needing a literal '.' is common 1807# (e.g. '-f "DTLS 1.2"'). 1808need_grep= 1809case "$FILTER" in 1810 '^$') simple_filter=;; 1811 '.*') simple_filter='*';; 1812 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1813 need_grep=1;; 1814 *) # No regexp or shell-pattern special character 1815 simple_filter="*$FILTER*";; 1816esac 1817case "$EXCLUDE" in 1818 '^$') simple_exclude=;; 1819 '.*') simple_exclude='*';; 1820 *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep 1821 need_grep=1;; 1822 *) # No regexp or shell-pattern special character 1823 simple_exclude="*$EXCLUDE*";; 1824esac 1825if [ -n "$need_grep" ]; then 1826 is_excluded () { 1827 ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" 1828 } 1829else 1830 is_excluded () { 1831 case "$1" in 1832 $simple_exclude) true;; 1833 $simple_filter) false;; 1834 *) true;; 1835 esac 1836 } 1837fi 1838 1839# sanity checks, avoid an avalanche of errors 1840P_SRV_BIN="${P_SRV%%[ ]*}" 1841P_CLI_BIN="${P_CLI%%[ ]*}" 1842P_PXY_BIN="${P_PXY%%[ ]*}" 1843if [ ! -x "$P_SRV_BIN" ]; then 1844 echo "Command '$P_SRV_BIN' is not an executable file" 1845 exit 1 1846fi 1847if [ ! -x "$P_CLI_BIN" ]; then 1848 echo "Command '$P_CLI_BIN' is not an executable file" 1849 exit 1 1850fi 1851if [ ! -x "$P_PXY_BIN" ]; then 1852 echo "Command '$P_PXY_BIN' is not an executable file" 1853 exit 1 1854fi 1855if [ "$MEMCHECK" -gt 0 ]; then 1856 if which valgrind >/dev/null 2>&1; then :; else 1857 echo "Memcheck not possible. Valgrind not found" 1858 exit 1 1859 fi 1860fi 1861if which $OPENSSL >/dev/null 2>&1; then :; else 1862 echo "Command '$OPENSSL' not found" 1863 exit 1 1864fi 1865 1866# used by watchdog 1867MAIN_PID="$$" 1868 1869# We use somewhat arbitrary delays for tests: 1870# - how long do we wait for the server to start (when lsof not available)? 1871# - how long do we allow for the client to finish? 1872# (not to check performance, just to avoid waiting indefinitely) 1873# Things are slower with valgrind, so give extra time here. 1874# 1875# Note: without lsof, there is a trade-off between the running time of this 1876# script and the risk of spurious errors because we didn't wait long enough. 1877# The watchdog delay on the other hand doesn't affect normal running time of 1878# the script, only the case where a client or server gets stuck. 1879if [ "$MEMCHECK" -gt 0 ]; then 1880 START_DELAY=6 1881 DOG_DELAY=60 1882else 1883 START_DELAY=2 1884 DOG_DELAY=20 1885fi 1886 1887# some particular tests need more time: 1888# - for the client, we multiply the usual watchdog limit by a factor 1889# - for the server, we sleep for a number of seconds after the client exits 1890# see client_need_more_time() and server_needs_more_time() 1891CLI_DELAY_FACTOR=1 1892SRV_DELAY_SECONDS=0 1893 1894# fix commands to use this port, force IPv4 while at it 1895# +SRV_PORT will be replaced by either $SRV_PORT or $PXY_PORT later 1896# Note: Using 'localhost' rather than 127.0.0.1 here is unwise, as on many 1897# machines that will resolve to ::1, and we don't want ipv6 here. 1898P_SRV="$P_SRV server_addr=127.0.0.1 server_port=$SRV_PORT" 1899P_CLI="$P_CLI server_addr=127.0.0.1 server_port=+SRV_PORT" 1900P_PXY="$P_PXY server_addr=127.0.0.1 server_port=$SRV_PORT listen_addr=127.0.0.1 listen_port=$PXY_PORT ${SEED:+"seed=$SEED"}" 1901O_SRV="$O_SRV -accept $SRV_PORT" 1902O_CLI="$O_CLI -connect 127.0.0.1:+SRV_PORT" 1903G_SRV="$G_SRV -p $SRV_PORT" 1904G_CLI="$G_CLI -p +SRV_PORT" 1905 1906if [ -n "${OPENSSL_LEGACY:-}" ]; then 1907 O_LEGACY_SRV="$O_LEGACY_SRV -accept $SRV_PORT -dhparam data_files/dhparams.pem" 1908 O_LEGACY_CLI="$O_LEGACY_CLI -connect 127.0.0.1:+SRV_PORT" 1909fi 1910 1911# Newer versions of OpenSSL have a syntax to enable all "ciphers", even 1912# low-security ones. This covers not just cipher suites but also protocol 1913# versions. It is necessary, for example, to use (D)TLS 1.0/1.1 on 1914# OpenSSL 1.1.1f from Ubuntu 20.04. The syntax was only introduced in 1915# OpenSSL 1.1.0 (21e0c1d23afff48601eb93135defddae51f7e2e3) and I can't find 1916# a way to discover it from -help, so check the openssl version. 1917case $($OPENSSL version) in 1918 "OpenSSL 0"*|"OpenSSL 1.0"*) :;; 1919 *) 1920 O_CLI="$O_CLI -cipher ALL@SECLEVEL=0" 1921 O_SRV="$O_SRV -cipher ALL@SECLEVEL=0" 1922 ;; 1923esac 1924 1925if [ -n "${OPENSSL_NEXT:-}" ]; then 1926 O_NEXT_SRV="$O_NEXT_SRV -accept $SRV_PORT" 1927 O_NEXT_SRV_NO_CERT="$O_NEXT_SRV_NO_CERT -accept $SRV_PORT" 1928 O_NEXT_SRV_EARLY_DATA="$O_NEXT_SRV_EARLY_DATA -accept $SRV_PORT" 1929 O_NEXT_CLI="$O_NEXT_CLI -connect 127.0.0.1:+SRV_PORT" 1930 O_NEXT_CLI_NO_CERT="$O_NEXT_CLI_NO_CERT -connect 127.0.0.1:+SRV_PORT" 1931fi 1932 1933if [ -n "${GNUTLS_NEXT_SERV:-}" ]; then 1934 G_NEXT_SRV="$G_NEXT_SRV -p $SRV_PORT" 1935 G_NEXT_SRV_NO_CERT="$G_NEXT_SRV_NO_CERT -p $SRV_PORT" 1936fi 1937 1938if [ -n "${GNUTLS_NEXT_CLI:-}" ]; then 1939 G_NEXT_CLI="$G_NEXT_CLI -p +SRV_PORT" 1940 G_NEXT_CLI_NO_CERT="$G_NEXT_CLI_NO_CERT -p +SRV_PORT localhost" 1941fi 1942 1943# Allow SHA-1, because many of our test certificates use it 1944P_SRV="$P_SRV allow_sha1=1" 1945P_CLI="$P_CLI allow_sha1=1" 1946 1947# Also pick a unique name for intermediate files 1948SRV_OUT="srv_out.$$" 1949CLI_OUT="cli_out.$$" 1950PXY_OUT="pxy_out.$$" 1951SESSION="session.$$" 1952 1953SKIP_NEXT="NO" 1954 1955trap cleanup INT TERM HUP 1956 1957# Basic test 1958 1959# Checks that: 1960# - things work with all ciphersuites active (used with config-full in all.sh) 1961# - the expected parameters are selected 1962requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 1963requires_hash_alg SHA_512 # "signature_algorithm ext: 6" 1964requires_any_configs_enabled "MBEDTLS_ECP_DP_CURVE25519_ENABLED \ 1965 PSA_WANT_ECC_MONTGOMERY_255" 1966run_test "Default, TLS 1.2" \ 1967 "$P_SRV debug_level=3" \ 1968 "$P_CLI force_version=tls12" \ 1969 0 \ 1970 -s "Protocol is TLSv1.2" \ 1971 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" \ 1972 -s "client hello v3, signature_algorithm ext: 6" \ 1973 -s "ECDHE curve: x25519" \ 1974 -S "error" \ 1975 -C "error" 1976 1977requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 1978requires_ciphersuite_enabled TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256 1979run_test "Default, DTLS" \ 1980 "$P_SRV dtls=1" \ 1981 "$P_CLI dtls=1" \ 1982 0 \ 1983 -s "Protocol is DTLSv1.2" \ 1984 -s "Ciphersuite is TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256" 1985 1986# GnuTLS can be setup to send a ClientHello containing a supported versions 1987# extension proposing TLS 1.2 (preferred) and then TLS 1.3. In that case, 1988# a TLS 1.3 and TLS 1.2 capable server is supposed to negotiate TLS 1.2 and 1989# to indicate in the ServerHello that it downgrades from TLS 1.3. The GnuTLS 1990# client then detects the downgrade indication and aborts the handshake even 1991# if TLS 1.2 was its preferred version. Keeping the test even if the 1992# handshake fails eventually as it exercices parts of the Mbed TLS 1993# implementation that are otherwise not exercised. 1994requires_gnutls_tls1_3 1995requires_config_enabled MBEDTLS_DEBUG_C 1996requires_config_enabled MBEDTLS_SSL_SRV_C 1997requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 1998requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 1999requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2000run_test "Server selecting TLS 1.2 over TLS 1.3" \ 2001 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2002 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \ 2003 1 \ 2004 -c "Detected downgrade to TLS 1.2 from TLS 1.3" 2005 2006requires_gnutls_tls1_3 2007requires_config_enabled MBEDTLS_DEBUG_C 2008requires_config_enabled MBEDTLS_SSL_SRV_C 2009requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2010requires_config_disabled MBEDTLS_SSL_PROTO_TLS1_3 2011requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2012run_test "Server selecting TLS 1.2" \ 2013 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2014 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:+VERS-TLS1.3" \ 2015 0 \ 2016 -s "Protocol is TLSv1.2" \ 2017 -c "HTTP/1.0 200 OK" 2018 2019requires_gnutls_tls1_3 2020requires_config_enabled MBEDTLS_DEBUG_C 2021requires_config_enabled MBEDTLS_SSL_SRV_C 2022requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2023requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2024run_test "Server selecting TLS 1.3, over TLS 1.2 if supported" \ 2025 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2026 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2:%DISABLE_TLS13_COMPAT_MODE" \ 2027 0 \ 2028 -s "Protocol is TLSv1.3" \ 2029 -c "HTTP/1.0 200 OK" 2030 2031requires_gnutls_tls1_3 2032requires_config_enabled MBEDTLS_DEBUG_C 2033requires_config_enabled MBEDTLS_SSL_SRV_C 2034requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2035requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 2036requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 2037run_test "Server selecting TLS 1.3, over TLS 1.2 if supported - compat mode enabled" \ 2038 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 2039 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+VERS-TLS1.2" \ 2040 0 \ 2041 -s "Protocol is TLSv1.3" \ 2042 -c "HTTP/1.0 200 OK" 2043 2044requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 2045run_test "TLS client auth: required" \ 2046 "$P_SRV auth_mode=required" \ 2047 "$P_CLI" \ 2048 0 \ 2049 -s "Verifying peer X.509 certificate... ok" 2050 2051run_test "key size: TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2052 "$P_SRV" \ 2053 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2054 0 \ 2055 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2056 -c "Key size is 256" 2057 2058run_test "key size: TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2059 "$P_SRV" \ 2060 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2061 0 \ 2062 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2063 -c "Key size is 128" 2064 2065requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2066requires_hash_alg SHA_256 2067run_test "TLS: password protected client key" \ 2068 "$P_SRV force_version=tls12 auth_mode=required" \ 2069 "$P_CLI crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ 2070 0 2071 2072requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2073requires_hash_alg SHA_256 2074run_test "TLS: password protected server key" \ 2075 "$P_SRV crt_file=data_files/server5.crt key_file=data_files/server5.key.enc key_pwd=PolarSSLTest" \ 2076 "$P_CLI force_version=tls12" \ 2077 0 2078 2079requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2080requires_config_enabled MBEDTLS_RSA_C 2081requires_hash_alg SHA_256 2082run_test "TLS: password protected server key, two certificates" \ 2083 "$P_SRV force_version=tls12\ 2084 key_file=data_files/server5.key.enc key_pwd=PolarSSLTest crt_file=data_files/server5.crt \ 2085 key_file2=data_files/server2.key.enc key_pwd2=PolarSSLTest crt_file2=data_files/server2.crt" \ 2086 "$P_CLI" \ 2087 0 2088 2089requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 2090run_test "CA callback on client" \ 2091 "$P_SRV debug_level=3" \ 2092 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 " \ 2093 0 \ 2094 -c "use CA callback for X.509 CRT verification" \ 2095 -S "error" \ 2096 -C "error" 2097 2098requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 2099requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2100requires_hash_alg SHA_256 2101run_test "CA callback on server" \ 2102 "$P_SRV force_version=tls12 auth_mode=required" \ 2103 "$P_CLI ca_callback=1 debug_level=3 crt_file=data_files/server5.crt \ 2104 key_file=data_files/server5.key" \ 2105 0 \ 2106 -c "use CA callback for X.509 CRT verification" \ 2107 -s "Verifying peer X.509 certificate... ok" \ 2108 -S "error" \ 2109 -C "error" 2110 2111# Test using an EC opaque private key for client authentication 2112requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2113requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2114requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2115requires_hash_alg SHA_256 2116run_test "Opaque key for client authentication: ECDHE-ECDSA" \ 2117 "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server5.crt \ 2118 key_file=data_files/server5.key" \ 2119 "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ 2120 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ 2121 0 \ 2122 -c "key type: Opaque" \ 2123 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2124 -s "Verifying peer X.509 certificate... ok" \ 2125 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2126 -S "error" \ 2127 -C "error" 2128 2129# Test using a RSA opaque private key for client authentication 2130requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2131requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2132requires_config_enabled MBEDTLS_RSA_C 2133requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2134requires_hash_alg SHA_256 2135run_test "Opaque key for client authentication: ECDHE-RSA" \ 2136 "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server2-sha256.crt \ 2137 key_file=data_files/server2.key" \ 2138 "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2139 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2140 0 \ 2141 -c "key type: Opaque" \ 2142 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2143 -s "Verifying peer X.509 certificate... ok" \ 2144 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2145 -S "error" \ 2146 -C "error" 2147 2148requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2149requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2150requires_config_enabled MBEDTLS_RSA_C 2151requires_hash_alg SHA_256 2152run_test "Opaque key for client authentication: DHE-RSA" \ 2153 "$P_SRV force_version=tls12 auth_mode=required crt_file=data_files/server2-sha256.crt \ 2154 key_file=data_files/server2.key" \ 2155 "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2156 key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 2157 key_opaque_algs=rsa-sign-pkcs1,none" \ 2158 0 \ 2159 -c "key type: Opaque" \ 2160 -c "Ciphersuite is TLS-DHE-RSA" \ 2161 -s "Verifying peer X.509 certificate... ok" \ 2162 -s "Ciphersuite is TLS-DHE-RSA" \ 2163 -S "error" \ 2164 -C "error" 2165 2166# Test using an EC opaque private key for server authentication 2167requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2168requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2169requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2170requires_hash_alg SHA_256 2171run_test "Opaque key for server authentication: ECDHE-ECDSA" \ 2172 "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ 2173 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ 2174 "$P_CLI force_version=tls12" \ 2175 0 \ 2176 -c "Verifying peer X.509 certificate... ok" \ 2177 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2178 -s "key types: Opaque, none" \ 2179 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2180 -S "error" \ 2181 -C "error" 2182 2183requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2184requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2185requires_hash_alg SHA_256 2186run_test "Opaque key for server authentication: ECDH-" \ 2187 "$P_SRV auth_mode=required key_opaque=1\ 2188 crt_file=data_files/server5.ku-ka.crt\ 2189 key_file=data_files/server5.key key_opaque_algs=ecdh,none" \ 2190 "$P_CLI force_version=tls12" \ 2191 0 \ 2192 -c "Verifying peer X.509 certificate... ok" \ 2193 -c "Ciphersuite is TLS-ECDH-" \ 2194 -s "key types: Opaque, none" \ 2195 -s "Ciphersuite is TLS-ECDH-" \ 2196 -S "error" \ 2197 -C "error" 2198 2199requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2200requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2201requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE 2202requires_hash_alg SHA_256 2203run_test "Opaque key for server authentication: invalid key: decrypt with ECC key, no async" \ 2204 "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ 2205 key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \ 2206 debug_level=1" \ 2207 "$P_CLI force_version=tls12" \ 2208 1 \ 2209 -s "key types: Opaque, none" \ 2210 -s "error" \ 2211 -c "error" \ 2212 -c "Public key type mismatch" 2213 2214requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2215requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2216requires_config_enabled MBEDTLS_ECDSA_C 2217requires_config_enabled MBEDTLS_RSA_C 2218requires_config_disabled MBEDTLS_SSL_ASYNC_PRIVATE 2219requires_hash_alg SHA_256 2220run_test "Opaque key for server authentication: invalid key: ecdh with RSA key, no async" \ 2221 "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2222 key_file=data_files/server2.key key_opaque_algs=ecdh,none \ 2223 debug_level=1" \ 2224 "$P_CLI force_version=tls12" \ 2225 1 \ 2226 -s "key types: Opaque, none" \ 2227 -s "error" \ 2228 -c "error" \ 2229 -c "Public key type mismatch" 2230 2231requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2232requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2233requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 2234requires_hash_alg SHA_256 2235run_test "Opaque key for server authentication: invalid alg: decrypt with ECC key, async" \ 2236 "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ 2237 key_file=data_files/server5.key key_opaque_algs=rsa-decrypt,none \ 2238 debug_level=1" \ 2239 "$P_CLI force_version=tls12" \ 2240 1 \ 2241 -s "key types: Opaque, none" \ 2242 -s "got ciphersuites in common, but none of them usable" \ 2243 -s "error" \ 2244 -c "error" 2245 2246requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2247requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2248requires_config_enabled MBEDTLS_RSA_C 2249requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 2250requires_hash_alg SHA_256 2251run_test "Opaque key for server authentication: invalid alg: ecdh with RSA key, async" \ 2252 "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2253 key_file=data_files/server2.key key_opaque_algs=ecdh,none \ 2254 debug_level=1" \ 2255 "$P_CLI force_version=tls12" \ 2256 1 \ 2257 -s "key types: Opaque, none" \ 2258 -s "got ciphersuites in common, but none of them usable" \ 2259 -s "error" \ 2260 -c "error" 2261 2262requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2263requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2264requires_hash_alg SHA_256 2265requires_config_enabled MBEDTLS_CCM_C 2266run_test "Opaque key for server authentication: invalid alg: ECDHE-ECDSA with ecdh" \ 2267 "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ 2268 key_file=data_files/server5.key key_opaque_algs=ecdh,none \ 2269 debug_level=1" \ 2270 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 2271 1 \ 2272 -s "key types: Opaque, none" \ 2273 -s "got ciphersuites in common, but none of them usable" \ 2274 -s "error" \ 2275 -c "error" 2276 2277requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2278requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2279requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2280requires_hash_alg SHA_256 2281requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2282run_test "Opaque keys for server authentication: EC keys with different algs, force ECDHE-ECDSA" \ 2283 "$P_SRV force_version=tls12 key_opaque=1 crt_file=data_files/server7.crt \ 2284 key_file=data_files/server7.key key_opaque_algs=ecdh,none \ 2285 crt_file2=data_files/server5.crt key_file2=data_files/server5.key \ 2286 key_opaque_algs2=ecdsa-sign,none" \ 2287 "$P_CLI force_version=tls12" \ 2288 0 \ 2289 -c "Verifying peer X.509 certificate... ok" \ 2290 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2291 -c "CN=Polarssl Test EC CA" \ 2292 -s "key types: Opaque, Opaque" \ 2293 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2294 -S "error" \ 2295 -C "error" 2296 2297requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2298requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2299requires_hash_alg SHA_384 2300requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2301run_test "Opaque keys for server authentication: EC keys with different algs, force ECDH-ECDSA" \ 2302 "$P_SRV key_opaque=1 crt_file=data_files/server7.crt \ 2303 key_file=data_files/server7.key key_opaque_algs=ecdsa-sign,none \ 2304 crt_file2=data_files/server5.crt key_file2=data_files/server5.key \ 2305 key_opaque_algs2=ecdh,none debug_level=3" \ 2306 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDH-ECDSA-WITH-CAMELLIA-256-CBC-SHA384" \ 2307 0 \ 2308 -c "Verifying peer X.509 certificate... ok" \ 2309 -c "Ciphersuite is TLS-ECDH-ECDSA" \ 2310 -c "CN=Polarssl Test EC CA" \ 2311 -s "key types: Opaque, Opaque" \ 2312 -s "Ciphersuite is TLS-ECDH-ECDSA" \ 2313 -S "error" \ 2314 -C "error" 2315 2316requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2317requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2318requires_hash_alg SHA_384 2319requires_config_enabled MBEDTLS_CCM_C 2320requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2321run_test "Opaque keys for server authentication: EC + RSA, force ECDHE-ECDSA" \ 2322 "$P_SRV key_opaque=1 crt_file=data_files/server5.crt \ 2323 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none \ 2324 crt_file2=data_files/server2-sha256.crt \ 2325 key_file2=data_files/server2.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2326 "$P_CLI force_version=tls12 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-CCM" \ 2327 0 \ 2328 -c "Verifying peer X.509 certificate... ok" \ 2329 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2330 -c "CN=Polarssl Test EC CA" \ 2331 -s "key types: Opaque, Opaque" \ 2332 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2333 -S "error" \ 2334 -C "error" 2335 2336requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2337requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2338requires_config_enabled MBEDTLS_RSA_C 2339requires_config_enabled MBEDTLS_SSL_SRV_C 2340requires_config_enabled MBEDTLS_SSL_CLI_C 2341run_test "TLS 1.3 opaque key: no suitable algorithm found" \ 2342 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,none" \ 2343 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2344 1 \ 2345 -c "key type: Opaque" \ 2346 -s "key types: Opaque, Opaque" \ 2347 -c "error" \ 2348 -s "no suitable signature algorithm" 2349 2350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2351requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2352requires_config_enabled MBEDTLS_RSA_C 2353requires_config_enabled MBEDTLS_SSL_SRV_C 2354requires_config_enabled MBEDTLS_SSL_CLI_C 2355run_test "TLS 1.3 opaque key: suitable algorithm found" \ 2356 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2357 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2358 0 \ 2359 -c "key type: Opaque" \ 2360 -s "key types: Opaque, Opaque" \ 2361 -C "error" \ 2362 -S "error" 2363 2364requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2365requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2366requires_config_enabled MBEDTLS_RSA_C 2367requires_config_enabled MBEDTLS_SSL_SRV_C 2368requires_config_enabled MBEDTLS_SSL_CLI_C 2369run_test "TLS 1.3 opaque key: first client sig alg not suitable" \ 2370 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs=rsa-sign-pss-sha512,none" \ 2371 "$P_CLI debug_level=4 sig_algs=rsa_pss_rsae_sha256,rsa_pss_rsae_sha512" \ 2372 0 \ 2373 -s "key types: Opaque, Opaque" \ 2374 -s "CertificateVerify signature failed with rsa_pss_rsae_sha256" \ 2375 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 2376 -C "error" \ 2377 -S "error" \ 2378 2379requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 2380requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2381requires_config_enabled MBEDTLS_RSA_C 2382requires_config_enabled MBEDTLS_SSL_SRV_C 2383requires_config_enabled MBEDTLS_SSL_CLI_C 2384run_test "TLS 1.3 opaque key: 2 keys on server, suitable algorithm found" \ 2385 "$P_SRV debug_level=4 auth_mode=required key_opaque=1 key_opaque_algs2=ecdsa-sign,none key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2386 "$P_CLI debug_level=4 key_opaque=1 key_opaque_algs=rsa-decrypt,rsa-sign-pss" \ 2387 0 \ 2388 -c "key type: Opaque" \ 2389 -s "key types: Opaque, Opaque" \ 2390 -C "error" \ 2391 -S "error" \ 2392 2393# Test using a RSA opaque private key for server authentication 2394requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2395requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2396requires_config_enabled MBEDTLS_RSA_C 2397requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2398requires_hash_alg SHA_256 2399run_test "Opaque key for server authentication: ECDHE-RSA" \ 2400 "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2401 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2402 "$P_CLI force_version=tls12" \ 2403 0 \ 2404 -c "Verifying peer X.509 certificate... ok" \ 2405 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2406 -s "key types: Opaque, none" \ 2407 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2408 -S "error" \ 2409 -C "error" 2410 2411requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2412requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2413requires_config_enabled MBEDTLS_RSA_C 2414requires_hash_alg SHA_256 2415run_test "Opaque key for server authentication: DHE-RSA" \ 2416 "$P_SRV key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2417 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2418 "$P_CLI force_version=tls12 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2419 0 \ 2420 -c "Verifying peer X.509 certificate... ok" \ 2421 -c "Ciphersuite is TLS-DHE-RSA" \ 2422 -s "key types: Opaque, none" \ 2423 -s "Ciphersuite is TLS-DHE-RSA" \ 2424 -S "error" \ 2425 -C "error" 2426 2427requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2428requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2429requires_config_enabled MBEDTLS_RSA_C 2430requires_hash_alg SHA_256 2431run_test "Opaque key for server authentication: RSA-PSK" \ 2432 "$P_SRV debug_level=1 key_opaque=1 key_opaque_algs=rsa-decrypt,none \ 2433 psk=abc123 psk_identity=foo" \ 2434 "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ 2435 psk=abc123 psk_identity=foo" \ 2436 0 \ 2437 -c "Verifying peer X.509 certificate... ok" \ 2438 -c "Ciphersuite is TLS-RSA-PSK-" \ 2439 -s "key types: Opaque, Opaque" \ 2440 -s "Ciphersuite is TLS-RSA-PSK-" \ 2441 -S "error" \ 2442 -C "error" 2443 2444requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2445requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2446requires_config_enabled MBEDTLS_RSA_C 2447requires_hash_alg SHA_256 2448run_test "Opaque key for server authentication: RSA-" \ 2449 "$P_SRV debug_level=3 key_opaque=1 key_opaque_algs=rsa-decrypt,none " \ 2450 "$P_CLI force_version=tls12 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA256" \ 2451 0 \ 2452 -c "Verifying peer X.509 certificate... ok" \ 2453 -c "Ciphersuite is TLS-RSA-" \ 2454 -s "key types: Opaque, Opaque" \ 2455 -s "Ciphersuite is TLS-RSA-" \ 2456 -S "error" \ 2457 -C "error" 2458 2459requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2460requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2461requires_config_enabled MBEDTLS_RSA_C 2462requires_hash_alg SHA_256 2463run_test "Opaque key for server authentication: DHE-RSA, PSS instead of PKCS1" \ 2464 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2465 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none debug_level=1" \ 2466 "$P_CLI crt_file=data_files/server2-sha256.crt \ 2467 key_file=data_files/server2.key force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2468 1 \ 2469 -s "key types: Opaque, none" \ 2470 -s "got ciphersuites in common, but none of them usable" \ 2471 -s "error" \ 2472 -c "error" 2473 2474requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2475requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2476requires_config_enabled MBEDTLS_RSA_C 2477requires_hash_alg SHA_256 2478requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2479requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2480run_test "Opaque keys for server authentication: RSA keys with different algs" \ 2481 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2482 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pss,none \ 2483 crt_file2=data_files/server4.crt \ 2484 key_file2=data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2485 "$P_CLI force_version=tls12" \ 2486 0 \ 2487 -c "Verifying peer X.509 certificate... ok" \ 2488 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2489 -c "CN=Polarssl Test EC CA" \ 2490 -s "key types: Opaque, Opaque" \ 2491 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2492 -S "error" \ 2493 -C "error" 2494 2495requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2496requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2497requires_config_enabled MBEDTLS_RSA_C 2498requires_hash_alg SHA_384 2499requires_config_enabled MBEDTLS_GCM_C 2500requires_config_disabled MBEDTLS_X509_REMOVE_INFO 2501run_test "Opaque keys for server authentication: EC + RSA, force DHE-RSA" \ 2502 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ 2503 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none \ 2504 crt_file2=data_files/server4.crt \ 2505 key_file2=data_files/server4.key key_opaque_algs2=rsa-sign-pkcs1,none" \ 2506 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2507 0 \ 2508 -c "Verifying peer X.509 certificate... ok" \ 2509 -c "Ciphersuite is TLS-DHE-RSA" \ 2510 -c "CN=Polarssl Test EC CA" \ 2511 -s "key types: Opaque, Opaque" \ 2512 -s "Ciphersuite is TLS-DHE-RSA" \ 2513 -S "error" \ 2514 -C "error" 2515 2516# Test using an EC opaque private key for client/server authentication 2517requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2518requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2519requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 2520requires_hash_alg SHA_256 2521run_test "Opaque key for client/server authentication: ECDHE-ECDSA" \ 2522 "$P_SRV force_version=tls12 auth_mode=required key_opaque=1 crt_file=data_files/server5.crt \ 2523 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ 2524 "$P_CLI key_opaque=1 crt_file=data_files/server5.crt \ 2525 key_file=data_files/server5.key key_opaque_algs=ecdsa-sign,none" \ 2526 0 \ 2527 -c "key type: Opaque" \ 2528 -c "Verifying peer X.509 certificate... ok" \ 2529 -c "Ciphersuite is TLS-ECDHE-ECDSA" \ 2530 -s "key types: Opaque, none" \ 2531 -s "Verifying peer X.509 certificate... ok" \ 2532 -s "Ciphersuite is TLS-ECDHE-ECDSA" \ 2533 -S "error" \ 2534 -C "error" 2535 2536# Test using a RSA opaque private key for client/server authentication 2537requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2538requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2539requires_config_enabled MBEDTLS_RSA_C 2540requires_hash_alg SHA_256 2541requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED 2542run_test "Opaque key for client/server authentication: ECDHE-RSA" \ 2543 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2544 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2545 "$P_CLI force_version=tls12 key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2546 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2547 0 \ 2548 -c "key type: Opaque" \ 2549 -c "Verifying peer X.509 certificate... ok" \ 2550 -c "Ciphersuite is TLS-ECDHE-RSA" \ 2551 -s "key types: Opaque, none" \ 2552 -s "Verifying peer X.509 certificate... ok" \ 2553 -s "Ciphersuite is TLS-ECDHE-RSA" \ 2554 -S "error" \ 2555 -C "error" 2556 2557requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 2558requires_config_enabled MBEDTLS_X509_CRT_PARSE_C 2559requires_config_enabled MBEDTLS_RSA_C 2560requires_hash_alg SHA_256 2561run_test "Opaque key for client/server authentication: DHE-RSA" \ 2562 "$P_SRV auth_mode=required key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2563 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none" \ 2564 "$P_CLI key_opaque=1 crt_file=data_files/server2-sha256.crt \ 2565 key_file=data_files/server2.key key_opaque_algs=rsa-sign-pkcs1,none \ 2566 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 2567 0 \ 2568 -c "key type: Opaque" \ 2569 -c "Verifying peer X.509 certificate... ok" \ 2570 -c "Ciphersuite is TLS-DHE-RSA" \ 2571 -s "key types: Opaque, none" \ 2572 -s "Verifying peer X.509 certificate... ok" \ 2573 -s "Ciphersuite is TLS-DHE-RSA" \ 2574 -S "error" \ 2575 -C "error" 2576 2577 2578# Test ciphersuites which we expect to be fully supported by PSA Crypto 2579# and check that we don't fall back to Mbed TLS' internal crypto primitives. 2580run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM 2581run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 2582run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM 2583run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CCM-8 2584run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 2585run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 2586run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA 2587run_test_psa TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 2588run_test_psa TLS-ECDHE-ECDSA-WITH-AES-256-CBC-SHA384 2589 2590requires_config_enabled MBEDTLS_ECP_DP_SECP521R1_ENABLED 2591run_test_psa_force_curve "secp521r1" 2592requires_config_enabled MBEDTLS_ECP_DP_BP512R1_ENABLED 2593run_test_psa_force_curve "brainpoolP512r1" 2594requires_config_enabled MBEDTLS_ECP_DP_SECP384R1_ENABLED 2595run_test_psa_force_curve "secp384r1" 2596requires_config_enabled MBEDTLS_ECP_DP_BP384R1_ENABLED 2597run_test_psa_force_curve "brainpoolP384r1" 2598requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 2599run_test_psa_force_curve "secp256r1" 2600requires_config_enabled MBEDTLS_ECP_DP_SECP256K1_ENABLED 2601run_test_psa_force_curve "secp256k1" 2602requires_config_enabled MBEDTLS_ECP_DP_BP256R1_ENABLED 2603run_test_psa_force_curve "brainpoolP256r1" 2604requires_config_enabled MBEDTLS_ECP_DP_SECP224R1_ENABLED 2605run_test_psa_force_curve "secp224r1" 2606## SECP224K1 is buggy via the PSA API 2607## (https://github.com/Mbed-TLS/mbedtls/issues/3541), 2608## so it is disabled in PSA even when it's enabled in Mbed TLS. 2609## The proper dependency would be on PSA_WANT_ECC_SECP_K1_224 but 2610## dependencies on PSA symbols in ssl-opt.sh are not implemented yet. 2611#requires_config_enabled MBEDTLS_ECP_DP_SECP224K1_ENABLED 2612#run_test_psa_force_curve "secp224k1" 2613requires_config_enabled MBEDTLS_ECP_DP_SECP192R1_ENABLED 2614run_test_psa_force_curve "secp192r1" 2615requires_config_enabled MBEDTLS_ECP_DP_SECP192K1_ENABLED 2616run_test_psa_force_curve "secp192k1" 2617 2618# Test current time in ServerHello 2619requires_config_enabled MBEDTLS_HAVE_TIME 2620run_test "ServerHello contains gmt_unix_time" \ 2621 "$P_SRV debug_level=3" \ 2622 "$P_CLI force_version=tls12 debug_level=3" \ 2623 0 \ 2624 -f "check_server_hello_time" \ 2625 -F "check_server_hello_time" 2626 2627# Test for uniqueness of IVs in AEAD ciphersuites 2628run_test "Unique IV in GCM" \ 2629 "$P_SRV exchanges=20 debug_level=4" \ 2630 "$P_CLI exchanges=20 debug_level=4 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 2631 0 \ 2632 -u "IV used" \ 2633 -U "IV used" 2634 2635# Test for correctness of sent single supported algorithm 2636requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ 2637 PSA_WANT_ECC_SECP_R1_256" 2638requires_config_enabled MBEDTLS_DEBUG_C 2639requires_config_enabled MBEDTLS_SSL_CLI_C 2640requires_config_enabled MBEDTLS_SSL_SRV_C 2641requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 2642requires_pk_alg "ECDSA" 2643requires_hash_alg SHA_256 2644run_test "Single supported algorithm sending: mbedtls client" \ 2645 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ 2646 "$P_CLI force_version=tls12 sig_algs=ecdsa_secp256r1_sha256 debug_level=3" \ 2647 0 \ 2648 -c "Supported Signature Algorithm found: 04 03" 2649 2650requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2651requires_config_enabled MBEDTLS_SSL_SRV_C 2652requires_any_configs_enabled "MBEDTLS_ECP_DP_SECP256R1_ENABLED \ 2653 PSA_WANT_ECC_SECP_R1_256" 2654requires_hash_alg SHA_256 2655run_test "Single supported algorithm sending: openssl client" \ 2656 "$P_SRV sig_algs=ecdsa_secp256r1_sha256 auth_mode=required" \ 2657 "$O_CLI -cert data_files/server6.crt \ 2658 -key data_files/server6.key" \ 2659 0 2660 2661# Tests for certificate verification callback 2662run_test "Configuration-specific CRT verification callback" \ 2663 "$P_SRV debug_level=3" \ 2664 "$P_CLI force_version=tls12 context_crt_cb=0 debug_level=3" \ 2665 0 \ 2666 -S "error" \ 2667 -c "Verify requested for " \ 2668 -c "Use configuration-specific verification callback" \ 2669 -C "Use context-specific verification callback" \ 2670 -C "error" 2671 2672run_test "Context-specific CRT verification callback" \ 2673 "$P_SRV debug_level=3" \ 2674 "$P_CLI force_version=tls12 context_crt_cb=1 debug_level=3" \ 2675 0 \ 2676 -S "error" \ 2677 -c "Verify requested for " \ 2678 -c "Use context-specific verification callback" \ 2679 -C "Use configuration-specific verification callback" \ 2680 -C "error" 2681 2682# Tests for SHA-1 support 2683run_test "SHA-1 forbidden by default in server certificate" \ 2684 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 2685 "$P_CLI debug_level=2 force_version=tls12 allow_sha1=0" \ 2686 1 \ 2687 -c "The certificate is signed with an unacceptable hash" 2688 2689run_test "SHA-1 explicitly allowed in server certificate" \ 2690 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \ 2691 "$P_CLI force_version=tls12 allow_sha1=1" \ 2692 0 2693 2694run_test "SHA-256 allowed by default in server certificate" \ 2695 "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \ 2696 "$P_CLI force_version=tls12 allow_sha1=0" \ 2697 0 2698 2699run_test "SHA-1 forbidden by default in client certificate" \ 2700 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ 2701 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 2702 1 \ 2703 -s "The certificate is signed with an unacceptable hash" 2704 2705run_test "SHA-1 explicitly allowed in client certificate" \ 2706 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=1" \ 2707 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \ 2708 0 2709 2710run_test "SHA-256 allowed by default in client certificate" \ 2711 "$P_SRV force_version=tls12 auth_mode=required allow_sha1=0" \ 2712 "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \ 2713 0 2714 2715# Tests for datagram packing 2716requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2717run_test "DTLS: multiple records in same datagram, client and server" \ 2718 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 2719 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 2720 0 \ 2721 -c "next record in same datagram" \ 2722 -s "next record in same datagram" 2723 2724requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2725run_test "DTLS: multiple records in same datagram, client only" \ 2726 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 2727 "$P_CLI dtls=1 dgram_packing=1 debug_level=2" \ 2728 0 \ 2729 -s "next record in same datagram" \ 2730 -C "next record in same datagram" 2731 2732requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2733run_test "DTLS: multiple records in same datagram, server only" \ 2734 "$P_SRV dtls=1 dgram_packing=1 debug_level=2" \ 2735 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 2736 0 \ 2737 -S "next record in same datagram" \ 2738 -c "next record in same datagram" 2739 2740requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2741run_test "DTLS: multiple records in same datagram, neither client nor server" \ 2742 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 2743 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 2744 0 \ 2745 -S "next record in same datagram" \ 2746 -C "next record in same datagram" 2747 2748# Tests for Context serialization 2749 2750requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2751run_test "Context serialization, client serializes, CCM" \ 2752 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2753 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2754 0 \ 2755 -c "Deserializing connection..." \ 2756 -S "Deserializing connection..." 2757 2758requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2759run_test "Context serialization, client serializes, ChaChaPoly" \ 2760 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2761 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2762 0 \ 2763 -c "Deserializing connection..." \ 2764 -S "Deserializing connection..." 2765 2766requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2767run_test "Context serialization, client serializes, GCM" \ 2768 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2769 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2770 0 \ 2771 -c "Deserializing connection..." \ 2772 -S "Deserializing connection..." 2773 2774requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2775requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2776requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2777run_test "Context serialization, client serializes, with CID" \ 2778 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 2779 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 2780 0 \ 2781 -c "Deserializing connection..." \ 2782 -S "Deserializing connection..." 2783 2784requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2785run_test "Context serialization, server serializes, CCM" \ 2786 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2787 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2788 0 \ 2789 -C "Deserializing connection..." \ 2790 -s "Deserializing connection..." 2791 2792requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2793run_test "Context serialization, server serializes, ChaChaPoly" \ 2794 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2795 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2796 0 \ 2797 -C "Deserializing connection..." \ 2798 -s "Deserializing connection..." 2799 2800requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2801run_test "Context serialization, server serializes, GCM" \ 2802 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2803 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2804 0 \ 2805 -C "Deserializing connection..." \ 2806 -s "Deserializing connection..." 2807 2808requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2809requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2810requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2811run_test "Context serialization, server serializes, with CID" \ 2812 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 2813 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 2814 0 \ 2815 -C "Deserializing connection..." \ 2816 -s "Deserializing connection..." 2817 2818requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2819run_test "Context serialization, both serialize, CCM" \ 2820 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2821 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2822 0 \ 2823 -c "Deserializing connection..." \ 2824 -s "Deserializing connection..." 2825 2826requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2827run_test "Context serialization, both serialize, ChaChaPoly" \ 2828 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2829 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2830 0 \ 2831 -c "Deserializing connection..." \ 2832 -s "Deserializing connection..." 2833 2834requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2835run_test "Context serialization, both serialize, GCM" \ 2836 "$P_SRV dtls=1 serialize=1 exchanges=2" \ 2837 "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2838 0 \ 2839 -c "Deserializing connection..." \ 2840 -s "Deserializing connection..." 2841 2842requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2843requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2844requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2845run_test "Context serialization, both serialize, with CID" \ 2846 "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \ 2847 "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \ 2848 0 \ 2849 -c "Deserializing connection..." \ 2850 -s "Deserializing connection..." 2851 2852requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2853run_test "Context serialization, re-init, client serializes, CCM" \ 2854 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2855 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2856 0 \ 2857 -c "Deserializing connection..." \ 2858 -S "Deserializing connection..." 2859 2860requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2861requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2862run_test "Context serialization, re-init, client serializes, ChaChaPoly" \ 2863 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2864 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2865 0 \ 2866 -c "Deserializing connection..." \ 2867 -S "Deserializing connection..." 2868 2869requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2870run_test "Context serialization, re-init, client serializes, GCM" \ 2871 "$P_SRV dtls=1 serialize=0 exchanges=2" \ 2872 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 2873 0 \ 2874 -c "Deserializing connection..." \ 2875 -S "Deserializing connection..." 2876 2877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2878requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2879requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2880run_test "Context serialization, re-init, client serializes, with CID" \ 2881 "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \ 2882 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 2883 0 \ 2884 -c "Deserializing connection..." \ 2885 -S "Deserializing connection..." 2886 2887requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2888run_test "Context serialization, re-init, server serializes, CCM" \ 2889 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2890 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2891 0 \ 2892 -C "Deserializing connection..." \ 2893 -s "Deserializing connection..." 2894 2895requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2896run_test "Context serialization, re-init, server serializes, ChaChaPoly" \ 2897 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2898 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2899 0 \ 2900 -C "Deserializing connection..." \ 2901 -s "Deserializing connection..." 2902 2903requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2904run_test "Context serialization, re-init, server serializes, GCM" \ 2905 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2906 "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2907 0 \ 2908 -C "Deserializing connection..." \ 2909 -s "Deserializing connection..." 2910 2911requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2912requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2913requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2914run_test "Context serialization, re-init, server serializes, with CID" \ 2915 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 2916 "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \ 2917 0 \ 2918 -C "Deserializing connection..." \ 2919 -s "Deserializing connection..." 2920 2921requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2922run_test "Context serialization, re-init, both serialize, CCM" \ 2923 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2924 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 2925 0 \ 2926 -c "Deserializing connection..." \ 2927 -s "Deserializing connection..." 2928 2929requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2930run_test "Context serialization, re-init, both serialize, ChaChaPoly" \ 2931 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2932 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2933 0 \ 2934 -c "Deserializing connection..." \ 2935 -s "Deserializing connection..." 2936 2937requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2938run_test "Context serialization, re-init, both serialize, GCM" \ 2939 "$P_SRV dtls=1 serialize=2 exchanges=2" \ 2940 "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \ 2941 0 \ 2942 -c "Deserializing connection..." \ 2943 -s "Deserializing connection..." 2944 2945requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2946requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2947requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2948run_test "Context serialization, re-init, both serialize, with CID" \ 2949 "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \ 2950 "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \ 2951 0 \ 2952 -c "Deserializing connection..." \ 2953 -s "Deserializing connection..." 2954 2955requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2956requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION 2957run_test "Saving the serialized context to a file" \ 2958 "$P_SRV dtls=1 serialize=1 context_file=context_srv.txt" \ 2959 "$P_CLI dtls=1 serialize=1 context_file=context_cli.txt" \ 2960 0 \ 2961 -s "Save serialized context to a file... ok" \ 2962 -c "Save serialized context to a file... ok" 2963rm -f context_srv.txt 2964rm -f context_cli.txt 2965 2966# Tests for DTLS Connection ID extension 2967 2968# So far, the CID API isn't implemented, so we can't 2969# grep for output witnessing its use. This needs to be 2970# changed once the CID extension is implemented. 2971 2972requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2973requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2974run_test "Connection ID: Cli enabled, Srv disabled" \ 2975 "$P_SRV debug_level=3 dtls=1 cid=0" \ 2976 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2977 0 \ 2978 -s "Disable use of CID extension." \ 2979 -s "found CID extension" \ 2980 -s "Client sent CID extension, but CID disabled" \ 2981 -c "Enable use of CID extension." \ 2982 -c "client hello, adding CID extension" \ 2983 -S "server hello, adding CID extension" \ 2984 -C "found CID extension" \ 2985 -S "Copy CIDs into SSL transform" \ 2986 -C "Copy CIDs into SSL transform" \ 2987 -c "Use of Connection ID was rejected by the server" 2988 2989requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 2990requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 2991run_test "Connection ID: Cli disabled, Srv enabled" \ 2992 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 2993 "$P_CLI debug_level=3 dtls=1 cid=0" \ 2994 0 \ 2995 -c "Disable use of CID extension." \ 2996 -C "client hello, adding CID extension" \ 2997 -S "found CID extension" \ 2998 -s "Enable use of CID extension." \ 2999 -S "server hello, adding CID extension" \ 3000 -C "found CID extension" \ 3001 -S "Copy CIDs into SSL transform" \ 3002 -C "Copy CIDs into SSL transform" \ 3003 -s "Use of Connection ID was not offered by client" 3004 3005requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3006requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3007run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3008 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3009 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef" \ 3010 0 \ 3011 -c "Enable use of CID extension." \ 3012 -s "Enable use of CID extension." \ 3013 -c "client hello, adding CID extension" \ 3014 -s "found CID extension" \ 3015 -s "Use of CID extension negotiated" \ 3016 -s "server hello, adding CID extension" \ 3017 -c "found CID extension" \ 3018 -c "Use of CID extension negotiated" \ 3019 -s "Copy CIDs into SSL transform" \ 3020 -c "Copy CIDs into SSL transform" \ 3021 -c "Peer CID (length 2 Bytes): de ad" \ 3022 -s "Peer CID (length 2 Bytes): be ef" \ 3023 -s "Use of Connection ID has been negotiated" \ 3024 -c "Use of Connection ID has been negotiated" 3025 3026requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3027requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3028run_test "Connection ID, 3D: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3029 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3030 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead" \ 3031 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef" \ 3032 0 \ 3033 -c "Enable use of CID extension." \ 3034 -s "Enable use of CID extension." \ 3035 -c "client hello, adding CID extension" \ 3036 -s "found CID extension" \ 3037 -s "Use of CID extension negotiated" \ 3038 -s "server hello, adding CID extension" \ 3039 -c "found CID extension" \ 3040 -c "Use of CID extension negotiated" \ 3041 -s "Copy CIDs into SSL transform" \ 3042 -c "Copy CIDs into SSL transform" \ 3043 -c "Peer CID (length 2 Bytes): de ad" \ 3044 -s "Peer CID (length 2 Bytes): be ef" \ 3045 -s "Use of Connection ID has been negotiated" \ 3046 -c "Use of Connection ID has been negotiated" \ 3047 -c "ignoring unexpected CID" \ 3048 -s "ignoring unexpected CID" 3049 3050requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3051requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3052run_test "Connection ID, MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3053 -p "$P_PXY mtu=800" \ 3054 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 3055 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 3056 0 \ 3057 -c "Enable use of CID extension." \ 3058 -s "Enable use of CID extension." \ 3059 -c "client hello, adding CID extension" \ 3060 -s "found CID extension" \ 3061 -s "Use of CID extension negotiated" \ 3062 -s "server hello, adding CID extension" \ 3063 -c "found CID extension" \ 3064 -c "Use of CID extension negotiated" \ 3065 -s "Copy CIDs into SSL transform" \ 3066 -c "Copy CIDs into SSL transform" \ 3067 -c "Peer CID (length 2 Bytes): de ad" \ 3068 -s "Peer CID (length 2 Bytes): be ef" \ 3069 -s "Use of Connection ID has been negotiated" \ 3070 -c "Use of Connection ID has been negotiated" 3071 3072requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3073requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3074run_test "Connection ID, 3D+MTU: Cli+Srv enabled, Cli+Srv CID nonempty" \ 3075 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3076 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead" \ 3077 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef" \ 3078 0 \ 3079 -c "Enable use of CID extension." \ 3080 -s "Enable use of CID extension." \ 3081 -c "client hello, adding CID extension" \ 3082 -s "found CID extension" \ 3083 -s "Use of CID extension negotiated" \ 3084 -s "server hello, adding CID extension" \ 3085 -c "found CID extension" \ 3086 -c "Use of CID extension negotiated" \ 3087 -s "Copy CIDs into SSL transform" \ 3088 -c "Copy CIDs into SSL transform" \ 3089 -c "Peer CID (length 2 Bytes): de ad" \ 3090 -s "Peer CID (length 2 Bytes): be ef" \ 3091 -s "Use of Connection ID has been negotiated" \ 3092 -c "Use of Connection ID has been negotiated" \ 3093 -c "ignoring unexpected CID" \ 3094 -s "ignoring unexpected CID" 3095 3096requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3097requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3098run_test "Connection ID: Cli+Srv enabled, Cli CID empty" \ 3099 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3100 "$P_CLI debug_level=3 dtls=1 cid=1" \ 3101 0 \ 3102 -c "Enable use of CID extension." \ 3103 -s "Enable use of CID extension." \ 3104 -c "client hello, adding CID extension" \ 3105 -s "found CID extension" \ 3106 -s "Use of CID extension negotiated" \ 3107 -s "server hello, adding CID extension" \ 3108 -c "found CID extension" \ 3109 -c "Use of CID extension negotiated" \ 3110 -s "Copy CIDs into SSL transform" \ 3111 -c "Copy CIDs into SSL transform" \ 3112 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3113 -s "Peer CID (length 0 Bytes):" \ 3114 -s "Use of Connection ID has been negotiated" \ 3115 -c "Use of Connection ID has been negotiated" 3116 3117requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3118requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3119run_test "Connection ID: Cli+Srv enabled, Srv CID empty" \ 3120 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3121 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3122 0 \ 3123 -c "Enable use of CID extension." \ 3124 -s "Enable use of CID extension." \ 3125 -c "client hello, adding CID extension" \ 3126 -s "found CID extension" \ 3127 -s "Use of CID extension negotiated" \ 3128 -s "server hello, adding CID extension" \ 3129 -c "found CID extension" \ 3130 -c "Use of CID extension negotiated" \ 3131 -s "Copy CIDs into SSL transform" \ 3132 -c "Copy CIDs into SSL transform" \ 3133 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3134 -c "Peer CID (length 0 Bytes):" \ 3135 -s "Use of Connection ID has been negotiated" \ 3136 -c "Use of Connection ID has been negotiated" 3137 3138requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3139requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3140run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty" \ 3141 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3142 "$P_CLI debug_level=3 dtls=1 cid=1" \ 3143 0 \ 3144 -c "Enable use of CID extension." \ 3145 -s "Enable use of CID extension." \ 3146 -c "client hello, adding CID extension" \ 3147 -s "found CID extension" \ 3148 -s "Use of CID extension negotiated" \ 3149 -s "server hello, adding CID extension" \ 3150 -c "found CID extension" \ 3151 -c "Use of CID extension negotiated" \ 3152 -s "Copy CIDs into SSL transform" \ 3153 -c "Copy CIDs into SSL transform" \ 3154 -S "Use of Connection ID has been negotiated" \ 3155 -C "Use of Connection ID has been negotiated" 3156 3157requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3158run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CCM-8" \ 3159 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3160 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3161 0 \ 3162 -c "Enable use of CID extension." \ 3163 -s "Enable use of CID extension." \ 3164 -c "client hello, adding CID extension" \ 3165 -s "found CID extension" \ 3166 -s "Use of CID extension negotiated" \ 3167 -s "server hello, adding CID extension" \ 3168 -c "found CID extension" \ 3169 -c "Use of CID extension negotiated" \ 3170 -s "Copy CIDs into SSL transform" \ 3171 -c "Copy CIDs into SSL transform" \ 3172 -c "Peer CID (length 2 Bytes): de ad" \ 3173 -s "Peer CID (length 2 Bytes): be ef" \ 3174 -s "Use of Connection ID has been negotiated" \ 3175 -c "Use of Connection ID has been negotiated" 3176 3177requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3178run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CCM-8" \ 3179 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3180 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3181 0 \ 3182 -c "Enable use of CID extension." \ 3183 -s "Enable use of CID extension." \ 3184 -c "client hello, adding CID extension" \ 3185 -s "found CID extension" \ 3186 -s "Use of CID extension negotiated" \ 3187 -s "server hello, adding CID extension" \ 3188 -c "found CID extension" \ 3189 -c "Use of CID extension negotiated" \ 3190 -s "Copy CIDs into SSL transform" \ 3191 -c "Copy CIDs into SSL transform" \ 3192 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3193 -s "Peer CID (length 0 Bytes):" \ 3194 -s "Use of Connection ID has been negotiated" \ 3195 -c "Use of Connection ID has been negotiated" 3196 3197requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3198run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CCM-8" \ 3199 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3200 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3201 0 \ 3202 -c "Enable use of CID extension." \ 3203 -s "Enable use of CID extension." \ 3204 -c "client hello, adding CID extension" \ 3205 -s "found CID extension" \ 3206 -s "Use of CID extension negotiated" \ 3207 -s "server hello, adding CID extension" \ 3208 -c "found CID extension" \ 3209 -c "Use of CID extension negotiated" \ 3210 -s "Copy CIDs into SSL transform" \ 3211 -c "Copy CIDs into SSL transform" \ 3212 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3213 -c "Peer CID (length 0 Bytes):" \ 3214 -s "Use of Connection ID has been negotiated" \ 3215 -c "Use of Connection ID has been negotiated" 3216 3217requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3218run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CCM-8" \ 3219 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3220 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 3221 0 \ 3222 -c "Enable use of CID extension." \ 3223 -s "Enable use of CID extension." \ 3224 -c "client hello, adding CID extension" \ 3225 -s "found CID extension" \ 3226 -s "Use of CID extension negotiated" \ 3227 -s "server hello, adding CID extension" \ 3228 -c "found CID extension" \ 3229 -c "Use of CID extension negotiated" \ 3230 -s "Copy CIDs into SSL transform" \ 3231 -c "Copy CIDs into SSL transform" \ 3232 -S "Use of Connection ID has been negotiated" \ 3233 -C "Use of Connection ID has been negotiated" 3234 3235requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3236run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID nonempty, AES-128-CBC" \ 3237 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead" \ 3238 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3239 0 \ 3240 -c "Enable use of CID extension." \ 3241 -s "Enable use of CID extension." \ 3242 -c "client hello, adding CID extension" \ 3243 -s "found CID extension" \ 3244 -s "Use of CID extension negotiated" \ 3245 -s "server hello, adding CID extension" \ 3246 -c "found CID extension" \ 3247 -c "Use of CID extension negotiated" \ 3248 -s "Copy CIDs into SSL transform" \ 3249 -c "Copy CIDs into SSL transform" \ 3250 -c "Peer CID (length 2 Bytes): de ad" \ 3251 -s "Peer CID (length 2 Bytes): be ef" \ 3252 -s "Use of Connection ID has been negotiated" \ 3253 -c "Use of Connection ID has been negotiated" 3254 3255requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3256run_test "Connection ID: Cli+Srv enabled, Cli CID empty, AES-128-CBC" \ 3257 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=deadbeef" \ 3258 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3259 0 \ 3260 -c "Enable use of CID extension." \ 3261 -s "Enable use of CID extension." \ 3262 -c "client hello, adding CID extension" \ 3263 -s "found CID extension" \ 3264 -s "Use of CID extension negotiated" \ 3265 -s "server hello, adding CID extension" \ 3266 -c "found CID extension" \ 3267 -c "Use of CID extension negotiated" \ 3268 -s "Copy CIDs into SSL transform" \ 3269 -c "Copy CIDs into SSL transform" \ 3270 -c "Peer CID (length 4 Bytes): de ad be ef" \ 3271 -s "Peer CID (length 0 Bytes):" \ 3272 -s "Use of Connection ID has been negotiated" \ 3273 -c "Use of Connection ID has been negotiated" 3274 3275requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3276run_test "Connection ID: Cli+Srv enabled, Srv CID empty, AES-128-CBC" \ 3277 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3278 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=deadbeef force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3279 0 \ 3280 -c "Enable use of CID extension." \ 3281 -s "Enable use of CID extension." \ 3282 -c "client hello, adding CID extension" \ 3283 -s "found CID extension" \ 3284 -s "Use of CID extension negotiated" \ 3285 -s "server hello, adding CID extension" \ 3286 -c "found CID extension" \ 3287 -c "Use of CID extension negotiated" \ 3288 -s "Copy CIDs into SSL transform" \ 3289 -c "Copy CIDs into SSL transform" \ 3290 -s "Peer CID (length 4 Bytes): de ad be ef" \ 3291 -c "Peer CID (length 0 Bytes):" \ 3292 -s "Use of Connection ID has been negotiated" \ 3293 -c "Use of Connection ID has been negotiated" 3294 3295requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3296run_test "Connection ID: Cli+Srv enabled, Cli+Srv CID empty, AES-128-CBC" \ 3297 "$P_SRV debug_level=3 dtls=1 cid=1" \ 3298 "$P_CLI debug_level=3 dtls=1 cid=1 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 3299 0 \ 3300 -c "Enable use of CID extension." \ 3301 -s "Enable use of CID extension." \ 3302 -c "client hello, adding CID extension" \ 3303 -s "found CID extension" \ 3304 -s "Use of CID extension negotiated" \ 3305 -s "server hello, adding CID extension" \ 3306 -c "found CID extension" \ 3307 -c "Use of CID extension negotiated" \ 3308 -s "Copy CIDs into SSL transform" \ 3309 -c "Copy CIDs into SSL transform" \ 3310 -S "Use of Connection ID has been negotiated" \ 3311 -C "Use of Connection ID has been negotiated" 3312 3313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3314requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3315requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3316run_test "Connection ID: Cli+Srv enabled, renegotiate without change of CID" \ 3317 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3318 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3319 0 \ 3320 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3321 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3322 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3323 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3324 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3325 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3326 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3327 -c "(after renegotiation) Use of Connection ID has been negotiated" 3328 3329requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3330requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3331requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3332run_test "Connection ID: Cli+Srv enabled, renegotiate with different CID" \ 3333 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3334 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3335 0 \ 3336 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3337 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3338 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3339 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3340 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3341 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3342 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3343 -c "(after renegotiation) Use of Connection ID has been negotiated" 3344 3345requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3346requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3347requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3348run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate with different CID" \ 3349 "$P_SRV debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3350 "$P_CLI debug_level=3 dtls=1 cid=1 dgram_packing=0 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3351 0 \ 3352 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3353 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3354 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3355 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3356 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3357 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3358 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3359 -c "(after renegotiation) Use of Connection ID has been negotiated" 3360 3361requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3362requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3363requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3364run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate with different CID" \ 3365 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3366 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_val_renego=beef renegotiation=1" \ 3367 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_val_renego=dead renegotiation=1 renegotiate=1" \ 3368 0 \ 3369 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3370 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3371 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3372 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3373 -c "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3374 -s "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3375 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3376 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3377 -c "ignoring unexpected CID" \ 3378 -s "ignoring unexpected CID" 3379 3380requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3381requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3382requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3383run_test "Connection ID: Cli+Srv enabled, renegotiate without CID" \ 3384 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3385 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3386 0 \ 3387 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3388 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3389 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3390 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3391 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3392 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3393 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3394 -S "(after renegotiation) Use of Connection ID has been negotiated" 3395 3396requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3397requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3398requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3399run_test "Connection ID, no packing: Cli+Srv enabled, renegotiate without CID" \ 3400 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3401 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3402 0 \ 3403 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3404 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3405 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3406 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3407 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3408 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3409 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3410 -S "(after renegotiation) Use of Connection ID has been negotiated" 3411 3412requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3413requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3414requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3415run_test "Connection ID, 3D+MTU: Cli+Srv enabled, renegotiate without CID" \ 3416 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3417 "$P_SRV debug_level=3 mtu=800 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3418 "$P_CLI debug_level=3 mtu=800 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3419 0 \ 3420 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3421 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3422 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3423 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3424 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3425 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3426 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3427 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3428 -c "ignoring unexpected CID" \ 3429 -s "ignoring unexpected CID" 3430 3431requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3432requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3433requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3434run_test "Connection ID: Cli+Srv enabled, CID on renegotiation" \ 3435 "$P_SRV debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3436 "$P_CLI debug_level=3 dtls=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3437 0 \ 3438 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3439 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3440 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3441 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3442 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3443 -s "(after renegotiation) Use of Connection ID has been negotiated" 3444 3445requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3446requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3447requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3448run_test "Connection ID, no packing: Cli+Srv enabled, CID on renegotiation" \ 3449 "$P_SRV debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3450 "$P_CLI debug_level=3 dtls=1 dgram_packing=0 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3451 0 \ 3452 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3453 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3454 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3455 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3456 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3457 -s "(after renegotiation) Use of Connection ID has been negotiated" 3458 3459requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3460requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3461requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3462run_test "Connection ID, 3D+MTU: Cli+Srv enabled, CID on renegotiation" \ 3463 -p "$P_PXY mtu=800 drop=5 delay=5 duplicate=5 bad_cid=1" \ 3464 "$P_SRV debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=dead renegotiation=1" \ 3465 "$P_CLI debug_level=3 mtu=800 dtls=1 dgram_packing=1 cid=0 cid_renego=1 cid_val_renego=beef renegotiation=1 renegotiate=1" \ 3466 0 \ 3467 -S "(initial handshake) Use of Connection ID has been negotiated" \ 3468 -C "(initial handshake) Use of Connection ID has been negotiated" \ 3469 -c "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3470 -s "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3471 -c "(after renegotiation) Use of Connection ID has been negotiated" \ 3472 -s "(after renegotiation) Use of Connection ID has been negotiated" \ 3473 -c "ignoring unexpected CID" \ 3474 -s "ignoring unexpected CID" 3475 3476requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3477requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3478requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3479run_test "Connection ID: Cli+Srv enabled, Cli disables on renegotiation" \ 3480 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3481 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3482 0 \ 3483 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3484 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3485 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3486 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3487 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3488 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3489 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3490 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3491 -s "(after renegotiation) Use of Connection ID was not offered by client" 3492 3493requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3494requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3495requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3496run_test "Connection ID, 3D: Cli+Srv enabled, Cli disables on renegotiation" \ 3497 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3498 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead renegotiation=1" \ 3499 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef cid_renego=0 renegotiation=1 renegotiate=1" \ 3500 0 \ 3501 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3502 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3503 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3504 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3505 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3506 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3507 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3508 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3509 -s "(after renegotiation) Use of Connection ID was not offered by client" \ 3510 -c "ignoring unexpected CID" \ 3511 -s "ignoring unexpected CID" 3512 3513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3514requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3515requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3516run_test "Connection ID: Cli+Srv enabled, Srv disables on renegotiation" \ 3517 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3518 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3519 0 \ 3520 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3521 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3522 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3523 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3524 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3525 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3526 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3527 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3528 -c "(after renegotiation) Use of Connection ID was rejected by the server" 3529 3530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3531requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3532requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 3533run_test "Connection ID, 3D: Cli+Srv enabled, Srv disables on renegotiation" \ 3534 -p "$P_PXY drop=5 delay=5 duplicate=5 bad_cid=1" \ 3535 "$P_SRV debug_level=3 dtls=1 cid=1 cid_val=dead cid_renego=0 renegotiation=1" \ 3536 "$P_CLI debug_level=3 dtls=1 cid=1 cid_val=beef renegotiation=1 renegotiate=1" \ 3537 0 \ 3538 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3539 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3540 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3541 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3542 -C "(after renegotiation) Peer CID (length 2 Bytes): de ad" \ 3543 -S "(after renegotiation) Peer CID (length 2 Bytes): be ef" \ 3544 -C "(after renegotiation) Use of Connection ID has been negotiated" \ 3545 -S "(after renegotiation) Use of Connection ID has been negotiated" \ 3546 -c "(after renegotiation) Use of Connection ID was rejected by the server" \ 3547 -c "ignoring unexpected CID" \ 3548 -s "ignoring unexpected CID" 3549 3550# This and the test below it require MAX_CONTENT_LEN to be at least MFL+1, because the 3551# tests check that the buffer contents are reallocated when the message is 3552# larger than the buffer. 3553requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3554requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3555requires_max_content_len 513 3556run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=512" \ 3557 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 3558 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=512 dtls=1 cid=1 cid_val=beef" \ 3559 0 \ 3560 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3561 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3562 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3563 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3564 -s "Reallocating in_buf" \ 3565 -s "Reallocating out_buf" 3566 3567requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 3568requires_config_enabled MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH 3569requires_max_content_len 1025 3570run_test "Connection ID: Cli+Srv enabled, variable buffer lengths, MFL=1024" \ 3571 "$P_SRV dtls=1 cid=1 cid_val=dead debug_level=2" \ 3572 "$P_CLI force_ciphersuite="TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" max_frag_len=1024 dtls=1 cid=1 cid_val=beef" \ 3573 0 \ 3574 -c "(initial handshake) Peer CID (length 2 Bytes): de ad" \ 3575 -s "(initial handshake) Peer CID (length 2 Bytes): be ef" \ 3576 -s "(initial handshake) Use of Connection ID has been negotiated" \ 3577 -c "(initial handshake) Use of Connection ID has been negotiated" \ 3578 -s "Reallocating in_buf" \ 3579 -s "Reallocating out_buf" 3580 3581# Tests for Encrypt-then-MAC extension 3582 3583run_test "Encrypt then MAC: default" \ 3584 "$P_SRV debug_level=3 \ 3585 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3586 "$P_CLI debug_level=3" \ 3587 0 \ 3588 -c "client hello, adding encrypt_then_mac extension" \ 3589 -s "found encrypt then mac extension" \ 3590 -s "server hello, adding encrypt then mac extension" \ 3591 -c "found encrypt_then_mac extension" \ 3592 -c "using encrypt then mac" \ 3593 -s "using encrypt then mac" 3594 3595run_test "Encrypt then MAC: client enabled, server disabled" \ 3596 "$P_SRV debug_level=3 etm=0 \ 3597 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3598 "$P_CLI debug_level=3 etm=1" \ 3599 0 \ 3600 -c "client hello, adding encrypt_then_mac extension" \ 3601 -s "found encrypt then mac extension" \ 3602 -S "server hello, adding encrypt then mac extension" \ 3603 -C "found encrypt_then_mac extension" \ 3604 -C "using encrypt then mac" \ 3605 -S "using encrypt then mac" 3606 3607run_test "Encrypt then MAC: client enabled, aead cipher" \ 3608 "$P_SRV debug_level=3 etm=1 \ 3609 force_ciphersuite=TLS-RSA-WITH-AES-128-GCM-SHA256" \ 3610 "$P_CLI debug_level=3 etm=1" \ 3611 0 \ 3612 -c "client hello, adding encrypt_then_mac extension" \ 3613 -s "found encrypt then mac extension" \ 3614 -S "server hello, adding encrypt then mac extension" \ 3615 -C "found encrypt_then_mac extension" \ 3616 -C "using encrypt then mac" \ 3617 -S "using encrypt then mac" 3618 3619run_test "Encrypt then MAC: client disabled, server enabled" \ 3620 "$P_SRV debug_level=3 etm=1 \ 3621 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 3622 "$P_CLI debug_level=3 etm=0" \ 3623 0 \ 3624 -C "client hello, adding encrypt_then_mac extension" \ 3625 -S "found encrypt then mac extension" \ 3626 -S "server hello, adding encrypt then mac extension" \ 3627 -C "found encrypt_then_mac extension" \ 3628 -C "using encrypt then mac" \ 3629 -S "using encrypt then mac" 3630 3631# Tests for Extended Master Secret extension 3632 3633requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3634run_test "Extended Master Secret: default" \ 3635 "$P_SRV debug_level=3" \ 3636 "$P_CLI force_version=tls12 debug_level=3" \ 3637 0 \ 3638 -c "client hello, adding extended_master_secret extension" \ 3639 -s "found extended master secret extension" \ 3640 -s "server hello, adding extended master secret extension" \ 3641 -c "found extended_master_secret extension" \ 3642 -c "session hash for extended master secret" \ 3643 -s "session hash for extended master secret" 3644 3645requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3646run_test "Extended Master Secret: client enabled, server disabled" \ 3647 "$P_SRV debug_level=3 extended_ms=0" \ 3648 "$P_CLI force_version=tls12 debug_level=3 extended_ms=1" \ 3649 0 \ 3650 -c "client hello, adding extended_master_secret extension" \ 3651 -s "found extended master secret extension" \ 3652 -S "server hello, adding extended master secret extension" \ 3653 -C "found extended_master_secret extension" \ 3654 -C "session hash for extended master secret" \ 3655 -S "session hash for extended master secret" 3656 3657requires_config_enabled MBEDTLS_SSL_EXTENDED_MASTER_SECRET 3658run_test "Extended Master Secret: client disabled, server enabled" \ 3659 "$P_SRV force_version=tls12 debug_level=3 extended_ms=1" \ 3660 "$P_CLI debug_level=3 extended_ms=0" \ 3661 0 \ 3662 -C "client hello, adding extended_master_secret extension" \ 3663 -S "found extended master secret extension" \ 3664 -S "server hello, adding extended master secret extension" \ 3665 -C "found extended_master_secret extension" \ 3666 -C "session hash for extended master secret" \ 3667 -S "session hash for extended master secret" 3668 3669# Test sending and receiving empty application data records 3670 3671run_test "Encrypt then MAC: empty application data record" \ 3672 "$P_SRV auth_mode=none debug_level=4 etm=1" \ 3673 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA" \ 3674 0 \ 3675 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 3676 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3677 -c "0 bytes written in 1 fragments" 3678 3679requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3680run_test "Encrypt then MAC: disabled, empty application data record" \ 3681 "$P_SRV auth_mode=none debug_level=4 etm=0" \ 3682 "$P_CLI auth_mode=none etm=0 request_size=0" \ 3683 0 \ 3684 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3685 -c "0 bytes written in 1 fragments" 3686 3687run_test "Encrypt then MAC, DTLS: empty application data record" \ 3688 "$P_SRV auth_mode=none debug_level=4 etm=1 dtls=1" \ 3689 "$P_CLI auth_mode=none etm=1 request_size=0 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA dtls=1" \ 3690 0 \ 3691 -S "0000: 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f 0f" \ 3692 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3693 -c "0 bytes written in 1 fragments" 3694 3695requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3696run_test "Encrypt then MAC, DTLS: disabled, empty application data record" \ 3697 "$P_SRV auth_mode=none debug_level=4 etm=0 dtls=1" \ 3698 "$P_CLI auth_mode=none etm=0 request_size=0 dtls=1" \ 3699 0 \ 3700 -s "dumping 'input payload after decrypt' (0 bytes)" \ 3701 -c "0 bytes written in 1 fragments" 3702 3703# Tests for CBC 1/n-1 record splitting 3704 3705run_test "CBC Record splitting: TLS 1.2, no splitting" \ 3706 "$P_SRV force_version=tls12" \ 3707 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA \ 3708 request_size=123" \ 3709 0 \ 3710 -s "Read from client: 123 bytes read" \ 3711 -S "Read from client: 1 bytes read" \ 3712 -S "122 bytes read" 3713 3714# Tests for Session Tickets 3715 3716run_test "Session resume using tickets: basic" \ 3717 "$P_SRV debug_level=3 tickets=1" \ 3718 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3719 0 \ 3720 -c "client hello, adding session ticket extension" \ 3721 -s "found session ticket extension" \ 3722 -s "server hello, adding session ticket extension" \ 3723 -c "found session_ticket extension" \ 3724 -c "parse new session ticket" \ 3725 -S "session successfully restored from cache" \ 3726 -s "session successfully restored from ticket" \ 3727 -s "a session has been resumed" \ 3728 -c "a session has been resumed" 3729 3730run_test "Session resume using tickets: manual rotation" \ 3731 "$P_SRV debug_level=3 tickets=1 ticket_rotate=1" \ 3732 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3733 0 \ 3734 -c "client hello, adding session ticket extension" \ 3735 -s "found session ticket extension" \ 3736 -s "server hello, adding session ticket extension" \ 3737 -c "found session_ticket extension" \ 3738 -c "parse new session ticket" \ 3739 -S "session successfully restored from cache" \ 3740 -s "session successfully restored from ticket" \ 3741 -s "a session has been resumed" \ 3742 -c "a session has been resumed" 3743 3744run_test "Session resume using tickets: cache disabled" \ 3745 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 3746 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3747 0 \ 3748 -c "client hello, adding session ticket extension" \ 3749 -s "found session ticket extension" \ 3750 -s "server hello, adding session ticket extension" \ 3751 -c "found session_ticket extension" \ 3752 -c "parse new session ticket" \ 3753 -S "session successfully restored from cache" \ 3754 -s "session successfully restored from ticket" \ 3755 -s "a session has been resumed" \ 3756 -c "a session has been resumed" 3757 3758run_test "Session resume using tickets: timeout" \ 3759 "$P_SRV debug_level=3 tickets=1 cache_max=0 ticket_timeout=1" \ 3760 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_delay=2000" \ 3761 0 \ 3762 -c "client hello, adding session ticket extension" \ 3763 -s "found session ticket extension" \ 3764 -s "server hello, adding session ticket extension" \ 3765 -c "found session_ticket extension" \ 3766 -c "parse new session ticket" \ 3767 -S "session successfully restored from cache" \ 3768 -S "session successfully restored from ticket" \ 3769 -S "a session has been resumed" \ 3770 -C "a session has been resumed" 3771 3772run_test "Session resume using tickets: session copy" \ 3773 "$P_SRV debug_level=3 tickets=1 cache_max=0" \ 3774 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1 reco_mode=0" \ 3775 0 \ 3776 -c "client hello, adding session ticket extension" \ 3777 -s "found session ticket extension" \ 3778 -s "server hello, adding session ticket extension" \ 3779 -c "found session_ticket extension" \ 3780 -c "parse new session ticket" \ 3781 -S "session successfully restored from cache" \ 3782 -s "session successfully restored from ticket" \ 3783 -s "a session has been resumed" \ 3784 -c "a session has been resumed" 3785 3786requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3787run_test "Session resume using tickets: openssl server" \ 3788 "$O_SRV -tls1_2" \ 3789 "$P_CLI debug_level=3 tickets=1 reconnect=1" \ 3790 0 \ 3791 -c "client hello, adding session ticket extension" \ 3792 -c "found session_ticket extension" \ 3793 -c "parse new session ticket" \ 3794 -c "a session has been resumed" 3795 3796requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 3797run_test "Session resume using tickets: openssl client" \ 3798 "$P_SRV debug_level=3 tickets=1" \ 3799 "( $O_CLI -sess_out $SESSION; \ 3800 $O_CLI -sess_in $SESSION; \ 3801 rm -f $SESSION )" \ 3802 0 \ 3803 -s "found session ticket extension" \ 3804 -s "server hello, adding session ticket extension" \ 3805 -S "session successfully restored from cache" \ 3806 -s "session successfully restored from ticket" \ 3807 -s "a session has been resumed" 3808 3809run_test "Session resume using tickets: AES-128-GCM" \ 3810 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-GCM" \ 3811 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3812 0 \ 3813 -c "client hello, adding session ticket extension" \ 3814 -s "found session ticket extension" \ 3815 -s "server hello, adding session ticket extension" \ 3816 -c "found session_ticket extension" \ 3817 -c "parse new session ticket" \ 3818 -S "session successfully restored from cache" \ 3819 -s "session successfully restored from ticket" \ 3820 -s "a session has been resumed" \ 3821 -c "a session has been resumed" 3822 3823run_test "Session resume using tickets: AES-192-GCM" \ 3824 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-GCM" \ 3825 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3826 0 \ 3827 -c "client hello, adding session ticket extension" \ 3828 -s "found session ticket extension" \ 3829 -s "server hello, adding session ticket extension" \ 3830 -c "found session_ticket extension" \ 3831 -c "parse new session ticket" \ 3832 -S "session successfully restored from cache" \ 3833 -s "session successfully restored from ticket" \ 3834 -s "a session has been resumed" \ 3835 -c "a session has been resumed" 3836 3837run_test "Session resume using tickets: AES-128-CCM" \ 3838 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-128-CCM" \ 3839 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3840 0 \ 3841 -c "client hello, adding session ticket extension" \ 3842 -s "found session ticket extension" \ 3843 -s "server hello, adding session ticket extension" \ 3844 -c "found session_ticket extension" \ 3845 -c "parse new session ticket" \ 3846 -S "session successfully restored from cache" \ 3847 -s "session successfully restored from ticket" \ 3848 -s "a session has been resumed" \ 3849 -c "a session has been resumed" 3850 3851run_test "Session resume using tickets: AES-192-CCM" \ 3852 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-192-CCM" \ 3853 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3854 0 \ 3855 -c "client hello, adding session ticket extension" \ 3856 -s "found session ticket extension" \ 3857 -s "server hello, adding session ticket extension" \ 3858 -c "found session_ticket extension" \ 3859 -c "parse new session ticket" \ 3860 -S "session successfully restored from cache" \ 3861 -s "session successfully restored from ticket" \ 3862 -s "a session has been resumed" \ 3863 -c "a session has been resumed" 3864 3865run_test "Session resume using tickets: AES-256-CCM" \ 3866 "$P_SRV debug_level=3 tickets=1 ticket_aead=AES-256-CCM" \ 3867 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3868 0 \ 3869 -c "client hello, adding session ticket extension" \ 3870 -s "found session ticket extension" \ 3871 -s "server hello, adding session ticket extension" \ 3872 -c "found session_ticket extension" \ 3873 -c "parse new session ticket" \ 3874 -S "session successfully restored from cache" \ 3875 -s "session successfully restored from ticket" \ 3876 -s "a session has been resumed" \ 3877 -c "a session has been resumed" 3878 3879run_test "Session resume using tickets: CAMELLIA-128-CCM" \ 3880 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-128-CCM" \ 3881 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3882 0 \ 3883 -c "client hello, adding session ticket extension" \ 3884 -s "found session ticket extension" \ 3885 -s "server hello, adding session ticket extension" \ 3886 -c "found session_ticket extension" \ 3887 -c "parse new session ticket" \ 3888 -S "session successfully restored from cache" \ 3889 -s "session successfully restored from ticket" \ 3890 -s "a session has been resumed" \ 3891 -c "a session has been resumed" 3892 3893run_test "Session resume using tickets: CAMELLIA-192-CCM" \ 3894 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-192-CCM" \ 3895 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3896 0 \ 3897 -c "client hello, adding session ticket extension" \ 3898 -s "found session ticket extension" \ 3899 -s "server hello, adding session ticket extension" \ 3900 -c "found session_ticket extension" \ 3901 -c "parse new session ticket" \ 3902 -S "session successfully restored from cache" \ 3903 -s "session successfully restored from ticket" \ 3904 -s "a session has been resumed" \ 3905 -c "a session has been resumed" 3906 3907run_test "Session resume using tickets: CAMELLIA-256-CCM" \ 3908 "$P_SRV debug_level=3 tickets=1 ticket_aead=CAMELLIA-256-CCM" \ 3909 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3910 0 \ 3911 -c "client hello, adding session ticket extension" \ 3912 -s "found session ticket extension" \ 3913 -s "server hello, adding session ticket extension" \ 3914 -c "found session_ticket extension" \ 3915 -c "parse new session ticket" \ 3916 -S "session successfully restored from cache" \ 3917 -s "session successfully restored from ticket" \ 3918 -s "a session has been resumed" \ 3919 -c "a session has been resumed" 3920 3921run_test "Session resume using tickets: ARIA-128-GCM" \ 3922 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-GCM" \ 3923 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3924 0 \ 3925 -c "client hello, adding session ticket extension" \ 3926 -s "found session ticket extension" \ 3927 -s "server hello, adding session ticket extension" \ 3928 -c "found session_ticket extension" \ 3929 -c "parse new session ticket" \ 3930 -S "session successfully restored from cache" \ 3931 -s "session successfully restored from ticket" \ 3932 -s "a session has been resumed" \ 3933 -c "a session has been resumed" 3934 3935run_test "Session resume using tickets: ARIA-192-GCM" \ 3936 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-GCM" \ 3937 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3938 0 \ 3939 -c "client hello, adding session ticket extension" \ 3940 -s "found session ticket extension" \ 3941 -s "server hello, adding session ticket extension" \ 3942 -c "found session_ticket extension" \ 3943 -c "parse new session ticket" \ 3944 -S "session successfully restored from cache" \ 3945 -s "session successfully restored from ticket" \ 3946 -s "a session has been resumed" \ 3947 -c "a session has been resumed" 3948 3949run_test "Session resume using tickets: ARIA-256-GCM" \ 3950 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-GCM" \ 3951 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3952 0 \ 3953 -c "client hello, adding session ticket extension" \ 3954 -s "found session ticket extension" \ 3955 -s "server hello, adding session ticket extension" \ 3956 -c "found session_ticket extension" \ 3957 -c "parse new session ticket" \ 3958 -S "session successfully restored from cache" \ 3959 -s "session successfully restored from ticket" \ 3960 -s "a session has been resumed" \ 3961 -c "a session has been resumed" 3962 3963run_test "Session resume using tickets: ARIA-128-CCM" \ 3964 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-128-CCM" \ 3965 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3966 0 \ 3967 -c "client hello, adding session ticket extension" \ 3968 -s "found session ticket extension" \ 3969 -s "server hello, adding session ticket extension" \ 3970 -c "found session_ticket extension" \ 3971 -c "parse new session ticket" \ 3972 -S "session successfully restored from cache" \ 3973 -s "session successfully restored from ticket" \ 3974 -s "a session has been resumed" \ 3975 -c "a session has been resumed" 3976 3977run_test "Session resume using tickets: ARIA-192-CCM" \ 3978 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-192-CCM" \ 3979 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3980 0 \ 3981 -c "client hello, adding session ticket extension" \ 3982 -s "found session ticket extension" \ 3983 -s "server hello, adding session ticket extension" \ 3984 -c "found session_ticket extension" \ 3985 -c "parse new session ticket" \ 3986 -S "session successfully restored from cache" \ 3987 -s "session successfully restored from ticket" \ 3988 -s "a session has been resumed" \ 3989 -c "a session has been resumed" 3990 3991run_test "Session resume using tickets: ARIA-256-CCM" \ 3992 "$P_SRV debug_level=3 tickets=1 ticket_aead=ARIA-256-CCM" \ 3993 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 3994 0 \ 3995 -c "client hello, adding session ticket extension" \ 3996 -s "found session ticket extension" \ 3997 -s "server hello, adding session ticket extension" \ 3998 -c "found session_ticket extension" \ 3999 -c "parse new session ticket" \ 4000 -S "session successfully restored from cache" \ 4001 -s "session successfully restored from ticket" \ 4002 -s "a session has been resumed" \ 4003 -c "a session has been resumed" 4004 4005run_test "Session resume using tickets: CHACHA20-POLY1305" \ 4006 "$P_SRV debug_level=3 tickets=1 ticket_aead=CHACHA20-POLY1305" \ 4007 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4008 0 \ 4009 -c "client hello, adding session ticket extension" \ 4010 -s "found session ticket extension" \ 4011 -s "server hello, adding session ticket extension" \ 4012 -c "found session_ticket extension" \ 4013 -c "parse new session ticket" \ 4014 -S "session successfully restored from cache" \ 4015 -s "session successfully restored from ticket" \ 4016 -s "a session has been resumed" \ 4017 -c "a session has been resumed" 4018 4019# Tests for Session Tickets with DTLS 4020 4021requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4022run_test "Session resume using tickets, DTLS: basic" \ 4023 "$P_SRV debug_level=3 dtls=1 tickets=1" \ 4024 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4025 0 \ 4026 -c "client hello, adding session ticket extension" \ 4027 -s "found session ticket extension" \ 4028 -s "server hello, adding session ticket extension" \ 4029 -c "found session_ticket extension" \ 4030 -c "parse new session ticket" \ 4031 -S "session successfully restored from cache" \ 4032 -s "session successfully restored from ticket" \ 4033 -s "a session has been resumed" \ 4034 -c "a session has been resumed" 4035 4036requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4037run_test "Session resume using tickets, DTLS: cache disabled" \ 4038 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 4039 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1" \ 4040 0 \ 4041 -c "client hello, adding session ticket extension" \ 4042 -s "found session ticket extension" \ 4043 -s "server hello, adding session ticket extension" \ 4044 -c "found session_ticket extension" \ 4045 -c "parse new session ticket" \ 4046 -S "session successfully restored from cache" \ 4047 -s "session successfully restored from ticket" \ 4048 -s "a session has been resumed" \ 4049 -c "a session has been resumed" 4050 4051requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4052run_test "Session resume using tickets, DTLS: timeout" \ 4053 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0 ticket_timeout=1" \ 4054 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4055 0 \ 4056 -c "client hello, adding session ticket extension" \ 4057 -s "found session ticket extension" \ 4058 -s "server hello, adding session ticket extension" \ 4059 -c "found session_ticket extension" \ 4060 -c "parse new session ticket" \ 4061 -S "session successfully restored from cache" \ 4062 -S "session successfully restored from ticket" \ 4063 -S "a session has been resumed" \ 4064 -C "a session has been resumed" 4065 4066requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4067run_test "Session resume using tickets, DTLS: session copy" \ 4068 "$P_SRV debug_level=3 dtls=1 tickets=1 cache_max=0" \ 4069 "$P_CLI debug_level=3 dtls=1 tickets=1 reconnect=1 skip_close_notify=1 reco_mode=0" \ 4070 0 \ 4071 -c "client hello, adding session ticket extension" \ 4072 -s "found session ticket extension" \ 4073 -s "server hello, adding session ticket extension" \ 4074 -c "found session_ticket extension" \ 4075 -c "parse new session ticket" \ 4076 -S "session successfully restored from cache" \ 4077 -s "session successfully restored from ticket" \ 4078 -s "a session has been resumed" \ 4079 -c "a session has been resumed" 4080 4081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4082run_test "Session resume using tickets, DTLS: openssl server" \ 4083 "$O_SRV -dtls" \ 4084 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1" \ 4085 0 \ 4086 -c "client hello, adding session ticket extension" \ 4087 -c "found session_ticket extension" \ 4088 -c "parse new session ticket" \ 4089 -c "a session has been resumed" 4090 4091# For reasons that aren't fully understood, this test randomly fails with high 4092# probability with OpenSSL 1.0.2g on the CI, see #5012. 4093requires_openssl_next 4094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4095run_test "Session resume using tickets, DTLS: openssl client" \ 4096 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 4097 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 4098 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 4099 rm -f $SESSION )" \ 4100 0 \ 4101 -s "found session ticket extension" \ 4102 -s "server hello, adding session ticket extension" \ 4103 -S "session successfully restored from cache" \ 4104 -s "session successfully restored from ticket" \ 4105 -s "a session has been resumed" 4106 4107# Tests for Session Resume based on session-ID and cache 4108 4109requires_config_enabled MBEDTLS_SSL_CACHE_C 4110run_test "Session resume using cache: tickets enabled on client" \ 4111 "$P_SRV debug_level=3 tickets=0" \ 4112 "$P_CLI force_version=tls12 debug_level=3 tickets=1 reconnect=1" \ 4113 0 \ 4114 -c "client hello, adding session ticket extension" \ 4115 -s "found session ticket extension" \ 4116 -S "server hello, adding session ticket extension" \ 4117 -C "found session_ticket extension" \ 4118 -C "parse new session ticket" \ 4119 -s "session successfully restored from cache" \ 4120 -S "session successfully restored from ticket" \ 4121 -s "a session has been resumed" \ 4122 -c "a session has been resumed" 4123 4124requires_config_enabled MBEDTLS_SSL_CACHE_C 4125run_test "Session resume using cache: tickets enabled on server" \ 4126 "$P_SRV debug_level=3 tickets=1" \ 4127 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4128 0 \ 4129 -C "client hello, adding session ticket extension" \ 4130 -S "found session ticket extension" \ 4131 -S "server hello, adding session ticket extension" \ 4132 -C "found session_ticket extension" \ 4133 -C "parse new session ticket" \ 4134 -s "session successfully restored from cache" \ 4135 -S "session successfully restored from ticket" \ 4136 -s "a session has been resumed" \ 4137 -c "a session has been resumed" 4138 4139requires_config_enabled MBEDTLS_SSL_CACHE_C 4140run_test "Session resume using cache: cache_max=0" \ 4141 "$P_SRV debug_level=3 tickets=0 cache_max=0" \ 4142 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4143 0 \ 4144 -S "session successfully restored from cache" \ 4145 -S "session successfully restored from ticket" \ 4146 -S "a session has been resumed" \ 4147 -C "a session has been resumed" 4148 4149requires_config_enabled MBEDTLS_SSL_CACHE_C 4150run_test "Session resume using cache: cache_max=1" \ 4151 "$P_SRV debug_level=3 tickets=0 cache_max=1" \ 4152 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4153 0 \ 4154 -s "session successfully restored from cache" \ 4155 -S "session successfully restored from ticket" \ 4156 -s "a session has been resumed" \ 4157 -c "a session has been resumed" 4158 4159requires_config_enabled MBEDTLS_SSL_CACHE_C 4160run_test "Session resume using cache: cache removed" \ 4161 "$P_SRV debug_level=3 tickets=0 cache_remove=1" \ 4162 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1" \ 4163 0 \ 4164 -C "client hello, adding session ticket extension" \ 4165 -S "found session ticket extension" \ 4166 -S "server hello, adding session ticket extension" \ 4167 -C "found session_ticket extension" \ 4168 -C "parse new session ticket" \ 4169 -S "session successfully restored from cache" \ 4170 -S "session successfully restored from ticket" \ 4171 -S "a session has been resumed" \ 4172 -C "a session has been resumed" 4173 4174requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4175requires_config_enabled MBEDTLS_SSL_CACHE_C 4176run_test "Session resume using cache: timeout > delay" \ 4177 "$P_SRV debug_level=3 tickets=0" \ 4178 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=0" \ 4179 0 \ 4180 -s "session successfully restored from cache" \ 4181 -S "session successfully restored from ticket" \ 4182 -s "a session has been resumed" \ 4183 -c "a session has been resumed" 4184 4185requires_config_enabled MBEDTLS_SSL_CACHE_C 4186run_test "Session resume using cache: timeout < delay" \ 4187 "$P_SRV debug_level=3 tickets=0 cache_timeout=1" \ 4188 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ 4189 0 \ 4190 -S "session successfully restored from cache" \ 4191 -S "session successfully restored from ticket" \ 4192 -S "a session has been resumed" \ 4193 -C "a session has been resumed" 4194 4195requires_config_enabled MBEDTLS_SSL_CACHE_C 4196run_test "Session resume using cache: no timeout" \ 4197 "$P_SRV debug_level=3 tickets=0 cache_timeout=0" \ 4198 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_delay=2000" \ 4199 0 \ 4200 -s "session successfully restored from cache" \ 4201 -S "session successfully restored from ticket" \ 4202 -s "a session has been resumed" \ 4203 -c "a session has been resumed" 4204 4205requires_config_enabled MBEDTLS_SSL_CACHE_C 4206run_test "Session resume using cache: session copy" \ 4207 "$P_SRV debug_level=3 tickets=0" \ 4208 "$P_CLI force_version=tls12 debug_level=3 tickets=0 reconnect=1 reco_mode=0" \ 4209 0 \ 4210 -s "session successfully restored from cache" \ 4211 -S "session successfully restored from ticket" \ 4212 -s "a session has been resumed" \ 4213 -c "a session has been resumed" 4214 4215requires_config_enabled MBEDTLS_SSL_CACHE_C 4216run_test "Session resume using cache: openssl client" \ 4217 "$P_SRV force_version=tls12 debug_level=3 tickets=0" \ 4218 "( $O_CLI -sess_out $SESSION; \ 4219 $O_CLI -sess_in $SESSION; \ 4220 rm -f $SESSION )" \ 4221 0 \ 4222 -s "found session ticket extension" \ 4223 -S "server hello, adding session ticket extension" \ 4224 -s "session successfully restored from cache" \ 4225 -S "session successfully restored from ticket" \ 4226 -s "a session has been resumed" 4227 4228requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4229requires_config_enabled MBEDTLS_SSL_CACHE_C 4230run_test "Session resume using cache: openssl server" \ 4231 "$O_SRV -tls1_2" \ 4232 "$P_CLI debug_level=3 tickets=0 reconnect=1" \ 4233 0 \ 4234 -C "found session_ticket extension" \ 4235 -C "parse new session ticket" \ 4236 -c "a session has been resumed" 4237 4238# Tests for Session resume and extensions 4239 4240requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4241requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID 4242run_test "Session resume and connection ID" \ 4243 "$P_SRV debug_level=3 cid=1 cid_val=dead dtls=1 tickets=0" \ 4244 "$P_CLI debug_level=3 cid=1 cid_val=beef dtls=1 tickets=0 reconnect=1" \ 4245 0 \ 4246 -c "Enable use of CID extension." \ 4247 -s "Enable use of CID extension." \ 4248 -c "client hello, adding CID extension" \ 4249 -s "found CID extension" \ 4250 -s "Use of CID extension negotiated" \ 4251 -s "server hello, adding CID extension" \ 4252 -c "found CID extension" \ 4253 -c "Use of CID extension negotiated" \ 4254 -s "Copy CIDs into SSL transform" \ 4255 -c "Copy CIDs into SSL transform" \ 4256 -c "Peer CID (length 2 Bytes): de ad" \ 4257 -s "Peer CID (length 2 Bytes): be ef" \ 4258 -s "Use of Connection ID has been negotiated" \ 4259 -c "Use of Connection ID has been negotiated" 4260 4261# Tests for Session Resume based on session-ID and cache, DTLS 4262 4263requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4264requires_config_enabled MBEDTLS_SSL_CACHE_C 4265run_test "Session resume using cache, DTLS: tickets enabled on client" \ 4266 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4267 "$P_CLI dtls=1 debug_level=3 tickets=1 reconnect=1 skip_close_notify=1" \ 4268 0 \ 4269 -c "client hello, adding session ticket extension" \ 4270 -s "found session ticket extension" \ 4271 -S "server hello, adding session ticket extension" \ 4272 -C "found session_ticket extension" \ 4273 -C "parse new session ticket" \ 4274 -s "session successfully restored from cache" \ 4275 -S "session successfully restored from ticket" \ 4276 -s "a session has been resumed" \ 4277 -c "a session has been resumed" 4278 4279requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4280requires_config_enabled MBEDTLS_SSL_CACHE_C 4281run_test "Session resume using cache, DTLS: tickets enabled on server" \ 4282 "$P_SRV dtls=1 debug_level=3 tickets=1" \ 4283 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4284 0 \ 4285 -C "client hello, adding session ticket extension" \ 4286 -S "found session ticket extension" \ 4287 -S "server hello, adding session ticket extension" \ 4288 -C "found session_ticket extension" \ 4289 -C "parse new session ticket" \ 4290 -s "session successfully restored from cache" \ 4291 -S "session successfully restored from ticket" \ 4292 -s "a session has been resumed" \ 4293 -c "a session has been resumed" 4294 4295requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4296requires_config_enabled MBEDTLS_SSL_CACHE_C 4297run_test "Session resume using cache, DTLS: cache_max=0" \ 4298 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=0" \ 4299 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4300 0 \ 4301 -S "session successfully restored from cache" \ 4302 -S "session successfully restored from ticket" \ 4303 -S "a session has been resumed" \ 4304 -C "a session has been resumed" 4305 4306requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4307requires_config_enabled MBEDTLS_SSL_CACHE_C 4308run_test "Session resume using cache, DTLS: cache_max=1" \ 4309 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_max=1" \ 4310 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1" \ 4311 0 \ 4312 -s "session successfully restored from cache" \ 4313 -S "session successfully restored from ticket" \ 4314 -s "a session has been resumed" \ 4315 -c "a session has been resumed" 4316 4317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4318requires_config_enabled MBEDTLS_SSL_CACHE_C 4319run_test "Session resume using cache, DTLS: timeout > delay" \ 4320 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4321 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=0" \ 4322 0 \ 4323 -s "session successfully restored from cache" \ 4324 -S "session successfully restored from ticket" \ 4325 -s "a session has been resumed" \ 4326 -c "a session has been resumed" 4327 4328requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4329requires_config_enabled MBEDTLS_SSL_CACHE_C 4330run_test "Session resume using cache, DTLS: timeout < delay" \ 4331 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=1" \ 4332 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4333 0 \ 4334 -S "session successfully restored from cache" \ 4335 -S "session successfully restored from ticket" \ 4336 -S "a session has been resumed" \ 4337 -C "a session has been resumed" 4338 4339requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4340requires_config_enabled MBEDTLS_SSL_CACHE_C 4341run_test "Session resume using cache, DTLS: no timeout" \ 4342 "$P_SRV dtls=1 debug_level=3 tickets=0 cache_timeout=0" \ 4343 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_delay=2000" \ 4344 0 \ 4345 -s "session successfully restored from cache" \ 4346 -S "session successfully restored from ticket" \ 4347 -s "a session has been resumed" \ 4348 -c "a session has been resumed" 4349 4350requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4351requires_config_enabled MBEDTLS_SSL_CACHE_C 4352run_test "Session resume using cache, DTLS: session copy" \ 4353 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4354 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1 skip_close_notify=1 reco_mode=0" \ 4355 0 \ 4356 -s "session successfully restored from cache" \ 4357 -S "session successfully restored from ticket" \ 4358 -s "a session has been resumed" \ 4359 -c "a session has been resumed" 4360 4361# For reasons that aren't fully understood, this test randomly fails with high 4362# probability with OpenSSL 1.0.2g on the CI, see #5012. 4363requires_openssl_next 4364requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4365requires_config_enabled MBEDTLS_SSL_CACHE_C 4366run_test "Session resume using cache, DTLS: openssl client" \ 4367 "$P_SRV dtls=1 debug_level=3 tickets=0" \ 4368 "( $O_NEXT_CLI -dtls -sess_out $SESSION; \ 4369 $O_NEXT_CLI -dtls -sess_in $SESSION; \ 4370 rm -f $SESSION )" \ 4371 0 \ 4372 -s "found session ticket extension" \ 4373 -S "server hello, adding session ticket extension" \ 4374 -s "session successfully restored from cache" \ 4375 -S "session successfully restored from ticket" \ 4376 -s "a session has been resumed" 4377 4378requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4379requires_config_enabled MBEDTLS_SSL_CACHE_C 4380run_test "Session resume using cache, DTLS: openssl server" \ 4381 "$O_SRV -dtls" \ 4382 "$P_CLI dtls=1 debug_level=3 tickets=0 reconnect=1" \ 4383 0 \ 4384 -C "found session_ticket extension" \ 4385 -C "parse new session ticket" \ 4386 -c "a session has been resumed" 4387 4388# Tests for Max Fragment Length extension 4389 4390requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4391requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4392run_test "Max fragment length: enabled, default" \ 4393 "$P_SRV debug_level=3" \ 4394 "$P_CLI debug_level=3" \ 4395 0 \ 4396 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4397 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4398 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4399 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4400 -C "client hello, adding max_fragment_length extension" \ 4401 -S "found max fragment length extension" \ 4402 -S "server hello, max_fragment_length extension" \ 4403 -C "found max_fragment_length extension" 4404 4405requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4406requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4407run_test "Max fragment length: enabled, default, larger message" \ 4408 "$P_SRV debug_level=3" \ 4409 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4410 0 \ 4411 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4412 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4413 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4414 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4415 -C "client hello, adding max_fragment_length extension" \ 4416 -S "found max fragment length extension" \ 4417 -S "server hello, max_fragment_length extension" \ 4418 -C "found max_fragment_length extension" \ 4419 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 4420 -s "$MAX_CONTENT_LEN bytes read" \ 4421 -s "1 bytes read" 4422 4423requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4424requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4425run_test "Max fragment length, DTLS: enabled, default, larger message" \ 4426 "$P_SRV debug_level=3 dtls=1" \ 4427 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4428 1 \ 4429 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4430 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4431 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4432 -s "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4433 -C "client hello, adding max_fragment_length extension" \ 4434 -S "found max fragment length extension" \ 4435 -S "server hello, max_fragment_length extension" \ 4436 -C "found max_fragment_length extension" \ 4437 -c "fragment larger than.*maximum " 4438 4439# Run some tests with MBEDTLS_SSL_MAX_FRAGMENT_LENGTH disabled 4440# (session fragment length will be 16384 regardless of mbedtls 4441# content length configuration.) 4442 4443requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4445run_test "Max fragment length: disabled, larger message" \ 4446 "$P_SRV debug_level=3" \ 4447 "$P_CLI debug_level=3 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4448 0 \ 4449 -C "Maximum incoming record payload length is 16384" \ 4450 -C "Maximum outgoing record payload length is 16384" \ 4451 -S "Maximum incoming record payload length is 16384" \ 4452 -S "Maximum outgoing record payload length is 16384" \ 4453 -c "$(( $MAX_CONTENT_LEN + 1)) bytes written in 2 fragments" \ 4454 -s "$MAX_CONTENT_LEN bytes read" \ 4455 -s "1 bytes read" 4456 4457requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4458requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4459run_test "Max fragment length, DTLS: disabled, larger message" \ 4460 "$P_SRV debug_level=3 dtls=1" \ 4461 "$P_CLI debug_level=3 dtls=1 request_size=$(( $MAX_CONTENT_LEN + 1))" \ 4462 1 \ 4463 -C "Maximum incoming record payload length is 16384" \ 4464 -C "Maximum outgoing record payload length is 16384" \ 4465 -S "Maximum incoming record payload length is 16384" \ 4466 -S "Maximum outgoing record payload length is 16384" \ 4467 -c "fragment larger than.*maximum " 4468 4469requires_max_content_len 4096 4470requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4471run_test "Max fragment length: used by client" \ 4472 "$P_SRV debug_level=3" \ 4473 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=4096" \ 4474 0 \ 4475 -c "Maximum incoming record payload length is 4096" \ 4476 -c "Maximum outgoing record payload length is 4096" \ 4477 -s "Maximum incoming record payload length is 4096" \ 4478 -s "Maximum outgoing record payload length is 4096" \ 4479 -c "client hello, adding max_fragment_length extension" \ 4480 -s "found max fragment length extension" \ 4481 -s "server hello, max_fragment_length extension" \ 4482 -c "found max_fragment_length extension" 4483 4484requires_max_content_len 1024 4485requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4486run_test "Max fragment length: client 512, server 1024" \ 4487 "$P_SRV debug_level=3 max_frag_len=1024" \ 4488 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4489 0 \ 4490 -c "Maximum incoming record payload length is 512" \ 4491 -c "Maximum outgoing record payload length is 512" \ 4492 -s "Maximum incoming record payload length is 512" \ 4493 -s "Maximum outgoing record payload length is 512" \ 4494 -c "client hello, adding max_fragment_length extension" \ 4495 -s "found max fragment length extension" \ 4496 -s "server hello, max_fragment_length extension" \ 4497 -c "found max_fragment_length extension" 4498 4499requires_max_content_len 2048 4500requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4501run_test "Max fragment length: client 512, server 2048" \ 4502 "$P_SRV debug_level=3 max_frag_len=2048" \ 4503 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4504 0 \ 4505 -c "Maximum incoming record payload length is 512" \ 4506 -c "Maximum outgoing record payload length is 512" \ 4507 -s "Maximum incoming record payload length is 512" \ 4508 -s "Maximum outgoing record payload length is 512" \ 4509 -c "client hello, adding max_fragment_length extension" \ 4510 -s "found max fragment length extension" \ 4511 -s "server hello, max_fragment_length extension" \ 4512 -c "found max_fragment_length extension" 4513 4514requires_max_content_len 4096 4515requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4516run_test "Max fragment length: client 512, server 4096" \ 4517 "$P_SRV debug_level=3 max_frag_len=4096" \ 4518 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=512" \ 4519 0 \ 4520 -c "Maximum incoming record payload length is 512" \ 4521 -c "Maximum outgoing record payload length is 512" \ 4522 -s "Maximum incoming record payload length is 512" \ 4523 -s "Maximum outgoing record payload length is 512" \ 4524 -c "client hello, adding max_fragment_length extension" \ 4525 -s "found max fragment length extension" \ 4526 -s "server hello, max_fragment_length extension" \ 4527 -c "found max_fragment_length extension" 4528 4529requires_max_content_len 1024 4530requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4531run_test "Max fragment length: client 1024, server 512" \ 4532 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4533 "$P_CLI debug_level=3 max_frag_len=1024" \ 4534 0 \ 4535 -c "Maximum incoming record payload length is 1024" \ 4536 -c "Maximum outgoing record payload length is 1024" \ 4537 -s "Maximum incoming record payload length is 1024" \ 4538 -s "Maximum outgoing record payload length is 512" \ 4539 -c "client hello, adding max_fragment_length extension" \ 4540 -s "found max fragment length extension" \ 4541 -s "server hello, max_fragment_length extension" \ 4542 -c "found max_fragment_length extension" 4543 4544requires_max_content_len 2048 4545requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4546run_test "Max fragment length: client 1024, server 2048" \ 4547 "$P_SRV debug_level=3 max_frag_len=2048" \ 4548 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ 4549 0 \ 4550 -c "Maximum incoming record payload length is 1024" \ 4551 -c "Maximum outgoing record payload length is 1024" \ 4552 -s "Maximum incoming record payload length is 1024" \ 4553 -s "Maximum outgoing record payload length is 1024" \ 4554 -c "client hello, adding max_fragment_length extension" \ 4555 -s "found max fragment length extension" \ 4556 -s "server hello, max_fragment_length extension" \ 4557 -c "found max_fragment_length extension" 4558 4559requires_max_content_len 4096 4560requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4561run_test "Max fragment length: client 1024, server 4096" \ 4562 "$P_SRV debug_level=3 max_frag_len=4096" \ 4563 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=1024" \ 4564 0 \ 4565 -c "Maximum incoming record payload length is 1024" \ 4566 -c "Maximum outgoing record payload length is 1024" \ 4567 -s "Maximum incoming record payload length is 1024" \ 4568 -s "Maximum outgoing record payload length is 1024" \ 4569 -c "client hello, adding max_fragment_length extension" \ 4570 -s "found max fragment length extension" \ 4571 -s "server hello, max_fragment_length extension" \ 4572 -c "found max_fragment_length extension" 4573 4574requires_max_content_len 2048 4575requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4576run_test "Max fragment length: client 2048, server 512" \ 4577 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4578 "$P_CLI debug_level=3 max_frag_len=2048" \ 4579 0 \ 4580 -c "Maximum incoming record payload length is 2048" \ 4581 -c "Maximum outgoing record payload length is 2048" \ 4582 -s "Maximum incoming record payload length is 2048" \ 4583 -s "Maximum outgoing record payload length is 512" \ 4584 -c "client hello, adding max_fragment_length extension" \ 4585 -s "found max fragment length extension" \ 4586 -s "server hello, max_fragment_length extension" \ 4587 -c "found max_fragment_length extension" 4588 4589requires_max_content_len 2048 4590requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4591run_test "Max fragment length: client 2048, server 1024" \ 4592 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ 4593 "$P_CLI debug_level=3 max_frag_len=2048" \ 4594 0 \ 4595 -c "Maximum incoming record payload length is 2048" \ 4596 -c "Maximum outgoing record payload length is 2048" \ 4597 -s "Maximum incoming record payload length is 2048" \ 4598 -s "Maximum outgoing record payload length is 1024" \ 4599 -c "client hello, adding max_fragment_length extension" \ 4600 -s "found max fragment length extension" \ 4601 -s "server hello, max_fragment_length extension" \ 4602 -c "found max_fragment_length extension" 4603 4604requires_max_content_len 4096 4605requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4606run_test "Max fragment length: client 2048, server 4096" \ 4607 "$P_SRV debug_level=3 max_frag_len=4096" \ 4608 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048" \ 4609 0 \ 4610 -c "Maximum incoming record payload length is 2048" \ 4611 -c "Maximum outgoing record payload length is 2048" \ 4612 -s "Maximum incoming record payload length is 2048" \ 4613 -s "Maximum outgoing record payload length is 2048" \ 4614 -c "client hello, adding max_fragment_length extension" \ 4615 -s "found max fragment length extension" \ 4616 -s "server hello, max_fragment_length extension" \ 4617 -c "found max_fragment_length extension" 4618 4619requires_max_content_len 4096 4620requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4621run_test "Max fragment length: client 4096, server 512" \ 4622 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=512" \ 4623 "$P_CLI debug_level=3 max_frag_len=4096" \ 4624 0 \ 4625 -c "Maximum incoming record payload length is 4096" \ 4626 -c "Maximum outgoing record payload length is 4096" \ 4627 -s "Maximum incoming record payload length is 4096" \ 4628 -s "Maximum outgoing record payload length is 512" \ 4629 -c "client hello, adding max_fragment_length extension" \ 4630 -s "found max fragment length extension" \ 4631 -s "server hello, max_fragment_length extension" \ 4632 -c "found max_fragment_length extension" 4633 4634requires_max_content_len 4096 4635requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4636run_test "Max fragment length: client 4096, server 1024" \ 4637 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=1024" \ 4638 "$P_CLI debug_level=3 max_frag_len=4096" \ 4639 0 \ 4640 -c "Maximum incoming record payload length is 4096" \ 4641 -c "Maximum outgoing record payload length is 4096" \ 4642 -s "Maximum incoming record payload length is 4096" \ 4643 -s "Maximum outgoing record payload length is 1024" \ 4644 -c "client hello, adding max_fragment_length extension" \ 4645 -s "found max fragment length extension" \ 4646 -s "server hello, max_fragment_length extension" \ 4647 -c "found max_fragment_length extension" 4648 4649requires_max_content_len 4096 4650requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4651run_test "Max fragment length: client 4096, server 2048" \ 4652 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=2048" \ 4653 "$P_CLI debug_level=3 max_frag_len=4096" \ 4654 0 \ 4655 -c "Maximum incoming record payload length is 4096" \ 4656 -c "Maximum outgoing record payload length is 4096" \ 4657 -s "Maximum incoming record payload length is 4096" \ 4658 -s "Maximum outgoing record payload length is 2048" \ 4659 -c "client hello, adding max_fragment_length extension" \ 4660 -s "found max fragment length extension" \ 4661 -s "server hello, max_fragment_length extension" \ 4662 -c "found max_fragment_length extension" 4663 4664requires_max_content_len 4096 4665requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4666run_test "Max fragment length: used by server" \ 4667 "$P_SRV force_version=tls12 debug_level=3 max_frag_len=4096" \ 4668 "$P_CLI debug_level=3" \ 4669 0 \ 4670 -c "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4671 -c "Maximum outgoing record payload length is $MAX_CONTENT_LEN" \ 4672 -s "Maximum incoming record payload length is $MAX_CONTENT_LEN" \ 4673 -s "Maximum outgoing record payload length is 4096" \ 4674 -C "client hello, adding max_fragment_length extension" \ 4675 -S "found max fragment length extension" \ 4676 -S "server hello, max_fragment_length extension" \ 4677 -C "found max_fragment_length extension" 4678 4679requires_max_content_len 4096 4680requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4681requires_gnutls 4682requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4683run_test "Max fragment length: gnutls server" \ 4684 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 4685 "$P_CLI debug_level=3 max_frag_len=4096" \ 4686 0 \ 4687 -c "Maximum incoming record payload length is 4096" \ 4688 -c "Maximum outgoing record payload length is 4096" \ 4689 -c "client hello, adding max_fragment_length extension" \ 4690 -c "found max_fragment_length extension" 4691 4692requires_max_content_len 2048 4693requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4694run_test "Max fragment length: client, message just fits" \ 4695 "$P_SRV debug_level=3" \ 4696 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2048" \ 4697 0 \ 4698 -c "Maximum incoming record payload length is 2048" \ 4699 -c "Maximum outgoing record payload length is 2048" \ 4700 -s "Maximum incoming record payload length is 2048" \ 4701 -s "Maximum outgoing record payload length is 2048" \ 4702 -c "client hello, adding max_fragment_length extension" \ 4703 -s "found max fragment length extension" \ 4704 -s "server hello, max_fragment_length extension" \ 4705 -c "found max_fragment_length extension" \ 4706 -c "2048 bytes written in 1 fragments" \ 4707 -s "2048 bytes read" 4708 4709requires_max_content_len 2048 4710requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4711run_test "Max fragment length: client, larger message" \ 4712 "$P_SRV debug_level=3" \ 4713 "$P_CLI force_version=tls12 debug_level=3 max_frag_len=2048 request_size=2345" \ 4714 0 \ 4715 -c "Maximum incoming record payload length is 2048" \ 4716 -c "Maximum outgoing record payload length is 2048" \ 4717 -s "Maximum incoming record payload length is 2048" \ 4718 -s "Maximum outgoing record payload length is 2048" \ 4719 -c "client hello, adding max_fragment_length extension" \ 4720 -s "found max fragment length extension" \ 4721 -s "server hello, max_fragment_length extension" \ 4722 -c "found max_fragment_length extension" \ 4723 -c "2345 bytes written in 2 fragments" \ 4724 -s "2048 bytes read" \ 4725 -s "297 bytes read" 4726 4727requires_max_content_len 2048 4728requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4729requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 4730run_test "Max fragment length: DTLS client, larger message" \ 4731 "$P_SRV debug_level=3 dtls=1" \ 4732 "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ 4733 1 \ 4734 -c "Maximum incoming record payload length is 2048" \ 4735 -c "Maximum outgoing record payload length is 2048" \ 4736 -s "Maximum incoming record payload length is 2048" \ 4737 -s "Maximum outgoing record payload length is 2048" \ 4738 -c "client hello, adding max_fragment_length extension" \ 4739 -s "found max fragment length extension" \ 4740 -s "server hello, max_fragment_length extension" \ 4741 -c "found max_fragment_length extension" \ 4742 -c "fragment larger than.*maximum" 4743 4744# Tests for Record Size Limit extension 4745 4746requires_gnutls_tls1_3 4747requires_gnutls_record_size_limit 4748requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4749run_test "Record Size Limit: TLS 1.3: Server-side parsing, debug output and fatal alert" \ 4750 "$P_SRV debug_level=3 force_version=tls13" \ 4751 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -d 4" \ 4752 1 \ 4753 -c "Preparing extension (Record Size Limit/28) for 'client hello'" \ 4754 -c "Sending extension Record Size Limit/28 (2 bytes)" \ 4755 -s "ClientHello: record_size_limit(28) extension received."\ 4756 -s "found record_size_limit extension" \ 4757 -s "RecordSizeLimit: 16385 Bytes" \ 4758 -c "Received alert \[110]: An unsupported extension was sent" 4759 4760requires_gnutls_tls1_3 4761requires_gnutls_record_size_limit 4762requires_gnutls_next_disable_tls13_compat 4763requires_config_enabled MBEDTLS_SSL_RECORD_SIZE_LIMIT 4764run_test "Record Size Limit: TLS 1.3: Client-side parsing, debug output and fatal alert" \ 4765 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert -d 4" \ 4766 "$P_CLI debug_level=4 force_version=tls13" \ 4767 0 \ 4768 -s "Preparing extension (Record Size Limit/28) for 'encrypted extensions'" 4769# The P_CLI can not yet send the Record Size Limit extension. Thus, the G_NEXT_SRV does not send 4770# a response in its EncryptedExtensions record. 4771# -s "Parsing extension 'Record Size Limit/28 (2 bytes)" \ 4772# -s "Sending extension Record Size Limit/28 (2 bytes)" \ 4773# -c "EncryptedExtensions: record_size_limit(28) extension received."\ 4774# -c "found record_size_limit extension" \ 4775# -c "RecordSizeLimit: 16385 Bytes" \ 4776# -s "Received alert \[110]: An unsupported extension was sent" 4777 4778# Tests for renegotiation 4779 4780# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION 4781run_test "Renegotiation: none, for reference" \ 4782 "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ 4783 "$P_CLI force_version=tls12 debug_level=3 exchanges=2" \ 4784 0 \ 4785 -C "client hello, adding renegotiation extension" \ 4786 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4787 -S "found renegotiation extension" \ 4788 -s "server hello, secure renegotiation extension" \ 4789 -c "found renegotiation extension" \ 4790 -C "=> renegotiate" \ 4791 -S "=> renegotiate" \ 4792 -S "write hello request" 4793 4794requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4795run_test "Renegotiation: client-initiated" \ 4796 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 4797 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 4798 0 \ 4799 -c "client hello, adding renegotiation extension" \ 4800 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4801 -s "found renegotiation extension" \ 4802 -s "server hello, secure renegotiation extension" \ 4803 -c "found renegotiation extension" \ 4804 -c "=> renegotiate" \ 4805 -s "=> renegotiate" \ 4806 -S "write hello request" 4807 4808requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4809run_test "Renegotiation: server-initiated" \ 4810 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 4811 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 4812 0 \ 4813 -c "client hello, adding renegotiation extension" \ 4814 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4815 -s "found renegotiation extension" \ 4816 -s "server hello, secure renegotiation extension" \ 4817 -c "found renegotiation extension" \ 4818 -c "=> renegotiate" \ 4819 -s "=> renegotiate" \ 4820 -s "write hello request" 4821 4822# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 4823# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 4824# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 4825requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4826run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ 4827 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ 4828 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 4829 0 \ 4830 -c "client hello, adding renegotiation extension" \ 4831 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4832 -s "found renegotiation extension" \ 4833 -s "server hello, secure renegotiation extension" \ 4834 -c "found renegotiation extension" \ 4835 -c "=> renegotiate" \ 4836 -s "=> renegotiate" \ 4837 -S "write hello request" \ 4838 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 4839 4840# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that 4841# the server did not parse the Signature Algorithm extension. This test is valid only if an MD 4842# algorithm stronger than SHA-1 is enabled in mbedtls_config.h 4843requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4844run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ 4845 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 4846 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 4847 0 \ 4848 -c "client hello, adding renegotiation extension" \ 4849 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4850 -s "found renegotiation extension" \ 4851 -s "server hello, secure renegotiation extension" \ 4852 -c "found renegotiation extension" \ 4853 -c "=> renegotiate" \ 4854 -s "=> renegotiate" \ 4855 -s "write hello request" \ 4856 -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? 4857 4858requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4859run_test "Renegotiation: double" \ 4860 "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ 4861 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 4862 0 \ 4863 -c "client hello, adding renegotiation extension" \ 4864 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4865 -s "found renegotiation extension" \ 4866 -s "server hello, secure renegotiation extension" \ 4867 -c "found renegotiation extension" \ 4868 -c "=> renegotiate" \ 4869 -s "=> renegotiate" \ 4870 -s "write hello request" 4871 4872requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4873requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 4874requires_max_content_len 2048 4875run_test "Renegotiation with max fragment length: client 2048, server 512" \ 4876 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1 max_frag_len=512" \ 4877 "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 max_frag_len=2048 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \ 4878 0 \ 4879 -c "Maximum incoming record payload length is 2048" \ 4880 -c "Maximum outgoing record payload length is 2048" \ 4881 -s "Maximum incoming record payload length is 2048" \ 4882 -s "Maximum outgoing record payload length is 512" \ 4883 -c "client hello, adding max_fragment_length extension" \ 4884 -s "found max fragment length extension" \ 4885 -s "server hello, max_fragment_length extension" \ 4886 -c "found max_fragment_length extension" \ 4887 -c "client hello, adding renegotiation extension" \ 4888 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4889 -s "found renegotiation extension" \ 4890 -s "server hello, secure renegotiation extension" \ 4891 -c "found renegotiation extension" \ 4892 -c "=> renegotiate" \ 4893 -s "=> renegotiate" \ 4894 -s "write hello request" 4895 4896requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4897run_test "Renegotiation: client-initiated, server-rejected" \ 4898 "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ 4899 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ 4900 1 \ 4901 -c "client hello, adding renegotiation extension" \ 4902 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4903 -S "found renegotiation extension" \ 4904 -s "server hello, secure renegotiation extension" \ 4905 -c "found renegotiation extension" \ 4906 -c "=> renegotiate" \ 4907 -S "=> renegotiate" \ 4908 -S "write hello request" \ 4909 -c "SSL - Unexpected message at ServerHello in renegotiation" \ 4910 -c "failed" 4911 4912requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4913run_test "Renegotiation: server-initiated, client-rejected, default" \ 4914 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 4915 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 4916 0 \ 4917 -C "client hello, adding renegotiation extension" \ 4918 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4919 -S "found renegotiation extension" \ 4920 -s "server hello, secure renegotiation extension" \ 4921 -c "found renegotiation extension" \ 4922 -C "=> renegotiate" \ 4923 -S "=> renegotiate" \ 4924 -s "write hello request" \ 4925 -S "SSL - An unexpected message was received from our peer" \ 4926 -S "failed" 4927 4928requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4929run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ 4930 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 4931 renego_delay=-1 auth_mode=optional" \ 4932 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 4933 0 \ 4934 -C "client hello, adding renegotiation extension" \ 4935 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4936 -S "found renegotiation extension" \ 4937 -s "server hello, secure renegotiation extension" \ 4938 -c "found renegotiation extension" \ 4939 -C "=> renegotiate" \ 4940 -S "=> renegotiate" \ 4941 -s "write hello request" \ 4942 -S "SSL - An unexpected message was received from our peer" \ 4943 -S "failed" 4944 4945# delay 2 for 1 alert record + 1 application data record 4946requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4947run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ 4948 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 4949 renego_delay=2 auth_mode=optional" \ 4950 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 4951 0 \ 4952 -C "client hello, adding renegotiation extension" \ 4953 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4954 -S "found renegotiation extension" \ 4955 -s "server hello, secure renegotiation extension" \ 4956 -c "found renegotiation extension" \ 4957 -C "=> renegotiate" \ 4958 -S "=> renegotiate" \ 4959 -s "write hello request" \ 4960 -S "SSL - An unexpected message was received from our peer" \ 4961 -S "failed" 4962 4963requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4964run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ 4965 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 4966 renego_delay=0 auth_mode=optional" \ 4967 "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ 4968 0 \ 4969 -C "client hello, adding renegotiation extension" \ 4970 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4971 -S "found renegotiation extension" \ 4972 -s "server hello, secure renegotiation extension" \ 4973 -c "found renegotiation extension" \ 4974 -C "=> renegotiate" \ 4975 -S "=> renegotiate" \ 4976 -s "write hello request" \ 4977 -s "SSL - An unexpected message was received from our peer" 4978 4979requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4980run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ 4981 "$P_SRV force_version=tls12 debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ 4982 renego_delay=0 auth_mode=optional" \ 4983 "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ 4984 0 \ 4985 -c "client hello, adding renegotiation extension" \ 4986 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 4987 -s "found renegotiation extension" \ 4988 -s "server hello, secure renegotiation extension" \ 4989 -c "found renegotiation extension" \ 4990 -c "=> renegotiate" \ 4991 -s "=> renegotiate" \ 4992 -s "write hello request" \ 4993 -S "SSL - An unexpected message was received from our peer" \ 4994 -S "failed" 4995 4996requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 4997run_test "Renegotiation: periodic, just below period" \ 4998 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 4999 "$P_CLI force_version=tls12 debug_level=3 exchanges=2 renegotiation=1" \ 5000 0 \ 5001 -C "client hello, adding renegotiation extension" \ 5002 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5003 -S "found renegotiation extension" \ 5004 -s "server hello, secure renegotiation extension" \ 5005 -c "found renegotiation extension" \ 5006 -S "record counter limit reached: renegotiate" \ 5007 -C "=> renegotiate" \ 5008 -S "=> renegotiate" \ 5009 -S "write hello request" \ 5010 -S "SSL - An unexpected message was received from our peer" \ 5011 -S "failed" 5012 5013# one extra exchange to be able to complete renego 5014requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5015run_test "Renegotiation: periodic, just above period" \ 5016 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 5017 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 5018 0 \ 5019 -c "client hello, adding renegotiation extension" \ 5020 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5021 -s "found renegotiation extension" \ 5022 -s "server hello, secure renegotiation extension" \ 5023 -c "found renegotiation extension" \ 5024 -s "record counter limit reached: renegotiate" \ 5025 -c "=> renegotiate" \ 5026 -s "=> renegotiate" \ 5027 -s "write hello request" \ 5028 -S "SSL - An unexpected message was received from our peer" \ 5029 -S "failed" 5030 5031requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5032run_test "Renegotiation: periodic, two times period" \ 5033 "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ 5034 "$P_CLI force_version=tls12 debug_level=3 exchanges=7 renegotiation=1" \ 5035 0 \ 5036 -c "client hello, adding renegotiation extension" \ 5037 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5038 -s "found renegotiation extension" \ 5039 -s "server hello, secure renegotiation extension" \ 5040 -c "found renegotiation extension" \ 5041 -s "record counter limit reached: renegotiate" \ 5042 -c "=> renegotiate" \ 5043 -s "=> renegotiate" \ 5044 -s "write hello request" \ 5045 -S "SSL - An unexpected message was received from our peer" \ 5046 -S "failed" 5047 5048requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5049run_test "Renegotiation: periodic, above period, disabled" \ 5050 "$P_SRV force_version=tls12 debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ 5051 "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ 5052 0 \ 5053 -C "client hello, adding renegotiation extension" \ 5054 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5055 -S "found renegotiation extension" \ 5056 -s "server hello, secure renegotiation extension" \ 5057 -c "found renegotiation extension" \ 5058 -S "record counter limit reached: renegotiate" \ 5059 -C "=> renegotiate" \ 5060 -S "=> renegotiate" \ 5061 -S "write hello request" \ 5062 -S "SSL - An unexpected message was received from our peer" \ 5063 -S "failed" 5064 5065requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5066run_test "Renegotiation: nbio, client-initiated" \ 5067 "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ 5068 "$P_CLI force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ 5069 0 \ 5070 -c "client hello, adding renegotiation extension" \ 5071 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5072 -s "found renegotiation extension" \ 5073 -s "server hello, secure renegotiation extension" \ 5074 -c "found renegotiation extension" \ 5075 -c "=> renegotiate" \ 5076 -s "=> renegotiate" \ 5077 -S "write hello request" 5078 5079requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5080run_test "Renegotiation: nbio, server-initiated" \ 5081 "$P_SRV force_version=tls12 debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ 5082 "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ 5083 0 \ 5084 -c "client hello, adding renegotiation extension" \ 5085 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5086 -s "found renegotiation extension" \ 5087 -s "server hello, secure renegotiation extension" \ 5088 -c "found renegotiation extension" \ 5089 -c "=> renegotiate" \ 5090 -s "=> renegotiate" \ 5091 -s "write hello request" 5092 5093requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5094requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5095run_test "Renegotiation: openssl server, client-initiated" \ 5096 "$O_SRV -www -tls1_2" \ 5097 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5098 0 \ 5099 -c "client hello, adding renegotiation extension" \ 5100 -c "found renegotiation extension" \ 5101 -c "=> renegotiate" \ 5102 -C "ssl_hanshake() returned" \ 5103 -C "error" \ 5104 -c "HTTP/1.0 200 [Oo][Kk]" 5105 5106requires_gnutls 5107requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5108requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5109run_test "Renegotiation: gnutls server strict, client-initiated" \ 5110 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ 5111 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5112 0 \ 5113 -c "client hello, adding renegotiation extension" \ 5114 -c "found renegotiation extension" \ 5115 -c "=> renegotiate" \ 5116 -C "ssl_hanshake() returned" \ 5117 -C "error" \ 5118 -c "HTTP/1.0 200 [Oo][Kk]" 5119 5120requires_gnutls 5121requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5122requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5123run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ 5124 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5125 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ 5126 1 \ 5127 -c "client hello, adding renegotiation extension" \ 5128 -C "found renegotiation extension" \ 5129 -c "=> renegotiate" \ 5130 -c "mbedtls_ssl_handshake() returned" \ 5131 -c "error" \ 5132 -C "HTTP/1.0 200 [Oo][Kk]" 5133 5134requires_gnutls 5135requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5136requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5137run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ 5138 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5139 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 5140 allow_legacy=0" \ 5141 1 \ 5142 -c "client hello, adding renegotiation extension" \ 5143 -C "found renegotiation extension" \ 5144 -c "=> renegotiate" \ 5145 -c "mbedtls_ssl_handshake() returned" \ 5146 -c "error" \ 5147 -C "HTTP/1.0 200 [Oo][Kk]" 5148 5149requires_gnutls 5150requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5152run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ 5153 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5154 "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ 5155 allow_legacy=1" \ 5156 0 \ 5157 -c "client hello, adding renegotiation extension" \ 5158 -C "found renegotiation extension" \ 5159 -c "=> renegotiate" \ 5160 -C "ssl_hanshake() returned" \ 5161 -C "error" \ 5162 -c "HTTP/1.0 200 [Oo][Kk]" 5163 5164requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5166run_test "Renegotiation: DTLS, client-initiated" \ 5167 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ 5168 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 5169 0 \ 5170 -c "client hello, adding renegotiation extension" \ 5171 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5172 -s "found renegotiation extension" \ 5173 -s "server hello, secure renegotiation extension" \ 5174 -c "found renegotiation extension" \ 5175 -c "=> renegotiate" \ 5176 -s "=> renegotiate" \ 5177 -S "write hello request" 5178 5179requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5180requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5181run_test "Renegotiation: DTLS, server-initiated" \ 5182 "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ 5183 "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ 5184 read_timeout=1000 max_resend=2" \ 5185 0 \ 5186 -c "client hello, adding renegotiation extension" \ 5187 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5188 -s "found renegotiation extension" \ 5189 -s "server hello, secure renegotiation extension" \ 5190 -c "found renegotiation extension" \ 5191 -c "=> renegotiate" \ 5192 -s "=> renegotiate" \ 5193 -s "write hello request" 5194 5195requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5196requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5197run_test "Renegotiation: DTLS, renego_period overflow" \ 5198 "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ 5199 "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ 5200 0 \ 5201 -c "client hello, adding renegotiation extension" \ 5202 -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ 5203 -s "found renegotiation extension" \ 5204 -s "server hello, secure renegotiation extension" \ 5205 -s "record counter limit reached: renegotiate" \ 5206 -c "=> renegotiate" \ 5207 -s "=> renegotiate" \ 5208 -s "write hello request" 5209 5210requires_gnutls 5211requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 5212requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5213run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ 5214 "$G_SRV -u --mtu 4096" \ 5215 "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ 5216 0 \ 5217 -c "client hello, adding renegotiation extension" \ 5218 -c "found renegotiation extension" \ 5219 -c "=> renegotiate" \ 5220 -C "mbedtls_ssl_handshake returned" \ 5221 -C "error" \ 5222 -s "Extra-header:" 5223 5224# Test for the "secure renegotiation" extension only (no actual renegotiation) 5225 5226requires_gnutls 5227requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5228run_test "Renego ext: gnutls server strict, client default" \ 5229 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%SAFE_RENEGOTIATION" \ 5230 "$P_CLI debug_level=3" \ 5231 0 \ 5232 -c "found renegotiation extension" \ 5233 -C "error" \ 5234 -c "HTTP/1.0 200 [Oo][Kk]" 5235 5236requires_gnutls 5237requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5238run_test "Renego ext: gnutls server unsafe, client default" \ 5239 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5240 "$P_CLI debug_level=3" \ 5241 0 \ 5242 -C "found renegotiation extension" \ 5243 -C "error" \ 5244 -c "HTTP/1.0 200 [Oo][Kk]" 5245 5246requires_gnutls 5247requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5248run_test "Renego ext: gnutls server unsafe, client break legacy" \ 5249 "$G_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2:%DISABLE_SAFE_RENEGOTIATION" \ 5250 "$P_CLI debug_level=3 allow_legacy=-1" \ 5251 1 \ 5252 -C "found renegotiation extension" \ 5253 -c "error" \ 5254 -C "HTTP/1.0 200 [Oo][Kk]" 5255 5256requires_gnutls 5257requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5258run_test "Renego ext: gnutls client strict, server default" \ 5259 "$P_SRV debug_level=3" \ 5260 "$G_CLI --priority=NORMAL:%SAFE_RENEGOTIATION localhost" \ 5261 0 \ 5262 -s "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5263 -s "server hello, secure renegotiation extension" 5264 5265requires_gnutls 5266requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5267run_test "Renego ext: gnutls client unsafe, server default" \ 5268 "$P_SRV debug_level=3" \ 5269 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 5270 0 \ 5271 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5272 -S "server hello, secure renegotiation extension" 5273 5274requires_gnutls 5275requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5276run_test "Renego ext: gnutls client unsafe, server break legacy" \ 5277 "$P_SRV debug_level=3 allow_legacy=-1" \ 5278 "$G_CLI --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION localhost" \ 5279 1 \ 5280 -S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \ 5281 -S "server hello, secure renegotiation extension" 5282 5283# Tests for silently dropping trailing extra bytes in .der certificates 5284 5285requires_gnutls 5286requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5287run_test "DER format: no trailing bytes" \ 5288 "$P_SRV crt_file=data_files/server5-der0.crt \ 5289 key_file=data_files/server5.key" \ 5290 "$G_CLI localhost" \ 5291 0 \ 5292 -c "Handshake was completed" \ 5293 5294requires_gnutls 5295requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5296run_test "DER format: with a trailing zero byte" \ 5297 "$P_SRV crt_file=data_files/server5-der1a.crt \ 5298 key_file=data_files/server5.key" \ 5299 "$G_CLI localhost" \ 5300 0 \ 5301 -c "Handshake was completed" \ 5302 5303requires_gnutls 5304requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5305run_test "DER format: with a trailing random byte" \ 5306 "$P_SRV crt_file=data_files/server5-der1b.crt \ 5307 key_file=data_files/server5.key" \ 5308 "$G_CLI localhost" \ 5309 0 \ 5310 -c "Handshake was completed" \ 5311 5312requires_gnutls 5313requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5314run_test "DER format: with 2 trailing random bytes" \ 5315 "$P_SRV crt_file=data_files/server5-der2.crt \ 5316 key_file=data_files/server5.key" \ 5317 "$G_CLI localhost" \ 5318 0 \ 5319 -c "Handshake was completed" \ 5320 5321requires_gnutls 5322requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5323run_test "DER format: with 4 trailing random bytes" \ 5324 "$P_SRV crt_file=data_files/server5-der4.crt \ 5325 key_file=data_files/server5.key" \ 5326 "$G_CLI localhost" \ 5327 0 \ 5328 -c "Handshake was completed" \ 5329 5330requires_gnutls 5331requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5332run_test "DER format: with 8 trailing random bytes" \ 5333 "$P_SRV crt_file=data_files/server5-der8.crt \ 5334 key_file=data_files/server5.key" \ 5335 "$G_CLI localhost" \ 5336 0 \ 5337 -c "Handshake was completed" \ 5338 5339requires_gnutls 5340requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5341run_test "DER format: with 9 trailing random bytes" \ 5342 "$P_SRV crt_file=data_files/server5-der9.crt \ 5343 key_file=data_files/server5.key" \ 5344 "$G_CLI localhost" \ 5345 0 \ 5346 -c "Handshake was completed" \ 5347 5348# Tests for auth_mode, there are duplicated tests using ca callback for authentication 5349# When updating these tests, modify the matching authentication tests accordingly 5350 5351requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5352run_test "Authentication: server badcert, client required" \ 5353 "$P_SRV crt_file=data_files/server5-badsign.crt \ 5354 key_file=data_files/server5.key" \ 5355 "$P_CLI debug_level=1 auth_mode=required" \ 5356 1 \ 5357 -c "x509_verify_cert() returned" \ 5358 -c "! The certificate is not correctly signed by the trusted CA" \ 5359 -c "! mbedtls_ssl_handshake returned" \ 5360 -c "X509 - Certificate verification failed" 5361 5362run_test "Authentication: server badcert, client optional" \ 5363 "$P_SRV crt_file=data_files/server5-badsign.crt \ 5364 key_file=data_files/server5.key" \ 5365 "$P_CLI force_version=tls12 debug_level=1 auth_mode=optional" \ 5366 0 \ 5367 -c "x509_verify_cert() returned" \ 5368 -c "! The certificate is not correctly signed by the trusted CA" \ 5369 -C "! mbedtls_ssl_handshake returned" \ 5370 -C "X509 - Certificate verification failed" 5371 5372requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5373run_test "Authentication: server goodcert, client optional, no trusted CA" \ 5374 "$P_SRV" \ 5375 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional ca_file=none ca_path=none" \ 5376 0 \ 5377 -c "x509_verify_cert() returned" \ 5378 -c "! The certificate is not correctly signed by the trusted CA" \ 5379 -c "! Certificate verification flags"\ 5380 -C "! mbedtls_ssl_handshake returned" \ 5381 -C "X509 - Certificate verification failed" \ 5382 -C "SSL - No CA Chain is set, but required to operate" 5383 5384requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5385run_test "Authentication: server goodcert, client required, no trusted CA" \ 5386 "$P_SRV" \ 5387 "$P_CLI debug_level=3 auth_mode=required ca_file=none ca_path=none" \ 5388 1 \ 5389 -c "x509_verify_cert() returned" \ 5390 -c "! The certificate is not correctly signed by the trusted CA" \ 5391 -c "! Certificate verification flags"\ 5392 -c "! mbedtls_ssl_handshake returned" \ 5393 -c "SSL - No CA Chain is set, but required to operate" 5394 5395# The purpose of the next two tests is to test the client's behaviour when receiving a server 5396# certificate with an unsupported elliptic curve. This should usually not happen because 5397# the client informs the server about the supported curves - it does, though, in the 5398# corner case of a static ECDH suite, because the server doesn't check the curve on that 5399# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 5400# different means to have the server ignoring the client's supported curve list. 5401 5402run_test "Authentication: server ECDH p256v1, client required, p256v1 unsupported" \ 5403 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 5404 crt_file=data_files/server5.ku-ka.crt" \ 5405 "$P_CLI force_version=tls12 debug_level=3 auth_mode=required groups=secp521r1" \ 5406 1 \ 5407 -c "bad certificate (EC key curve)"\ 5408 -c "! Certificate verification flags"\ 5409 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 5410 5411run_test "Authentication: server ECDH p256v1, client optional, p256v1 unsupported" \ 5412 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 5413 crt_file=data_files/server5.ku-ka.crt" \ 5414 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional groups=secp521r1" \ 5415 1 \ 5416 -c "bad certificate (EC key curve)"\ 5417 -c "! Certificate verification flags"\ 5418 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 5419 5420run_test "Authentication: server badcert, client none" \ 5421 "$P_SRV crt_file=data_files/server5-badsign.crt \ 5422 key_file=data_files/server5.key" \ 5423 "$P_CLI force_version=tls12 debug_level=1 auth_mode=none" \ 5424 0 \ 5425 -C "x509_verify_cert() returned" \ 5426 -C "! The certificate is not correctly signed by the trusted CA" \ 5427 -C "! mbedtls_ssl_handshake returned" \ 5428 -C "X509 - Certificate verification failed" 5429 5430requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5431run_test "Authentication: client SHA256, server required" \ 5432 "$P_SRV auth_mode=required" \ 5433 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 5434 key_file=data_files/server6.key \ 5435 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 5436 0 \ 5437 -c "Supported Signature Algorithm found: 04 " \ 5438 -c "Supported Signature Algorithm found: 05 " 5439 5440requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5441run_test "Authentication: client SHA384, server required" \ 5442 "$P_SRV auth_mode=required" \ 5443 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 5444 key_file=data_files/server6.key \ 5445 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 5446 0 \ 5447 -c "Supported Signature Algorithm found: 04 " \ 5448 -c "Supported Signature Algorithm found: 05 " 5449 5450requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5451run_test "Authentication: client has no cert, server required (TLS)" \ 5452 "$P_SRV debug_level=3 auth_mode=required" \ 5453 "$P_CLI debug_level=3 crt_file=none \ 5454 key_file=data_files/server5.key" \ 5455 1 \ 5456 -S "skip write certificate request" \ 5457 -C "skip parse certificate request" \ 5458 -c "got a certificate request" \ 5459 -c "= write certificate$" \ 5460 -C "skip write certificate$" \ 5461 -S "x509_verify_cert() returned" \ 5462 -s "peer has no certificate" \ 5463 -s "! mbedtls_ssl_handshake returned" \ 5464 -s "No client certification received from the client, but required by the authentication mode" 5465 5466requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5467run_test "Authentication: client badcert, server required" \ 5468 "$P_SRV debug_level=3 auth_mode=required" \ 5469 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 5470 key_file=data_files/server5.key" \ 5471 1 \ 5472 -S "skip write certificate request" \ 5473 -C "skip parse certificate request" \ 5474 -c "got a certificate request" \ 5475 -C "skip write certificate" \ 5476 -C "skip write certificate verify" \ 5477 -S "skip parse certificate verify" \ 5478 -s "x509_verify_cert() returned" \ 5479 -s "! The certificate is not correctly signed by the trusted CA" \ 5480 -s "! mbedtls_ssl_handshake returned" \ 5481 -s "send alert level=2 message=48" \ 5482 -s "X509 - Certificate verification failed" 5483# We don't check that the client receives the alert because it might 5484# detect that its write end of the connection is closed and abort 5485# before reading the alert message. 5486 5487requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5488run_test "Authentication: client cert self-signed and trusted, server required" \ 5489 "$P_SRV debug_level=3 auth_mode=required ca_file=data_files/server5-selfsigned.crt" \ 5490 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 5491 key_file=data_files/server5.key" \ 5492 0 \ 5493 -S "skip write certificate request" \ 5494 -C "skip parse certificate request" \ 5495 -c "got a certificate request" \ 5496 -C "skip write certificate" \ 5497 -C "skip write certificate verify" \ 5498 -S "skip parse certificate verify" \ 5499 -S "x509_verify_cert() returned" \ 5500 -S "! The certificate is not correctly signed" \ 5501 -S "X509 - Certificate verification failed" 5502 5503requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5504run_test "Authentication: client cert not trusted, server required" \ 5505 "$P_SRV debug_level=3 auth_mode=required" \ 5506 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 5507 key_file=data_files/server5.key" \ 5508 1 \ 5509 -S "skip write certificate request" \ 5510 -C "skip parse certificate request" \ 5511 -c "got a certificate request" \ 5512 -C "skip write certificate" \ 5513 -C "skip write certificate verify" \ 5514 -S "skip parse certificate verify" \ 5515 -s "x509_verify_cert() returned" \ 5516 -s "! The certificate is not correctly signed by the trusted CA" \ 5517 -s "! mbedtls_ssl_handshake returned" \ 5518 -s "X509 - Certificate verification failed" 5519 5520requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5521run_test "Authentication: client badcert, server optional" \ 5522 "$P_SRV debug_level=3 auth_mode=optional" \ 5523 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 5524 key_file=data_files/server5.key" \ 5525 0 \ 5526 -S "skip write certificate request" \ 5527 -C "skip parse certificate request" \ 5528 -c "got a certificate request" \ 5529 -C "skip write certificate" \ 5530 -C "skip write certificate verify" \ 5531 -S "skip parse certificate verify" \ 5532 -s "x509_verify_cert() returned" \ 5533 -s "! The certificate is not correctly signed by the trusted CA" \ 5534 -S "! mbedtls_ssl_handshake returned" \ 5535 -C "! mbedtls_ssl_handshake returned" \ 5536 -S "X509 - Certificate verification failed" 5537 5538requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5539run_test "Authentication: client badcert, server none" \ 5540 "$P_SRV debug_level=3 auth_mode=none" \ 5541 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 5542 key_file=data_files/server5.key" \ 5543 0 \ 5544 -s "skip write certificate request" \ 5545 -C "skip parse certificate request" \ 5546 -c "got no certificate request" \ 5547 -c "skip write certificate" \ 5548 -c "skip write certificate verify" \ 5549 -s "skip parse certificate verify" \ 5550 -S "x509_verify_cert() returned" \ 5551 -S "! The certificate is not correctly signed by the trusted CA" \ 5552 -S "! mbedtls_ssl_handshake returned" \ 5553 -C "! mbedtls_ssl_handshake returned" \ 5554 -S "X509 - Certificate verification failed" 5555 5556requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5557run_test "Authentication: client no cert, server optional" \ 5558 "$P_SRV debug_level=3 auth_mode=optional" \ 5559 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 5560 0 \ 5561 -S "skip write certificate request" \ 5562 -C "skip parse certificate request" \ 5563 -c "got a certificate request" \ 5564 -C "skip write certificate$" \ 5565 -C "got no certificate to send" \ 5566 -c "skip write certificate verify" \ 5567 -s "skip parse certificate verify" \ 5568 -s "! Certificate was missing" \ 5569 -S "! mbedtls_ssl_handshake returned" \ 5570 -C "! mbedtls_ssl_handshake returned" \ 5571 -S "X509 - Certificate verification failed" 5572 5573requires_openssl_tls1_3_with_compatible_ephemeral 5574requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5575run_test "Authentication: openssl client no cert, server optional" \ 5576 "$P_SRV debug_level=3 auth_mode=optional" \ 5577 "$O_NEXT_CLI_NO_CERT -no_middlebox" \ 5578 0 \ 5579 -S "skip write certificate request" \ 5580 -s "skip parse certificate verify" \ 5581 -s "! Certificate was missing" \ 5582 -S "! mbedtls_ssl_handshake returned" \ 5583 -S "X509 - Certificate verification failed" 5584 5585requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5586run_test "Authentication: client no cert, openssl server optional" \ 5587 "$O_SRV -verify 10 -tls1_2" \ 5588 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 5589 0 \ 5590 -C "skip parse certificate request" \ 5591 -c "got a certificate request" \ 5592 -C "skip write certificate$" \ 5593 -c "skip write certificate verify" \ 5594 -C "! mbedtls_ssl_handshake returned" 5595 5596requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 5597run_test "Authentication: client no cert, openssl server required" \ 5598 "$O_SRV -Verify 10 -tls1_2" \ 5599 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 5600 1 \ 5601 -C "skip parse certificate request" \ 5602 -c "got a certificate request" \ 5603 -C "skip write certificate$" \ 5604 -c "skip write certificate verify" \ 5605 -c "! mbedtls_ssl_handshake returned" 5606 5607# This script assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA has its default 5608# value, defined here as MAX_IM_CA. Some test cases will be skipped if the 5609# library is configured with a different value. 5610 5611MAX_IM_CA='8' 5612 5613# The tests for the max_int tests can pass with any number higher than MAX_IM_CA 5614# because only a chain of MAX_IM_CA length is tested. Equally, the max_int+1 5615# tests can pass with any number less than MAX_IM_CA. However, stricter preconditions 5616# are in place so that the semantics are consistent with the test description. 5617requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5618requires_full_size_output_buffer 5619run_test "Authentication: server max_int chain, client default" \ 5620 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 5621 key_file=data_files/dir-maxpath/09.key" \ 5622 "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 5623 0 \ 5624 -C "X509 - A fatal error occurred" 5625 5626requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5627requires_full_size_output_buffer 5628run_test "Authentication: server max_int+1 chain, client default" \ 5629 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 5630 key_file=data_files/dir-maxpath/10.key" \ 5631 "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 5632 1 \ 5633 -c "X509 - A fatal error occurred" 5634 5635requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5636requires_full_size_output_buffer 5637run_test "Authentication: server max_int+1 chain, client optional" \ 5638 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 5639 key_file=data_files/dir-maxpath/10.key" \ 5640 "$P_CLI force_version=tls12 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 5641 auth_mode=optional" \ 5642 1 \ 5643 -c "X509 - A fatal error occurred" 5644 5645requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5646requires_full_size_output_buffer 5647run_test "Authentication: server max_int+1 chain, client none" \ 5648 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 5649 key_file=data_files/dir-maxpath/10.key" \ 5650 "$P_CLI force_version=tls12 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 5651 auth_mode=none" \ 5652 0 \ 5653 -C "X509 - A fatal error occurred" 5654 5655requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5656requires_full_size_output_buffer 5657run_test "Authentication: client max_int+1 chain, server default" \ 5658 "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ 5659 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 5660 key_file=data_files/dir-maxpath/10.key" \ 5661 0 \ 5662 -S "X509 - A fatal error occurred" 5663 5664requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5665requires_full_size_output_buffer 5666run_test "Authentication: client max_int+1 chain, server optional" \ 5667 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 5668 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 5669 key_file=data_files/dir-maxpath/10.key" \ 5670 1 \ 5671 -s "X509 - A fatal error occurred" 5672 5673requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5674requires_full_size_output_buffer 5675run_test "Authentication: client max_int+1 chain, server required" \ 5676 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 5677 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 5678 key_file=data_files/dir-maxpath/10.key" \ 5679 1 \ 5680 -s "X509 - A fatal error occurred" 5681 5682requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5683requires_full_size_output_buffer 5684run_test "Authentication: client max_int chain, server required" \ 5685 "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 5686 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 5687 key_file=data_files/dir-maxpath/09.key" \ 5688 0 \ 5689 -S "X509 - A fatal error occurred" 5690 5691# Tests for CA list in CertificateRequest messages 5692 5693requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5694run_test "Authentication: send CA list in CertificateRequest (default)" \ 5695 "$P_SRV debug_level=3 auth_mode=required" \ 5696 "$P_CLI force_version=tls12 crt_file=data_files/server6.crt \ 5697 key_file=data_files/server6.key" \ 5698 0 \ 5699 -s "requested DN" 5700 5701requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5702run_test "Authentication: do not send CA list in CertificateRequest" \ 5703 "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \ 5704 "$P_CLI force_version=tls12 crt_file=data_files/server6.crt \ 5705 key_file=data_files/server6.key" \ 5706 0 \ 5707 -S "requested DN" 5708 5709run_test "Authentication: send CA list in CertificateRequest, client self signed" \ 5710 "$P_SRV force_version=tls12 debug_level=3 auth_mode=required cert_req_ca_list=0" \ 5711 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 5712 key_file=data_files/server5.key" \ 5713 1 \ 5714 -S "requested DN" \ 5715 -s "x509_verify_cert() returned" \ 5716 -s "! The certificate is not correctly signed by the trusted CA" \ 5717 -s "! mbedtls_ssl_handshake returned" \ 5718 -c "! mbedtls_ssl_handshake returned" \ 5719 -s "X509 - Certificate verification failed" 5720 5721requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5722run_test "Authentication: send alt conf DN hints in CertificateRequest" \ 5723 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ 5724 crt_file2=data_files/server1.crt \ 5725 key_file2=data_files/server1.key" \ 5726 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 5727 crt_file=data_files/server6.crt \ 5728 key_file=data_files/server6.key" \ 5729 0 \ 5730 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" 5731 5732requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5733run_test "Authentication: send alt conf DN hints in CertificateRequest (2)" \ 5734 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=2 \ 5735 crt_file2=data_files/server2.crt \ 5736 key_file2=data_files/server2.key" \ 5737 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 5738 crt_file=data_files/server6.crt \ 5739 key_file=data_files/server6.key" \ 5740 0 \ 5741 -c "DN hint: C=NL, O=PolarSSL, CN=localhost" 5742 5743requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5744run_test "Authentication: send alt hs DN hints in CertificateRequest" \ 5745 "$P_SRV debug_level=3 auth_mode=optional cert_req_ca_list=3 \ 5746 crt_file2=data_files/server1.crt \ 5747 key_file2=data_files/server1.key" \ 5748 "$P_CLI force_version=tls12 debug_level=3 auth_mode=optional \ 5749 crt_file=data_files/server6.crt \ 5750 key_file=data_files/server6.key" \ 5751 0 \ 5752 -c "DN hint: C=NL, O=PolarSSL, CN=PolarSSL Server 1" 5753 5754# Tests for auth_mode, using CA callback, these are duplicated from the authentication tests 5755# When updating these tests, modify the matching authentication tests accordingly 5756 5757requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5758run_test "Authentication, CA callback: server badcert, client required" \ 5759 "$P_SRV crt_file=data_files/server5-badsign.crt \ 5760 key_file=data_files/server5.key" \ 5761 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ 5762 1 \ 5763 -c "use CA callback for X.509 CRT verification" \ 5764 -c "x509_verify_cert() returned" \ 5765 -c "! The certificate is not correctly signed by the trusted CA" \ 5766 -c "! mbedtls_ssl_handshake returned" \ 5767 -c "X509 - Certificate verification failed" 5768 5769requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5770run_test "Authentication, CA callback: server badcert, client optional" \ 5771 "$P_SRV crt_file=data_files/server5-badsign.crt \ 5772 key_file=data_files/server5.key" \ 5773 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ 5774 0 \ 5775 -c "use CA callback for X.509 CRT verification" \ 5776 -c "x509_verify_cert() returned" \ 5777 -c "! The certificate is not correctly signed by the trusted CA" \ 5778 -C "! mbedtls_ssl_handshake returned" \ 5779 -C "X509 - Certificate verification failed" 5780 5781# The purpose of the next two tests is to test the client's behaviour when receiving a server 5782# certificate with an unsupported elliptic curve. This should usually not happen because 5783# the client informs the server about the supported curves - it does, though, in the 5784# corner case of a static ECDH suite, because the server doesn't check the curve on that 5785# occasion (to be fixed). If that bug's fixed, the test needs to be altered to use a 5786# different means to have the server ignoring the client's supported curve list. 5787 5788requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5789run_test "Authentication, CA callback: server ECDH p256v1, client required, p256v1 unsupported" \ 5790 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 5791 crt_file=data_files/server5.ku-ka.crt" \ 5792 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required groups=secp521r1" \ 5793 1 \ 5794 -c "use CA callback for X.509 CRT verification" \ 5795 -c "bad certificate (EC key curve)" \ 5796 -c "! Certificate verification flags" \ 5797 -C "bad server certificate (ECDH curve)" # Expect failure at earlier verification stage 5798 5799requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5800run_test "Authentication, CA callback: server ECDH p256v1, client optional, p256v1 unsupported" \ 5801 "$P_SRV debug_level=1 key_file=data_files/server5.key \ 5802 crt_file=data_files/server5.ku-ka.crt" \ 5803 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional groups=secp521r1" \ 5804 1 \ 5805 -c "use CA callback for X.509 CRT verification" \ 5806 -c "bad certificate (EC key curve)"\ 5807 -c "! Certificate verification flags"\ 5808 -c "bad server certificate (ECDH curve)" # Expect failure only at ECDH params check 5809 5810requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5811requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5812run_test "Authentication, CA callback: client SHA256, server required" \ 5813 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 5814 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 5815 key_file=data_files/server6.key \ 5816 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ 5817 0 \ 5818 -s "use CA callback for X.509 CRT verification" \ 5819 -c "Supported Signature Algorithm found: 04 " \ 5820 -c "Supported Signature Algorithm found: 05 " 5821 5822requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5823requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 5824run_test "Authentication, CA callback: client SHA384, server required" \ 5825 "$P_SRV ca_callback=1 debug_level=3 auth_mode=required" \ 5826 "$P_CLI debug_level=3 crt_file=data_files/server6.crt \ 5827 key_file=data_files/server6.key \ 5828 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \ 5829 0 \ 5830 -s "use CA callback for X.509 CRT verification" \ 5831 -c "Supported Signature Algorithm found: 04 " \ 5832 -c "Supported Signature Algorithm found: 05 " 5833 5834requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5835run_test "Authentication, CA callback: client badcert, server required" \ 5836 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ 5837 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 5838 key_file=data_files/server5.key" \ 5839 1 \ 5840 -s "use CA callback for X.509 CRT verification" \ 5841 -S "skip write certificate request" \ 5842 -C "skip parse certificate request" \ 5843 -c "got a certificate request" \ 5844 -C "skip write certificate" \ 5845 -C "skip write certificate verify" \ 5846 -S "skip parse certificate verify" \ 5847 -s "x509_verify_cert() returned" \ 5848 -s "! The certificate is not correctly signed by the trusted CA" \ 5849 -s "! mbedtls_ssl_handshake returned" \ 5850 -s "send alert level=2 message=48" \ 5851 -c "! mbedtls_ssl_handshake returned" \ 5852 -s "X509 - Certificate verification failed" 5853# We don't check that the client receives the alert because it might 5854# detect that its write end of the connection is closed and abort 5855# before reading the alert message. 5856 5857requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5858run_test "Authentication, CA callback: client cert not trusted, server required" \ 5859 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=required" \ 5860 "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \ 5861 key_file=data_files/server5.key" \ 5862 1 \ 5863 -s "use CA callback for X.509 CRT verification" \ 5864 -S "skip write certificate request" \ 5865 -C "skip parse certificate request" \ 5866 -c "got a certificate request" \ 5867 -C "skip write certificate" \ 5868 -C "skip write certificate verify" \ 5869 -S "skip parse certificate verify" \ 5870 -s "x509_verify_cert() returned" \ 5871 -s "! The certificate is not correctly signed by the trusted CA" \ 5872 -s "! mbedtls_ssl_handshake returned" \ 5873 -c "! mbedtls_ssl_handshake returned" \ 5874 -s "X509 - Certificate verification failed" 5875 5876requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5877run_test "Authentication, CA callback: client badcert, server optional" \ 5878 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 auth_mode=optional" \ 5879 "$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \ 5880 key_file=data_files/server5.key" \ 5881 0 \ 5882 -s "use CA callback for X.509 CRT verification" \ 5883 -S "skip write certificate request" \ 5884 -C "skip parse certificate request" \ 5885 -c "got a certificate request" \ 5886 -C "skip write certificate" \ 5887 -C "skip write certificate verify" \ 5888 -S "skip parse certificate verify" \ 5889 -s "x509_verify_cert() returned" \ 5890 -s "! The certificate is not correctly signed by the trusted CA" \ 5891 -S "! mbedtls_ssl_handshake returned" \ 5892 -C "! mbedtls_ssl_handshake returned" \ 5893 -S "X509 - Certificate verification failed" 5894 5895requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5896requires_full_size_output_buffer 5897requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5898run_test "Authentication, CA callback: server max_int chain, client default" \ 5899 "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ 5900 key_file=data_files/dir-maxpath/09.key" \ 5901 "$P_CLI force_version=tls12 ca_callback=1 debug_level=3 server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ 5902 0 \ 5903 -c "use CA callback for X.509 CRT verification" \ 5904 -C "X509 - A fatal error occurred" 5905 5906requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5907requires_full_size_output_buffer 5908requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5909run_test "Authentication, CA callback: server max_int+1 chain, client default" \ 5910 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 5911 key_file=data_files/dir-maxpath/10.key" \ 5912 "$P_CLI force_version=tls12 debug_level=3 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ 5913 1 \ 5914 -c "use CA callback for X.509 CRT verification" \ 5915 -c "X509 - A fatal error occurred" 5916 5917requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5918requires_full_size_output_buffer 5919requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5920run_test "Authentication, CA callback: server max_int+1 chain, client optional" \ 5921 "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ 5922 key_file=data_files/dir-maxpath/10.key" \ 5923 "$P_CLI force_version=tls12 ca_callback=1 server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ 5924 debug_level=3 auth_mode=optional" \ 5925 1 \ 5926 -c "use CA callback for X.509 CRT verification" \ 5927 -c "X509 - A fatal error occurred" 5928 5929requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5930requires_full_size_output_buffer 5931requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5932run_test "Authentication, CA callback: client max_int+1 chain, server optional" \ 5933 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ 5934 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 5935 key_file=data_files/dir-maxpath/10.key" \ 5936 1 \ 5937 -s "use CA callback for X.509 CRT verification" \ 5938 -s "X509 - A fatal error occurred" 5939 5940requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5941requires_full_size_output_buffer 5942requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5943run_test "Authentication, CA callback: client max_int+1 chain, server required" \ 5944 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 5945 "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ 5946 key_file=data_files/dir-maxpath/10.key" \ 5947 1 \ 5948 -s "use CA callback for X.509 CRT verification" \ 5949 -s "X509 - A fatal error occurred" 5950 5951requires_config_value_equals "MBEDTLS_X509_MAX_INTERMEDIATE_CA" $MAX_IM_CA 5952requires_full_size_output_buffer 5953requires_config_enabled MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK 5954run_test "Authentication, CA callback: client max_int chain, server required" \ 5955 "$P_SRV force_version=tls12 ca_callback=1 debug_level=3 ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ 5956 "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ 5957 key_file=data_files/dir-maxpath/09.key" \ 5958 0 \ 5959 -s "use CA callback for X.509 CRT verification" \ 5960 -S "X509 - A fatal error occurred" 5961 5962# Tests for certificate selection based on SHA version 5963 5964requires_config_disabled MBEDTLS_X509_REMOVE_INFO 5965run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ 5966 "$P_SRV force_version=tls12 crt_file=data_files/server5.crt \ 5967 key_file=data_files/server5.key \ 5968 crt_file2=data_files/server5-sha1.crt \ 5969 key_file2=data_files/server5.key" \ 5970 "$P_CLI" \ 5971 0 \ 5972 -c "signed using.*ECDSA with SHA256" \ 5973 -C "signed using.*ECDSA with SHA1" 5974 5975# tests for SNI 5976 5977requires_config_disabled MBEDTLS_X509_REMOVE_INFO 5978requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5979run_test "SNI: no SNI callback" \ 5980 "$P_SRV debug_level=3 \ 5981 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 5982 "$P_CLI server_name=localhost" \ 5983 0 \ 5984 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 5985 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 5986 5987requires_config_disabled MBEDTLS_X509_REMOVE_INFO 5988requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 5989run_test "SNI: matching cert 1" \ 5990 "$P_SRV debug_level=3 \ 5991 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 5992 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 5993 "$P_CLI server_name=localhost" \ 5994 0 \ 5995 -s "parse ServerName extension" \ 5996 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 5997 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 5998 5999requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6000requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6001run_test "SNI: matching cert 2" \ 6002 "$P_SRV debug_level=3 \ 6003 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6004 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6005 "$P_CLI server_name=polarssl.example" \ 6006 0 \ 6007 -s "parse ServerName extension" \ 6008 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6009 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 6010 6011requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6012requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6013run_test "SNI: no matching cert" \ 6014 "$P_SRV debug_level=3 \ 6015 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6016 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6017 "$P_CLI server_name=nonesuch.example" \ 6018 1 \ 6019 -s "parse ServerName extension" \ 6020 -s "ssl_sni_wrapper() returned" \ 6021 -s "mbedtls_ssl_handshake returned" \ 6022 -c "mbedtls_ssl_handshake returned" \ 6023 -c "SSL - A fatal alert message was received from our peer" 6024 6025requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6026run_test "SNI: client auth no override: optional" \ 6027 "$P_SRV debug_level=3 auth_mode=optional \ 6028 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6029 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 6030 "$P_CLI debug_level=3 server_name=localhost" \ 6031 0 \ 6032 -S "skip write certificate request" \ 6033 -C "skip parse certificate request" \ 6034 -c "got a certificate request" \ 6035 -C "skip write certificate" \ 6036 -C "skip write certificate verify" \ 6037 -S "skip parse certificate verify" 6038 6039requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6040run_test "SNI: client auth override: none -> optional" \ 6041 "$P_SRV debug_level=3 auth_mode=none \ 6042 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6043 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 6044 "$P_CLI debug_level=3 server_name=localhost" \ 6045 0 \ 6046 -S "skip write certificate request" \ 6047 -C "skip parse certificate request" \ 6048 -c "got a certificate request" \ 6049 -C "skip write certificate" \ 6050 -C "skip write certificate verify" \ 6051 -S "skip parse certificate verify" 6052 6053requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6054run_test "SNI: client auth override: optional -> none" \ 6055 "$P_SRV debug_level=3 auth_mode=optional \ 6056 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6057 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 6058 "$P_CLI debug_level=3 server_name=localhost" \ 6059 0 \ 6060 -s "skip write certificate request" \ 6061 -C "skip parse certificate request" \ 6062 -c "got no certificate request" \ 6063 -c "skip write certificate" 6064 6065requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6066run_test "SNI: CA no override" \ 6067 "$P_SRV debug_level=3 auth_mode=optional \ 6068 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6069 ca_file=data_files/test-ca.crt \ 6070 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 6071 "$P_CLI debug_level=3 server_name=localhost \ 6072 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6073 1 \ 6074 -S "skip write certificate request" \ 6075 -C "skip parse certificate request" \ 6076 -c "got a certificate request" \ 6077 -C "skip write certificate" \ 6078 -C "skip write certificate verify" \ 6079 -S "skip parse certificate verify" \ 6080 -s "x509_verify_cert() returned" \ 6081 -s "! The certificate is not correctly signed by the trusted CA" \ 6082 -S "The certificate has been revoked (is on a CRL)" 6083 6084requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6085run_test "SNI: CA override" \ 6086 "$P_SRV debug_level=3 auth_mode=optional \ 6087 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6088 ca_file=data_files/test-ca.crt \ 6089 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 6090 "$P_CLI debug_level=3 server_name=localhost \ 6091 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6092 0 \ 6093 -S "skip write certificate request" \ 6094 -C "skip parse certificate request" \ 6095 -c "got a certificate request" \ 6096 -C "skip write certificate" \ 6097 -C "skip write certificate verify" \ 6098 -S "skip parse certificate verify" \ 6099 -S "x509_verify_cert() returned" \ 6100 -S "! The certificate is not correctly signed by the trusted CA" \ 6101 -S "The certificate has been revoked (is on a CRL)" 6102 6103requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6104run_test "SNI: CA override with CRL" \ 6105 "$P_SRV debug_level=3 auth_mode=optional \ 6106 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6107 ca_file=data_files/test-ca.crt \ 6108 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 6109 "$P_CLI debug_level=3 server_name=localhost \ 6110 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6111 1 \ 6112 -S "skip write certificate request" \ 6113 -C "skip parse certificate request" \ 6114 -c "got a certificate request" \ 6115 -C "skip write certificate" \ 6116 -C "skip write certificate verify" \ 6117 -S "skip parse certificate verify" \ 6118 -s "x509_verify_cert() returned" \ 6119 -S "! The certificate is not correctly signed by the trusted CA" \ 6120 -s "The certificate has been revoked (is on a CRL)" 6121 6122# Tests for SNI and DTLS 6123 6124requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6125requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6126run_test "SNI: DTLS, no SNI callback" \ 6127 "$P_SRV debug_level=3 dtls=1 \ 6128 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 6129 "$P_CLI server_name=localhost dtls=1" \ 6130 0 \ 6131 -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ 6132 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6133 6134requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6135requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6136run_test "SNI: DTLS, matching cert 1" \ 6137 "$P_SRV debug_level=3 dtls=1 \ 6138 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6139 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6140 "$P_CLI server_name=localhost dtls=1" \ 6141 0 \ 6142 -s "parse ServerName extension" \ 6143 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6144 -c "subject name *: C=NL, O=PolarSSL, CN=localhost" 6145 6146requires_config_disabled MBEDTLS_X509_REMOVE_INFO 6147requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6148run_test "SNI: DTLS, matching cert 2" \ 6149 "$P_SRV debug_level=3 dtls=1 \ 6150 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6151 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6152 "$P_CLI server_name=polarssl.example dtls=1" \ 6153 0 \ 6154 -s "parse ServerName extension" \ 6155 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 6156 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 6157 6158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6159run_test "SNI: DTLS, no matching cert" \ 6160 "$P_SRV debug_level=3 dtls=1 \ 6161 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6162 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 6163 "$P_CLI server_name=nonesuch.example dtls=1" \ 6164 1 \ 6165 -s "parse ServerName extension" \ 6166 -s "ssl_sni_wrapper() returned" \ 6167 -s "mbedtls_ssl_handshake returned" \ 6168 -c "mbedtls_ssl_handshake returned" \ 6169 -c "SSL - A fatal alert message was received from our peer" 6170 6171requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6172run_test "SNI: DTLS, client auth no override: optional" \ 6173 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6174 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6175 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-" \ 6176 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6177 0 \ 6178 -S "skip write certificate request" \ 6179 -C "skip parse certificate request" \ 6180 -c "got a certificate request" \ 6181 -C "skip write certificate" \ 6182 -C "skip write certificate verify" \ 6183 -S "skip parse certificate verify" 6184 6185requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6186run_test "SNI: DTLS, client auth override: none -> optional" \ 6187 "$P_SRV debug_level=3 auth_mode=none dtls=1 \ 6188 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6189 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,optional" \ 6190 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6191 0 \ 6192 -S "skip write certificate request" \ 6193 -C "skip parse certificate request" \ 6194 -c "got a certificate request" \ 6195 -C "skip write certificate" \ 6196 -C "skip write certificate verify" \ 6197 -S "skip parse certificate verify" 6198 6199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6200run_test "SNI: DTLS, client auth override: optional -> none" \ 6201 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6202 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6203 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,none" \ 6204 "$P_CLI debug_level=3 server_name=localhost dtls=1" \ 6205 0 \ 6206 -s "skip write certificate request" \ 6207 -C "skip parse certificate request" \ 6208 -c "got no certificate request" \ 6209 -c "skip write certificate" \ 6210 -c "skip write certificate verify" \ 6211 -s "skip parse certificate verify" 6212 6213requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6214run_test "SNI: DTLS, CA no override" \ 6215 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6216 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6217 ca_file=data_files/test-ca.crt \ 6218 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,required" \ 6219 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6220 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6221 1 \ 6222 -S "skip write certificate request" \ 6223 -C "skip parse certificate request" \ 6224 -c "got a certificate request" \ 6225 -C "skip write certificate" \ 6226 -C "skip write certificate verify" \ 6227 -S "skip parse certificate verify" \ 6228 -s "x509_verify_cert() returned" \ 6229 -s "! The certificate is not correctly signed by the trusted CA" \ 6230 -S "The certificate has been revoked (is on a CRL)" 6231 6232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6233run_test "SNI: DTLS, CA override" \ 6234 "$P_SRV debug_level=3 auth_mode=optional dtls=1 \ 6235 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 6236 ca_file=data_files/test-ca.crt \ 6237 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,-,required" \ 6238 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6239 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6240 0 \ 6241 -S "skip write certificate request" \ 6242 -C "skip parse certificate request" \ 6243 -c "got a certificate request" \ 6244 -C "skip write certificate" \ 6245 -C "skip write certificate verify" \ 6246 -S "skip parse certificate verify" \ 6247 -S "x509_verify_cert() returned" \ 6248 -S "! The certificate is not correctly signed by the trusted CA" \ 6249 -S "The certificate has been revoked (is on a CRL)" 6250 6251requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6252run_test "SNI: DTLS, CA override with CRL" \ 6253 "$P_SRV debug_level=3 auth_mode=optional \ 6254 crt_file=data_files/server5.crt key_file=data_files/server5.key dtls=1 \ 6255 ca_file=data_files/test-ca.crt \ 6256 sni=localhost,data_files/server2.crt,data_files/server2.key,data_files/test-ca2.crt,data_files/crl-ec-sha256.pem,required" \ 6257 "$P_CLI debug_level=3 server_name=localhost dtls=1 \ 6258 crt_file=data_files/server6.crt key_file=data_files/server6.key" \ 6259 1 \ 6260 -S "skip write certificate request" \ 6261 -C "skip parse certificate request" \ 6262 -c "got a certificate request" \ 6263 -C "skip write certificate" \ 6264 -C "skip write certificate verify" \ 6265 -S "skip parse certificate verify" \ 6266 -s "x509_verify_cert() returned" \ 6267 -S "! The certificate is not correctly signed by the trusted CA" \ 6268 -s "The certificate has been revoked (is on a CRL)" 6269 6270# Tests for non-blocking I/O: exercise a variety of handshake flows 6271 6272requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6273run_test "Non-blocking I/O: basic handshake" \ 6274 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 6275 "$P_CLI nbio=2 tickets=0" \ 6276 0 \ 6277 -S "mbedtls_ssl_handshake returned" \ 6278 -C "mbedtls_ssl_handshake returned" \ 6279 -c "Read from server: .* bytes read" 6280 6281requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6282run_test "Non-blocking I/O: client auth" \ 6283 "$P_SRV nbio=2 tickets=0 auth_mode=required" \ 6284 "$P_CLI nbio=2 tickets=0" \ 6285 0 \ 6286 -S "mbedtls_ssl_handshake returned" \ 6287 -C "mbedtls_ssl_handshake returned" \ 6288 -c "Read from server: .* bytes read" 6289 6290requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6291run_test "Non-blocking I/O: ticket" \ 6292 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6293 "$P_CLI nbio=2 tickets=1" \ 6294 0 \ 6295 -S "mbedtls_ssl_handshake returned" \ 6296 -C "mbedtls_ssl_handshake returned" \ 6297 -c "Read from server: .* bytes read" 6298 6299requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6300run_test "Non-blocking I/O: ticket + client auth" \ 6301 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6302 "$P_CLI nbio=2 tickets=1" \ 6303 0 \ 6304 -S "mbedtls_ssl_handshake returned" \ 6305 -C "mbedtls_ssl_handshake returned" \ 6306 -c "Read from server: .* bytes read" 6307 6308requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6309run_test "Non-blocking I/O: TLS 1.2 + ticket + client auth + resume" \ 6310 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6311 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ 6312 0 \ 6313 -S "mbedtls_ssl_handshake returned" \ 6314 -C "mbedtls_ssl_handshake returned" \ 6315 -c "Read from server: .* bytes read" 6316 6317requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6318requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6319requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6320run_test "Non-blocking I/O: TLS 1.3 + ticket + client auth + resume" \ 6321 "$P_SRV nbio=2 tickets=1 auth_mode=required" \ 6322 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 6323 0 \ 6324 -S "mbedtls_ssl_handshake returned" \ 6325 -C "mbedtls_ssl_handshake returned" \ 6326 -c "Read from server: .* bytes read" 6327 6328requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6329run_test "Non-blocking I/O: TLS 1.2 + ticket + resume" \ 6330 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6331 "$P_CLI force_version=tls12 nbio=2 tickets=1 reconnect=1" \ 6332 0 \ 6333 -S "mbedtls_ssl_handshake returned" \ 6334 -C "mbedtls_ssl_handshake returned" \ 6335 -c "Read from server: .* bytes read" 6336 6337requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6338requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6339requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6340run_test "Non-blocking I/O: TLS 1.3 + ticket + resume" \ 6341 "$P_SRV nbio=2 tickets=1 auth_mode=none" \ 6342 "$P_CLI nbio=2 tickets=1 reconnect=1" \ 6343 0 \ 6344 -S "mbedtls_ssl_handshake returned" \ 6345 -C "mbedtls_ssl_handshake returned" \ 6346 -c "Read from server: .* bytes read" 6347 6348requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6349run_test "Non-blocking I/O: session-id resume" \ 6350 "$P_SRV nbio=2 tickets=0 auth_mode=none" \ 6351 "$P_CLI force_version=tls12 nbio=2 tickets=0 reconnect=1" \ 6352 0 \ 6353 -S "mbedtls_ssl_handshake returned" \ 6354 -C "mbedtls_ssl_handshake returned" \ 6355 -c "Read from server: .* bytes read" 6356 6357# Tests for event-driven I/O: exercise a variety of handshake flows 6358 6359requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6360run_test "Event-driven I/O: basic handshake" \ 6361 "$P_SRV event=1 tickets=0 auth_mode=none" \ 6362 "$P_CLI event=1 tickets=0" \ 6363 0 \ 6364 -S "mbedtls_ssl_handshake returned" \ 6365 -C "mbedtls_ssl_handshake returned" \ 6366 -c "Read from server: .* bytes read" 6367 6368requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6369run_test "Event-driven I/O: client auth" \ 6370 "$P_SRV event=1 tickets=0 auth_mode=required" \ 6371 "$P_CLI event=1 tickets=0" \ 6372 0 \ 6373 -S "mbedtls_ssl_handshake returned" \ 6374 -C "mbedtls_ssl_handshake returned" \ 6375 -c "Read from server: .* bytes read" 6376 6377requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6378run_test "Event-driven I/O: ticket" \ 6379 "$P_SRV event=1 tickets=1 auth_mode=none" \ 6380 "$P_CLI event=1 tickets=1" \ 6381 0 \ 6382 -S "mbedtls_ssl_handshake returned" \ 6383 -C "mbedtls_ssl_handshake returned" \ 6384 -c "Read from server: .* bytes read" 6385 6386requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6387run_test "Event-driven I/O: ticket + client auth" \ 6388 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6389 "$P_CLI event=1 tickets=1" \ 6390 0 \ 6391 -S "mbedtls_ssl_handshake returned" \ 6392 -C "mbedtls_ssl_handshake returned" \ 6393 -c "Read from server: .* bytes read" 6394 6395requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6396run_test "Event-driven I/O: TLS 1.2 + ticket + client auth + resume" \ 6397 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6398 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ 6399 0 \ 6400 -S "mbedtls_ssl_handshake returned" \ 6401 -C "mbedtls_ssl_handshake returned" \ 6402 -c "Read from server: .* bytes read" 6403 6404requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6405requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6407run_test "Event-driven I/O: TLS 1.3 + ticket + client auth + resume" \ 6408 "$P_SRV event=1 tickets=1 auth_mode=required" \ 6409 "$P_CLI event=1 tickets=1 reconnect=1" \ 6410 0 \ 6411 -S "mbedtls_ssl_handshake returned" \ 6412 -C "mbedtls_ssl_handshake returned" \ 6413 -c "Read from server: .* bytes read" 6414 6415requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6416run_test "Event-driven I/O: TLS 1.2 + ticket + resume" \ 6417 "$P_SRV event=1 tickets=1 auth_mode=none" \ 6418 "$P_CLI force_version=tls12 event=1 tickets=1 reconnect=1" \ 6419 0 \ 6420 -S "mbedtls_ssl_handshake returned" \ 6421 -C "mbedtls_ssl_handshake returned" \ 6422 -c "Read from server: .* bytes read" 6423 6424requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 6425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6426requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 6427run_test "Event-driven I/O: TLS 1.3 + ticket + resume" \ 6428 "$P_SRV event=1 tickets=1 auth_mode=none" \ 6429 "$P_CLI event=1 tickets=1 reconnect=1" \ 6430 0 \ 6431 -S "mbedtls_ssl_handshake returned" \ 6432 -C "mbedtls_ssl_handshake returned" \ 6433 -c "Read from server: .* bytes read" 6434 6435requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT 6436run_test "Event-driven I/O: session-id resume" \ 6437 "$P_SRV event=1 tickets=0 auth_mode=none" \ 6438 "$P_CLI force_version=tls12 event=1 tickets=0 reconnect=1" \ 6439 0 \ 6440 -S "mbedtls_ssl_handshake returned" \ 6441 -C "mbedtls_ssl_handshake returned" \ 6442 -c "Read from server: .* bytes read" 6443 6444requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6445run_test "Event-driven I/O, DTLS: basic handshake" \ 6446 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 6447 "$P_CLI dtls=1 event=1 tickets=0" \ 6448 0 \ 6449 -c "Read from server: .* bytes read" 6450 6451requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6452run_test "Event-driven I/O, DTLS: client auth" \ 6453 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 6454 "$P_CLI dtls=1 event=1 tickets=0" \ 6455 0 \ 6456 -c "Read from server: .* bytes read" 6457 6458requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6459run_test "Event-driven I/O, DTLS: ticket" \ 6460 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 6461 "$P_CLI dtls=1 event=1 tickets=1" \ 6462 0 \ 6463 -c "Read from server: .* bytes read" 6464 6465requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6466run_test "Event-driven I/O, DTLS: ticket + client auth" \ 6467 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 6468 "$P_CLI dtls=1 event=1 tickets=1" \ 6469 0 \ 6470 -c "Read from server: .* bytes read" 6471 6472requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6473run_test "Event-driven I/O, DTLS: ticket + client auth + resume" \ 6474 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=required" \ 6475 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 6476 0 \ 6477 -c "Read from server: .* bytes read" 6478 6479requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6480run_test "Event-driven I/O, DTLS: ticket + resume" \ 6481 "$P_SRV dtls=1 event=1 tickets=1 auth_mode=none" \ 6482 "$P_CLI dtls=1 event=1 tickets=1 reconnect=1 skip_close_notify=1" \ 6483 0 \ 6484 -c "Read from server: .* bytes read" 6485 6486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6487run_test "Event-driven I/O, DTLS: session-id resume" \ 6488 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=none" \ 6489 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 6490 0 \ 6491 -c "Read from server: .* bytes read" 6492 6493# This test demonstrates the need for the mbedtls_ssl_check_pending function. 6494# During session resumption, the client will send its ApplicationData record 6495# within the same datagram as the Finished messages. In this situation, the 6496# server MUST NOT idle on the underlying transport after handshake completion, 6497# because the ApplicationData request has already been queued internally. 6498requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6499run_test "Event-driven I/O, DTLS: session-id resume, UDP packing" \ 6500 -p "$P_PXY pack=50" \ 6501 "$P_SRV dtls=1 event=1 tickets=0 auth_mode=required" \ 6502 "$P_CLI dtls=1 event=1 tickets=0 reconnect=1 skip_close_notify=1" \ 6503 0 \ 6504 -c "Read from server: .* bytes read" 6505 6506# Tests for version negotiation 6507 6508run_test "Version check: all -> 1.2" \ 6509 "$P_SRV" \ 6510 "$P_CLI force_version=tls12" \ 6511 0 \ 6512 -S "mbedtls_ssl_handshake returned" \ 6513 -C "mbedtls_ssl_handshake returned" \ 6514 -s "Protocol is TLSv1.2" \ 6515 -c "Protocol is TLSv1.2" 6516 6517requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6518run_test "Not supported version check: cli TLS 1.0" \ 6519 "$P_SRV" \ 6520 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.0" \ 6521 1 \ 6522 -s "Handshake protocol not within min/max boundaries" \ 6523 -c "Error in protocol version" \ 6524 -S "Protocol is TLSv1.0" \ 6525 -C "Handshake was completed" 6526 6527requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6528run_test "Not supported version check: cli TLS 1.1" \ 6529 "$P_SRV" \ 6530 "$G_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.1" \ 6531 1 \ 6532 -s "Handshake protocol not within min/max boundaries" \ 6533 -c "Error in protocol version" \ 6534 -S "Protocol is TLSv1.1" \ 6535 -C "Handshake was completed" 6536 6537requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6538run_test "Not supported version check: srv max TLS 1.0" \ 6539 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0" \ 6540 "$P_CLI" \ 6541 1 \ 6542 -s "Error in protocol version" \ 6543 -c "Handshake protocol not within min/max boundaries" \ 6544 -S "Version: TLS1.0" \ 6545 -C "Protocol is TLSv1.0" 6546 6547requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6548run_test "Not supported version check: srv max TLS 1.1" \ 6549 "$G_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1" \ 6550 "$P_CLI" \ 6551 1 \ 6552 -s "Error in protocol version" \ 6553 -c "Handshake protocol not within min/max boundaries" \ 6554 -S "Version: TLS1.1" \ 6555 -C "Protocol is TLSv1.1" 6556 6557# Tests for ALPN extension 6558 6559requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6560run_test "ALPN: none" \ 6561 "$P_SRV debug_level=3" \ 6562 "$P_CLI debug_level=3" \ 6563 0 \ 6564 -C "client hello, adding alpn extension" \ 6565 -S "found alpn extension" \ 6566 -C "got an alert message, type: \\[2:120]" \ 6567 -S "server side, adding alpn extension" \ 6568 -C "found alpn extension " \ 6569 -C "Application Layer Protocol is" \ 6570 -S "Application Layer Protocol is" 6571 6572requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6573run_test "ALPN: client only" \ 6574 "$P_SRV debug_level=3" \ 6575 "$P_CLI debug_level=3 alpn=abc,1234" \ 6576 0 \ 6577 -c "client hello, adding alpn extension" \ 6578 -s "found alpn extension" \ 6579 -C "got an alert message, type: \\[2:120]" \ 6580 -S "server side, adding alpn extension" \ 6581 -C "found alpn extension " \ 6582 -c "Application Layer Protocol is (none)" \ 6583 -S "Application Layer Protocol is" 6584 6585requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6586run_test "ALPN: server only" \ 6587 "$P_SRV debug_level=3 alpn=abc,1234" \ 6588 "$P_CLI debug_level=3" \ 6589 0 \ 6590 -C "client hello, adding alpn extension" \ 6591 -S "found alpn extension" \ 6592 -C "got an alert message, type: \\[2:120]" \ 6593 -S "server side, adding alpn extension" \ 6594 -C "found alpn extension " \ 6595 -C "Application Layer Protocol is" \ 6596 -s "Application Layer Protocol is (none)" 6597 6598requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6599run_test "ALPN: both, common cli1-srv1" \ 6600 "$P_SRV debug_level=3 alpn=abc,1234" \ 6601 "$P_CLI debug_level=3 alpn=abc,1234" \ 6602 0 \ 6603 -c "client hello, adding alpn extension" \ 6604 -s "found alpn extension" \ 6605 -C "got an alert message, type: \\[2:120]" \ 6606 -s "server side, adding alpn extension" \ 6607 -c "found alpn extension" \ 6608 -c "Application Layer Protocol is abc" \ 6609 -s "Application Layer Protocol is abc" 6610 6611requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6612run_test "ALPN: both, common cli2-srv1" \ 6613 "$P_SRV debug_level=3 alpn=abc,1234" \ 6614 "$P_CLI debug_level=3 alpn=1234,abc" \ 6615 0 \ 6616 -c "client hello, adding alpn extension" \ 6617 -s "found alpn extension" \ 6618 -C "got an alert message, type: \\[2:120]" \ 6619 -s "server side, adding alpn extension" \ 6620 -c "found alpn extension" \ 6621 -c "Application Layer Protocol is abc" \ 6622 -s "Application Layer Protocol is abc" 6623 6624requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6625run_test "ALPN: both, common cli1-srv2" \ 6626 "$P_SRV debug_level=3 alpn=abc,1234" \ 6627 "$P_CLI debug_level=3 alpn=1234,abcde" \ 6628 0 \ 6629 -c "client hello, adding alpn extension" \ 6630 -s "found alpn extension" \ 6631 -C "got an alert message, type: \\[2:120]" \ 6632 -s "server side, adding alpn extension" \ 6633 -c "found alpn extension" \ 6634 -c "Application Layer Protocol is 1234" \ 6635 -s "Application Layer Protocol is 1234" 6636 6637requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6638run_test "ALPN: both, no common" \ 6639 "$P_SRV debug_level=3 alpn=abc,123" \ 6640 "$P_CLI debug_level=3 alpn=1234,abcde" \ 6641 1 \ 6642 -c "client hello, adding alpn extension" \ 6643 -s "found alpn extension" \ 6644 -c "got an alert message, type: \\[2:120]" \ 6645 -S "server side, adding alpn extension" \ 6646 -C "found alpn extension" \ 6647 -C "Application Layer Protocol is 1234" \ 6648 -S "Application Layer Protocol is 1234" 6649 6650 6651# Tests for keyUsage in leaf certificates, part 1: 6652# server-side certificate/suite selection 6653 6654run_test "keyUsage srv: RSA, digitalSignature -> (EC)DHE-RSA" \ 6655 "$P_SRV force_version=tls12 key_file=data_files/server2.key \ 6656 crt_file=data_files/server2.ku-ds.crt" \ 6657 "$P_CLI" \ 6658 0 \ 6659 -c "Ciphersuite is TLS-[EC]*DHE-RSA-WITH-" 6660 6661run_test "keyUsage srv: RSA, keyEncipherment -> RSA" \ 6662 "$P_SRV force_version=tls12 key_file=data_files/server2.key \ 6663 crt_file=data_files/server2.ku-ke.crt" \ 6664 "$P_CLI" \ 6665 0 \ 6666 -c "Ciphersuite is TLS-RSA-WITH-" 6667 6668run_test "keyUsage srv: RSA, keyAgreement -> fail" \ 6669 "$P_SRV force_version=tls12 key_file=data_files/server2.key \ 6670 crt_file=data_files/server2.ku-ka.crt" \ 6671 "$P_CLI" \ 6672 1 \ 6673 -C "Ciphersuite is " 6674 6675requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 6676run_test "keyUsage srv: ECDSA, digitalSignature -> ECDHE-ECDSA" \ 6677 "$P_SRV force_version=tls12 key_file=data_files/server5.key \ 6678 crt_file=data_files/server5.ku-ds.crt" \ 6679 "$P_CLI" \ 6680 0 \ 6681 -c "Ciphersuite is TLS-ECDHE-ECDSA-WITH-" 6682 6683 6684run_test "keyUsage srv: ECDSA, keyAgreement -> ECDH-" \ 6685 "$P_SRV force_version=tls12 key_file=data_files/server5.key \ 6686 crt_file=data_files/server5.ku-ka.crt" \ 6687 "$P_CLI" \ 6688 0 \ 6689 -c "Ciphersuite is TLS-ECDH-" 6690 6691run_test "keyUsage srv: ECDSA, keyEncipherment -> fail" \ 6692 "$P_SRV force_version=tls12 key_file=data_files/server5.key \ 6693 crt_file=data_files/server5.ku-ke.crt" \ 6694 "$P_CLI" \ 6695 1 \ 6696 -C "Ciphersuite is " 6697 6698# Tests for keyUsage in leaf certificates, part 2: 6699# client-side checking of server cert 6700 6701run_test "keyUsage cli: DigitalSignature+KeyEncipherment, RSA: OK" \ 6702 "$O_SRV -tls1_2 -key data_files/server2.key \ 6703 -cert data_files/server2.ku-ds_ke.crt" \ 6704 "$P_CLI debug_level=1 \ 6705 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6706 0 \ 6707 -C "bad certificate (usage extensions)" \ 6708 -C "Processing of the Certificate handshake message failed" \ 6709 -c "Ciphersuite is TLS-" 6710 6711run_test "keyUsage cli: DigitalSignature+KeyEncipherment, DHE-RSA: OK" \ 6712 "$O_SRV -tls1_2 -key data_files/server2.key \ 6713 -cert data_files/server2.ku-ds_ke.crt" \ 6714 "$P_CLI debug_level=1 \ 6715 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 6716 0 \ 6717 -C "bad certificate (usage extensions)" \ 6718 -C "Processing of the Certificate handshake message failed" \ 6719 -c "Ciphersuite is TLS-" 6720 6721run_test "keyUsage cli: KeyEncipherment, RSA: OK" \ 6722 "$O_SRV -tls1_2 -key data_files/server2.key \ 6723 -cert data_files/server2.ku-ke.crt" \ 6724 "$P_CLI debug_level=1 \ 6725 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6726 0 \ 6727 -C "bad certificate (usage extensions)" \ 6728 -C "Processing of the Certificate handshake message failed" \ 6729 -c "Ciphersuite is TLS-" 6730 6731run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail" \ 6732 "$O_SRV -tls1_2 -key data_files/server2.key \ 6733 -cert data_files/server2.ku-ke.crt" \ 6734 "$P_CLI debug_level=1 \ 6735 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 6736 1 \ 6737 -c "bad certificate (usage extensions)" \ 6738 -c "Processing of the Certificate handshake message failed" \ 6739 -C "Ciphersuite is TLS-" 6740 6741run_test "keyUsage cli: KeyEncipherment, DHE-RSA: fail, soft" \ 6742 "$O_SRV -tls1_2 -key data_files/server2.key \ 6743 -cert data_files/server2.ku-ke.crt" \ 6744 "$P_CLI debug_level=1 auth_mode=optional \ 6745 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 6746 0 \ 6747 -c "bad certificate (usage extensions)" \ 6748 -C "Processing of the Certificate handshake message failed" \ 6749 -c "Ciphersuite is TLS-" \ 6750 -c "! Usage does not match the keyUsage extension" 6751 6752run_test "keyUsage cli: DigitalSignature, DHE-RSA: OK" \ 6753 "$O_SRV -tls1_2 -key data_files/server2.key \ 6754 -cert data_files/server2.ku-ds.crt" \ 6755 "$P_CLI debug_level=1 \ 6756 force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA" \ 6757 0 \ 6758 -C "bad certificate (usage extensions)" \ 6759 -C "Processing of the Certificate handshake message failed" \ 6760 -c "Ciphersuite is TLS-" 6761 6762run_test "keyUsage cli: DigitalSignature, RSA: fail" \ 6763 "$O_SRV -tls1_2 -key data_files/server2.key \ 6764 -cert data_files/server2.ku-ds.crt" \ 6765 "$P_CLI debug_level=1 \ 6766 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6767 1 \ 6768 -c "bad certificate (usage extensions)" \ 6769 -c "Processing of the Certificate handshake message failed" \ 6770 -C "Ciphersuite is TLS-" 6771 6772run_test "keyUsage cli: DigitalSignature, RSA: fail, soft" \ 6773 "$O_SRV -tls1_2 -key data_files/server2.key \ 6774 -cert data_files/server2.ku-ds.crt" \ 6775 "$P_CLI debug_level=1 auth_mode=optional \ 6776 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 6777 0 \ 6778 -c "bad certificate (usage extensions)" \ 6779 -C "Processing of the Certificate handshake message failed" \ 6780 -c "Ciphersuite is TLS-" \ 6781 -c "! Usage does not match the keyUsage extension" 6782 6783requires_openssl_tls1_3_with_compatible_ephemeral 6784requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6785 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6786run_test "keyUsage cli 1.3: DigitalSignature+KeyEncipherment, RSA: OK" \ 6787 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ 6788 -cert data_files/server2.ku-ds_ke.crt" \ 6789 "$P_CLI debug_level=3" \ 6790 0 \ 6791 -C "bad certificate (usage extensions)" \ 6792 -C "Processing of the Certificate handshake message failed" \ 6793 -c "Ciphersuite is" 6794 6795requires_openssl_tls1_3_with_compatible_ephemeral 6796requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6797 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6798run_test "keyUsage cli 1.3: KeyEncipherment, RSA: fail" \ 6799 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ 6800 -cert data_files/server2.ku-ke.crt" \ 6801 "$P_CLI debug_level=1" \ 6802 1 \ 6803 -c "bad certificate (usage extensions)" \ 6804 -c "Processing of the Certificate handshake message failed" \ 6805 -C "Ciphersuite is" 6806 6807requires_openssl_tls1_3_with_compatible_ephemeral 6808requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6809 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6810run_test "keyUsage cli 1.3: KeyAgreement, RSA: fail" \ 6811 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server2.key \ 6812 -cert data_files/server2.ku-ka.crt" \ 6813 "$P_CLI debug_level=1" \ 6814 1 \ 6815 -c "bad certificate (usage extensions)" \ 6816 -c "Processing of the Certificate handshake message failed" \ 6817 -C "Ciphersuite is" 6818 6819requires_openssl_tls1_3_with_compatible_ephemeral 6820requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6821 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6822run_test "keyUsage cli 1.3: DigitalSignature, ECDSA: OK" \ 6823 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 6824 -cert data_files/server5.ku-ds.crt" \ 6825 "$P_CLI debug_level=3" \ 6826 0 \ 6827 -C "bad certificate (usage extensions)" \ 6828 -C "Processing of the Certificate handshake message failed" \ 6829 -c "Ciphersuite is" 6830 6831requires_openssl_tls1_3_with_compatible_ephemeral 6832requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6833 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6834run_test "keyUsage cli 1.3: KeyEncipherment, ECDSA: fail" \ 6835 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 6836 -cert data_files/server5.ku-ke.crt" \ 6837 "$P_CLI debug_level=1" \ 6838 1 \ 6839 -c "bad certificate (usage extensions)" \ 6840 -c "Processing of the Certificate handshake message failed" \ 6841 -C "Ciphersuite is" 6842 6843requires_openssl_tls1_3_with_compatible_ephemeral 6844requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6845 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6846run_test "keyUsage cli 1.3: KeyAgreement, ECDSA: fail" \ 6847 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 6848 -cert data_files/server5.ku-ka.crt" \ 6849 "$P_CLI debug_level=1" \ 6850 1 \ 6851 -c "bad certificate (usage extensions)" \ 6852 -c "Processing of the Certificate handshake message failed" \ 6853 -C "Ciphersuite is" 6854 6855# Tests for keyUsage in leaf certificates, part 3: 6856# server-side checking of client cert 6857 6858requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6859run_test "keyUsage cli-auth: RSA, DigitalSignature: OK" \ 6860 "$P_SRV debug_level=1 auth_mode=optional" \ 6861 "$O_CLI -key data_files/server2.key \ 6862 -cert data_files/server2.ku-ds.crt" \ 6863 0 \ 6864 -s "Verifying peer X.509 certificate... ok" \ 6865 -S "bad certificate (usage extensions)" \ 6866 -S "Processing of the Certificate handshake message failed" 6867 6868requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6869run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (soft)" \ 6870 "$P_SRV debug_level=1 auth_mode=optional" \ 6871 "$O_CLI -key data_files/server2.key \ 6872 -cert data_files/server2.ku-ke.crt" \ 6873 0 \ 6874 -s "bad certificate (usage extensions)" \ 6875 -S "Processing of the Certificate handshake message failed" 6876 6877requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6878run_test "keyUsage cli-auth: RSA, KeyEncipherment: fail (hard)" \ 6879 "$P_SRV debug_level=1 auth_mode=required" \ 6880 "$O_CLI -key data_files/server2.key \ 6881 -cert data_files/server2.ku-ke.crt" \ 6882 1 \ 6883 -s "bad certificate (usage extensions)" \ 6884 -s "Processing of the Certificate handshake message failed" 6885 6886requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6887run_test "keyUsage cli-auth: ECDSA, DigitalSignature: OK" \ 6888 "$P_SRV debug_level=1 auth_mode=optional" \ 6889 "$O_CLI -key data_files/server5.key \ 6890 -cert data_files/server5.ku-ds.crt" \ 6891 0 \ 6892 -s "Verifying peer X.509 certificate... ok" \ 6893 -S "bad certificate (usage extensions)" \ 6894 -S "Processing of the Certificate handshake message failed" 6895 6896requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6897run_test "keyUsage cli-auth: ECDSA, KeyAgreement: fail (soft)" \ 6898 "$P_SRV debug_level=1 auth_mode=optional" \ 6899 "$O_CLI -key data_files/server5.key \ 6900 -cert data_files/server5.ku-ka.crt" \ 6901 0 \ 6902 -s "bad certificate (usage extensions)" \ 6903 -S "Processing of the Certificate handshake message failed" 6904 6905requires_openssl_tls1_3_with_compatible_ephemeral 6906requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6907 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6908run_test "keyUsage cli-auth 1.3: RSA, DigitalSignature: OK" \ 6909 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 6910 "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ 6911 -cert data_files/server2.ku-ds.crt" \ 6912 0 \ 6913 -s "Verifying peer X.509 certificate... ok" \ 6914 -S "bad certificate (usage extensions)" \ 6915 -S "Processing of the Certificate handshake message failed" 6916 6917requires_openssl_tls1_3_with_compatible_ephemeral 6918requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6919 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6920run_test "keyUsage cli-auth 1.3: RSA, KeyEncipherment: fail (soft)" \ 6921 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 6922 "$O_NEXT_CLI_NO_CERT -key data_files/server2.key \ 6923 -cert data_files/server2.ku-ke.crt" \ 6924 0 \ 6925 -s "bad certificate (usage extensions)" \ 6926 -S "Processing of the Certificate handshake message failed" 6927 6928requires_openssl_tls1_3_with_compatible_ephemeral 6929requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6930 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6931run_test "keyUsage cli-auth 1.3: ECDSA, DigitalSignature: OK" \ 6932 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 6933 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 6934 -cert data_files/server5.ku-ds.crt" \ 6935 0 \ 6936 -s "Verifying peer X.509 certificate... ok" \ 6937 -S "bad certificate (usage extensions)" \ 6938 -S "Processing of the Certificate handshake message failed" 6939 6940requires_openssl_tls1_3_with_compatible_ephemeral 6941requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 6942 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 6943run_test "keyUsage cli-auth 1.3: ECDSA, KeyAgreement: fail (soft)" \ 6944 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 6945 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 6946 -cert data_files/server5.ku-ka.crt" \ 6947 0 \ 6948 -s "bad certificate (usage extensions)" \ 6949 -S "Processing of the Certificate handshake message failed" 6950 6951# Tests for extendedKeyUsage, part 1: server-side certificate/suite selection 6952 6953requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6954run_test "extKeyUsage srv: serverAuth -> OK" \ 6955 "$P_SRV key_file=data_files/server5.key \ 6956 crt_file=data_files/server5.eku-srv.crt" \ 6957 "$P_CLI" \ 6958 0 6959 6960requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6961run_test "extKeyUsage srv: serverAuth,clientAuth -> OK" \ 6962 "$P_SRV key_file=data_files/server5.key \ 6963 crt_file=data_files/server5.eku-srv.crt" \ 6964 "$P_CLI" \ 6965 0 6966 6967requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6968run_test "extKeyUsage srv: codeSign,anyEKU -> OK" \ 6969 "$P_SRV key_file=data_files/server5.key \ 6970 crt_file=data_files/server5.eku-cs_any.crt" \ 6971 "$P_CLI" \ 6972 0 6973 6974requires_key_exchange_with_cert_in_tls12_or_tls13_enabled 6975run_test "extKeyUsage srv: codeSign -> fail" \ 6976 "$P_SRV key_file=data_files/server5.key \ 6977 crt_file=data_files/server5.eku-cli.crt" \ 6978 "$P_CLI" \ 6979 1 6980 6981# Tests for extendedKeyUsage, part 2: client-side checking of server cert 6982 6983requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6984run_test "extKeyUsage cli: serverAuth -> OK" \ 6985 "$O_SRV -tls1_2 -key data_files/server5.key \ 6986 -cert data_files/server5.eku-srv.crt" \ 6987 "$P_CLI debug_level=1" \ 6988 0 \ 6989 -C "bad certificate (usage extensions)" \ 6990 -C "Processing of the Certificate handshake message failed" \ 6991 -c "Ciphersuite is TLS-" 6992 6993requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 6994run_test "extKeyUsage cli: serverAuth,clientAuth -> OK" \ 6995 "$O_SRV -tls1_2 -key data_files/server5.key \ 6996 -cert data_files/server5.eku-srv_cli.crt" \ 6997 "$P_CLI debug_level=1" \ 6998 0 \ 6999 -C "bad certificate (usage extensions)" \ 7000 -C "Processing of the Certificate handshake message failed" \ 7001 -c "Ciphersuite is TLS-" 7002 7003requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7004run_test "extKeyUsage cli: codeSign,anyEKU -> OK" \ 7005 "$O_SRV -tls1_2 -key data_files/server5.key \ 7006 -cert data_files/server5.eku-cs_any.crt" \ 7007 "$P_CLI debug_level=1" \ 7008 0 \ 7009 -C "bad certificate (usage extensions)" \ 7010 -C "Processing of the Certificate handshake message failed" \ 7011 -c "Ciphersuite is TLS-" 7012 7013requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7014run_test "extKeyUsage cli: codeSign -> fail" \ 7015 "$O_SRV -tls1_2 -key data_files/server5.key \ 7016 -cert data_files/server5.eku-cs.crt" \ 7017 "$P_CLI debug_level=1" \ 7018 1 \ 7019 -c "bad certificate (usage extensions)" \ 7020 -c "Processing of the Certificate handshake message failed" \ 7021 -C "Ciphersuite is TLS-" 7022 7023requires_openssl_tls1_3_with_compatible_ephemeral 7024requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7025 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7026run_test "extKeyUsage cli 1.3: serverAuth -> OK" \ 7027 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 7028 -cert data_files/server5.eku-srv.crt" \ 7029 "$P_CLI debug_level=1" \ 7030 0 \ 7031 -C "bad certificate (usage extensions)" \ 7032 -C "Processing of the Certificate handshake message failed" \ 7033 -c "Ciphersuite is" 7034 7035requires_openssl_tls1_3_with_compatible_ephemeral 7036requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7037 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7038run_test "extKeyUsage cli 1.3: serverAuth,clientAuth -> OK" \ 7039 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 7040 -cert data_files/server5.eku-srv_cli.crt" \ 7041 "$P_CLI debug_level=1" \ 7042 0 \ 7043 -C "bad certificate (usage extensions)" \ 7044 -C "Processing of the Certificate handshake message failed" \ 7045 -c "Ciphersuite is" 7046 7047requires_openssl_tls1_3_with_compatible_ephemeral 7048requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7049 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7050run_test "extKeyUsage cli 1.3: codeSign,anyEKU -> OK" \ 7051 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 7052 -cert data_files/server5.eku-cs_any.crt" \ 7053 "$P_CLI debug_level=1" \ 7054 0 \ 7055 -C "bad certificate (usage extensions)" \ 7056 -C "Processing of the Certificate handshake message failed" \ 7057 -c "Ciphersuite is" 7058 7059requires_openssl_tls1_3_with_compatible_ephemeral 7060requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7061 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7062run_test "extKeyUsage cli 1.3: codeSign -> fail" \ 7063 "$O_NEXT_SRV_NO_CERT -tls1_3 -num_tickets=0 -key data_files/server5.key \ 7064 -cert data_files/server5.eku-cs.crt" \ 7065 "$P_CLI debug_level=1" \ 7066 1 \ 7067 -c "bad certificate (usage extensions)" \ 7068 -c "Processing of the Certificate handshake message failed" \ 7069 -C "Ciphersuite is" 7070 7071# Tests for extendedKeyUsage, part 3: server-side checking of client cert 7072 7073requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7074run_test "extKeyUsage cli-auth: clientAuth -> OK" \ 7075 "$P_SRV debug_level=1 auth_mode=optional" \ 7076 "$O_CLI -key data_files/server5.key \ 7077 -cert data_files/server5.eku-cli.crt" \ 7078 0 \ 7079 -S "bad certificate (usage extensions)" \ 7080 -S "Processing of the Certificate handshake message failed" 7081 7082requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7083run_test "extKeyUsage cli-auth: serverAuth,clientAuth -> OK" \ 7084 "$P_SRV debug_level=1 auth_mode=optional" \ 7085 "$O_CLI -key data_files/server5.key \ 7086 -cert data_files/server5.eku-srv_cli.crt" \ 7087 0 \ 7088 -S "bad certificate (usage extensions)" \ 7089 -S "Processing of the Certificate handshake message failed" 7090 7091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7092run_test "extKeyUsage cli-auth: codeSign,anyEKU -> OK" \ 7093 "$P_SRV debug_level=1 auth_mode=optional" \ 7094 "$O_CLI -key data_files/server5.key \ 7095 -cert data_files/server5.eku-cs_any.crt" \ 7096 0 \ 7097 -S "bad certificate (usage extensions)" \ 7098 -S "Processing of the Certificate handshake message failed" 7099 7100requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7101run_test "extKeyUsage cli-auth: codeSign -> fail (soft)" \ 7102 "$P_SRV debug_level=1 auth_mode=optional" \ 7103 "$O_CLI -key data_files/server5.key \ 7104 -cert data_files/server5.eku-cs.crt" \ 7105 0 \ 7106 -s "bad certificate (usage extensions)" \ 7107 -S "Processing of the Certificate handshake message failed" 7108 7109requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7110run_test "extKeyUsage cli-auth: codeSign -> fail (hard)" \ 7111 "$P_SRV debug_level=1 auth_mode=required" \ 7112 "$O_CLI -key data_files/server5.key \ 7113 -cert data_files/server5.eku-cs.crt" \ 7114 1 \ 7115 -s "bad certificate (usage extensions)" \ 7116 -s "Processing of the Certificate handshake message failed" 7117 7118requires_openssl_tls1_3_with_compatible_ephemeral 7119requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7120 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7121run_test "extKeyUsage cli-auth 1.3: clientAuth -> OK" \ 7122 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 7123 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 7124 -cert data_files/server5.eku-cli.crt" \ 7125 0 \ 7126 -S "bad certificate (usage extensions)" \ 7127 -S "Processing of the Certificate handshake message failed" 7128 7129requires_openssl_tls1_3_with_compatible_ephemeral 7130requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7131 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7132run_test "extKeyUsage cli-auth 1.3: serverAuth,clientAuth -> OK" \ 7133 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 7134 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 7135 -cert data_files/server5.eku-srv_cli.crt" \ 7136 0 \ 7137 -S "bad certificate (usage extensions)" \ 7138 -S "Processing of the Certificate handshake message failed" 7139 7140requires_openssl_tls1_3_with_compatible_ephemeral 7141requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7142 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7143run_test "extKeyUsage cli-auth 1.3: codeSign,anyEKU -> OK" \ 7144 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 7145 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 7146 -cert data_files/server5.eku-cs_any.crt" \ 7147 0 \ 7148 -S "bad certificate (usage extensions)" \ 7149 -S "Processing of the Certificate handshake message failed" 7150 7151requires_openssl_tls1_3_with_compatible_ephemeral 7152requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 7153 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 7154run_test "extKeyUsage cli-auth 1.3: codeSign -> fail (soft)" \ 7155 "$P_SRV debug_level=1 force_version=tls13 auth_mode=optional" \ 7156 "$O_NEXT_CLI_NO_CERT -key data_files/server5.key \ 7157 -cert data_files/server5.eku-cs.crt" \ 7158 0 \ 7159 -s "bad certificate (usage extensions)" \ 7160 -S "Processing of the Certificate handshake message failed" 7161 7162# Tests for DHM parameters loading 7163 7164run_test "DHM parameters: reference" \ 7165 "$P_SRV" \ 7166 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7167 debug_level=3" \ 7168 0 \ 7169 -c "value of 'DHM: P ' (2048 bits)" \ 7170 -c "value of 'DHM: G ' (2 bits)" 7171 7172run_test "DHM parameters: other parameters" \ 7173 "$P_SRV dhm_file=data_files/dhparams.pem" \ 7174 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7175 debug_level=3" \ 7176 0 \ 7177 -c "value of 'DHM: P ' (1024 bits)" \ 7178 -c "value of 'DHM: G ' (2 bits)" 7179 7180# Tests for DHM client-side size checking 7181 7182run_test "DHM size: server default, client default, OK" \ 7183 "$P_SRV" \ 7184 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7185 debug_level=1" \ 7186 0 \ 7187 -C "DHM prime too short:" 7188 7189run_test "DHM size: server default, client 2048, OK" \ 7190 "$P_SRV" \ 7191 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7192 debug_level=1 dhmlen=2048" \ 7193 0 \ 7194 -C "DHM prime too short:" 7195 7196run_test "DHM size: server 1024, client default, OK" \ 7197 "$P_SRV dhm_file=data_files/dhparams.pem" \ 7198 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7199 debug_level=1" \ 7200 0 \ 7201 -C "DHM prime too short:" 7202 7203run_test "DHM size: server 999, client 999, OK" \ 7204 "$P_SRV dhm_file=data_files/dh.999.pem" \ 7205 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7206 debug_level=1 dhmlen=999" \ 7207 0 \ 7208 -C "DHM prime too short:" 7209 7210run_test "DHM size: server 1000, client 1000, OK" \ 7211 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 7212 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7213 debug_level=1 dhmlen=1000" \ 7214 0 \ 7215 -C "DHM prime too short:" 7216 7217run_test "DHM size: server 1000, client default, rejected" \ 7218 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 7219 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7220 debug_level=1" \ 7221 1 \ 7222 -c "DHM prime too short:" 7223 7224run_test "DHM size: server 1000, client 1001, rejected" \ 7225 "$P_SRV dhm_file=data_files/dh.1000.pem" \ 7226 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7227 debug_level=1 dhmlen=1001" \ 7228 1 \ 7229 -c "DHM prime too short:" 7230 7231run_test "DHM size: server 999, client 1000, rejected" \ 7232 "$P_SRV dhm_file=data_files/dh.999.pem" \ 7233 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7234 debug_level=1 dhmlen=1000" \ 7235 1 \ 7236 -c "DHM prime too short:" 7237 7238run_test "DHM size: server 998, client 999, rejected" \ 7239 "$P_SRV dhm_file=data_files/dh.998.pem" \ 7240 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7241 debug_level=1 dhmlen=999" \ 7242 1 \ 7243 -c "DHM prime too short:" 7244 7245run_test "DHM size: server default, client 2049, rejected" \ 7246 "$P_SRV" \ 7247 "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ 7248 debug_level=1 dhmlen=2049" \ 7249 1 \ 7250 -c "DHM prime too short:" 7251 7252# Tests for PSK callback 7253 7254run_test "PSK callback: psk, no callback" \ 7255 "$P_SRV psk=abc123 psk_identity=foo" \ 7256 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7257 psk_identity=foo psk=abc123" \ 7258 0 \ 7259 -S "SSL - The handshake negotiation failed" \ 7260 -S "SSL - Unknown identity received" \ 7261 -S "SSL - Verification of the message MAC failed" 7262 7263requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7264run_test "PSK callback: opaque psk on client, no callback" \ 7265 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7266 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7267 psk_identity=foo psk=abc123 psk_opaque=1" \ 7268 0 \ 7269 -C "session hash for extended master secret"\ 7270 -S "session hash for extended master secret"\ 7271 -S "SSL - The handshake negotiation failed" \ 7272 -S "SSL - Unknown identity received" \ 7273 -S "SSL - Verification of the message MAC failed" 7274 7275requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7276run_test "PSK callback: opaque psk on client, no callback, SHA-384" \ 7277 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7278 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7279 psk_identity=foo psk=abc123 psk_opaque=1" \ 7280 0 \ 7281 -C "session hash for extended master secret"\ 7282 -S "session hash for extended master secret"\ 7283 -S "SSL - The handshake negotiation failed" \ 7284 -S "SSL - Unknown identity received" \ 7285 -S "SSL - Verification of the message MAC failed" 7286 7287requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7288run_test "PSK callback: opaque psk on client, no callback, EMS" \ 7289 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7290 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7291 psk_identity=foo psk=abc123 psk_opaque=1" \ 7292 0 \ 7293 -c "session hash for extended master secret"\ 7294 -s "session hash for extended master secret"\ 7295 -S "SSL - The handshake negotiation failed" \ 7296 -S "SSL - Unknown identity received" \ 7297 -S "SSL - Verification of the message MAC failed" 7298 7299requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7300run_test "PSK callback: opaque psk on client, no callback, SHA-384, EMS" \ 7301 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7302 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7303 psk_identity=foo psk=abc123 psk_opaque=1" \ 7304 0 \ 7305 -c "session hash for extended master secret"\ 7306 -s "session hash for extended master secret"\ 7307 -S "SSL - The handshake negotiation failed" \ 7308 -S "SSL - Unknown identity received" \ 7309 -S "SSL - Verification of the message MAC failed" 7310 7311requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7312run_test "PSK callback: opaque rsa-psk on client, no callback" \ 7313 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7314 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256 \ 7315 psk_identity=foo psk=abc123 psk_opaque=1" \ 7316 0 \ 7317 -C "session hash for extended master secret"\ 7318 -S "session hash for extended master secret"\ 7319 -S "SSL - The handshake negotiation failed" \ 7320 -S "SSL - Unknown identity received" \ 7321 -S "SSL - Verification of the message MAC failed" 7322 7323requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7324run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384" \ 7325 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7326 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7327 psk_identity=foo psk=abc123 psk_opaque=1" \ 7328 0 \ 7329 -C "session hash for extended master secret"\ 7330 -S "session hash for extended master secret"\ 7331 -S "SSL - The handshake negotiation failed" \ 7332 -S "SSL - Unknown identity received" \ 7333 -S "SSL - Verification of the message MAC failed" 7334 7335requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7336run_test "PSK callback: opaque rsa-psk on client, no callback, EMS" \ 7337 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7338 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 7339 psk_identity=foo psk=abc123 psk_opaque=1" \ 7340 0 \ 7341 -c "session hash for extended master secret"\ 7342 -s "session hash for extended master secret"\ 7343 -S "SSL - The handshake negotiation failed" \ 7344 -S "SSL - Unknown identity received" \ 7345 -S "SSL - Verification of the message MAC failed" 7346 7347requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7348run_test "PSK callback: opaque rsa-psk on client, no callback, SHA-384, EMS" \ 7349 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7350 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7351 psk_identity=foo psk=abc123 psk_opaque=1" \ 7352 0 \ 7353 -c "session hash for extended master secret"\ 7354 -s "session hash for extended master secret"\ 7355 -S "SSL - The handshake negotiation failed" \ 7356 -S "SSL - Unknown identity received" \ 7357 -S "SSL - Verification of the message MAC failed" 7358 7359requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7360run_test "PSK callback: opaque ecdhe-psk on client, no callback" \ 7361 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7362 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA256 \ 7363 psk_identity=foo psk=abc123 psk_opaque=1" \ 7364 0 \ 7365 -C "session hash for extended master secret"\ 7366 -S "session hash for extended master secret"\ 7367 -S "SSL - The handshake negotiation failed" \ 7368 -S "SSL - Unknown identity received" \ 7369 -S "SSL - Verification of the message MAC failed" 7370 7371requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7372run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384" \ 7373 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7374 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7375 psk_identity=foo psk=abc123 psk_opaque=1" \ 7376 0 \ 7377 -C "session hash for extended master secret"\ 7378 -S "session hash for extended master secret"\ 7379 -S "SSL - The handshake negotiation failed" \ 7380 -S "SSL - Unknown identity received" \ 7381 -S "SSL - Verification of the message MAC failed" 7382 7383requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7384run_test "PSK callback: opaque ecdhe-psk on client, no callback, EMS" \ 7385 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7386 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 7387 psk_identity=foo psk=abc123 psk_opaque=1" \ 7388 0 \ 7389 -c "session hash for extended master secret"\ 7390 -s "session hash for extended master secret"\ 7391 -S "SSL - The handshake negotiation failed" \ 7392 -S "SSL - Unknown identity received" \ 7393 -S "SSL - Verification of the message MAC failed" 7394 7395requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7396run_test "PSK callback: opaque ecdhe-psk on client, no callback, SHA-384, EMS" \ 7397 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7398 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7399 psk_identity=foo psk=abc123 psk_opaque=1" \ 7400 0 \ 7401 -c "session hash for extended master secret"\ 7402 -s "session hash for extended master secret"\ 7403 -S "SSL - The handshake negotiation failed" \ 7404 -S "SSL - Unknown identity received" \ 7405 -S "SSL - Verification of the message MAC failed" 7406 7407requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7408run_test "PSK callback: opaque dhe-psk on client, no callback" \ 7409 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7410 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA256 \ 7411 psk_identity=foo psk=abc123 psk_opaque=1" \ 7412 0 \ 7413 -C "session hash for extended master secret"\ 7414 -S "session hash for extended master secret"\ 7415 -S "SSL - The handshake negotiation failed" \ 7416 -S "SSL - Unknown identity received" \ 7417 -S "SSL - Verification of the message MAC failed" 7418 7419requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7420run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384" \ 7421 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo" \ 7422 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7423 psk_identity=foo psk=abc123 psk_opaque=1" \ 7424 0 \ 7425 -C "session hash for extended master secret"\ 7426 -S "session hash for extended master secret"\ 7427 -S "SSL - The handshake negotiation failed" \ 7428 -S "SSL - Unknown identity received" \ 7429 -S "SSL - Verification of the message MAC failed" 7430 7431requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7432run_test "PSK callback: opaque dhe-psk on client, no callback, EMS" \ 7433 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7434 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 7435 psk_identity=foo psk=abc123 psk_opaque=1" \ 7436 0 \ 7437 -c "session hash for extended master secret"\ 7438 -s "session hash for extended master secret"\ 7439 -S "SSL - The handshake negotiation failed" \ 7440 -S "SSL - Unknown identity received" \ 7441 -S "SSL - Verification of the message MAC failed" 7442 7443requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7444run_test "PSK callback: opaque dhe-psk on client, no callback, SHA-384, EMS" \ 7445 "$P_SRV extended_ms=1 debug_level=3 psk=abc123 psk_identity=foo" \ 7446 "$P_CLI extended_ms=1 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7447 psk_identity=foo psk=abc123 psk_opaque=1" \ 7448 0 \ 7449 -c "session hash for extended master secret"\ 7450 -s "session hash for extended master secret"\ 7451 -S "SSL - The handshake negotiation failed" \ 7452 -S "SSL - Unknown identity received" \ 7453 -S "SSL - Verification of the message MAC failed" 7454 7455requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7456run_test "PSK callback: raw psk on client, static opaque on server, no callback" \ 7457 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7458 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7459 psk_identity=foo psk=abc123" \ 7460 0 \ 7461 -C "session hash for extended master secret"\ 7462 -S "session hash for extended master secret"\ 7463 -S "SSL - The handshake negotiation failed" \ 7464 -S "SSL - Unknown identity received" \ 7465 -S "SSL - Verification of the message MAC failed" 7466 7467requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7468run_test "PSK callback: raw psk on client, static opaque on server, no callback, SHA-384" \ 7469 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 7470 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7471 psk_identity=foo psk=abc123" \ 7472 0 \ 7473 -C "session hash for extended master secret"\ 7474 -S "session hash for extended master secret"\ 7475 -S "SSL - The handshake negotiation failed" \ 7476 -S "SSL - Unknown identity received" \ 7477 -S "SSL - Verification of the message MAC failed" 7478 7479requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7480run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS" \ 7481 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7482 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7483 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7484 psk_identity=foo psk=abc123 extended_ms=1" \ 7485 0 \ 7486 -c "session hash for extended master secret"\ 7487 -s "session hash for extended master secret"\ 7488 -S "SSL - The handshake negotiation failed" \ 7489 -S "SSL - Unknown identity received" \ 7490 -S "SSL - Verification of the message MAC failed" 7491 7492requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7493run_test "PSK callback: raw psk on client, static opaque on server, no callback, EMS, SHA384" \ 7494 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7495 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7496 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7497 psk_identity=foo psk=abc123 extended_ms=1" \ 7498 0 \ 7499 -c "session hash for extended master secret"\ 7500 -s "session hash for extended master secret"\ 7501 -S "SSL - The handshake negotiation failed" \ 7502 -S "SSL - Unknown identity received" \ 7503 -S "SSL - Verification of the message MAC failed" 7504 7505requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7506run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback" \ 7507 "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ 7508 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 7509 psk_identity=foo psk=abc123" \ 7510 0 \ 7511 -C "session hash for extended master secret"\ 7512 -S "session hash for extended master secret"\ 7513 -S "SSL - The handshake negotiation failed" \ 7514 -S "SSL - Unknown identity received" \ 7515 -S "SSL - Verification of the message MAC failed" 7516 7517requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7518run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, SHA-384" \ 7519 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ 7520 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7521 psk_identity=foo psk=abc123" \ 7522 0 \ 7523 -C "session hash for extended master secret"\ 7524 -S "session hash for extended master secret"\ 7525 -S "SSL - The handshake negotiation failed" \ 7526 -S "SSL - Unknown identity received" \ 7527 -S "SSL - Verification of the message MAC failed" 7528 7529requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7530run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS" \ 7531 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7532 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7533 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 7534 psk_identity=foo psk=abc123 extended_ms=1" \ 7535 0 \ 7536 -c "session hash for extended master secret"\ 7537 -s "session hash for extended master secret"\ 7538 -S "SSL - The handshake negotiation failed" \ 7539 -S "SSL - Unknown identity received" \ 7540 -S "SSL - Verification of the message MAC failed" 7541 7542requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7543run_test "PSK callback: raw rsa-psk on client, static opaque on server, no callback, EMS, SHA384" \ 7544 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7545 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7546 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7547 psk_identity=foo psk=abc123 extended_ms=1" \ 7548 0 \ 7549 -c "session hash for extended master secret"\ 7550 -s "session hash for extended master secret"\ 7551 -S "SSL - The handshake negotiation failed" \ 7552 -S "SSL - Unknown identity received" \ 7553 -S "SSL - Verification of the message MAC failed" 7554 7555requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7556run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback" \ 7557 "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ 7558 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 7559 psk_identity=foo psk=abc123" \ 7560 0 \ 7561 -C "session hash for extended master secret"\ 7562 -S "session hash for extended master secret"\ 7563 -S "SSL - The handshake negotiation failed" \ 7564 -S "SSL - Unknown identity received" \ 7565 -S "SSL - Verification of the message MAC failed" 7566 7567requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7568run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, SHA-384" \ 7569 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ 7570 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7571 psk_identity=foo psk=abc123" \ 7572 0 \ 7573 -C "session hash for extended master secret"\ 7574 -S "session hash for extended master secret"\ 7575 -S "SSL - The handshake negotiation failed" \ 7576 -S "SSL - Unknown identity received" \ 7577 -S "SSL - Verification of the message MAC failed" 7578 7579requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7580run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS" \ 7581 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7582 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7583 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 7584 psk_identity=foo psk=abc123 extended_ms=1" \ 7585 0 \ 7586 -c "session hash for extended master secret"\ 7587 -s "session hash for extended master secret"\ 7588 -S "SSL - The handshake negotiation failed" \ 7589 -S "SSL - Unknown identity received" \ 7590 -S "SSL - Verification of the message MAC failed" 7591 7592requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7593run_test "PSK callback: raw ecdhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ 7594 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7595 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7596 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7597 psk_identity=foo psk=abc123 extended_ms=1" \ 7598 0 \ 7599 -c "session hash for extended master secret"\ 7600 -s "session hash for extended master secret"\ 7601 -S "SSL - The handshake negotiation failed" \ 7602 -S "SSL - Unknown identity received" \ 7603 -S "SSL - Verification of the message MAC failed" 7604 7605requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7606run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback" \ 7607 "$P_SRV extended_ms=0 debug_level=5 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ 7608 "$P_CLI extended_ms=0 debug_level=5 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 7609 psk_identity=foo psk=abc123" \ 7610 0 \ 7611 -C "session hash for extended master secret"\ 7612 -S "session hash for extended master secret"\ 7613 -S "SSL - The handshake negotiation failed" \ 7614 -S "SSL - Unknown identity received" \ 7615 -S "SSL - Verification of the message MAC failed" 7616 7617requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7618run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, SHA-384" \ 7619 "$P_SRV extended_ms=0 debug_level=1 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ 7620 "$P_CLI extended_ms=0 debug_level=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7621 psk_identity=foo psk=abc123" \ 7622 0 \ 7623 -C "session hash for extended master secret"\ 7624 -S "session hash for extended master secret"\ 7625 -S "SSL - The handshake negotiation failed" \ 7626 -S "SSL - Unknown identity received" \ 7627 -S "SSL - Verification of the message MAC failed" 7628 7629requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7630run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS" \ 7631 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7632 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7633 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 7634 psk_identity=foo psk=abc123 extended_ms=1" \ 7635 0 \ 7636 -c "session hash for extended master secret"\ 7637 -s "session hash for extended master secret"\ 7638 -S "SSL - The handshake negotiation failed" \ 7639 -S "SSL - Unknown identity received" \ 7640 -S "SSL - Verification of the message MAC failed" 7641 7642requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7643run_test "PSK callback: raw dhe-psk on client, static opaque on server, no callback, EMS, SHA384" \ 7644 "$P_SRV debug_level=3 psk=abc123 psk_identity=foo psk_opaque=1 min_version=tls12 \ 7645 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7646 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7647 psk_identity=foo psk=abc123 extended_ms=1" \ 7648 0 \ 7649 -c "session hash for extended master secret"\ 7650 -s "session hash for extended master secret"\ 7651 -S "SSL - The handshake negotiation failed" \ 7652 -S "SSL - Unknown identity received" \ 7653 -S "SSL - Verification of the message MAC failed" 7654 7655requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7656run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback" \ 7657 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7658 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7659 psk_identity=def psk=beef" \ 7660 0 \ 7661 -C "session hash for extended master secret"\ 7662 -S "session hash for extended master secret"\ 7663 -S "SSL - The handshake negotiation failed" \ 7664 -S "SSL - Unknown identity received" \ 7665 -S "SSL - Verification of the message MAC failed" 7666 7667requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7668run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, SHA-384" \ 7669 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384" \ 7670 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7671 psk_identity=def psk=beef" \ 7672 0 \ 7673 -C "session hash for extended master secret"\ 7674 -S "session hash for extended master secret"\ 7675 -S "SSL - The handshake negotiation failed" \ 7676 -S "SSL - Unknown identity received" \ 7677 -S "SSL - Verification of the message MAC failed" 7678 7679requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7680run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS" \ 7681 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7682 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7683 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7684 psk_identity=abc psk=dead extended_ms=1" \ 7685 0 \ 7686 -c "session hash for extended master secret"\ 7687 -s "session hash for extended master secret"\ 7688 -S "SSL - The handshake negotiation failed" \ 7689 -S "SSL - Unknown identity received" \ 7690 -S "SSL - Verification of the message MAC failed" 7691 7692requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7693run_test "PSK callback: raw psk on client, no static PSK on server, opaque PSK from callback, EMS, SHA384" \ 7694 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7695 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7696 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-256-CBC-SHA384 \ 7697 psk_identity=abc psk=dead extended_ms=1" \ 7698 0 \ 7699 -c "session hash for extended master secret"\ 7700 -s "session hash for extended master secret"\ 7701 -S "SSL - The handshake negotiation failed" \ 7702 -S "SSL - Unknown identity received" \ 7703 -S "SSL - Verification of the message MAC failed" 7704 7705requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7706run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback" \ 7707 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA" \ 7708 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 7709 psk_identity=def psk=beef" \ 7710 0 \ 7711 -C "session hash for extended master secret"\ 7712 -S "session hash for extended master secret"\ 7713 -S "SSL - The handshake negotiation failed" \ 7714 -S "SSL - Unknown identity received" \ 7715 -S "SSL - Verification of the message MAC failed" 7716 7717requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7718run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, SHA-384" \ 7719 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384" \ 7720 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7721 psk_identity=def psk=beef" \ 7722 0 \ 7723 -C "session hash for extended master secret"\ 7724 -S "session hash for extended master secret"\ 7725 -S "SSL - The handshake negotiation failed" \ 7726 -S "SSL - Unknown identity received" \ 7727 -S "SSL - Verification of the message MAC failed" 7728 7729requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7730run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS" \ 7731 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7732 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7733 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA \ 7734 psk_identity=abc psk=dead extended_ms=1" \ 7735 0 \ 7736 -c "session hash for extended master secret"\ 7737 -s "session hash for extended master secret"\ 7738 -S "SSL - The handshake negotiation failed" \ 7739 -S "SSL - Unknown identity received" \ 7740 -S "SSL - Verification of the message MAC failed" 7741 7742requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7743run_test "PSK callback: raw rsa-psk on client, no static RSA-PSK on server, opaque RSA-PSK from callback, EMS, SHA384" \ 7744 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7745 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7746 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-RSA-PSK-WITH-AES-256-CBC-SHA384 \ 7747 psk_identity=abc psk=dead extended_ms=1" \ 7748 0 \ 7749 -c "session hash for extended master secret"\ 7750 -s "session hash for extended master secret"\ 7751 -S "SSL - The handshake negotiation failed" \ 7752 -S "SSL - Unknown identity received" \ 7753 -S "SSL - Verification of the message MAC failed" 7754 7755requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7756run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback" \ 7757 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA" \ 7758 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 7759 psk_identity=def psk=beef" \ 7760 0 \ 7761 -C "session hash for extended master secret"\ 7762 -S "session hash for extended master secret"\ 7763 -S "SSL - The handshake negotiation failed" \ 7764 -S "SSL - Unknown identity received" \ 7765 -S "SSL - Verification of the message MAC failed" 7766 7767requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7768run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, SHA-384" \ 7769 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384" \ 7770 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7771 psk_identity=def psk=beef" \ 7772 0 \ 7773 -C "session hash for extended master secret"\ 7774 -S "session hash for extended master secret"\ 7775 -S "SSL - The handshake negotiation failed" \ 7776 -S "SSL - Unknown identity received" \ 7777 -S "SSL - Verification of the message MAC failed" 7778 7779requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7780run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS" \ 7781 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7782 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7783 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-128-CBC-SHA \ 7784 psk_identity=abc psk=dead extended_ms=1" \ 7785 0 \ 7786 -c "session hash for extended master secret"\ 7787 -s "session hash for extended master secret"\ 7788 -S "SSL - The handshake negotiation failed" \ 7789 -S "SSL - Unknown identity received" \ 7790 -S "SSL - Verification of the message MAC failed" 7791 7792requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7793run_test "PSK callback: raw ecdhe-psk on client, no static ECDHE-PSK on server, opaque ECDHE-PSK from callback, EMS, SHA384" \ 7794 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7795 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7796 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384 \ 7797 psk_identity=abc psk=dead extended_ms=1" \ 7798 0 \ 7799 -c "session hash for extended master secret"\ 7800 -s "session hash for extended master secret"\ 7801 -S "SSL - The handshake negotiation failed" \ 7802 -S "SSL - Unknown identity received" \ 7803 -S "SSL - Verification of the message MAC failed" 7804 7805requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7806run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback" \ 7807 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA" \ 7808 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 7809 psk_identity=def psk=beef" \ 7810 0 \ 7811 -C "session hash for extended master secret"\ 7812 -S "session hash for extended master secret"\ 7813 -S "SSL - The handshake negotiation failed" \ 7814 -S "SSL - Unknown identity received" \ 7815 -S "SSL - Verification of the message MAC failed" 7816 7817requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7818run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, SHA-384" \ 7819 "$P_SRV extended_ms=0 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384" \ 7820 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7821 psk_identity=def psk=beef" \ 7822 0 \ 7823 -C "session hash for extended master secret"\ 7824 -S "session hash for extended master secret"\ 7825 -S "SSL - The handshake negotiation failed" \ 7826 -S "SSL - Unknown identity received" \ 7827 -S "SSL - Verification of the message MAC failed" 7828 7829requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7830run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS" \ 7831 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7832 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA extended_ms=1" \ 7833 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-128-CBC-SHA \ 7834 psk_identity=abc psk=dead extended_ms=1" \ 7835 0 \ 7836 -c "session hash for extended master secret"\ 7837 -s "session hash for extended master secret"\ 7838 -S "SSL - The handshake negotiation failed" \ 7839 -S "SSL - Unknown identity received" \ 7840 -S "SSL - Verification of the message MAC failed" 7841 7842requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7843run_test "PSK callback: raw dhe-psk on client, no static DHE-PSK on server, opaque DHE-PSK from callback, EMS, SHA384" \ 7844 "$P_SRV debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 \ 7845 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 extended_ms=1" \ 7846 "$P_CLI debug_level=3 min_version=tls12 force_ciphersuite=TLS-DHE-PSK-WITH-AES-256-CBC-SHA384 \ 7847 psk_identity=abc psk=dead extended_ms=1" \ 7848 0 \ 7849 -c "session hash for extended master secret"\ 7850 -s "session hash for extended master secret"\ 7851 -S "SSL - The handshake negotiation failed" \ 7852 -S "SSL - Unknown identity received" \ 7853 -S "SSL - Verification of the message MAC failed" 7854 7855requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7856run_test "PSK callback: raw psk on client, mismatching static raw PSK on server, opaque PSK from callback" \ 7857 "$P_SRV extended_ms=0 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7858 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7859 psk_identity=def psk=beef" \ 7860 0 \ 7861 -C "session hash for extended master secret"\ 7862 -S "session hash for extended master secret"\ 7863 -S "SSL - The handshake negotiation failed" \ 7864 -S "SSL - Unknown identity received" \ 7865 -S "SSL - Verification of the message MAC failed" 7866 7867requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7868run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, opaque PSK from callback" \ 7869 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef psk_list_opaque=1 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7870 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7871 psk_identity=def psk=beef" \ 7872 0 \ 7873 -C "session hash for extended master secret"\ 7874 -S "session hash for extended master secret"\ 7875 -S "SSL - The handshake negotiation failed" \ 7876 -S "SSL - Unknown identity received" \ 7877 -S "SSL - Verification of the message MAC failed" 7878 7879requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7880run_test "PSK callback: raw psk on client, mismatching static opaque PSK on server, raw PSK from callback" \ 7881 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=foo psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7882 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7883 psk_identity=def psk=beef" \ 7884 0 \ 7885 -C "session hash for extended master secret"\ 7886 -S "session hash for extended master secret"\ 7887 -S "SSL - The handshake negotiation failed" \ 7888 -S "SSL - Unknown identity received" \ 7889 -S "SSL - Verification of the message MAC failed" 7890 7891requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7892run_test "PSK callback: raw psk on client, id-matching but wrong raw PSK on server, opaque PSK from callback" \ 7893 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=abc123 debug_level=3 psk_list=abc,dead,def,beef min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7894 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7895 psk_identity=def psk=beef" \ 7896 0 \ 7897 -C "session hash for extended master secret"\ 7898 -S "session hash for extended master secret"\ 7899 -S "SSL - The handshake negotiation failed" \ 7900 -S "SSL - Unknown identity received" \ 7901 -S "SSL - Verification of the message MAC failed" 7902 7903requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 7904run_test "PSK callback: raw psk on client, matching opaque PSK on server, wrong opaque PSK from callback" \ 7905 "$P_SRV extended_ms=0 psk_opaque=1 psk_identity=def psk=beef debug_level=3 psk_list=abc,dead,def,abc123 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA" \ 7906 "$P_CLI extended_ms=0 debug_level=3 min_version=tls12 force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7907 psk_identity=def psk=beef" \ 7908 1 \ 7909 -s "SSL - Verification of the message MAC failed" 7910 7911run_test "PSK callback: no psk, no callback" \ 7912 "$P_SRV" \ 7913 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7914 psk_identity=foo psk=abc123" \ 7915 1 \ 7916 -s "SSL - The handshake negotiation failed" \ 7917 -S "SSL - Unknown identity received" \ 7918 -S "SSL - Verification of the message MAC failed" 7919 7920run_test "PSK callback: callback overrides other settings" \ 7921 "$P_SRV psk=abc123 psk_identity=foo psk_list=abc,dead,def,beef" \ 7922 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7923 psk_identity=foo psk=abc123" \ 7924 1 \ 7925 -S "SSL - The handshake negotiation failed" \ 7926 -s "SSL - Unknown identity received" \ 7927 -S "SSL - Verification of the message MAC failed" 7928 7929run_test "PSK callback: first id matches" \ 7930 "$P_SRV psk_list=abc,dead,def,beef" \ 7931 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7932 psk_identity=abc psk=dead" \ 7933 0 \ 7934 -S "SSL - The handshake negotiation failed" \ 7935 -S "SSL - Unknown identity received" \ 7936 -S "SSL - Verification of the message MAC failed" 7937 7938run_test "PSK callback: second id matches" \ 7939 "$P_SRV psk_list=abc,dead,def,beef" \ 7940 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7941 psk_identity=def psk=beef" \ 7942 0 \ 7943 -S "SSL - The handshake negotiation failed" \ 7944 -S "SSL - Unknown identity received" \ 7945 -S "SSL - Verification of the message MAC failed" 7946 7947run_test "PSK callback: no match" \ 7948 "$P_SRV psk_list=abc,dead,def,beef" \ 7949 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7950 psk_identity=ghi psk=beef" \ 7951 1 \ 7952 -S "SSL - The handshake negotiation failed" \ 7953 -s "SSL - Unknown identity received" \ 7954 -S "SSL - Verification of the message MAC failed" 7955 7956run_test "PSK callback: wrong key" \ 7957 "$P_SRV psk_list=abc,dead,def,beef" \ 7958 "$P_CLI force_ciphersuite=TLS-PSK-WITH-AES-128-CBC-SHA \ 7959 psk_identity=abc psk=beef" \ 7960 1 \ 7961 -S "SSL - The handshake negotiation failed" \ 7962 -S "SSL - Unknown identity received" \ 7963 -s "SSL - Verification of the message MAC failed" 7964 7965# Tests for EC J-PAKE 7966 7967requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 7968requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 7969run_test "ECJPAKE: client not configured" \ 7970 "$P_SRV debug_level=3" \ 7971 "$P_CLI debug_level=3" \ 7972 0 \ 7973 -C "add ciphersuite: 0xc0ff" \ 7974 -C "adding ecjpake_kkpp extension" \ 7975 -S "found ecjpake kkpp extension" \ 7976 -S "skip ecjpake kkpp extension" \ 7977 -S "ciphersuite mismatch: ecjpake not configured" \ 7978 -S "server hello, ecjpake kkpp extension" \ 7979 -C "found ecjpake_kkpp extension" \ 7980 -S "SSL - The handshake negotiation failed" 7981 7982requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 7983run_test "ECJPAKE: server not configured" \ 7984 "$P_SRV debug_level=3" \ 7985 "$P_CLI debug_level=3 ecjpake_pw=bla \ 7986 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 7987 1 \ 7988 -c "add ciphersuite: c0ff" \ 7989 -c "adding ecjpake_kkpp extension" \ 7990 -s "found ecjpake kkpp extension" \ 7991 -s "skip ecjpake kkpp extension" \ 7992 -s "ciphersuite mismatch: ecjpake not configured" \ 7993 -S "server hello, ecjpake kkpp extension" \ 7994 -C "found ecjpake_kkpp extension" \ 7995 -s "SSL - The handshake negotiation failed" 7996 7997# Note: if the name of this test is changed, then please adjust the corresponding 7998# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 7999requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8000run_test "ECJPAKE: working, TLS" \ 8001 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 8002 "$P_CLI debug_level=3 ecjpake_pw=bla \ 8003 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8004 0 \ 8005 -c "add ciphersuite: c0ff" \ 8006 -c "adding ecjpake_kkpp extension" \ 8007 -C "re-using cached ecjpake parameters" \ 8008 -s "found ecjpake kkpp extension" \ 8009 -S "skip ecjpake kkpp extension" \ 8010 -S "ciphersuite mismatch: ecjpake not configured" \ 8011 -s "server hello, ecjpake kkpp extension" \ 8012 -c "found ecjpake_kkpp extension" \ 8013 -S "SSL - The handshake negotiation failed" \ 8014 -S "SSL - Verification of the message MAC failed" 8015 8016requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8017requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8018run_test "ECJPAKE: opaque password client+server, working, TLS" \ 8019 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 8020 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ 8021 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8022 0 \ 8023 -c "add ciphersuite: c0ff" \ 8024 -c "adding ecjpake_kkpp extension" \ 8025 -c "using opaque password" \ 8026 -s "using opaque password" \ 8027 -C "re-using cached ecjpake parameters" \ 8028 -s "found ecjpake kkpp extension" \ 8029 -S "skip ecjpake kkpp extension" \ 8030 -S "ciphersuite mismatch: ecjpake not configured" \ 8031 -s "server hello, ecjpake kkpp extension" \ 8032 -c "found ecjpake_kkpp extension" \ 8033 -S "SSL - The handshake negotiation failed" \ 8034 -S "SSL - Verification of the message MAC failed" 8035 8036# Note: if the name of this test is changed, then please adjust the corresponding 8037# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 8038requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8039requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8040run_test "ECJPAKE: opaque password client only, working, TLS" \ 8041 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 8042 "$P_CLI debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1\ 8043 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8044 0 \ 8045 -c "add ciphersuite: c0ff" \ 8046 -c "adding ecjpake_kkpp extension" \ 8047 -c "using opaque password" \ 8048 -S "using opaque password" \ 8049 -C "re-using cached ecjpake parameters" \ 8050 -s "found ecjpake kkpp extension" \ 8051 -S "skip ecjpake kkpp extension" \ 8052 -S "ciphersuite mismatch: ecjpake not configured" \ 8053 -s "server hello, ecjpake kkpp extension" \ 8054 -c "found ecjpake_kkpp extension" \ 8055 -S "SSL - The handshake negotiation failed" \ 8056 -S "SSL - Verification of the message MAC failed" 8057 8058# Note: if the name of this test is changed, then please adjust the corresponding 8059# filtering label in "test_tls1_2_ecjpake_compatibility" (in "all.sh") 8060requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8061requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8062run_test "ECJPAKE: opaque password server only, working, TLS" \ 8063 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 8064 "$P_CLI debug_level=3 ecjpake_pw=bla\ 8065 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8066 0 \ 8067 -c "add ciphersuite: c0ff" \ 8068 -c "adding ecjpake_kkpp extension" \ 8069 -C "using opaque password" \ 8070 -s "using opaque password" \ 8071 -C "re-using cached ecjpake parameters" \ 8072 -s "found ecjpake kkpp extension" \ 8073 -S "skip ecjpake kkpp extension" \ 8074 -S "ciphersuite mismatch: ecjpake not configured" \ 8075 -s "server hello, ecjpake kkpp extension" \ 8076 -c "found ecjpake_kkpp extension" \ 8077 -S "SSL - The handshake negotiation failed" \ 8078 -S "SSL - Verification of the message MAC failed" 8079 8080server_needs_more_time 1 8081requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8082run_test "ECJPAKE: password mismatch, TLS" \ 8083 "$P_SRV debug_level=3 ecjpake_pw=bla" \ 8084 "$P_CLI debug_level=3 ecjpake_pw=bad \ 8085 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8086 1 \ 8087 -C "re-using cached ecjpake parameters" \ 8088 -s "SSL - Verification of the message MAC failed" 8089 8090server_needs_more_time 1 8091requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8092requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8093run_test "ECJPAKE_OPAQUE_PW: opaque password mismatch, TLS" \ 8094 "$P_SRV debug_level=3 ecjpake_pw=bla ecjpake_pw_opaque=1" \ 8095 "$P_CLI debug_level=3 ecjpake_pw=bad ecjpake_pw_opaque=1 \ 8096 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8097 1 \ 8098 -c "using opaque password" \ 8099 -s "using opaque password" \ 8100 -C "re-using cached ecjpake parameters" \ 8101 -s "SSL - Verification of the message MAC failed" 8102 8103requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8104run_test "ECJPAKE: working, DTLS" \ 8105 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 8106 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 8107 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8108 0 \ 8109 -c "re-using cached ecjpake parameters" \ 8110 -S "SSL - Verification of the message MAC failed" 8111 8112requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8113run_test "ECJPAKE: working, DTLS, no cookie" \ 8114 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla cookies=0" \ 8115 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bla \ 8116 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8117 0 \ 8118 -C "re-using cached ecjpake parameters" \ 8119 -S "SSL - Verification of the message MAC failed" 8120 8121server_needs_more_time 1 8122requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8123run_test "ECJPAKE: password mismatch, DTLS" \ 8124 "$P_SRV debug_level=3 dtls=1 ecjpake_pw=bla" \ 8125 "$P_CLI debug_level=3 dtls=1 ecjpake_pw=bad \ 8126 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8127 1 \ 8128 -c "re-using cached ecjpake parameters" \ 8129 -s "SSL - Verification of the message MAC failed" 8130 8131# for tests with configs/config-thread.h 8132requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED 8133run_test "ECJPAKE: working, DTLS, nolog" \ 8134 "$P_SRV dtls=1 ecjpake_pw=bla" \ 8135 "$P_CLI dtls=1 ecjpake_pw=bla \ 8136 force_ciphersuite=TLS-ECJPAKE-WITH-AES-128-CCM-8" \ 8137 0 8138 8139# Test for ClientHello without extensions 8140 8141requires_gnutls 8142run_test "ClientHello without extensions" \ 8143 "$P_SRV force_version=tls12 debug_level=3" \ 8144 "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 8145 0 \ 8146 -s "dumping 'client hello extensions' (0 bytes)" 8147 8148# Tests for mbedtls_ssl_get_bytes_avail() 8149 8150# The server first reads buffer_size-1 bytes, then reads the remainder. 8151requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8152run_test "mbedtls_ssl_get_bytes_avail: no extra data" \ 8153 "$P_SRV buffer_size=100" \ 8154 "$P_CLI request_size=100" \ 8155 0 \ 8156 -s "Read from client: 100 bytes read$" 8157 8158requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8159run_test "mbedtls_ssl_get_bytes_avail: extra data (+1)" \ 8160 "$P_SRV buffer_size=100" \ 8161 "$P_CLI request_size=101" \ 8162 0 \ 8163 -s "Read from client: 101 bytes read (100 + 1)" 8164 8165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8166requires_max_content_len 200 8167run_test "mbedtls_ssl_get_bytes_avail: extra data (*2)" \ 8168 "$P_SRV buffer_size=100" \ 8169 "$P_CLI request_size=200" \ 8170 0 \ 8171 -s "Read from client: 200 bytes read (100 + 100)" 8172 8173requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 8174run_test "mbedtls_ssl_get_bytes_avail: extra data (max)" \ 8175 "$P_SRV buffer_size=100" \ 8176 "$P_CLI request_size=$MAX_CONTENT_LEN" \ 8177 0 \ 8178 -s "Read from client: $MAX_CONTENT_LEN bytes read (100 + $((MAX_CONTENT_LEN - 100)))" 8179 8180# Tests for small client packets 8181 8182run_test "Small client packet TLS 1.2 BlockCipher" \ 8183 "$P_SRV force_version=tls12" \ 8184 "$P_CLI request_size=1 \ 8185 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8186 0 \ 8187 -s "Read from client: 1 bytes read" 8188 8189run_test "Small client packet TLS 1.2 BlockCipher, without EtM" \ 8190 "$P_SRV force_version=tls12" \ 8191 "$P_CLI request_size=1 \ 8192 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 8193 0 \ 8194 -s "Read from client: 1 bytes read" 8195 8196run_test "Small client packet TLS 1.2 BlockCipher larger MAC" \ 8197 "$P_SRV force_version=tls12" \ 8198 "$P_CLI request_size=1 \ 8199 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 8200 0 \ 8201 -s "Read from client: 1 bytes read" 8202 8203run_test "Small client packet TLS 1.2 AEAD" \ 8204 "$P_SRV force_version=tls12" \ 8205 "$P_CLI request_size=1 \ 8206 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 8207 0 \ 8208 -s "Read from client: 1 bytes read" 8209 8210run_test "Small client packet TLS 1.2 AEAD shorter tag" \ 8211 "$P_SRV force_version=tls12" \ 8212 "$P_CLI request_size=1 \ 8213 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 8214 0 \ 8215 -s "Read from client: 1 bytes read" 8216 8217requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8218run_test "Small client packet TLS 1.3 AEAD" \ 8219 "$P_SRV" \ 8220 "$P_CLI request_size=1 \ 8221 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 8222 0 \ 8223 -s "Read from client: 1 bytes read" 8224 8225requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8226run_test "Small client packet TLS 1.3 AEAD shorter tag" \ 8227 "$P_SRV" \ 8228 "$P_CLI request_size=1 \ 8229 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 8230 0 \ 8231 -s "Read from client: 1 bytes read" 8232 8233# Tests for small client packets in DTLS 8234 8235requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 8236run_test "Small client packet DTLS 1.2" \ 8237 "$P_SRV dtls=1 force_version=dtls12" \ 8238 "$P_CLI dtls=1 request_size=1 \ 8239 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8240 0 \ 8241 -s "Read from client: 1 bytes read" 8242 8243requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 8244run_test "Small client packet DTLS 1.2, without EtM" \ 8245 "$P_SRV dtls=1 force_version=dtls12 etm=0" \ 8246 "$P_CLI dtls=1 request_size=1 \ 8247 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8248 0 \ 8249 -s "Read from client: 1 bytes read" 8250 8251# Tests for small server packets 8252 8253run_test "Small server packet TLS 1.2 BlockCipher" \ 8254 "$P_SRV response_size=1 force_version=tls12" \ 8255 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8256 0 \ 8257 -c "Read from server: 1 bytes read" 8258 8259run_test "Small server packet TLS 1.2 BlockCipher, without EtM" \ 8260 "$P_SRV response_size=1 force_version=tls12" \ 8261 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA etm=0" \ 8262 0 \ 8263 -c "Read from server: 1 bytes read" 8264 8265run_test "Small server packet TLS 1.2 BlockCipher larger MAC" \ 8266 "$P_SRV response_size=1 force_version=tls12" \ 8267 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 8268 0 \ 8269 -c "Read from server: 1 bytes read" 8270 8271run_test "Small server packet TLS 1.2 AEAD" \ 8272 "$P_SRV response_size=1 force_version=tls12" \ 8273 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 8274 0 \ 8275 -c "Read from server: 1 bytes read" 8276 8277run_test "Small server packet TLS 1.2 AEAD shorter tag" \ 8278 "$P_SRV response_size=1 force_version=tls12" \ 8279 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 8280 0 \ 8281 -c "Read from server: 1 bytes read" 8282 8283requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8284run_test "Small server packet TLS 1.3 AEAD" \ 8285 "$P_SRV response_size=1" \ 8286 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 8287 0 \ 8288 -c "Read from server: 1 bytes read" 8289 8290requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8291run_test "Small server packet TLS 1.3 AEAD shorter tag" \ 8292 "$P_SRV response_size=1" \ 8293 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 8294 0 \ 8295 -c "Read from server: 1 bytes read" 8296 8297# Tests for small server packets in DTLS 8298 8299requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 8300run_test "Small server packet DTLS 1.2" \ 8301 "$P_SRV dtls=1 response_size=1 force_version=dtls12" \ 8302 "$P_CLI dtls=1 \ 8303 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8304 0 \ 8305 -c "Read from server: 1 bytes read" 8306 8307requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 8308run_test "Small server packet DTLS 1.2, without EtM" \ 8309 "$P_SRV dtls=1 response_size=1 force_version=dtls12 etm=0" \ 8310 "$P_CLI dtls=1 \ 8311 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8312 0 \ 8313 -c "Read from server: 1 bytes read" 8314 8315# Test for large client packets 8316 8317# How many fragments do we expect to write $1 bytes? 8318fragments_for_write() { 8319 echo "$(( ( $1 + $MAX_OUT_LEN - 1 ) / $MAX_OUT_LEN ))" 8320} 8321 8322run_test "Large client packet TLS 1.2 BlockCipher" \ 8323 "$P_SRV force_version=tls12" \ 8324 "$P_CLI request_size=16384 \ 8325 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8326 0 \ 8327 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8328 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8329 8330run_test "Large client packet TLS 1.2 BlockCipher, without EtM" \ 8331 "$P_SRV force_version=tls12" \ 8332 "$P_CLI request_size=16384 etm=0 \ 8333 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8334 0 \ 8335 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8336 8337run_test "Large client packet TLS 1.2 BlockCipher larger MAC" \ 8338 "$P_SRV force_version=tls12" \ 8339 "$P_CLI request_size=16384 \ 8340 force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 8341 0 \ 8342 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8343 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8344 8345run_test "Large client packet TLS 1.2 AEAD" \ 8346 "$P_SRV force_version=tls12" \ 8347 "$P_CLI request_size=16384 \ 8348 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 8349 0 \ 8350 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8351 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8352 8353run_test "Large client packet TLS 1.2 AEAD shorter tag" \ 8354 "$P_SRV force_version=tls12" \ 8355 "$P_CLI request_size=16384 \ 8356 force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 8357 0 \ 8358 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8359 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8360 8361requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8362run_test "Large client packet TLS 1.3 AEAD" \ 8363 "$P_SRV" \ 8364 "$P_CLI request_size=16384 \ 8365 force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 8366 0 \ 8367 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8368 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8369 8370requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8371run_test "Large client packet TLS 1.3 AEAD shorter tag" \ 8372 "$P_SRV" \ 8373 "$P_CLI request_size=16384 \ 8374 force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 8375 0 \ 8376 -c "16384 bytes written in $(fragments_for_write 16384) fragments" \ 8377 -s "Read from client: $MAX_CONTENT_LEN bytes read" 8378 8379# The tests below fail when the server's OUT_CONTENT_LEN is less than 16384. 8380run_test "Large server packet TLS 1.2 BlockCipher" \ 8381 "$P_SRV response_size=16384 force_version=tls12" \ 8382 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8383 0 \ 8384 -c "Read from server: 16384 bytes read" 8385 8386run_test "Large server packet TLS 1.2 BlockCipher, without EtM" \ 8387 "$P_SRV response_size=16384 force_version=tls12" \ 8388 "$P_CLI etm=0 force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 8389 0 \ 8390 -s "16384 bytes written in 1 fragments" \ 8391 -c "Read from server: 16384 bytes read" 8392 8393run_test "Large server packet TLS 1.2 BlockCipher larger MAC" \ 8394 "$P_SRV response_size=16384 force_version=tls12" \ 8395 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 8396 0 \ 8397 -c "Read from server: 16384 bytes read" 8398 8399run_test "Large server packet TLS 1.2 BlockCipher, without EtM, truncated MAC" \ 8400 "$P_SRV response_size=16384 trunc_hmac=1 force_version=tls12" \ 8401 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA trunc_hmac=1 etm=0" \ 8402 0 \ 8403 -s "16384 bytes written in 1 fragments" \ 8404 -c "Read from server: 16384 bytes read" 8405 8406run_test "Large server packet TLS 1.2 AEAD" \ 8407 "$P_SRV response_size=16384 force_version=tls12" \ 8408 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 8409 0 \ 8410 -c "Read from server: 16384 bytes read" 8411 8412run_test "Large server packet TLS 1.2 AEAD shorter tag" \ 8413 "$P_SRV response_size=16384 force_version=tls12" \ 8414 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 8415 0 \ 8416 -c "Read from server: 16384 bytes read" 8417 8418requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8419run_test "Large server packet TLS 1.3 AEAD" \ 8420 "$P_SRV response_size=16384" \ 8421 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-SHA256" \ 8422 0 \ 8423 -c "Read from server: 16384 bytes read" 8424 8425requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 8426run_test "Large server packet TLS 1.3 AEAD shorter tag" \ 8427 "$P_SRV response_size=16384" \ 8428 "$P_CLI force_ciphersuite=TLS1-3-AES-128-CCM-8-SHA256" \ 8429 0 \ 8430 -c "Read from server: 16384 bytes read" 8431 8432# Tests for restartable ECC 8433 8434# Force the use of a curve that supports restartable ECC (secp256r1). 8435 8436requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8437requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8438run_test "EC restart: TLS, default" \ 8439 "$P_SRV groups=secp256r1 auth_mode=required" \ 8440 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8441 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8442 debug_level=1" \ 8443 0 \ 8444 -C "x509_verify_cert.*4b00" \ 8445 -C "mbedtls_pk_verify.*4b00" \ 8446 -C "mbedtls_ecdh_make_public.*4b00" \ 8447 -C "mbedtls_pk_sign.*4b00" 8448 8449requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8450requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8451run_test "EC restart: TLS, max_ops=0" \ 8452 "$P_SRV groups=secp256r1 auth_mode=required" \ 8453 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8454 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8455 debug_level=1 ec_max_ops=0" \ 8456 0 \ 8457 -C "x509_verify_cert.*4b00" \ 8458 -C "mbedtls_pk_verify.*4b00" \ 8459 -C "mbedtls_ecdh_make_public.*4b00" \ 8460 -C "mbedtls_pk_sign.*4b00" 8461 8462requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8463requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8464run_test "EC restart: TLS, max_ops=65535" \ 8465 "$P_SRV groups=secp256r1 auth_mode=required" \ 8466 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8467 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8468 debug_level=1 ec_max_ops=65535" \ 8469 0 \ 8470 -C "x509_verify_cert.*4b00" \ 8471 -C "mbedtls_pk_verify.*4b00" \ 8472 -C "mbedtls_ecdh_make_public.*4b00" \ 8473 -C "mbedtls_pk_sign.*4b00" 8474 8475# With USE_PSA disabled we expect full restartable behaviour. 8476requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8477requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8478requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8479run_test "EC restart: TLS, max_ops=1000 (no USE_PSA)" \ 8480 "$P_SRV groups=secp256r1 auth_mode=required" \ 8481 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8482 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8483 debug_level=1 ec_max_ops=1000" \ 8484 0 \ 8485 -c "x509_verify_cert.*4b00" \ 8486 -c "mbedtls_pk_verify.*4b00" \ 8487 -c "mbedtls_ecdh_make_public.*4b00" \ 8488 -c "mbedtls_pk_sign.*4b00" 8489 8490# With USE_PSA enabled we expect only partial restartable behaviour: 8491# everything except ECDH (where TLS calls PSA directly). 8492requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8493requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8494requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8495run_test "EC restart: TLS, max_ops=1000 (USE_PSA)" \ 8496 "$P_SRV groups=secp256r1 auth_mode=required" \ 8497 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8498 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8499 debug_level=1 ec_max_ops=1000" \ 8500 0 \ 8501 -c "x509_verify_cert.*4b00" \ 8502 -c "mbedtls_pk_verify.*4b00" \ 8503 -C "mbedtls_ecdh_make_public.*4b00" \ 8504 -c "mbedtls_pk_sign.*4b00" 8505 8506# This works the same with & without USE_PSA as we never get to ECDH: 8507# we abort as soon as we determined the cert is bad. 8508requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8509requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8510run_test "EC restart: TLS, max_ops=1000, badsign" \ 8511 "$P_SRV groups=secp256r1 auth_mode=required \ 8512 crt_file=data_files/server5-badsign.crt \ 8513 key_file=data_files/server5.key" \ 8514 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8515 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8516 debug_level=1 ec_max_ops=1000" \ 8517 1 \ 8518 -c "x509_verify_cert.*4b00" \ 8519 -C "mbedtls_pk_verify.*4b00" \ 8520 -C "mbedtls_ecdh_make_public.*4b00" \ 8521 -C "mbedtls_pk_sign.*4b00" \ 8522 -c "! The certificate is not correctly signed by the trusted CA" \ 8523 -c "! mbedtls_ssl_handshake returned" \ 8524 -c "X509 - Certificate verification failed" 8525 8526# With USE_PSA disabled we expect full restartable behaviour. 8527requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8528requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8529requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8530run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (no USE_PSA)" \ 8531 "$P_SRV groups=secp256r1 auth_mode=required \ 8532 crt_file=data_files/server5-badsign.crt \ 8533 key_file=data_files/server5.key" \ 8534 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8535 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8536 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 8537 0 \ 8538 -c "x509_verify_cert.*4b00" \ 8539 -c "mbedtls_pk_verify.*4b00" \ 8540 -c "mbedtls_ecdh_make_public.*4b00" \ 8541 -c "mbedtls_pk_sign.*4b00" \ 8542 -c "! The certificate is not correctly signed by the trusted CA" \ 8543 -C "! mbedtls_ssl_handshake returned" \ 8544 -C "X509 - Certificate verification failed" 8545 8546# With USE_PSA enabled we expect only partial restartable behaviour: 8547# everything except ECDH (where TLS calls PSA directly). 8548requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8549requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8550requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8551run_test "EC restart: TLS, max_ops=1000, auth_mode=optional badsign (USE_PSA)" \ 8552 "$P_SRV groups=secp256r1 auth_mode=required \ 8553 crt_file=data_files/server5-badsign.crt \ 8554 key_file=data_files/server5.key" \ 8555 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8556 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8557 debug_level=1 ec_max_ops=1000 auth_mode=optional" \ 8558 0 \ 8559 -c "x509_verify_cert.*4b00" \ 8560 -c "mbedtls_pk_verify.*4b00" \ 8561 -C "mbedtls_ecdh_make_public.*4b00" \ 8562 -c "mbedtls_pk_sign.*4b00" \ 8563 -c "! The certificate is not correctly signed by the trusted CA" \ 8564 -C "! mbedtls_ssl_handshake returned" \ 8565 -C "X509 - Certificate verification failed" 8566 8567# With USE_PSA disabled we expect full restartable behaviour. 8568requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8569requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8570requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8571run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (no USE_PSA)" \ 8572 "$P_SRV groups=secp256r1 auth_mode=required \ 8573 crt_file=data_files/server5-badsign.crt \ 8574 key_file=data_files/server5.key" \ 8575 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8576 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8577 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 8578 0 \ 8579 -C "x509_verify_cert.*4b00" \ 8580 -c "mbedtls_pk_verify.*4b00" \ 8581 -c "mbedtls_ecdh_make_public.*4b00" \ 8582 -c "mbedtls_pk_sign.*4b00" \ 8583 -C "! The certificate is not correctly signed by the trusted CA" \ 8584 -C "! mbedtls_ssl_handshake returned" \ 8585 -C "X509 - Certificate verification failed" 8586 8587# With USE_PSA enabled we expect only partial restartable behaviour: 8588# everything except ECDH (where TLS calls PSA directly). 8589requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8590requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8591requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8592run_test "EC restart: TLS, max_ops=1000, auth_mode=none badsign (USE_PSA)" \ 8593 "$P_SRV groups=secp256r1 auth_mode=required \ 8594 crt_file=data_files/server5-badsign.crt \ 8595 key_file=data_files/server5.key" \ 8596 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8597 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8598 debug_level=1 ec_max_ops=1000 auth_mode=none" \ 8599 0 \ 8600 -C "x509_verify_cert.*4b00" \ 8601 -c "mbedtls_pk_verify.*4b00" \ 8602 -C "mbedtls_ecdh_make_public.*4b00" \ 8603 -c "mbedtls_pk_sign.*4b00" \ 8604 -C "! The certificate is not correctly signed by the trusted CA" \ 8605 -C "! mbedtls_ssl_handshake returned" \ 8606 -C "X509 - Certificate verification failed" 8607 8608# With USE_PSA disabled we expect full restartable behaviour. 8609requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8610requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8611requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8612run_test "EC restart: DTLS, max_ops=1000 (no USE_PSA)" \ 8613 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ 8614 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8615 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8616 dtls=1 debug_level=1 ec_max_ops=1000" \ 8617 0 \ 8618 -c "x509_verify_cert.*4b00" \ 8619 -c "mbedtls_pk_verify.*4b00" \ 8620 -c "mbedtls_ecdh_make_public.*4b00" \ 8621 -c "mbedtls_pk_sign.*4b00" 8622 8623# With USE_PSA enabled we expect only partial restartable behaviour: 8624# everything except ECDH (where TLS calls PSA directly). 8625requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8626requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8627requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8628run_test "EC restart: DTLS, max_ops=1000 (USE_PSA)" \ 8629 "$P_SRV groups=secp256r1 auth_mode=required dtls=1" \ 8630 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8631 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8632 dtls=1 debug_level=1 ec_max_ops=1000" \ 8633 0 \ 8634 -c "x509_verify_cert.*4b00" \ 8635 -c "mbedtls_pk_verify.*4b00" \ 8636 -C "mbedtls_ecdh_make_public.*4b00" \ 8637 -c "mbedtls_pk_sign.*4b00" 8638 8639# With USE_PSA disabled we expect full restartable behaviour. 8640requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8641requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8642requires_config_disabled MBEDTLS_USE_PSA_CRYPTO 8643run_test "EC restart: TLS, max_ops=1000 no client auth (no USE_PSA)" \ 8644 "$P_SRV groups=secp256r1" \ 8645 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8646 debug_level=1 ec_max_ops=1000" \ 8647 0 \ 8648 -c "x509_verify_cert.*4b00" \ 8649 -c "mbedtls_pk_verify.*4b00" \ 8650 -c "mbedtls_ecdh_make_public.*4b00" \ 8651 -C "mbedtls_pk_sign.*4b00" 8652 8653 8654# With USE_PSA enabled we expect only partial restartable behaviour: 8655# everything except ECDH (where TLS calls PSA directly). 8656requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8657requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8658requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 8659run_test "EC restart: TLS, max_ops=1000 no client auth (USE_PSA)" \ 8660 "$P_SRV groups=secp256r1" \ 8661 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 8662 debug_level=1 ec_max_ops=1000" \ 8663 0 \ 8664 -c "x509_verify_cert.*4b00" \ 8665 -c "mbedtls_pk_verify.*4b00" \ 8666 -C "mbedtls_ecdh_make_public.*4b00" \ 8667 -C "mbedtls_pk_sign.*4b00" 8668 8669# Restartable is only for ECDHE-ECDSA, with another ciphersuite we expect no 8670# restartable behaviour at all (not even client auth). 8671# This is the same as "EC restart: TLS, max_ops=1000" except with ECDHE-RSA, 8672# and all 4 assertions negated. 8673requires_config_enabled MBEDTLS_ECP_RESTARTABLE 8674requires_config_enabled MBEDTLS_ECP_DP_SECP256R1_ENABLED 8675run_test "EC restart: TLS, max_ops=1000, ECDHE-RSA" \ 8676 "$P_SRV groups=secp256r1 auth_mode=required" \ 8677 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 \ 8678 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8679 debug_level=1 ec_max_ops=1000" \ 8680 0 \ 8681 -C "x509_verify_cert.*4b00" \ 8682 -C "mbedtls_pk_verify.*4b00" \ 8683 -C "mbedtls_ecdh_make_public.*4b00" \ 8684 -C "mbedtls_pk_sign.*4b00" 8685 8686# Tests of asynchronous private key support in SSL 8687 8688requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8689run_test "SSL async private: sign, delay=0" \ 8690 "$P_SRV force_version=tls12 \ 8691 async_operations=s async_private_delay1=0 async_private_delay2=0" \ 8692 "$P_CLI" \ 8693 0 \ 8694 -s "Async sign callback: using key slot " \ 8695 -s "Async resume (slot [0-9]): sign done, status=0" 8696 8697requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8698run_test "SSL async private: sign, delay=1" \ 8699 "$P_SRV force_version=tls12 \ 8700 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 8701 "$P_CLI" \ 8702 0 \ 8703 -s "Async sign callback: using key slot " \ 8704 -s "Async resume (slot [0-9]): call 0 more times." \ 8705 -s "Async resume (slot [0-9]): sign done, status=0" 8706 8707requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8708run_test "SSL async private: sign, delay=2" \ 8709 "$P_SRV force_version=tls12 \ 8710 async_operations=s async_private_delay1=2 async_private_delay2=2" \ 8711 "$P_CLI" \ 8712 0 \ 8713 -s "Async sign callback: using key slot " \ 8714 -U "Async sign callback: using key slot " \ 8715 -s "Async resume (slot [0-9]): call 1 more times." \ 8716 -s "Async resume (slot [0-9]): call 0 more times." \ 8717 -s "Async resume (slot [0-9]): sign done, status=0" 8718 8719requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8720requires_config_disabled MBEDTLS_X509_REMOVE_INFO 8721run_test "SSL async private: sign, SNI" \ 8722 "$P_SRV force_version=tls12 debug_level=3 \ 8723 async_operations=s async_private_delay1=0 async_private_delay2=0 \ 8724 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 8725 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 8726 "$P_CLI server_name=polarssl.example" \ 8727 0 \ 8728 -s "Async sign callback: using key slot " \ 8729 -s "Async resume (slot [0-9]): sign done, status=0" \ 8730 -s "parse ServerName extension" \ 8731 -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ 8732 -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" 8733 8734requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8735run_test "SSL async private: decrypt, delay=0" \ 8736 "$P_SRV \ 8737 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 8738 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8739 0 \ 8740 -s "Async decrypt callback: using key slot " \ 8741 -s "Async resume (slot [0-9]): decrypt done, status=0" 8742 8743requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8744run_test "SSL async private: decrypt, delay=1" \ 8745 "$P_SRV \ 8746 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 8747 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8748 0 \ 8749 -s "Async decrypt callback: using key slot " \ 8750 -s "Async resume (slot [0-9]): call 0 more times." \ 8751 -s "Async resume (slot [0-9]): decrypt done, status=0" 8752 8753requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8754run_test "SSL async private: decrypt RSA-PSK, delay=0" \ 8755 "$P_SRV psk=abc123 \ 8756 async_operations=d async_private_delay1=0 async_private_delay2=0" \ 8757 "$P_CLI psk=abc123 \ 8758 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 8759 0 \ 8760 -s "Async decrypt callback: using key slot " \ 8761 -s "Async resume (slot [0-9]): decrypt done, status=0" 8762 8763requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8764run_test "SSL async private: decrypt RSA-PSK, delay=1" \ 8765 "$P_SRV psk=abc123 \ 8766 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 8767 "$P_CLI psk=abc123 \ 8768 force_ciphersuite=TLS-RSA-PSK-WITH-AES-128-CBC-SHA256" \ 8769 0 \ 8770 -s "Async decrypt callback: using key slot " \ 8771 -s "Async resume (slot [0-9]): call 0 more times." \ 8772 -s "Async resume (slot [0-9]): decrypt done, status=0" 8773 8774requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8775run_test "SSL async private: sign callback not present" \ 8776 "$P_SRV \ 8777 async_operations=d async_private_delay1=1 async_private_delay2=1" \ 8778 "$P_CLI force_version=tls12; [ \$? -eq 1 ] && 8779 $P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8780 0 \ 8781 -S "Async sign callback" \ 8782 -s "! mbedtls_ssl_handshake returned" \ 8783 -s "The own private key or pre-shared key is not set, but needed" \ 8784 -s "Async resume (slot [0-9]): decrypt done, status=0" \ 8785 -s "Successful connection" 8786 8787requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8788run_test "SSL async private: decrypt callback not present" \ 8789 "$P_SRV debug_level=1 \ 8790 async_operations=s async_private_delay1=1 async_private_delay2=1" \ 8791 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA; 8792 [ \$? -eq 1 ] && $P_CLI force_version=tls12" \ 8793 0 \ 8794 -S "Async decrypt callback" \ 8795 -s "! mbedtls_ssl_handshake returned" \ 8796 -s "got no RSA private key" \ 8797 -s "Async resume (slot [0-9]): sign done, status=0" \ 8798 -s "Successful connection" 8799 8800# key1: ECDSA, key2: RSA; use key1 from slot 0 8801requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8802run_test "SSL async private: slot 0 used with key1" \ 8803 "$P_SRV \ 8804 async_operations=s async_private_delay1=1 \ 8805 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8806 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 8807 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 8808 0 \ 8809 -s "Async sign callback: using key slot 0," \ 8810 -s "Async resume (slot 0): call 0 more times." \ 8811 -s "Async resume (slot 0): sign done, status=0" 8812 8813# key1: ECDSA, key2: RSA; use key2 from slot 0 8814requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8815run_test "SSL async private: slot 0 used with key2" \ 8816 "$P_SRV \ 8817 async_operations=s async_private_delay2=1 \ 8818 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8819 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 8820 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 8821 0 \ 8822 -s "Async sign callback: using key slot 0," \ 8823 -s "Async resume (slot 0): call 0 more times." \ 8824 -s "Async resume (slot 0): sign done, status=0" 8825 8826# key1: ECDSA, key2: RSA; use key2 from slot 1 8827requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8828run_test "SSL async private: slot 1 used with key2" \ 8829 "$P_SRV \ 8830 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8831 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8832 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 8833 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 8834 0 \ 8835 -s "Async sign callback: using key slot 1," \ 8836 -s "Async resume (slot 1): call 0 more times." \ 8837 -s "Async resume (slot 1): sign done, status=0" 8838 8839# key1: ECDSA, key2: RSA; use key2 directly 8840requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8841run_test "SSL async private: fall back to transparent key" \ 8842 "$P_SRV \ 8843 async_operations=s async_private_delay1=1 \ 8844 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8845 key_file2=data_files/server2.key crt_file2=data_files/server2.crt " \ 8846 "$P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 8847 0 \ 8848 -s "Async sign callback: no key matches this certificate." 8849 8850requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8851run_test "SSL async private: sign, error in start" \ 8852 "$P_SRV force_version=tls12 \ 8853 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8854 async_private_error=1" \ 8855 "$P_CLI" \ 8856 1 \ 8857 -s "Async sign callback: injected error" \ 8858 -S "Async resume" \ 8859 -S "Async cancel" \ 8860 -s "! mbedtls_ssl_handshake returned" 8861 8862requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8863run_test "SSL async private: sign, cancel after start" \ 8864 "$P_SRV force_version=tls12 \ 8865 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8866 async_private_error=2" \ 8867 "$P_CLI" \ 8868 1 \ 8869 -s "Async sign callback: using key slot " \ 8870 -S "Async resume" \ 8871 -s "Async cancel" 8872 8873requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8874run_test "SSL async private: sign, error in resume" \ 8875 "$P_SRV force_version=tls12 \ 8876 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8877 async_private_error=3" \ 8878 "$P_CLI" \ 8879 1 \ 8880 -s "Async sign callback: using key slot " \ 8881 -s "Async resume callback: sign done but injected error" \ 8882 -S "Async cancel" \ 8883 -s "! mbedtls_ssl_handshake returned" 8884 8885requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8886run_test "SSL async private: decrypt, error in start" \ 8887 "$P_SRV \ 8888 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 8889 async_private_error=1" \ 8890 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8891 1 \ 8892 -s "Async decrypt callback: injected error" \ 8893 -S "Async resume" \ 8894 -S "Async cancel" \ 8895 -s "! mbedtls_ssl_handshake returned" 8896 8897requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8898run_test "SSL async private: decrypt, cancel after start" \ 8899 "$P_SRV \ 8900 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 8901 async_private_error=2" \ 8902 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8903 1 \ 8904 -s "Async decrypt callback: using key slot " \ 8905 -S "Async resume" \ 8906 -s "Async cancel" 8907 8908requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8909run_test "SSL async private: decrypt, error in resume" \ 8910 "$P_SRV \ 8911 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 8912 async_private_error=3" \ 8913 "$P_CLI force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 8914 1 \ 8915 -s "Async decrypt callback: using key slot " \ 8916 -s "Async resume callback: decrypt done but injected error" \ 8917 -S "Async cancel" \ 8918 -s "! mbedtls_ssl_handshake returned" 8919 8920requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8921run_test "SSL async private: cancel after start then operate correctly" \ 8922 "$P_SRV force_version=tls12 \ 8923 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8924 async_private_error=-2" \ 8925 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 8926 0 \ 8927 -s "Async cancel" \ 8928 -s "! mbedtls_ssl_handshake returned" \ 8929 -s "Async resume" \ 8930 -s "Successful connection" 8931 8932requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8933run_test "SSL async private: error in resume then operate correctly" \ 8934 "$P_SRV force_version=tls12 \ 8935 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8936 async_private_error=-3" \ 8937 "$P_CLI; [ \$? -eq 1 ] && $P_CLI" \ 8938 0 \ 8939 -s "! mbedtls_ssl_handshake returned" \ 8940 -s "Async resume" \ 8941 -s "Successful connection" 8942 8943# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 8944requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8945# Note: the function "detect_required_features()" is not able to detect more than 8946# one "force_ciphersuite" per client/server and it only picks the 2nd one. 8947# Therefore the 1st one is added explicitly here 8948requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 8949run_test "SSL async private: cancel after start then fall back to transparent key" \ 8950 "$P_SRV \ 8951 async_operations=s async_private_delay1=1 async_private_error=-2 \ 8952 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8953 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 8954 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 8955 [ \$? -eq 1 ] && 8956 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 8957 0 \ 8958 -s "Async sign callback: using key slot 0" \ 8959 -S "Async resume" \ 8960 -s "Async cancel" \ 8961 -s "! mbedtls_ssl_handshake returned" \ 8962 -s "Async sign callback: no key matches this certificate." \ 8963 -s "Successful connection" 8964 8965# key1: ECDSA, key2: RSA; use key1 through async, then key2 directly 8966requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8967# Note: the function "detect_required_features()" is not able to detect more than 8968# one "force_ciphersuite" per client/server and it only picks the 2nd one. 8969# Therefore the 1st one is added explicitly here 8970requires_config_enabled MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 8971run_test "SSL async private: sign, error in resume then fall back to transparent key" \ 8972 "$P_SRV \ 8973 async_operations=s async_private_delay1=1 async_private_error=-3 \ 8974 key_file=data_files/server5.key crt_file=data_files/server5.crt \ 8975 key_file2=data_files/server2.key crt_file2=data_files/server2.crt" \ 8976 "$P_CLI force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256; 8977 [ \$? -eq 1 ] && 8978 $P_CLI force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA256" \ 8979 0 \ 8980 -s "Async resume" \ 8981 -s "! mbedtls_ssl_handshake returned" \ 8982 -s "Async sign callback: no key matches this certificate." \ 8983 -s "Successful connection" 8984 8985requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8986requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8987run_test "SSL async private: renegotiation: client-initiated, sign" \ 8988 "$P_SRV force_version=tls12 \ 8989 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 8990 exchanges=2 renegotiation=1" \ 8991 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1" \ 8992 0 \ 8993 -s "Async sign callback: using key slot " \ 8994 -s "Async resume (slot [0-9]): sign done, status=0" 8995 8996requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 8997requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 8998run_test "SSL async private: renegotiation: server-initiated, sign" \ 8999 "$P_SRV force_version=tls12 \ 9000 async_operations=s async_private_delay1=1 async_private_delay2=1 \ 9001 exchanges=2 renegotiation=1 renegotiate=1" \ 9002 "$P_CLI exchanges=2 renegotiation=1" \ 9003 0 \ 9004 -s "Async sign callback: using key slot " \ 9005 -s "Async resume (slot [0-9]): sign done, status=0" 9006 9007requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9008requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9009run_test "SSL async private: renegotiation: client-initiated, decrypt" \ 9010 "$P_SRV \ 9011 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 9012 exchanges=2 renegotiation=1" \ 9013 "$P_CLI exchanges=2 renegotiation=1 renegotiate=1 \ 9014 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 9015 0 \ 9016 -s "Async decrypt callback: using key slot " \ 9017 -s "Async resume (slot [0-9]): decrypt done, status=0" 9018 9019requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE 9020requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9021run_test "SSL async private: renegotiation: server-initiated, decrypt" \ 9022 "$P_SRV \ 9023 async_operations=d async_private_delay1=1 async_private_delay2=1 \ 9024 exchanges=2 renegotiation=1 renegotiate=1" \ 9025 "$P_CLI exchanges=2 renegotiation=1 \ 9026 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 9027 0 \ 9028 -s "Async decrypt callback: using key slot " \ 9029 -s "Async resume (slot [0-9]): decrypt done, status=0" 9030 9031# Tests for ECC extensions (rfc 4492) 9032 9033requires_config_enabled MBEDTLS_AES_C 9034requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9035requires_hash_alg SHA_256 9036requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 9037run_test "Force a non ECC ciphersuite in the client side" \ 9038 "$P_SRV debug_level=3" \ 9039 "$P_CLI debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 9040 0 \ 9041 -C "client hello, adding supported_groups extension" \ 9042 -C "client hello, adding supported_point_formats extension" \ 9043 -S "found supported elliptic curves extension" \ 9044 -S "found supported point formats extension" 9045 9046requires_config_enabled MBEDTLS_AES_C 9047requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9048requires_hash_alg SHA_256 9049requires_config_enabled MBEDTLS_KEY_EXCHANGE_RSA_ENABLED 9050run_test "Force a non ECC ciphersuite in the server side" \ 9051 "$P_SRV debug_level=3 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA256" \ 9052 "$P_CLI debug_level=3" \ 9053 0 \ 9054 -C "found supported_point_formats extension" \ 9055 -S "server hello, supported_point_formats extension" 9056 9057requires_config_enabled MBEDTLS_AES_C 9058requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9059requires_hash_alg SHA_256 9060run_test "Force an ECC ciphersuite in the client side" \ 9061 "$P_SRV debug_level=3" \ 9062 "$P_CLI debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 9063 0 \ 9064 -c "client hello, adding supported_groups extension" \ 9065 -c "client hello, adding supported_point_formats extension" \ 9066 -s "found supported elliptic curves extension" \ 9067 -s "found supported point formats extension" 9068 9069requires_config_enabled MBEDTLS_AES_C 9070requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9071requires_hash_alg SHA_256 9072run_test "Force an ECC ciphersuite in the server side" \ 9073 "$P_SRV debug_level=3 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256" \ 9074 "$P_CLI debug_level=3" \ 9075 0 \ 9076 -c "found supported_point_formats extension" \ 9077 -s "server hello, supported_point_formats extension" 9078 9079# Tests for DTLS HelloVerifyRequest 9080 9081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9082run_test "DTLS cookie: enabled" \ 9083 "$P_SRV dtls=1 debug_level=2" \ 9084 "$P_CLI dtls=1 debug_level=2" \ 9085 0 \ 9086 -s "cookie verification failed" \ 9087 -s "cookie verification passed" \ 9088 -S "cookie verification skipped" \ 9089 -c "received hello verify request" \ 9090 -s "hello verification requested" \ 9091 -S "SSL - The requested feature is not available" 9092 9093requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9094run_test "DTLS cookie: disabled" \ 9095 "$P_SRV dtls=1 debug_level=2 cookies=0" \ 9096 "$P_CLI dtls=1 debug_level=2" \ 9097 0 \ 9098 -S "cookie verification failed" \ 9099 -S "cookie verification passed" \ 9100 -s "cookie verification skipped" \ 9101 -C "received hello verify request" \ 9102 -S "hello verification requested" \ 9103 -S "SSL - The requested feature is not available" 9104 9105requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9106run_test "DTLS cookie: default (failing)" \ 9107 "$P_SRV dtls=1 debug_level=2 cookies=-1" \ 9108 "$P_CLI dtls=1 debug_level=2 hs_timeout=100-400" \ 9109 1 \ 9110 -s "cookie verification failed" \ 9111 -S "cookie verification passed" \ 9112 -S "cookie verification skipped" \ 9113 -C "received hello verify request" \ 9114 -S "hello verification requested" \ 9115 -s "SSL - The requested feature is not available" 9116 9117requires_ipv6 9118requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9119run_test "DTLS cookie: enabled, IPv6" \ 9120 "$P_SRV dtls=1 debug_level=2 server_addr=::1" \ 9121 "$P_CLI dtls=1 debug_level=2 server_addr=::1" \ 9122 0 \ 9123 -s "cookie verification failed" \ 9124 -s "cookie verification passed" \ 9125 -S "cookie verification skipped" \ 9126 -c "received hello verify request" \ 9127 -s "hello verification requested" \ 9128 -S "SSL - The requested feature is not available" 9129 9130requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9131run_test "DTLS cookie: enabled, nbio" \ 9132 "$P_SRV dtls=1 nbio=2 debug_level=2" \ 9133 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 9134 0 \ 9135 -s "cookie verification failed" \ 9136 -s "cookie verification passed" \ 9137 -S "cookie verification skipped" \ 9138 -c "received hello verify request" \ 9139 -s "hello verification requested" \ 9140 -S "SSL - The requested feature is not available" 9141 9142# Tests for client reconnecting from the same port with DTLS 9143 9144not_with_valgrind # spurious resend 9145requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9146run_test "DTLS client reconnect from same port: reference" \ 9147 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 9148 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000" \ 9149 0 \ 9150 -C "resend" \ 9151 -S "The operation timed out" \ 9152 -S "Client initiated reconnection from same port" 9153 9154not_with_valgrind # spurious resend 9155requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9156run_test "DTLS client reconnect from same port: reconnect" \ 9157 "$P_SRV dtls=1 exchanges=2 read_timeout=20000 hs_timeout=10000-20000" \ 9158 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=10000-20000 reconnect_hard=1" \ 9159 0 \ 9160 -C "resend" \ 9161 -S "The operation timed out" \ 9162 -s "Client initiated reconnection from same port" 9163 9164not_with_valgrind # server/client too slow to respond in time (next test has higher timeouts) 9165requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9166run_test "DTLS client reconnect from same port: reconnect, nbio, no valgrind" \ 9167 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 nbio=2" \ 9168 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-1000 reconnect_hard=1" \ 9169 0 \ 9170 -S "The operation timed out" \ 9171 -s "Client initiated reconnection from same port" 9172 9173only_with_valgrind # Only with valgrind, do previous test but with higher read_timeout and hs_timeout 9174requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9175run_test "DTLS client reconnect from same port: reconnect, nbio, valgrind" \ 9176 "$P_SRV dtls=1 exchanges=2 read_timeout=2000 nbio=2 hs_timeout=1500-6000" \ 9177 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=1500-3000 reconnect_hard=1" \ 9178 0 \ 9179 -S "The operation timed out" \ 9180 -s "Client initiated reconnection from same port" 9181 9182requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9183run_test "DTLS client reconnect from same port: no cookies" \ 9184 "$P_SRV dtls=1 exchanges=2 read_timeout=1000 cookies=0" \ 9185 "$P_CLI dtls=1 exchanges=2 debug_level=2 hs_timeout=500-8000 reconnect_hard=1" \ 9186 0 \ 9187 -s "The operation timed out" \ 9188 -S "Client initiated reconnection from same port" 9189 9190requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9191run_test "DTLS client reconnect from same port: attacker-injected" \ 9192 -p "$P_PXY inject_clihlo=1" \ 9193 "$P_SRV dtls=1 exchanges=2 debug_level=1" \ 9194 "$P_CLI dtls=1 exchanges=2" \ 9195 0 \ 9196 -s "possible client reconnect from the same port" \ 9197 -S "Client initiated reconnection from same port" 9198 9199# Tests for various cases of client authentication with DTLS 9200# (focused on handshake flows and message parsing) 9201 9202requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9203run_test "DTLS client auth: required" \ 9204 "$P_SRV dtls=1 auth_mode=required" \ 9205 "$P_CLI dtls=1" \ 9206 0 \ 9207 -s "Verifying peer X.509 certificate... ok" 9208 9209requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9210run_test "DTLS client auth: optional, client has no cert" \ 9211 "$P_SRV dtls=1 auth_mode=optional" \ 9212 "$P_CLI dtls=1 crt_file=none key_file=none" \ 9213 0 \ 9214 -s "! Certificate was missing" 9215 9216requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9217run_test "DTLS client auth: none, client has no cert" \ 9218 "$P_SRV dtls=1 auth_mode=none" \ 9219 "$P_CLI dtls=1 crt_file=none key_file=none debug_level=2" \ 9220 0 \ 9221 -c "skip write certificate$" \ 9222 -s "! Certificate verification was skipped" 9223 9224run_test "DTLS wrong PSK: badmac alert" \ 9225 "$P_SRV dtls=1 psk=abc123 force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256" \ 9226 "$P_CLI dtls=1 psk=abc124" \ 9227 1 \ 9228 -s "SSL - Verification of the message MAC failed" \ 9229 -c "SSL - A fatal alert message was received from our peer" 9230 9231# Tests for receiving fragmented handshake messages with DTLS 9232 9233requires_gnutls 9234requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9235run_test "DTLS reassembly: no fragmentation (gnutls server)" \ 9236 "$G_SRV -u --mtu 2048 -a" \ 9237 "$P_CLI dtls=1 debug_level=2" \ 9238 0 \ 9239 -C "found fragmented DTLS handshake message" \ 9240 -C "error" 9241 9242requires_gnutls 9243requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9244run_test "DTLS reassembly: some fragmentation (gnutls server)" \ 9245 "$G_SRV -u --mtu 512" \ 9246 "$P_CLI dtls=1 debug_level=2" \ 9247 0 \ 9248 -c "found fragmented DTLS handshake message" \ 9249 -C "error" 9250 9251requires_gnutls 9252requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9253run_test "DTLS reassembly: more fragmentation (gnutls server)" \ 9254 "$G_SRV -u --mtu 128" \ 9255 "$P_CLI dtls=1 debug_level=2" \ 9256 0 \ 9257 -c "found fragmented DTLS handshake message" \ 9258 -C "error" 9259 9260requires_gnutls 9261requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9262run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ 9263 "$G_SRV -u --mtu 128" \ 9264 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 9265 0 \ 9266 -c "found fragmented DTLS handshake message" \ 9267 -C "error" 9268 9269requires_gnutls 9270requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9271requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9272run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ 9273 "$G_SRV -u --mtu 256" \ 9274 "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ 9275 0 \ 9276 -c "found fragmented DTLS handshake message" \ 9277 -c "client hello, adding renegotiation extension" \ 9278 -c "found renegotiation extension" \ 9279 -c "=> renegotiate" \ 9280 -C "mbedtls_ssl_handshake returned" \ 9281 -C "error" \ 9282 -s "Extra-header:" 9283 9284requires_gnutls 9285requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9286requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9287run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ 9288 "$G_SRV -u --mtu 256" \ 9289 "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ 9290 0 \ 9291 -c "found fragmented DTLS handshake message" \ 9292 -c "client hello, adding renegotiation extension" \ 9293 -c "found renegotiation extension" \ 9294 -c "=> renegotiate" \ 9295 -C "mbedtls_ssl_handshake returned" \ 9296 -C "error" \ 9297 -s "Extra-header:" 9298 9299requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9300run_test "DTLS reassembly: no fragmentation (openssl server)" \ 9301 "$O_SRV -dtls -mtu 2048" \ 9302 "$P_CLI dtls=1 debug_level=2" \ 9303 0 \ 9304 -C "found fragmented DTLS handshake message" \ 9305 -C "error" 9306 9307requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9308run_test "DTLS reassembly: some fragmentation (openssl server)" \ 9309 "$O_SRV -dtls -mtu 256" \ 9310 "$P_CLI dtls=1 debug_level=2" \ 9311 0 \ 9312 -c "found fragmented DTLS handshake message" \ 9313 -C "error" 9314 9315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9316run_test "DTLS reassembly: more fragmentation (openssl server)" \ 9317 "$O_SRV -dtls -mtu 256" \ 9318 "$P_CLI dtls=1 debug_level=2" \ 9319 0 \ 9320 -c "found fragmented DTLS handshake message" \ 9321 -C "error" 9322 9323requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9324run_test "DTLS reassembly: fragmentation, nbio (openssl server)" \ 9325 "$O_SRV -dtls -mtu 256" \ 9326 "$P_CLI dtls=1 nbio=2 debug_level=2" \ 9327 0 \ 9328 -c "found fragmented DTLS handshake message" \ 9329 -C "error" 9330 9331# Tests for sending fragmented handshake messages with DTLS 9332# 9333# Use client auth when we need the client to send large messages, 9334# and use large cert chains on both sides too (the long chains we have all use 9335# both RSA and ECDSA, but ideally we should have long chains with either). 9336# Sizes reached (UDP payload): 9337# - 2037B for server certificate 9338# - 1542B for client certificate 9339# - 1013B for newsessionticket 9340# - all others below 512B 9341# All those tests assume MAX_CONTENT_LEN is at least 2048 9342 9343requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9344requires_config_enabled MBEDTLS_RSA_C 9345requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9346requires_max_content_len 4096 9347requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9348run_test "DTLS fragmenting: none (for reference)" \ 9349 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9350 crt_file=data_files/server7_int-ca.crt \ 9351 key_file=data_files/server7.key \ 9352 hs_timeout=2500-60000 \ 9353 max_frag_len=4096" \ 9354 "$P_CLI dtls=1 debug_level=2 \ 9355 crt_file=data_files/server8_int-ca2.crt \ 9356 key_file=data_files/server8.key \ 9357 hs_timeout=2500-60000 \ 9358 max_frag_len=4096" \ 9359 0 \ 9360 -S "found fragmented DTLS handshake message" \ 9361 -C "found fragmented DTLS handshake message" \ 9362 -C "error" 9363 9364requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9365requires_config_enabled MBEDTLS_RSA_C 9366requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9367requires_max_content_len 2048 9368requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9369run_test "DTLS fragmenting: server only (max_frag_len)" \ 9370 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9371 crt_file=data_files/server7_int-ca.crt \ 9372 key_file=data_files/server7.key \ 9373 hs_timeout=2500-60000 \ 9374 max_frag_len=1024" \ 9375 "$P_CLI dtls=1 debug_level=2 \ 9376 crt_file=data_files/server8_int-ca2.crt \ 9377 key_file=data_files/server8.key \ 9378 hs_timeout=2500-60000 \ 9379 max_frag_len=2048" \ 9380 0 \ 9381 -S "found fragmented DTLS handshake message" \ 9382 -c "found fragmented DTLS handshake message" \ 9383 -C "error" 9384 9385# With the MFL extension, the server has no way of forcing 9386# the client to not exceed a certain MTU; hence, the following 9387# test can't be replicated with an MTU proxy such as the one 9388# `client-initiated, server only (max_frag_len)` below. 9389requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9390requires_config_enabled MBEDTLS_RSA_C 9391requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9392requires_max_content_len 4096 9393requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9394run_test "DTLS fragmenting: server only (more) (max_frag_len)" \ 9395 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9396 crt_file=data_files/server7_int-ca.crt \ 9397 key_file=data_files/server7.key \ 9398 hs_timeout=2500-60000 \ 9399 max_frag_len=512" \ 9400 "$P_CLI dtls=1 debug_level=2 \ 9401 crt_file=data_files/server8_int-ca2.crt \ 9402 key_file=data_files/server8.key \ 9403 hs_timeout=2500-60000 \ 9404 max_frag_len=4096" \ 9405 0 \ 9406 -S "found fragmented DTLS handshake message" \ 9407 -c "found fragmented DTLS handshake message" \ 9408 -C "error" 9409 9410requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9411requires_config_enabled MBEDTLS_RSA_C 9412requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9413requires_max_content_len 2048 9414requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9415run_test "DTLS fragmenting: client-initiated, server only (max_frag_len)" \ 9416 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 9417 crt_file=data_files/server7_int-ca.crt \ 9418 key_file=data_files/server7.key \ 9419 hs_timeout=2500-60000 \ 9420 max_frag_len=2048" \ 9421 "$P_CLI dtls=1 debug_level=2 \ 9422 crt_file=data_files/server8_int-ca2.crt \ 9423 key_file=data_files/server8.key \ 9424 hs_timeout=2500-60000 \ 9425 max_frag_len=1024" \ 9426 0 \ 9427 -S "found fragmented DTLS handshake message" \ 9428 -c "found fragmented DTLS handshake message" \ 9429 -C "error" 9430 9431# While not required by the standard defining the MFL extension 9432# (according to which it only applies to records, not to datagrams), 9433# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 9434# as otherwise there wouldn't be any means to communicate MTU restrictions 9435# to the peer. 9436# The next test checks that no datagrams significantly larger than the 9437# negotiated MFL are sent. 9438requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9439requires_config_enabled MBEDTLS_RSA_C 9440requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9441requires_max_content_len 2048 9442requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9443run_test "DTLS fragmenting: client-initiated, server only (max_frag_len), proxy MTU" \ 9444 -p "$P_PXY mtu=1110" \ 9445 "$P_SRV dtls=1 debug_level=2 auth_mode=none \ 9446 crt_file=data_files/server7_int-ca.crt \ 9447 key_file=data_files/server7.key \ 9448 hs_timeout=2500-60000 \ 9449 max_frag_len=2048" \ 9450 "$P_CLI dtls=1 debug_level=2 \ 9451 crt_file=data_files/server8_int-ca2.crt \ 9452 key_file=data_files/server8.key \ 9453 hs_timeout=2500-60000 \ 9454 max_frag_len=1024" \ 9455 0 \ 9456 -S "found fragmented DTLS handshake message" \ 9457 -c "found fragmented DTLS handshake message" \ 9458 -C "error" 9459 9460requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9461requires_config_enabled MBEDTLS_RSA_C 9462requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9463requires_max_content_len 2048 9464requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9465run_test "DTLS fragmenting: client-initiated, both (max_frag_len)" \ 9466 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9467 crt_file=data_files/server7_int-ca.crt \ 9468 key_file=data_files/server7.key \ 9469 hs_timeout=2500-60000 \ 9470 max_frag_len=2048" \ 9471 "$P_CLI dtls=1 debug_level=2 \ 9472 crt_file=data_files/server8_int-ca2.crt \ 9473 key_file=data_files/server8.key \ 9474 hs_timeout=2500-60000 \ 9475 max_frag_len=1024" \ 9476 0 \ 9477 -s "found fragmented DTLS handshake message" \ 9478 -c "found fragmented DTLS handshake message" \ 9479 -C "error" 9480 9481# While not required by the standard defining the MFL extension 9482# (according to which it only applies to records, not to datagrams), 9483# Mbed TLS will never send datagrams larger than MFL + { Max record expansion }, 9484# as otherwise there wouldn't be any means to communicate MTU restrictions 9485# to the peer. 9486# The next test checks that no datagrams significantly larger than the 9487# negotiated MFL are sent. 9488requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9489requires_config_enabled MBEDTLS_RSA_C 9490requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 9491requires_max_content_len 2048 9492requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9493run_test "DTLS fragmenting: client-initiated, both (max_frag_len), proxy MTU" \ 9494 -p "$P_PXY mtu=1110" \ 9495 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9496 crt_file=data_files/server7_int-ca.crt \ 9497 key_file=data_files/server7.key \ 9498 hs_timeout=2500-60000 \ 9499 max_frag_len=2048" \ 9500 "$P_CLI dtls=1 debug_level=2 \ 9501 crt_file=data_files/server8_int-ca2.crt \ 9502 key_file=data_files/server8.key \ 9503 hs_timeout=2500-60000 \ 9504 max_frag_len=1024" \ 9505 0 \ 9506 -s "found fragmented DTLS handshake message" \ 9507 -c "found fragmented DTLS handshake message" \ 9508 -C "error" 9509 9510requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9511requires_config_enabled MBEDTLS_RSA_C 9512requires_max_content_len 4096 9513requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9514run_test "DTLS fragmenting: none (for reference) (MTU)" \ 9515 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9516 crt_file=data_files/server7_int-ca.crt \ 9517 key_file=data_files/server7.key \ 9518 hs_timeout=2500-60000 \ 9519 mtu=4096" \ 9520 "$P_CLI dtls=1 debug_level=2 \ 9521 crt_file=data_files/server8_int-ca2.crt \ 9522 key_file=data_files/server8.key \ 9523 hs_timeout=2500-60000 \ 9524 mtu=4096" \ 9525 0 \ 9526 -S "found fragmented DTLS handshake message" \ 9527 -C "found fragmented DTLS handshake message" \ 9528 -C "error" 9529 9530requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9531requires_config_enabled MBEDTLS_RSA_C 9532requires_max_content_len 4096 9533requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9534run_test "DTLS fragmenting: client (MTU)" \ 9535 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9536 crt_file=data_files/server7_int-ca.crt \ 9537 key_file=data_files/server7.key \ 9538 hs_timeout=3500-60000 \ 9539 mtu=4096" \ 9540 "$P_CLI dtls=1 debug_level=2 \ 9541 crt_file=data_files/server8_int-ca2.crt \ 9542 key_file=data_files/server8.key \ 9543 hs_timeout=3500-60000 \ 9544 mtu=1024" \ 9545 0 \ 9546 -s "found fragmented DTLS handshake message" \ 9547 -C "found fragmented DTLS handshake message" \ 9548 -C "error" 9549 9550requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9551requires_config_enabled MBEDTLS_RSA_C 9552requires_max_content_len 2048 9553requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9554run_test "DTLS fragmenting: server (MTU)" \ 9555 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9556 crt_file=data_files/server7_int-ca.crt \ 9557 key_file=data_files/server7.key \ 9558 hs_timeout=2500-60000 \ 9559 mtu=512" \ 9560 "$P_CLI dtls=1 debug_level=2 \ 9561 crt_file=data_files/server8_int-ca2.crt \ 9562 key_file=data_files/server8.key \ 9563 hs_timeout=2500-60000 \ 9564 mtu=2048" \ 9565 0 \ 9566 -S "found fragmented DTLS handshake message" \ 9567 -c "found fragmented DTLS handshake message" \ 9568 -C "error" 9569 9570requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9571requires_config_enabled MBEDTLS_RSA_C 9572requires_max_content_len 2048 9573requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9574run_test "DTLS fragmenting: both (MTU=1024)" \ 9575 -p "$P_PXY mtu=1024" \ 9576 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9577 crt_file=data_files/server7_int-ca.crt \ 9578 key_file=data_files/server7.key \ 9579 hs_timeout=2500-60000 \ 9580 mtu=1024" \ 9581 "$P_CLI dtls=1 debug_level=2 \ 9582 crt_file=data_files/server8_int-ca2.crt \ 9583 key_file=data_files/server8.key \ 9584 hs_timeout=2500-60000 \ 9585 mtu=1024" \ 9586 0 \ 9587 -s "found fragmented DTLS handshake message" \ 9588 -c "found fragmented DTLS handshake message" \ 9589 -C "error" 9590 9591# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 9592requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9593requires_config_enabled MBEDTLS_RSA_C 9594requires_hash_alg SHA_256 9595requires_config_enabled MBEDTLS_AES_C 9596requires_config_enabled MBEDTLS_GCM_C 9597requires_max_content_len 2048 9598run_test "DTLS fragmenting: both (MTU=512)" \ 9599 -p "$P_PXY mtu=512" \ 9600 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9601 crt_file=data_files/server7_int-ca.crt \ 9602 key_file=data_files/server7.key \ 9603 hs_timeout=2500-60000 \ 9604 mtu=512" \ 9605 "$P_CLI dtls=1 debug_level=2 \ 9606 crt_file=data_files/server8_int-ca2.crt \ 9607 key_file=data_files/server8.key \ 9608 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9609 hs_timeout=2500-60000 \ 9610 mtu=512" \ 9611 0 \ 9612 -s "found fragmented DTLS handshake message" \ 9613 -c "found fragmented DTLS handshake message" \ 9614 -C "error" 9615 9616# Test for automatic MTU reduction on repeated resend. 9617# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 9618# The ratio of max/min timeout should ideally equal 4 to accept two 9619# retransmissions, but in some cases (like both the server and client using 9620# fragmentation and auto-reduction) an extra retransmission might occur, 9621# hence the ratio of 8. 9622not_with_valgrind 9623requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9624requires_config_enabled MBEDTLS_RSA_C 9625requires_config_enabled MBEDTLS_AES_C 9626requires_config_enabled MBEDTLS_GCM_C 9627requires_max_content_len 2048 9628run_test "DTLS fragmenting: proxy MTU: auto-reduction (not valgrind)" \ 9629 -p "$P_PXY mtu=508" \ 9630 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9631 crt_file=data_files/server7_int-ca.crt \ 9632 key_file=data_files/server7.key \ 9633 hs_timeout=400-3200" \ 9634 "$P_CLI dtls=1 debug_level=2 \ 9635 crt_file=data_files/server8_int-ca2.crt \ 9636 key_file=data_files/server8.key \ 9637 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9638 hs_timeout=400-3200" \ 9639 0 \ 9640 -s "found fragmented DTLS handshake message" \ 9641 -c "found fragmented DTLS handshake message" \ 9642 -C "error" 9643 9644# Forcing ciphersuite for this test to fit the MTU of 508 with full config. 9645only_with_valgrind 9646requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9647requires_config_enabled MBEDTLS_RSA_C 9648requires_config_enabled MBEDTLS_AES_C 9649requires_config_enabled MBEDTLS_GCM_C 9650requires_max_content_len 2048 9651run_test "DTLS fragmenting: proxy MTU: auto-reduction (with valgrind)" \ 9652 -p "$P_PXY mtu=508" \ 9653 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9654 crt_file=data_files/server7_int-ca.crt \ 9655 key_file=data_files/server7.key \ 9656 hs_timeout=250-10000" \ 9657 "$P_CLI dtls=1 debug_level=2 \ 9658 crt_file=data_files/server8_int-ca2.crt \ 9659 key_file=data_files/server8.key \ 9660 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9661 hs_timeout=250-10000" \ 9662 0 \ 9663 -s "found fragmented DTLS handshake message" \ 9664 -c "found fragmented DTLS handshake message" \ 9665 -C "error" 9666 9667# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 9668# OTOH the client might resend if the server is to slow to reset after sending 9669# a HelloVerifyRequest, so only check for no retransmission server-side 9670not_with_valgrind # spurious autoreduction due to timeout 9671requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9672requires_config_enabled MBEDTLS_RSA_C 9673requires_max_content_len 2048 9674requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9675run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=1024)" \ 9676 -p "$P_PXY mtu=1024" \ 9677 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9678 crt_file=data_files/server7_int-ca.crt \ 9679 key_file=data_files/server7.key \ 9680 hs_timeout=10000-60000 \ 9681 mtu=1024" \ 9682 "$P_CLI dtls=1 debug_level=2 \ 9683 crt_file=data_files/server8_int-ca2.crt \ 9684 key_file=data_files/server8.key \ 9685 hs_timeout=10000-60000 \ 9686 mtu=1024" \ 9687 0 \ 9688 -S "autoreduction" \ 9689 -s "found fragmented DTLS handshake message" \ 9690 -c "found fragmented DTLS handshake message" \ 9691 -C "error" 9692 9693# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 9694# the proxy shouldn't drop or mess up anything, so we shouldn't need to resend 9695# OTOH the client might resend if the server is to slow to reset after sending 9696# a HelloVerifyRequest, so only check for no retransmission server-side 9697not_with_valgrind # spurious autoreduction due to timeout 9698requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9699requires_config_enabled MBEDTLS_RSA_C 9700requires_config_enabled MBEDTLS_AES_C 9701requires_config_enabled MBEDTLS_GCM_C 9702requires_max_content_len 2048 9703run_test "DTLS fragmenting: proxy MTU, simple handshake (MTU=512)" \ 9704 -p "$P_PXY mtu=512" \ 9705 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9706 crt_file=data_files/server7_int-ca.crt \ 9707 key_file=data_files/server7.key \ 9708 hs_timeout=10000-60000 \ 9709 mtu=512" \ 9710 "$P_CLI dtls=1 debug_level=2 \ 9711 crt_file=data_files/server8_int-ca2.crt \ 9712 key_file=data_files/server8.key \ 9713 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9714 hs_timeout=10000-60000 \ 9715 mtu=512" \ 9716 0 \ 9717 -S "autoreduction" \ 9718 -s "found fragmented DTLS handshake message" \ 9719 -c "found fragmented DTLS handshake message" \ 9720 -C "error" 9721 9722not_with_valgrind # spurious autoreduction due to timeout 9723requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9724requires_config_enabled MBEDTLS_RSA_C 9725requires_max_content_len 2048 9726requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 9727run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=1024)" \ 9728 -p "$P_PXY mtu=1024" \ 9729 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9730 crt_file=data_files/server7_int-ca.crt \ 9731 key_file=data_files/server7.key \ 9732 hs_timeout=10000-60000 \ 9733 mtu=1024 nbio=2" \ 9734 "$P_CLI dtls=1 debug_level=2 \ 9735 crt_file=data_files/server8_int-ca2.crt \ 9736 key_file=data_files/server8.key \ 9737 hs_timeout=10000-60000 \ 9738 mtu=1024 nbio=2" \ 9739 0 \ 9740 -S "autoreduction" \ 9741 -s "found fragmented DTLS handshake message" \ 9742 -c "found fragmented DTLS handshake message" \ 9743 -C "error" 9744 9745# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 9746not_with_valgrind # spurious autoreduction due to timeout 9747requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9748requires_config_enabled MBEDTLS_RSA_C 9749requires_config_enabled MBEDTLS_AES_C 9750requires_config_enabled MBEDTLS_GCM_C 9751requires_max_content_len 2048 9752run_test "DTLS fragmenting: proxy MTU, simple handshake, nbio (MTU=512)" \ 9753 -p "$P_PXY mtu=512" \ 9754 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9755 crt_file=data_files/server7_int-ca.crt \ 9756 key_file=data_files/server7.key \ 9757 hs_timeout=10000-60000 \ 9758 mtu=512 nbio=2" \ 9759 "$P_CLI dtls=1 debug_level=2 \ 9760 crt_file=data_files/server8_int-ca2.crt \ 9761 key_file=data_files/server8.key \ 9762 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9763 hs_timeout=10000-60000 \ 9764 mtu=512 nbio=2" \ 9765 0 \ 9766 -S "autoreduction" \ 9767 -s "found fragmented DTLS handshake message" \ 9768 -c "found fragmented DTLS handshake message" \ 9769 -C "error" 9770 9771# Forcing ciphersuite for this test to fit the MTU of 1450 with full config. 9772# This ensures things still work after session_reset(). 9773# It also exercises the "resumed handshake" flow. 9774# Since we don't support reading fragmented ClientHello yet, 9775# up the MTU to 1450 (larger than ClientHello with session ticket, 9776# but still smaller than client's Certificate to ensure fragmentation). 9777# An autoreduction on the client-side might happen if the server is 9778# slow to reset, therefore omitting '-C "autoreduction"' below. 9779# reco_delay avoids races where the client reconnects before the server has 9780# resumed listening, which would result in a spurious autoreduction. 9781not_with_valgrind # spurious autoreduction due to timeout 9782requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9783requires_config_enabled MBEDTLS_RSA_C 9784requires_config_enabled MBEDTLS_AES_C 9785requires_config_enabled MBEDTLS_GCM_C 9786requires_max_content_len 2048 9787run_test "DTLS fragmenting: proxy MTU, resumed handshake" \ 9788 -p "$P_PXY mtu=1450" \ 9789 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9790 crt_file=data_files/server7_int-ca.crt \ 9791 key_file=data_files/server7.key \ 9792 hs_timeout=10000-60000 \ 9793 mtu=1450" \ 9794 "$P_CLI dtls=1 debug_level=2 \ 9795 crt_file=data_files/server8_int-ca2.crt \ 9796 key_file=data_files/server8.key \ 9797 hs_timeout=10000-60000 \ 9798 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9799 mtu=1450 reconnect=1 skip_close_notify=1 reco_delay=1000" \ 9800 0 \ 9801 -S "autoreduction" \ 9802 -s "found fragmented DTLS handshake message" \ 9803 -c "found fragmented DTLS handshake message" \ 9804 -C "error" 9805 9806# An autoreduction on the client-side might happen if the server is 9807# slow to reset, therefore omitting '-C "autoreduction"' below. 9808not_with_valgrind # spurious autoreduction due to timeout 9809requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9810requires_config_enabled MBEDTLS_RSA_C 9811requires_hash_alg SHA_256 9812requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9813requires_config_enabled MBEDTLS_CHACHAPOLY_C 9814requires_max_content_len 2048 9815run_test "DTLS fragmenting: proxy MTU, ChachaPoly renego" \ 9816 -p "$P_PXY mtu=512" \ 9817 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9818 crt_file=data_files/server7_int-ca.crt \ 9819 key_file=data_files/server7.key \ 9820 exchanges=2 renegotiation=1 \ 9821 hs_timeout=10000-60000 \ 9822 mtu=512" \ 9823 "$P_CLI dtls=1 debug_level=2 \ 9824 crt_file=data_files/server8_int-ca2.crt \ 9825 key_file=data_files/server8.key \ 9826 exchanges=2 renegotiation=1 renegotiate=1 \ 9827 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9828 hs_timeout=10000-60000 \ 9829 mtu=512" \ 9830 0 \ 9831 -S "autoreduction" \ 9832 -s "found fragmented DTLS handshake message" \ 9833 -c "found fragmented DTLS handshake message" \ 9834 -C "error" 9835 9836# An autoreduction on the client-side might happen if the server is 9837# slow to reset, therefore omitting '-C "autoreduction"' below. 9838not_with_valgrind # spurious autoreduction due to timeout 9839requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9840requires_config_enabled MBEDTLS_RSA_C 9841requires_hash_alg SHA_256 9842requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9843requires_config_enabled MBEDTLS_AES_C 9844requires_config_enabled MBEDTLS_GCM_C 9845requires_max_content_len 2048 9846run_test "DTLS fragmenting: proxy MTU, AES-GCM renego" \ 9847 -p "$P_PXY mtu=512" \ 9848 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9849 crt_file=data_files/server7_int-ca.crt \ 9850 key_file=data_files/server7.key \ 9851 exchanges=2 renegotiation=1 \ 9852 hs_timeout=10000-60000 \ 9853 mtu=512" \ 9854 "$P_CLI dtls=1 debug_level=2 \ 9855 crt_file=data_files/server8_int-ca2.crt \ 9856 key_file=data_files/server8.key \ 9857 exchanges=2 renegotiation=1 renegotiate=1 \ 9858 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9859 hs_timeout=10000-60000 \ 9860 mtu=512" \ 9861 0 \ 9862 -S "autoreduction" \ 9863 -s "found fragmented DTLS handshake message" \ 9864 -c "found fragmented DTLS handshake message" \ 9865 -C "error" 9866 9867# An autoreduction on the client-side might happen if the server is 9868# slow to reset, therefore omitting '-C "autoreduction"' below. 9869not_with_valgrind # spurious autoreduction due to timeout 9870requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9871requires_config_enabled MBEDTLS_RSA_C 9872requires_hash_alg SHA_256 9873requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9874requires_config_enabled MBEDTLS_AES_C 9875requires_config_enabled MBEDTLS_CCM_C 9876requires_max_content_len 2048 9877run_test "DTLS fragmenting: proxy MTU, AES-CCM renego" \ 9878 -p "$P_PXY mtu=1024" \ 9879 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9880 crt_file=data_files/server7_int-ca.crt \ 9881 key_file=data_files/server7.key \ 9882 exchanges=2 renegotiation=1 \ 9883 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8 \ 9884 hs_timeout=10000-60000 \ 9885 mtu=1024" \ 9886 "$P_CLI dtls=1 debug_level=2 \ 9887 crt_file=data_files/server8_int-ca2.crt \ 9888 key_file=data_files/server8.key \ 9889 exchanges=2 renegotiation=1 renegotiate=1 \ 9890 hs_timeout=10000-60000 \ 9891 mtu=1024" \ 9892 0 \ 9893 -S "autoreduction" \ 9894 -s "found fragmented DTLS handshake message" \ 9895 -c "found fragmented DTLS handshake message" \ 9896 -C "error" 9897 9898# An autoreduction on the client-side might happen if the server is 9899# slow to reset, therefore omitting '-C "autoreduction"' below. 9900not_with_valgrind # spurious autoreduction due to timeout 9901requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9902requires_config_enabled MBEDTLS_RSA_C 9903requires_hash_alg SHA_256 9904requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9905requires_config_enabled MBEDTLS_AES_C 9906requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9907requires_config_enabled MBEDTLS_SSL_ENCRYPT_THEN_MAC 9908requires_max_content_len 2048 9909run_test "DTLS fragmenting: proxy MTU, AES-CBC EtM renego" \ 9910 -p "$P_PXY mtu=1024" \ 9911 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9912 crt_file=data_files/server7_int-ca.crt \ 9913 key_file=data_files/server7.key \ 9914 exchanges=2 renegotiation=1 \ 9915 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 \ 9916 hs_timeout=10000-60000 \ 9917 mtu=1024" \ 9918 "$P_CLI dtls=1 debug_level=2 \ 9919 crt_file=data_files/server8_int-ca2.crt \ 9920 key_file=data_files/server8.key \ 9921 exchanges=2 renegotiation=1 renegotiate=1 \ 9922 hs_timeout=10000-60000 \ 9923 mtu=1024" \ 9924 0 \ 9925 -S "autoreduction" \ 9926 -s "found fragmented DTLS handshake message" \ 9927 -c "found fragmented DTLS handshake message" \ 9928 -C "error" 9929 9930# An autoreduction on the client-side might happen if the server is 9931# slow to reset, therefore omitting '-C "autoreduction"' below. 9932not_with_valgrind # spurious autoreduction due to timeout 9933requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9934requires_config_enabled MBEDTLS_RSA_C 9935requires_hash_alg SHA_256 9936requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 9937requires_config_enabled MBEDTLS_AES_C 9938requires_config_enabled MBEDTLS_CIPHER_MODE_CBC 9939requires_max_content_len 2048 9940run_test "DTLS fragmenting: proxy MTU, AES-CBC non-EtM renego" \ 9941 -p "$P_PXY mtu=1024" \ 9942 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9943 crt_file=data_files/server7_int-ca.crt \ 9944 key_file=data_files/server7.key \ 9945 exchanges=2 renegotiation=1 \ 9946 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CBC-SHA256 etm=0 \ 9947 hs_timeout=10000-60000 \ 9948 mtu=1024" \ 9949 "$P_CLI dtls=1 debug_level=2 \ 9950 crt_file=data_files/server8_int-ca2.crt \ 9951 key_file=data_files/server8.key \ 9952 exchanges=2 renegotiation=1 renegotiate=1 \ 9953 hs_timeout=10000-60000 \ 9954 mtu=1024" \ 9955 0 \ 9956 -S "autoreduction" \ 9957 -s "found fragmented DTLS handshake message" \ 9958 -c "found fragmented DTLS handshake message" \ 9959 -C "error" 9960 9961# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 9962requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9963requires_config_enabled MBEDTLS_RSA_C 9964requires_config_enabled MBEDTLS_AES_C 9965requires_config_enabled MBEDTLS_GCM_C 9966client_needs_more_time 2 9967requires_max_content_len 2048 9968run_test "DTLS fragmenting: proxy MTU + 3d" \ 9969 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 9970 "$P_SRV dgram_packing=0 dtls=1 debug_level=2 auth_mode=required \ 9971 crt_file=data_files/server7_int-ca.crt \ 9972 key_file=data_files/server7.key \ 9973 hs_timeout=250-10000 mtu=512" \ 9974 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 9975 crt_file=data_files/server8_int-ca2.crt \ 9976 key_file=data_files/server8.key \ 9977 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 9978 hs_timeout=250-10000 mtu=512" \ 9979 0 \ 9980 -s "found fragmented DTLS handshake message" \ 9981 -c "found fragmented DTLS handshake message" \ 9982 -C "error" 9983 9984# Forcing ciphersuite for this test to fit the MTU of 512 with full config. 9985requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 9986requires_config_enabled MBEDTLS_RSA_C 9987requires_config_enabled MBEDTLS_AES_C 9988requires_config_enabled MBEDTLS_GCM_C 9989client_needs_more_time 2 9990requires_max_content_len 2048 9991run_test "DTLS fragmenting: proxy MTU + 3d, nbio" \ 9992 -p "$P_PXY mtu=512 drop=8 delay=8 duplicate=8" \ 9993 "$P_SRV dtls=1 debug_level=2 auth_mode=required \ 9994 crt_file=data_files/server7_int-ca.crt \ 9995 key_file=data_files/server7.key \ 9996 hs_timeout=250-10000 mtu=512 nbio=2" \ 9997 "$P_CLI dtls=1 debug_level=2 \ 9998 crt_file=data_files/server8_int-ca2.crt \ 9999 key_file=data_files/server8.key \ 10000 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 \ 10001 hs_timeout=250-10000 mtu=512 nbio=2" \ 10002 0 \ 10003 -s "found fragmented DTLS handshake message" \ 10004 -c "found fragmented DTLS handshake message" \ 10005 -C "error" 10006 10007# interop tests for DTLS fragmentating with reliable connection 10008# 10009# here and below we just want to test that the we fragment in a way that 10010# pleases other implementations, so we don't need the peer to fragment 10011requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10012requires_config_enabled MBEDTLS_RSA_C 10013requires_gnutls 10014requires_max_content_len 2048 10015run_test "DTLS fragmenting: gnutls server, DTLS 1.2" \ 10016 "$G_SRV -u" \ 10017 "$P_CLI dtls=1 debug_level=2 \ 10018 crt_file=data_files/server8_int-ca2.crt \ 10019 key_file=data_files/server8.key \ 10020 mtu=512 force_version=dtls12" \ 10021 0 \ 10022 -c "fragmenting handshake message" \ 10023 -C "error" 10024 10025# We use --insecure for the GnuTLS client because it expects 10026# the hostname / IP it connects to to be the name used in the 10027# certificate obtained from the server. Here, however, it 10028# connects to 127.0.0.1 while our test certificates use 'localhost' 10029# as the server name in the certificate. This will make the 10030# certificate validation fail, but passing --insecure makes 10031# GnuTLS continue the connection nonetheless. 10032requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10033requires_config_enabled MBEDTLS_RSA_C 10034requires_gnutls 10035requires_not_i686 10036requires_max_content_len 2048 10037run_test "DTLS fragmenting: gnutls client, DTLS 1.2" \ 10038 "$P_SRV dtls=1 debug_level=2 \ 10039 crt_file=data_files/server7_int-ca.crt \ 10040 key_file=data_files/server7.key \ 10041 mtu=512 force_version=dtls12" \ 10042 "$G_CLI -u --insecure 127.0.0.1" \ 10043 0 \ 10044 -s "fragmenting handshake message" 10045 10046requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10047requires_config_enabled MBEDTLS_RSA_C 10048requires_max_content_len 2048 10049run_test "DTLS fragmenting: openssl server, DTLS 1.2" \ 10050 "$O_SRV -dtls1_2 -verify 10" \ 10051 "$P_CLI dtls=1 debug_level=2 \ 10052 crt_file=data_files/server8_int-ca2.crt \ 10053 key_file=data_files/server8.key \ 10054 mtu=512 force_version=dtls12" \ 10055 0 \ 10056 -c "fragmenting handshake message" \ 10057 -C "error" 10058 10059requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10060requires_config_enabled MBEDTLS_RSA_C 10061requires_max_content_len 2048 10062run_test "DTLS fragmenting: openssl client, DTLS 1.2" \ 10063 "$P_SRV dtls=1 debug_level=2 \ 10064 crt_file=data_files/server7_int-ca.crt \ 10065 key_file=data_files/server7.key \ 10066 mtu=512 force_version=dtls12" \ 10067 "$O_CLI -dtls1_2" \ 10068 0 \ 10069 -s "fragmenting handshake message" 10070 10071# interop tests for DTLS fragmentating with unreliable connection 10072# 10073# again we just want to test that the we fragment in a way that 10074# pleases other implementations, so we don't need the peer to fragment 10075requires_gnutls_next 10076requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10077requires_config_enabled MBEDTLS_RSA_C 10078client_needs_more_time 4 10079requires_max_content_len 2048 10080run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.2" \ 10081 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 10082 "$G_NEXT_SRV -u" \ 10083 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10084 crt_file=data_files/server8_int-ca2.crt \ 10085 key_file=data_files/server8.key \ 10086 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 10087 0 \ 10088 -c "fragmenting handshake message" \ 10089 -C "error" 10090 10091requires_gnutls_next 10092requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10093requires_config_enabled MBEDTLS_RSA_C 10094client_needs_more_time 4 10095requires_max_content_len 2048 10096run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ 10097 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 10098 "$P_SRV dtls=1 debug_level=2 \ 10099 crt_file=data_files/server7_int-ca.crt \ 10100 key_file=data_files/server7.key \ 10101 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 10102 "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 10103 0 \ 10104 -s "fragmenting handshake message" 10105 10106## The test below requires 1.1.1a or higher version of openssl, otherwise 10107## it might trigger a bug due to openssl server (https://github.com/openssl/openssl/issues/6902) 10108requires_openssl_next 10109requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10110requires_config_enabled MBEDTLS_RSA_C 10111client_needs_more_time 4 10112requires_max_content_len 2048 10113run_test "DTLS fragmenting: 3d, openssl server, DTLS 1.2" \ 10114 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 10115 "$O_NEXT_SRV -dtls1_2 -verify 10" \ 10116 "$P_CLI dtls=1 debug_level=2 \ 10117 crt_file=data_files/server8_int-ca2.crt \ 10118 key_file=data_files/server8.key \ 10119 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 10120 0 \ 10121 -c "fragmenting handshake message" \ 10122 -C "error" 10123 10124## the test below will time out with certain seed. 10125## The cause is an openssl bug (https://github.com/openssl/openssl/issues/18887) 10126skip_next_test 10127requires_config_enabled MBEDTLS_SSL_PROTO_DTLS 10128requires_config_enabled MBEDTLS_RSA_C 10129client_needs_more_time 4 10130requires_max_content_len 2048 10131run_test "DTLS fragmenting: 3d, openssl client, DTLS 1.2" \ 10132 -p "$P_PXY drop=8 delay=8 duplicate=8" \ 10133 "$P_SRV dtls=1 debug_level=2 \ 10134 crt_file=data_files/server7_int-ca.crt \ 10135 key_file=data_files/server7.key \ 10136 hs_timeout=250-60000 mtu=512 force_version=dtls12" \ 10137 "$O_CLI -dtls1_2" \ 10138 0 \ 10139 -s "fragmenting handshake message" 10140 10141# Tests for DTLS-SRTP (RFC 5764) 10142requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10143requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10144run_test "DTLS-SRTP all profiles supported" \ 10145 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10146 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10147 0 \ 10148 -s "found use_srtp extension" \ 10149 -s "found srtp profile" \ 10150 -s "selected srtp profile" \ 10151 -s "server hello, adding use_srtp extension" \ 10152 -s "DTLS-SRTP key material is"\ 10153 -c "client hello, adding use_srtp extension" \ 10154 -c "found use_srtp extension" \ 10155 -c "found srtp profile" \ 10156 -c "selected srtp profile" \ 10157 -c "DTLS-SRTP key material is"\ 10158 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10159 -C "error" 10160 10161 10162requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10163requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10164run_test "DTLS-SRTP server supports all profiles. Client supports one profile." \ 10165 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10166 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=5 debug_level=3" \ 10167 0 \ 10168 -s "found use_srtp extension" \ 10169 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 10170 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 10171 -s "server hello, adding use_srtp extension" \ 10172 -s "DTLS-SRTP key material is"\ 10173 -c "client hello, adding use_srtp extension" \ 10174 -c "found use_srtp extension" \ 10175 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 10176 -c "selected srtp profile" \ 10177 -c "DTLS-SRTP key material is"\ 10178 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10179 -C "error" 10180 10181requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10182requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10183run_test "DTLS-SRTP server supports one profile. Client supports all profiles." \ 10184 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 10185 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10186 0 \ 10187 -s "found use_srtp extension" \ 10188 -s "found srtp profile" \ 10189 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 10190 -s "server hello, adding use_srtp extension" \ 10191 -s "DTLS-SRTP key material is"\ 10192 -c "client hello, adding use_srtp extension" \ 10193 -c "found use_srtp extension" \ 10194 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 10195 -c "selected srtp profile" \ 10196 -c "DTLS-SRTP key material is"\ 10197 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10198 -C "error" 10199 10200requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10201requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10202run_test "DTLS-SRTP server and Client support only one matching profile." \ 10203 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10204 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10205 0 \ 10206 -s "found use_srtp extension" \ 10207 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10208 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10209 -s "server hello, adding use_srtp extension" \ 10210 -s "DTLS-SRTP key material is"\ 10211 -c "client hello, adding use_srtp extension" \ 10212 -c "found use_srtp extension" \ 10213 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10214 -c "selected srtp profile" \ 10215 -c "DTLS-SRTP key material is"\ 10216 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10217 -C "error" 10218 10219requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10220requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10221run_test "DTLS-SRTP server and Client support only one different profile." \ 10222 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10223 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 10224 0 \ 10225 -s "found use_srtp extension" \ 10226 -s "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 10227 -S "selected srtp profile" \ 10228 -S "server hello, adding use_srtp extension" \ 10229 -S "DTLS-SRTP key material is"\ 10230 -c "client hello, adding use_srtp extension" \ 10231 -C "found use_srtp extension" \ 10232 -C "found srtp profile" \ 10233 -C "selected srtp profile" \ 10234 -C "DTLS-SRTP key material is"\ 10235 -C "error" 10236 10237requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10238requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10239run_test "DTLS-SRTP server doesn't support use_srtp extension." \ 10240 "$P_SRV dtls=1 debug_level=3" \ 10241 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10242 0 \ 10243 -s "found use_srtp extension" \ 10244 -S "server hello, adding use_srtp extension" \ 10245 -S "DTLS-SRTP key material is"\ 10246 -c "client hello, adding use_srtp extension" \ 10247 -C "found use_srtp extension" \ 10248 -C "found srtp profile" \ 10249 -C "selected srtp profile" \ 10250 -C "DTLS-SRTP key material is"\ 10251 -C "error" 10252 10253requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10254requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10255run_test "DTLS-SRTP all profiles supported. mki used" \ 10256 "$P_SRV dtls=1 use_srtp=1 support_mki=1 debug_level=3" \ 10257 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 10258 0 \ 10259 -s "found use_srtp extension" \ 10260 -s "found srtp profile" \ 10261 -s "selected srtp profile" \ 10262 -s "server hello, adding use_srtp extension" \ 10263 -s "dumping 'using mki' (8 bytes)" \ 10264 -s "DTLS-SRTP key material is"\ 10265 -c "client hello, adding use_srtp extension" \ 10266 -c "found use_srtp extension" \ 10267 -c "found srtp profile" \ 10268 -c "selected srtp profile" \ 10269 -c "dumping 'sending mki' (8 bytes)" \ 10270 -c "dumping 'received mki' (8 bytes)" \ 10271 -c "DTLS-SRTP key material is"\ 10272 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10273 -g "find_in_both '^ *DTLS-SRTP mki value: [0-9A-F]*$'"\ 10274 -C "error" 10275 10276requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10277requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10278run_test "DTLS-SRTP all profiles supported. server doesn't support mki." \ 10279 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10280 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 10281 0 \ 10282 -s "found use_srtp extension" \ 10283 -s "found srtp profile" \ 10284 -s "selected srtp profile" \ 10285 -s "server hello, adding use_srtp extension" \ 10286 -s "DTLS-SRTP key material is"\ 10287 -s "DTLS-SRTP no mki value negotiated"\ 10288 -S "dumping 'using mki' (8 bytes)" \ 10289 -c "client hello, adding use_srtp extension" \ 10290 -c "found use_srtp extension" \ 10291 -c "found srtp profile" \ 10292 -c "selected srtp profile" \ 10293 -c "DTLS-SRTP key material is"\ 10294 -c "DTLS-SRTP no mki value negotiated"\ 10295 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10296 -c "dumping 'sending mki' (8 bytes)" \ 10297 -C "dumping 'received mki' (8 bytes)" \ 10298 -C "error" 10299 10300requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10301requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10302run_test "DTLS-SRTP all profiles supported. openssl client." \ 10303 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10304 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10305 0 \ 10306 -s "found use_srtp extension" \ 10307 -s "found srtp profile" \ 10308 -s "selected srtp profile" \ 10309 -s "server hello, adding use_srtp extension" \ 10310 -s "DTLS-SRTP key material is"\ 10311 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10312 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_80" 10313 10314requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10315requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10316run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl client." \ 10317 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10318 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10319 0 \ 10320 -s "found use_srtp extension" \ 10321 -s "found srtp profile" \ 10322 -s "selected srtp profile" \ 10323 -s "server hello, adding use_srtp extension" \ 10324 -s "DTLS-SRTP key material is"\ 10325 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10326 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 10327 10328requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10329requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10330run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl client." \ 10331 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10332 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10333 0 \ 10334 -s "found use_srtp extension" \ 10335 -s "found srtp profile" \ 10336 -s "selected srtp profile" \ 10337 -s "server hello, adding use_srtp extension" \ 10338 -s "DTLS-SRTP key material is"\ 10339 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10340 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 10341 10342requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10343requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10344run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl client." \ 10345 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10346 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10347 0 \ 10348 -s "found use_srtp extension" \ 10349 -s "found srtp profile" \ 10350 -s "selected srtp profile" \ 10351 -s "server hello, adding use_srtp extension" \ 10352 -s "DTLS-SRTP key material is"\ 10353 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10354 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 10355 10356requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10357requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10358run_test "DTLS-SRTP server and Client support only one matching profile. openssl client." \ 10359 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10360 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10361 0 \ 10362 -s "found use_srtp extension" \ 10363 -s "found srtp profile" \ 10364 -s "selected srtp profile" \ 10365 -s "server hello, adding use_srtp extension" \ 10366 -s "DTLS-SRTP key material is"\ 10367 -g "find_in_both '^ *Keying material: [0-9A-F]*$'"\ 10368 -c "SRTP Extension negotiated, profile=SRTP_AES128_CM_SHA1_32" 10369 10370requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10372run_test "DTLS-SRTP server and Client support only one different profile. openssl client." \ 10373 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 10374 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10375 0 \ 10376 -s "found use_srtp extension" \ 10377 -s "found srtp profile" \ 10378 -S "selected srtp profile" \ 10379 -S "server hello, adding use_srtp extension" \ 10380 -S "DTLS-SRTP key material is"\ 10381 -C "SRTP Extension negotiated, profile" 10382 10383requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10384requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10385run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl client" \ 10386 "$P_SRV dtls=1 debug_level=3" \ 10387 "$O_CLI -dtls -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10388 0 \ 10389 -s "found use_srtp extension" \ 10390 -S "server hello, adding use_srtp extension" \ 10391 -S "DTLS-SRTP key material is"\ 10392 -C "SRTP Extension negotiated, profile" 10393 10394requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10395requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10396run_test "DTLS-SRTP all profiles supported. openssl server" \ 10397 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10398 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10399 0 \ 10400 -c "client hello, adding use_srtp extension" \ 10401 -c "found use_srtp extension" \ 10402 -c "found srtp profile" \ 10403 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 10404 -c "DTLS-SRTP key material is"\ 10405 -C "error" 10406 10407requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10408requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10409run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. openssl server." \ 10410 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32:SRTP_AES128_CM_SHA1_80 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10411 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10412 0 \ 10413 -c "client hello, adding use_srtp extension" \ 10414 -c "found use_srtp extension" \ 10415 -c "found srtp profile" \ 10416 -c "selected srtp profile" \ 10417 -c "DTLS-SRTP key material is"\ 10418 -C "error" 10419 10420requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10421requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10422run_test "DTLS-SRTP server supports all profiles. Client supports one profile. openssl server." \ 10423 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10424 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10425 0 \ 10426 -c "client hello, adding use_srtp extension" \ 10427 -c "found use_srtp extension" \ 10428 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10429 -c "selected srtp profile" \ 10430 -c "DTLS-SRTP key material is"\ 10431 -C "error" 10432 10433requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10434requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10435run_test "DTLS-SRTP server supports one profile. Client supports all profiles. openssl server." \ 10436 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10437 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10438 0 \ 10439 -c "client hello, adding use_srtp extension" \ 10440 -c "found use_srtp extension" \ 10441 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10442 -c "selected srtp profile" \ 10443 -c "DTLS-SRTP key material is"\ 10444 -C "error" 10445 10446requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10447requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10448run_test "DTLS-SRTP server and Client support only one matching profile. openssl server." \ 10449 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10450 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10451 0 \ 10452 -c "client hello, adding use_srtp extension" \ 10453 -c "found use_srtp extension" \ 10454 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10455 -c "selected srtp profile" \ 10456 -c "DTLS-SRTP key material is"\ 10457 -C "error" 10458 10459requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10460requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10461run_test "DTLS-SRTP server and Client support only one different profile. openssl server." \ 10462 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10463 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 10464 0 \ 10465 -c "client hello, adding use_srtp extension" \ 10466 -C "found use_srtp extension" \ 10467 -C "found srtp profile" \ 10468 -C "selected srtp profile" \ 10469 -C "DTLS-SRTP key material is"\ 10470 -C "error" 10471 10472requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10473requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10474run_test "DTLS-SRTP server doesn't support use_srtp extension. openssl server" \ 10475 "$O_SRV -dtls" \ 10476 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10477 0 \ 10478 -c "client hello, adding use_srtp extension" \ 10479 -C "found use_srtp extension" \ 10480 -C "found srtp profile" \ 10481 -C "selected srtp profile" \ 10482 -C "DTLS-SRTP key material is"\ 10483 -C "error" 10484 10485requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10486requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10487run_test "DTLS-SRTP all profiles supported. server doesn't support mki. openssl server." \ 10488 "$O_SRV -dtls -verify 0 -use_srtp SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32 -keymatexport 'EXTRACTOR-dtls_srtp' -keymatexportlen 60" \ 10489 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 10490 0 \ 10491 -c "client hello, adding use_srtp extension" \ 10492 -c "found use_srtp extension" \ 10493 -c "found srtp profile" \ 10494 -c "selected srtp profile" \ 10495 -c "DTLS-SRTP key material is"\ 10496 -c "DTLS-SRTP no mki value negotiated"\ 10497 -c "dumping 'sending mki' (8 bytes)" \ 10498 -C "dumping 'received mki' (8 bytes)" \ 10499 -C "error" 10500 10501requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10502requires_gnutls 10503requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10504run_test "DTLS-SRTP all profiles supported. gnutls client." \ 10505 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10506 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 10507 0 \ 10508 -s "found use_srtp extension" \ 10509 -s "found srtp profile" \ 10510 -s "selected srtp profile" \ 10511 -s "server hello, adding use_srtp extension" \ 10512 -s "DTLS-SRTP key material is"\ 10513 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_80" 10514 10515requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10516requires_gnutls 10517requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10518run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls client." \ 10519 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10520 "$G_CLI -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 10521 0 \ 10522 -s "found use_srtp extension" \ 10523 -s "found srtp profile" \ 10524 -s "selected srtp profile" \ 10525 -s "server hello, adding use_srtp extension" \ 10526 -s "DTLS-SRTP key material is"\ 10527 -c "SRTP profile: SRTP_NULL_HMAC_SHA1_80" 10528 10529requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10530requires_gnutls 10531requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10532run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls client." \ 10533 "$P_SRV dtls=1 use_srtp=1 debug_level=3" \ 10534 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 10535 0 \ 10536 -s "found use_srtp extension" \ 10537 -s "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10538 -s "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10539 -s "server hello, adding use_srtp extension" \ 10540 -s "DTLS-SRTP key material is"\ 10541 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 10542 10543requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10544requires_gnutls 10545requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10546run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls client." \ 10547 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 10548 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 10549 0 \ 10550 -s "found use_srtp extension" \ 10551 -s "found srtp profile" \ 10552 -s "selected srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_32" \ 10553 -s "server hello, adding use_srtp extension" \ 10554 -s "DTLS-SRTP key material is"\ 10555 -c "SRTP profile: SRTP_NULL_SHA1_32" 10556 10557requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10558requires_gnutls 10559requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10560run_test "DTLS-SRTP server and Client support only one matching profile. gnutls client." \ 10561 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10562 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 10563 0 \ 10564 -s "found use_srtp extension" \ 10565 -s "found srtp profile" \ 10566 -s "selected srtp profile" \ 10567 -s "server hello, adding use_srtp extension" \ 10568 -s "DTLS-SRTP key material is"\ 10569 -c "SRTP profile: SRTP_AES128_CM_HMAC_SHA1_32" 10570 10571requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10572requires_gnutls 10573requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10574run_test "DTLS-SRTP server and Client support only one different profile. gnutls client." \ 10575 "$P_SRV dtls=1 use_srtp=1 srtp_force_profile=1 debug_level=3" \ 10576 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32 --insecure 127.0.0.1" \ 10577 0 \ 10578 -s "found use_srtp extension" \ 10579 -s "found srtp profile" \ 10580 -S "selected srtp profile" \ 10581 -S "server hello, adding use_srtp extension" \ 10582 -S "DTLS-SRTP key material is"\ 10583 -C "SRTP profile:" 10584 10585requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10586requires_gnutls 10587requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10588run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls client" \ 10589 "$P_SRV dtls=1 debug_level=3" \ 10590 "$G_CLI -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32 --insecure 127.0.0.1" \ 10591 0 \ 10592 -s "found use_srtp extension" \ 10593 -S "server hello, adding use_srtp extension" \ 10594 -S "DTLS-SRTP key material is"\ 10595 -C "SRTP profile:" 10596 10597requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10598requires_gnutls 10599requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10600run_test "DTLS-SRTP all profiles supported. gnutls server" \ 10601 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 10602 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10603 0 \ 10604 -c "client hello, adding use_srtp extension" \ 10605 -c "found use_srtp extension" \ 10606 -c "found srtp profile" \ 10607 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 10608 -c "DTLS-SRTP key material is"\ 10609 -C "error" 10610 10611requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10612requires_gnutls 10613requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10614run_test "DTLS-SRTP server supports all profiles. Client supports all profiles, in different order. gnutls server." \ 10615 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 10616 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10617 0 \ 10618 -c "client hello, adding use_srtp extension" \ 10619 -c "found use_srtp extension" \ 10620 -c "found srtp profile" \ 10621 -c "selected srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_80" \ 10622 -c "DTLS-SRTP key material is"\ 10623 -C "error" 10624 10625requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10626requires_gnutls 10627requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10628run_test "DTLS-SRTP server supports all profiles. Client supports one profile. gnutls server." \ 10629 "$G_SRV -u --srtp-profiles=SRTP_NULL_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_AES128_CM_HMAC_SHA1_80:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 10630 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10631 0 \ 10632 -c "client hello, adding use_srtp extension" \ 10633 -c "found use_srtp extension" \ 10634 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10635 -c "selected srtp profile" \ 10636 -c "DTLS-SRTP key material is"\ 10637 -C "error" 10638 10639requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10640requires_gnutls 10641requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10642run_test "DTLS-SRTP server supports one profile. Client supports all profiles. gnutls server." \ 10643 "$G_SRV -u --srtp-profiles=SRTP_NULL_HMAC_SHA1_80" \ 10644 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10645 0 \ 10646 -c "client hello, adding use_srtp extension" \ 10647 -c "found use_srtp extension" \ 10648 -c "found srtp profile: MBEDTLS_TLS_SRTP_NULL_HMAC_SHA1_80" \ 10649 -c "selected srtp profile" \ 10650 -c "DTLS-SRTP key material is"\ 10651 -C "error" 10652 10653requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10654requires_gnutls 10655requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10656run_test "DTLS-SRTP server and Client support only one matching profile. gnutls server." \ 10657 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 10658 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=2 debug_level=3" \ 10659 0 \ 10660 -c "client hello, adding use_srtp extension" \ 10661 -c "found use_srtp extension" \ 10662 -c "found srtp profile: MBEDTLS_TLS_SRTP_AES128_CM_HMAC_SHA1_32" \ 10663 -c "selected srtp profile" \ 10664 -c "DTLS-SRTP key material is"\ 10665 -C "error" 10666 10667requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10668requires_gnutls 10669requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10670run_test "DTLS-SRTP server and Client support only one different profile. gnutls server." \ 10671 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_32" \ 10672 "$P_CLI dtls=1 use_srtp=1 srtp_force_profile=6 debug_level=3" \ 10673 0 \ 10674 -c "client hello, adding use_srtp extension" \ 10675 -C "found use_srtp extension" \ 10676 -C "found srtp profile" \ 10677 -C "selected srtp profile" \ 10678 -C "DTLS-SRTP key material is"\ 10679 -C "error" 10680 10681requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10682requires_gnutls 10683requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10684run_test "DTLS-SRTP server doesn't support use_srtp extension. gnutls server" \ 10685 "$G_SRV -u" \ 10686 "$P_CLI dtls=1 use_srtp=1 debug_level=3" \ 10687 0 \ 10688 -c "client hello, adding use_srtp extension" \ 10689 -C "found use_srtp extension" \ 10690 -C "found srtp profile" \ 10691 -C "selected srtp profile" \ 10692 -C "DTLS-SRTP key material is"\ 10693 -C "error" 10694 10695requires_config_enabled MBEDTLS_SSL_DTLS_SRTP 10696requires_gnutls 10697requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10698run_test "DTLS-SRTP all profiles supported. mki used. gnutls server." \ 10699 "$G_SRV -u --srtp-profiles=SRTP_AES128_CM_HMAC_SHA1_80:SRTP_AES128_CM_HMAC_SHA1_32:SRTP_NULL_HMAC_SHA1_80:SRTP_NULL_SHA1_32" \ 10700 "$P_CLI dtls=1 use_srtp=1 mki=542310ab34290481 debug_level=3" \ 10701 0 \ 10702 -c "client hello, adding use_srtp extension" \ 10703 -c "found use_srtp extension" \ 10704 -c "found srtp profile" \ 10705 -c "selected srtp profile" \ 10706 -c "DTLS-SRTP key material is"\ 10707 -c "DTLS-SRTP mki value:"\ 10708 -c "dumping 'sending mki' (8 bytes)" \ 10709 -c "dumping 'received mki' (8 bytes)" \ 10710 -C "error" 10711 10712# Tests for specific things with "unreliable" UDP connection 10713 10714not_with_valgrind # spurious resend due to timeout 10715requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10716run_test "DTLS proxy: reference" \ 10717 -p "$P_PXY" \ 10718 "$P_SRV dtls=1 debug_level=2 hs_timeout=10000-20000" \ 10719 "$P_CLI dtls=1 debug_level=2 hs_timeout=10000-20000" \ 10720 0 \ 10721 -C "replayed record" \ 10722 -S "replayed record" \ 10723 -C "Buffer record from epoch" \ 10724 -S "Buffer record from epoch" \ 10725 -C "ssl_buffer_message" \ 10726 -S "ssl_buffer_message" \ 10727 -C "discarding invalid record" \ 10728 -S "discarding invalid record" \ 10729 -S "resend" \ 10730 -s "Extra-header:" \ 10731 -c "HTTP/1.0 200 OK" 10732 10733not_with_valgrind # spurious resend due to timeout 10734requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10735run_test "DTLS proxy: duplicate every packet" \ 10736 -p "$P_PXY duplicate=1" \ 10737 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 10738 "$P_CLI dtls=1 dgram_packing=0 debug_level=2 hs_timeout=10000-20000" \ 10739 0 \ 10740 -c "replayed record" \ 10741 -s "replayed record" \ 10742 -c "record from another epoch" \ 10743 -s "record from another epoch" \ 10744 -S "resend" \ 10745 -s "Extra-header:" \ 10746 -c "HTTP/1.0 200 OK" 10747 10748requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10749run_test "DTLS proxy: duplicate every packet, server anti-replay off" \ 10750 -p "$P_PXY duplicate=1" \ 10751 "$P_SRV dtls=1 dgram_packing=0 debug_level=2 anti_replay=0" \ 10752 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 10753 0 \ 10754 -c "replayed record" \ 10755 -S "replayed record" \ 10756 -c "record from another epoch" \ 10757 -s "record from another epoch" \ 10758 -c "resend" \ 10759 -s "resend" \ 10760 -s "Extra-header:" \ 10761 -c "HTTP/1.0 200 OK" 10762 10763requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10764run_test "DTLS proxy: multiple records in same datagram" \ 10765 -p "$P_PXY pack=50" \ 10766 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 10767 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 10768 0 \ 10769 -c "next record in same datagram" \ 10770 -s "next record in same datagram" 10771 10772requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10773run_test "DTLS proxy: multiple records in same datagram, duplicate every packet" \ 10774 -p "$P_PXY pack=50 duplicate=1" \ 10775 "$P_SRV dtls=1 dgram_packing=0 debug_level=2" \ 10776 "$P_CLI dtls=1 dgram_packing=0 debug_level=2" \ 10777 0 \ 10778 -c "next record in same datagram" \ 10779 -s "next record in same datagram" 10780 10781requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10782run_test "DTLS proxy: inject invalid AD record, default badmac_limit" \ 10783 -p "$P_PXY bad_ad=1" \ 10784 "$P_SRV dtls=1 dgram_packing=0 debug_level=1" \ 10785 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 10786 0 \ 10787 -c "discarding invalid record (mac)" \ 10788 -s "discarding invalid record (mac)" \ 10789 -s "Extra-header:" \ 10790 -c "HTTP/1.0 200 OK" \ 10791 -S "too many records with bad MAC" \ 10792 -S "Verification of the message MAC failed" 10793 10794requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10795run_test "DTLS proxy: inject invalid AD record, badmac_limit 1" \ 10796 -p "$P_PXY bad_ad=1" \ 10797 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=1" \ 10798 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 10799 1 \ 10800 -C "discarding invalid record (mac)" \ 10801 -S "discarding invalid record (mac)" \ 10802 -S "Extra-header:" \ 10803 -C "HTTP/1.0 200 OK" \ 10804 -s "too many records with bad MAC" \ 10805 -s "Verification of the message MAC failed" 10806 10807requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10808run_test "DTLS proxy: inject invalid AD record, badmac_limit 2" \ 10809 -p "$P_PXY bad_ad=1" \ 10810 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2" \ 10811 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100" \ 10812 0 \ 10813 -c "discarding invalid record (mac)" \ 10814 -s "discarding invalid record (mac)" \ 10815 -s "Extra-header:" \ 10816 -c "HTTP/1.0 200 OK" \ 10817 -S "too many records with bad MAC" \ 10818 -S "Verification of the message MAC failed" 10819 10820requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10821run_test "DTLS proxy: inject invalid AD record, badmac_limit 2, exchanges 2"\ 10822 -p "$P_PXY bad_ad=1" \ 10823 "$P_SRV dtls=1 dgram_packing=0 debug_level=1 badmac_limit=2 exchanges=2" \ 10824 "$P_CLI dtls=1 dgram_packing=0 debug_level=1 read_timeout=100 exchanges=2" \ 10825 1 \ 10826 -c "discarding invalid record (mac)" \ 10827 -s "discarding invalid record (mac)" \ 10828 -s "Extra-header:" \ 10829 -c "HTTP/1.0 200 OK" \ 10830 -s "too many records with bad MAC" \ 10831 -s "Verification of the message MAC failed" 10832 10833requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10834run_test "DTLS proxy: delay ChangeCipherSpec" \ 10835 -p "$P_PXY delay_ccs=1" \ 10836 "$P_SRV dtls=1 debug_level=1 dgram_packing=0" \ 10837 "$P_CLI dtls=1 debug_level=1 dgram_packing=0" \ 10838 0 \ 10839 -c "record from another epoch" \ 10840 -s "record from another epoch" \ 10841 -s "Extra-header:" \ 10842 -c "HTTP/1.0 200 OK" 10843 10844# Tests for reordering support with DTLS 10845 10846requires_certificate_authentication 10847requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10848run_test "DTLS reordering: Buffer out-of-order handshake message on client" \ 10849 -p "$P_PXY delay_srv=ServerHello" \ 10850 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10851 hs_timeout=2500-60000" \ 10852 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10853 hs_timeout=2500-60000" \ 10854 0 \ 10855 -c "Buffering HS message" \ 10856 -c "Next handshake message has been buffered - load"\ 10857 -S "Buffering HS message" \ 10858 -S "Next handshake message has been buffered - load"\ 10859 -C "Injecting buffered CCS message" \ 10860 -C "Remember CCS message" \ 10861 -S "Injecting buffered CCS message" \ 10862 -S "Remember CCS message" 10863 10864requires_certificate_authentication 10865requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10866run_test "DTLS reordering: Buffer out-of-order handshake message fragment on client" \ 10867 -p "$P_PXY delay_srv=ServerHello" \ 10868 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10869 hs_timeout=2500-60000" \ 10870 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10871 hs_timeout=2500-60000" \ 10872 0 \ 10873 -c "Buffering HS message" \ 10874 -c "found fragmented DTLS handshake message"\ 10875 -c "Next handshake message 1 not or only partially bufffered" \ 10876 -c "Next handshake message has been buffered - load"\ 10877 -S "Buffering HS message" \ 10878 -S "Next handshake message has been buffered - load"\ 10879 -C "Injecting buffered CCS message" \ 10880 -C "Remember CCS message" \ 10881 -S "Injecting buffered CCS message" \ 10882 -S "Remember CCS message" 10883 10884# The client buffers the ServerKeyExchange before receiving the fragmented 10885# Certificate message; at the time of writing, together these are aroudn 1200b 10886# in size, so that the bound below ensures that the certificate can be reassembled 10887# while keeping the ServerKeyExchange. 10888requires_certificate_authentication 10889requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1300 10890requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10891run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next" \ 10892 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 10893 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10894 hs_timeout=2500-60000" \ 10895 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10896 hs_timeout=2500-60000" \ 10897 0 \ 10898 -c "Buffering HS message" \ 10899 -c "Next handshake message has been buffered - load"\ 10900 -C "attempt to make space by freeing buffered messages" \ 10901 -S "Buffering HS message" \ 10902 -S "Next handshake message has been buffered - load"\ 10903 -C "Injecting buffered CCS message" \ 10904 -C "Remember CCS message" \ 10905 -S "Injecting buffered CCS message" \ 10906 -S "Remember CCS message" 10907 10908# The size constraints ensure that the delayed certificate message can't 10909# be reassembled while keeping the ServerKeyExchange message, but it can 10910# when dropping it first. 10911requires_certificate_authentication 10912requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 900 10913requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 1299 10914requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10915run_test "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" \ 10916 -p "$P_PXY delay_srv=Certificate delay_srv=Certificate" \ 10917 "$P_SRV mtu=512 dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10918 hs_timeout=2500-60000" \ 10919 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10920 hs_timeout=2500-60000" \ 10921 0 \ 10922 -c "Buffering HS message" \ 10923 -c "attempt to make space by freeing buffered future messages" \ 10924 -c "Enough space available after freeing buffered HS messages" \ 10925 -S "Buffering HS message" \ 10926 -S "Next handshake message has been buffered - load"\ 10927 -C "Injecting buffered CCS message" \ 10928 -C "Remember CCS message" \ 10929 -S "Injecting buffered CCS message" \ 10930 -S "Remember CCS message" 10931 10932requires_certificate_authentication 10933requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10934run_test "DTLS reordering: Buffer out-of-order handshake message on server" \ 10935 -p "$P_PXY delay_cli=Certificate" \ 10936 "$P_SRV dgram_packing=0 auth_mode=required cookies=0 dtls=1 debug_level=2 \ 10937 hs_timeout=2500-60000" \ 10938 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10939 hs_timeout=2500-60000" \ 10940 0 \ 10941 -C "Buffering HS message" \ 10942 -C "Next handshake message has been buffered - load"\ 10943 -s "Buffering HS message" \ 10944 -s "Next handshake message has been buffered - load" \ 10945 -C "Injecting buffered CCS message" \ 10946 -C "Remember CCS message" \ 10947 -S "Injecting buffered CCS message" \ 10948 -S "Remember CCS message" 10949 10950requires_certificate_authentication 10951requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10952run_test "DTLS reordering: Buffer out-of-order CCS message on client"\ 10953 -p "$P_PXY delay_srv=NewSessionTicket" \ 10954 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10955 hs_timeout=2500-60000" \ 10956 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10957 hs_timeout=2500-60000" \ 10958 0 \ 10959 -C "Buffering HS message" \ 10960 -C "Next handshake message has been buffered - load"\ 10961 -S "Buffering HS message" \ 10962 -S "Next handshake message has been buffered - load" \ 10963 -c "Injecting buffered CCS message" \ 10964 -c "Remember CCS message" \ 10965 -S "Injecting buffered CCS message" \ 10966 -S "Remember CCS message" 10967 10968requires_certificate_authentication 10969requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10970run_test "DTLS reordering: Buffer out-of-order CCS message on server"\ 10971 -p "$P_PXY delay_cli=ClientKeyExchange" \ 10972 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10973 hs_timeout=2500-60000" \ 10974 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10975 hs_timeout=2500-60000" \ 10976 0 \ 10977 -C "Buffering HS message" \ 10978 -C "Next handshake message has been buffered - load"\ 10979 -S "Buffering HS message" \ 10980 -S "Next handshake message has been buffered - load" \ 10981 -C "Injecting buffered CCS message" \ 10982 -C "Remember CCS message" \ 10983 -s "Injecting buffered CCS message" \ 10984 -s "Remember CCS message" 10985 10986requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 10987run_test "DTLS reordering: Buffer encrypted Finished message" \ 10988 -p "$P_PXY delay_ccs=1" \ 10989 "$P_SRV dgram_packing=0 cookies=0 dtls=1 debug_level=2 \ 10990 hs_timeout=2500-60000" \ 10991 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 \ 10992 hs_timeout=2500-60000" \ 10993 0 \ 10994 -s "Buffer record from epoch 1" \ 10995 -s "Found buffered record from current epoch - load" \ 10996 -c "Buffer record from epoch 1" \ 10997 -c "Found buffered record from current epoch - load" 10998 10999# In this test, both the fragmented NewSessionTicket and the ChangeCipherSpec 11000# from the server are delayed, so that the encrypted Finished message 11001# is received and buffered. When the fragmented NewSessionTicket comes 11002# in afterwards, the encrypted Finished message must be freed in order 11003# to make space for the NewSessionTicket to be reassembled. 11004# This works only in very particular circumstances: 11005# - MBEDTLS_SSL_DTLS_MAX_BUFFERING must be large enough to allow buffering 11006# of the NewSessionTicket, but small enough to also allow buffering of 11007# the encrypted Finished message. 11008# - The MTU setting on the server must be so small that the NewSessionTicket 11009# needs to be fragmented. 11010# - All messages sent by the server must be small enough to be either sent 11011# without fragmentation or be reassembled within the bounds of 11012# MBEDTLS_SSL_DTLS_MAX_BUFFERING. Achieve this by testing with a PSK-based 11013# handshake, omitting CRTs. 11014requires_config_value_at_least "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 190 11015requires_config_value_at_most "MBEDTLS_SSL_DTLS_MAX_BUFFERING" 230 11016run_test "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" \ 11017 -p "$P_PXY delay_srv=NewSessionTicket delay_srv=NewSessionTicket delay_ccs=1" \ 11018 "$P_SRV mtu=140 response_size=90 dgram_packing=0 psk=abc123 psk_identity=foo cookies=0 dtls=1 debug_level=2" \ 11019 "$P_CLI dgram_packing=0 dtls=1 debug_level=2 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 psk=abc123 psk_identity=foo" \ 11020 0 \ 11021 -s "Buffer record from epoch 1" \ 11022 -s "Found buffered record from current epoch - load" \ 11023 -c "Buffer record from epoch 1" \ 11024 -C "Found buffered record from current epoch - load" \ 11025 -c "Enough space available after freeing future epoch record" 11026 11027# Tests for "randomly unreliable connection": try a variety of flows and peers 11028 11029client_needs_more_time 2 11030run_test "DTLS proxy: 3d (drop, delay, duplicate), \"short\" PSK handshake" \ 11031 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11032 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11033 psk=abc123" \ 11034 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11035 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11036 0 \ 11037 -s "Extra-header:" \ 11038 -c "HTTP/1.0 200 OK" 11039 11040client_needs_more_time 2 11041run_test "DTLS proxy: 3d, \"short\" RSA handshake" \ 11042 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11043 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 11044 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 \ 11045 force_ciphersuite=TLS-RSA-WITH-AES-128-CBC-SHA" \ 11046 0 \ 11047 -s "Extra-header:" \ 11048 -c "HTTP/1.0 200 OK" 11049 11050client_needs_more_time 2 11051requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11052run_test "DTLS proxy: 3d, \"short\" (no ticket, no cli_auth) FS handshake" \ 11053 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11054 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none" \ 11055 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 11056 0 \ 11057 -s "Extra-header:" \ 11058 -c "HTTP/1.0 200 OK" 11059 11060client_needs_more_time 2 11061requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11062run_test "DTLS proxy: 3d, FS, client auth" \ 11063 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11064 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=required" \ 11065 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0" \ 11066 0 \ 11067 -s "Extra-header:" \ 11068 -c "HTTP/1.0 200 OK" 11069 11070client_needs_more_time 2 11071requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11072run_test "DTLS proxy: 3d, FS, ticket" \ 11073 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11074 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=none" \ 11075 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 11076 0 \ 11077 -s "Extra-header:" \ 11078 -c "HTTP/1.0 200 OK" 11079 11080client_needs_more_time 2 11081requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11082run_test "DTLS proxy: 3d, max handshake (FS, ticket + client auth)" \ 11083 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11084 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1 auth_mode=required" \ 11085 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=1" \ 11086 0 \ 11087 -s "Extra-header:" \ 11088 -c "HTTP/1.0 200 OK" 11089 11090client_needs_more_time 2 11091requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11092run_test "DTLS proxy: 3d, max handshake, nbio" \ 11093 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11094 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1 \ 11095 auth_mode=required" \ 11096 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 nbio=2 tickets=1" \ 11097 0 \ 11098 -s "Extra-header:" \ 11099 -c "HTTP/1.0 200 OK" 11100 11101client_needs_more_time 4 11102requires_config_enabled MBEDTLS_SSL_CACHE_C 11103run_test "DTLS proxy: 3d, min handshake, resumption" \ 11104 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11105 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11106 psk=abc123 debug_level=3" \ 11107 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11108 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 11109 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11110 0 \ 11111 -s "a session has been resumed" \ 11112 -c "a session has been resumed" \ 11113 -s "Extra-header:" \ 11114 -c "HTTP/1.0 200 OK" 11115 11116client_needs_more_time 4 11117requires_config_enabled MBEDTLS_SSL_CACHE_C 11118run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ 11119 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11120 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11121 psk=abc123 debug_level=3 nbio=2" \ 11122 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11123 debug_level=3 reconnect=1 skip_close_notify=1 read_timeout=1000 max_resend=10 \ 11124 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8 nbio=2" \ 11125 0 \ 11126 -s "a session has been resumed" \ 11127 -c "a session has been resumed" \ 11128 -s "Extra-header:" \ 11129 -c "HTTP/1.0 200 OK" 11130 11131client_needs_more_time 4 11132requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11133run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ 11134 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11135 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11136 psk=abc123 renegotiation=1 debug_level=2" \ 11137 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11138 renegotiate=1 debug_level=2 \ 11139 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11140 0 \ 11141 -c "=> renegotiate" \ 11142 -s "=> renegotiate" \ 11143 -s "Extra-header:" \ 11144 -c "HTTP/1.0 200 OK" 11145 11146client_needs_more_time 4 11147requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11148run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ 11149 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11150 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11151 psk=abc123 renegotiation=1 debug_level=2" \ 11152 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11153 renegotiate=1 debug_level=2 \ 11154 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11155 0 \ 11156 -c "=> renegotiate" \ 11157 -s "=> renegotiate" \ 11158 -s "Extra-header:" \ 11159 -c "HTTP/1.0 200 OK" 11160 11161client_needs_more_time 4 11162requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11163run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ 11164 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11165 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11166 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 11167 debug_level=2" \ 11168 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11169 renegotiation=1 exchanges=4 debug_level=2 \ 11170 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11171 0 \ 11172 -c "=> renegotiate" \ 11173 -s "=> renegotiate" \ 11174 -s "Extra-header:" \ 11175 -c "HTTP/1.0 200 OK" 11176 11177client_needs_more_time 4 11178requires_config_enabled MBEDTLS_SSL_RENEGOTIATION 11179run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ 11180 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11181 "$P_SRV dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 auth_mode=none \ 11182 psk=abc123 renegotiate=1 renegotiation=1 exchanges=4 \ 11183 debug_level=2 nbio=2" \ 11184 "$P_CLI dtls=1 dgram_packing=0 hs_timeout=500-10000 tickets=0 psk=abc123 \ 11185 renegotiation=1 exchanges=4 debug_level=2 nbio=2 \ 11186 force_ciphersuite=TLS-PSK-WITH-AES-128-CCM-8" \ 11187 0 \ 11188 -c "=> renegotiate" \ 11189 -s "=> renegotiate" \ 11190 -s "Extra-header:" \ 11191 -c "HTTP/1.0 200 OK" 11192 11193## The three tests below require 1.1.1a or higher version of openssl, otherwise 11194## it might trigger a bug due to openssl (https://github.com/openssl/openssl/issues/6902) 11195## Besides, openssl should use dtls1_2 or dtls, otherwise it will cause "SSL alert number 70" error 11196requires_openssl_next 11197client_needs_more_time 6 11198not_with_valgrind # risk of non-mbedtls peer timing out 11199requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11200run_test "DTLS proxy: 3d, openssl server" \ 11201 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 11202 "$O_NEXT_SRV -dtls1_2 -mtu 2048" \ 11203 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 11204 0 \ 11205 -c "HTTP/1.0 200 OK" 11206 11207requires_openssl_next 11208client_needs_more_time 8 11209not_with_valgrind # risk of non-mbedtls peer timing out 11210requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11211run_test "DTLS proxy: 3d, openssl server, fragmentation" \ 11212 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 11213 "$O_NEXT_SRV -dtls1_2 -mtu 768" \ 11214 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 tickets=0" \ 11215 0 \ 11216 -c "HTTP/1.0 200 OK" 11217 11218requires_openssl_next 11219client_needs_more_time 8 11220not_with_valgrind # risk of non-mbedtls peer timing out 11221requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11222run_test "DTLS proxy: 3d, openssl server, fragmentation, nbio" \ 11223 -p "$P_PXY drop=5 delay=5 duplicate=5 protect_hvr=1" \ 11224 "$O_NEXT_SRV -dtls1_2 -mtu 768" \ 11225 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2 tickets=0" \ 11226 0 \ 11227 -c "HTTP/1.0 200 OK" 11228 11229requires_gnutls 11230client_needs_more_time 6 11231not_with_valgrind # risk of non-mbedtls peer timing out 11232requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11233run_test "DTLS proxy: 3d, gnutls server" \ 11234 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11235 "$G_SRV -u --mtu 2048 -a" \ 11236 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 11237 0 \ 11238 -s "Extra-header:" \ 11239 -c "Extra-header:" 11240 11241requires_gnutls_next 11242client_needs_more_time 8 11243not_with_valgrind # risk of non-mbedtls peer timing out 11244requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11245run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ 11246 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11247 "$G_NEXT_SRV -u --mtu 512" \ 11248 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 11249 0 \ 11250 -s "Extra-header:" \ 11251 -c "Extra-header:" 11252 11253requires_gnutls_next 11254client_needs_more_time 8 11255not_with_valgrind # risk of non-mbedtls peer timing out 11256requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11257run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ 11258 -p "$P_PXY drop=5 delay=5 duplicate=5" \ 11259 "$G_NEXT_SRV -u --mtu 512" \ 11260 "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 11261 0 \ 11262 -s "Extra-header:" \ 11263 -c "Extra-header:" 11264 11265requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 11266run_test "export keys functionality" \ 11267 "$P_SRV eap_tls=1 debug_level=3" \ 11268 "$P_CLI force_version=tls12 eap_tls=1 debug_level=3" \ 11269 0 \ 11270 -c "EAP-TLS key material is:"\ 11271 -s "EAP-TLS key material is:"\ 11272 -c "EAP-TLS IV is:" \ 11273 -s "EAP-TLS IV is:" 11274 11275# openssl feature tests: check if tls1.3 exists. 11276requires_openssl_tls1_3 11277run_test "TLS 1.3: Test openssl tls1_3 feature" \ 11278 "$O_NEXT_SRV -tls1_3 -msg" \ 11279 "$O_NEXT_CLI -tls1_3 -msg" \ 11280 0 \ 11281 -c "TLS 1.3" \ 11282 -s "TLS 1.3" 11283 11284# gnutls feature tests: check if TLS 1.3 is supported as well as the NO_TICKETS and DISABLE_TLS13_COMPAT_MODE options. 11285requires_gnutls_tls1_3 11286requires_gnutls_next_no_ticket 11287requires_gnutls_next_disable_tls13_compat 11288run_test "TLS 1.3: Test gnutls tls1_3 feature" \ 11289 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert " \ 11290 "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 11291 0 \ 11292 -s "Version: TLS1.3" \ 11293 -c "Version: TLS1.3" 11294 11295# TLS1.3 test cases 11296requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11297requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11298requires_ciphersuite_enabled TLS1-3-CHACHA20-POLY1305-SHA256 11299requires_any_configs_enabled "PSA_WANT_ECC_MONTGOMERY_255" 11300requires_any_configs_enabled "PSA_WANT_ECC_SECP_R1_256" 11301run_test "TLS 1.3: Default" \ 11302 "$P_SRV allow_sha1=0 debug_level=3 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13" \ 11303 "$P_CLI allow_sha1=0" \ 11304 0 \ 11305 -s "Protocol is TLSv1.3" \ 11306 -s "Ciphersuite is TLS1-3-CHACHA20-POLY1305-SHA256" \ 11307 -s "ECDH/FFDH group: " \ 11308 -s "selected signature algorithm ecdsa_secp256r1_sha256" 11309 11310requires_openssl_tls1_3_with_compatible_ephemeral 11311requires_config_enabled MBEDTLS_DEBUG_C 11312requires_config_enabled MBEDTLS_SSL_CLI_C 11313requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11314 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11315run_test "TLS 1.3: minimal feature sets - openssl" \ 11316 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 11317 "$P_CLI debug_level=3" \ 11318 0 \ 11319 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 11320 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 11321 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 11322 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 11323 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 11324 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 11325 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 11326 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 11327 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 11328 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 11329 -c "<= ssl_tls13_process_server_hello" \ 11330 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 11331 -c "DHE group name: " \ 11332 -c "=> ssl_tls13_process_server_hello" \ 11333 -c "<= parse encrypted extensions" \ 11334 -c "Certificate verification flags clear" \ 11335 -c "=> parse certificate verify" \ 11336 -c "<= parse certificate verify" \ 11337 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 11338 -c "<= parse finished message" \ 11339 -c "Protocol is TLSv1.3" \ 11340 -c "HTTP/1.0 200 ok" 11341 11342requires_gnutls_tls1_3 11343requires_gnutls_next_no_ticket 11344requires_config_enabled MBEDTLS_DEBUG_C 11345requires_config_enabled MBEDTLS_SSL_CLI_C 11346requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11347 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11348run_test "TLS 1.3: minimal feature sets - gnutls" \ 11349 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 11350 "$P_CLI debug_level=3" \ 11351 0 \ 11352 -s "SERVER HELLO was queued" \ 11353 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 11354 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 11355 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 11356 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 11357 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 11358 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 11359 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 11360 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 11361 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 11362 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 11363 -c "<= ssl_tls13_process_server_hello" \ 11364 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 11365 -c "DHE group name: " \ 11366 -c "=> ssl_tls13_process_server_hello" \ 11367 -c "<= parse encrypted extensions" \ 11368 -c "Certificate verification flags clear" \ 11369 -c "=> parse certificate verify" \ 11370 -c "<= parse certificate verify" \ 11371 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 11372 -c "<= parse finished message" \ 11373 -c "Protocol is TLSv1.3" \ 11374 -c "HTTP/1.0 200 OK" 11375 11376requires_openssl_tls1_3_with_compatible_ephemeral 11377requires_config_enabled MBEDTLS_DEBUG_C 11378requires_config_enabled MBEDTLS_SSL_CLI_C 11379requires_config_enabled MBEDTLS_SSL_ALPN 11380requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11381 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11382run_test "TLS 1.3: alpn - openssl" \ 11383 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -alpn h2" \ 11384 "$P_CLI debug_level=3 alpn=h2" \ 11385 0 \ 11386 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 11387 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 11388 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 11389 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 11390 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 11391 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 11392 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 11393 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 11394 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 11395 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 11396 -c "<= ssl_tls13_process_server_hello" \ 11397 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 11398 -c "DHE group name: " \ 11399 -c "=> ssl_tls13_process_server_hello" \ 11400 -c "<= parse encrypted extensions" \ 11401 -c "Certificate verification flags clear" \ 11402 -c "=> parse certificate verify" \ 11403 -c "<= parse certificate verify" \ 11404 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 11405 -c "<= parse finished message" \ 11406 -c "Protocol is TLSv1.3" \ 11407 -c "HTTP/1.0 200 ok" \ 11408 -c "Application Layer Protocol is h2" 11409 11410requires_gnutls_tls1_3 11411requires_gnutls_next_no_ticket 11412requires_config_enabled MBEDTLS_DEBUG_C 11413requires_config_enabled MBEDTLS_SSL_CLI_C 11414requires_config_enabled MBEDTLS_SSL_ALPN 11415requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11416 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11417run_test "TLS 1.3: alpn - gnutls" \ 11418 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert --alpn=h2" \ 11419 "$P_CLI debug_level=3 alpn=h2" \ 11420 0 \ 11421 -s "SERVER HELLO was queued" \ 11422 -c "client state: MBEDTLS_SSL_HELLO_REQUEST" \ 11423 -c "client state: MBEDTLS_SSL_SERVER_HELLO" \ 11424 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 11425 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 11426 -c "client state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 11427 -c "client state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 11428 -c "client state: MBEDTLS_SSL_SERVER_FINISHED" \ 11429 -c "client state: MBEDTLS_SSL_CLIENT_FINISHED" \ 11430 -c "client state: MBEDTLS_SSL_FLUSH_BUFFERS" \ 11431 -c "client state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 11432 -c "<= ssl_tls13_process_server_hello" \ 11433 -c "server hello, chosen ciphersuite: ( 1303 ) - TLS1-3-CHACHA20-POLY1305-SHA256" \ 11434 -c "DHE group name: " \ 11435 -c "=> ssl_tls13_process_server_hello" \ 11436 -c "<= parse encrypted extensions" \ 11437 -c "Certificate verification flags clear" \ 11438 -c "=> parse certificate verify" \ 11439 -c "<= parse certificate verify" \ 11440 -c "mbedtls_ssl_tls13_process_certificate_verify() returned 0" \ 11441 -c "<= parse finished message" \ 11442 -c "Protocol is TLSv1.3" \ 11443 -c "HTTP/1.0 200 OK" \ 11444 -c "Application Layer Protocol is h2" 11445 11446requires_openssl_tls1_3_with_compatible_ephemeral 11447requires_config_enabled MBEDTLS_DEBUG_C 11448requires_config_enabled MBEDTLS_SSL_SRV_C 11449requires_config_enabled MBEDTLS_SSL_ALPN 11450requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11451run_test "TLS 1.3: server alpn - openssl" \ 11452 "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key alpn=h2" \ 11453 "$O_NEXT_CLI -msg -tls1_3 -no_middlebox -alpn h2" \ 11454 0 \ 11455 -s "found alpn extension" \ 11456 -s "server side, adding alpn extension" \ 11457 -s "Protocol is TLSv1.3" \ 11458 -s "HTTP/1.0 200 OK" \ 11459 -s "Application Layer Protocol is h2" 11460 11461requires_gnutls_tls1_3 11462requires_config_enabled MBEDTLS_DEBUG_C 11463requires_config_enabled MBEDTLS_SSL_SRV_C 11464requires_config_enabled MBEDTLS_SSL_ALPN 11465requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11466run_test "TLS 1.3: server alpn - gnutls" \ 11467 "$P_SRV debug_level=3 tickets=0 crt_file=data_files/server5.crt key_file=data_files/server5.key alpn=h2" \ 11468 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V --alpn h2" \ 11469 0 \ 11470 -s "found alpn extension" \ 11471 -s "server side, adding alpn extension" \ 11472 -s "Protocol is TLSv1.3" \ 11473 -s "HTTP/1.0 200 OK" \ 11474 -s "Application Layer Protocol is h2" 11475 11476requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11477requires_config_enabled MBEDTLS_DEBUG_C 11478requires_config_enabled MBEDTLS_SSL_CLI_C 11479skip_handshake_stage_check 11480requires_gnutls_tls1_3 11481run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.0" \ 11482 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.0 -d 4" \ 11483 "$P_CLI debug_level=4" \ 11484 1 \ 11485 -s "Client's version: 3.3" \ 11486 -S "Version: TLS1.0" \ 11487 -C "Protocol is TLSv1.0" 11488 11489requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11490requires_config_enabled MBEDTLS_DEBUG_C 11491requires_config_enabled MBEDTLS_SSL_CLI_C 11492skip_handshake_stage_check 11493requires_gnutls_tls1_3 11494run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.1" \ 11495 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.1 -d 4" \ 11496 "$P_CLI debug_level=4" \ 11497 1 \ 11498 -s "Client's version: 3.3" \ 11499 -S "Version: TLS1.1" \ 11500 -C "Protocol is TLSv1.1" 11501 11502requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11503requires_config_enabled MBEDTLS_DEBUG_C 11504requires_config_enabled MBEDTLS_SSL_CLI_C 11505skip_handshake_stage_check 11506requires_gnutls_tls1_3 11507run_test "TLS 1.3: Not supported version check:gnutls: srv max TLS 1.2" \ 11508 "$G_NEXT_SRV --priority=NORMAL:-VERS-TLS-ALL:+VERS-TLS1.2 -d 4" \ 11509 "$P_CLI force_version=tls13 debug_level=4" \ 11510 1 \ 11511 -s "Client's version: 3.3" \ 11512 -c "is a fatal alert message (msg 40)" \ 11513 -S "Version: TLS1.2" \ 11514 -C "Protocol is TLSv1.2" 11515 11516requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11517requires_config_enabled MBEDTLS_DEBUG_C 11518requires_config_enabled MBEDTLS_SSL_CLI_C 11519skip_handshake_stage_check 11520requires_openssl_next 11521run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.0" \ 11522 "$O_NEXT_SRV -msg -tls1" \ 11523 "$P_CLI debug_level=4" \ 11524 1 \ 11525 -s "fatal protocol_version" \ 11526 -c "is a fatal alert message (msg 70)" \ 11527 -S "Version: TLS1.0" \ 11528 -C "Protocol : TLSv1.0" 11529 11530requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11531requires_config_enabled MBEDTLS_DEBUG_C 11532requires_config_enabled MBEDTLS_SSL_CLI_C 11533skip_handshake_stage_check 11534requires_openssl_next 11535run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.1" \ 11536 "$O_NEXT_SRV -msg -tls1_1" \ 11537 "$P_CLI debug_level=4" \ 11538 1 \ 11539 -s "fatal protocol_version" \ 11540 -c "is a fatal alert message (msg 70)" \ 11541 -S "Version: TLS1.1" \ 11542 -C "Protocol : TLSv1.1" 11543 11544requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 11545requires_config_enabled MBEDTLS_DEBUG_C 11546requires_config_enabled MBEDTLS_SSL_CLI_C 11547skip_handshake_stage_check 11548requires_openssl_next 11549run_test "TLS 1.3: Not supported version check:openssl: srv max TLS 1.2" \ 11550 "$O_NEXT_SRV -msg -tls1_2" \ 11551 "$P_CLI force_version=tls13 debug_level=4" \ 11552 1 \ 11553 -s "fatal protocol_version" \ 11554 -c "is a fatal alert message (msg 70)" \ 11555 -S "Version: TLS1.2" \ 11556 -C "Protocol : TLSv1.2" 11557 11558requires_openssl_tls1_3_with_compatible_ephemeral 11559requires_config_enabled MBEDTLS_DEBUG_C 11560requires_config_enabled MBEDTLS_SSL_CLI_C 11561requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11562 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11563run_test "TLS 1.3: Client authentication, no client certificate - openssl" \ 11564 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -verify 10" \ 11565 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 11566 0 \ 11567 -c "got a certificate request" \ 11568 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11569 -s "TLS 1.3" \ 11570 -c "HTTP/1.0 200 ok" \ 11571 -c "Protocol is TLSv1.3" 11572 11573requires_gnutls_tls1_3 11574requires_gnutls_next_no_ticket 11575requires_config_enabled MBEDTLS_DEBUG_C 11576requires_config_enabled MBEDTLS_SSL_CLI_C 11577requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11578 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11579run_test "TLS 1.3: Client authentication, no client certificate - gnutls" \ 11580 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --verify-client-cert" \ 11581 "$P_CLI debug_level=3 crt_file=none key_file=none" \ 11582 0 \ 11583 -c "got a certificate request" \ 11584 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE"\ 11585 -s "Version: TLS1.3" \ 11586 -c "HTTP/1.0 200 OK" \ 11587 -c "Protocol is TLSv1.3" 11588 11589 11590requires_openssl_tls1_3_with_compatible_ephemeral 11591requires_config_enabled MBEDTLS_DEBUG_C 11592requires_config_enabled MBEDTLS_SSL_CLI_C 11593requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11594run_test "TLS 1.3: Client authentication, no server middlebox compat - openssl" \ 11595 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ 11596 "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key" \ 11597 0 \ 11598 -c "got a certificate request" \ 11599 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11600 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11601 -c "Protocol is TLSv1.3" 11602 11603requires_gnutls_tls1_3 11604requires_gnutls_next_no_ticket 11605requires_config_enabled MBEDTLS_DEBUG_C 11606requires_config_enabled MBEDTLS_SSL_CLI_C 11607requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11608run_test "TLS 1.3: Client authentication, no server middlebox compat - gnutls" \ 11609 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ 11610 "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ 11611 key_file=data_files/cli2.key" \ 11612 0 \ 11613 -c "got a certificate request" \ 11614 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11615 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11616 -c "Protocol is TLSv1.3" 11617 11618requires_openssl_tls1_3_with_compatible_ephemeral 11619requires_config_enabled MBEDTLS_DEBUG_C 11620requires_config_enabled MBEDTLS_SSL_CLI_C 11621requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11622 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11623run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - openssl" \ 11624 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11625 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ 11626 key_file=data_files/ecdsa_secp256r1.key" \ 11627 0 \ 11628 -c "got a certificate request" \ 11629 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11630 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11631 -c "Protocol is TLSv1.3" 11632 11633requires_gnutls_tls1_3 11634requires_gnutls_next_no_ticket 11635requires_config_enabled MBEDTLS_DEBUG_C 11636requires_config_enabled MBEDTLS_SSL_CLI_C 11637requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11638 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11639run_test "TLS 1.3: Client authentication, ecdsa_secp256r1_sha256 - gnutls" \ 11640 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11641 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ 11642 key_file=data_files/ecdsa_secp256r1.key" \ 11643 0 \ 11644 -c "got a certificate request" \ 11645 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11646 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11647 -c "Protocol is TLSv1.3" 11648 11649requires_openssl_tls1_3_with_compatible_ephemeral 11650requires_config_enabled MBEDTLS_DEBUG_C 11651requires_config_enabled MBEDTLS_SSL_CLI_C 11652requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11653 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11654run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - openssl" \ 11655 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11656 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ 11657 key_file=data_files/ecdsa_secp384r1.key" \ 11658 0 \ 11659 -c "got a certificate request" \ 11660 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11661 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11662 -c "Protocol is TLSv1.3" 11663 11664requires_gnutls_tls1_3 11665requires_gnutls_next_no_ticket 11666requires_config_enabled MBEDTLS_DEBUG_C 11667requires_config_enabled MBEDTLS_SSL_CLI_C 11668requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11669 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11670run_test "TLS 1.3: Client authentication, ecdsa_secp384r1_sha384 - gnutls" \ 11671 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11672 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ 11673 key_file=data_files/ecdsa_secp384r1.key" \ 11674 0 \ 11675 -c "got a certificate request" \ 11676 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11677 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11678 -c "Protocol is TLSv1.3" 11679 11680requires_openssl_tls1_3_with_compatible_ephemeral 11681requires_config_enabled MBEDTLS_DEBUG_C 11682requires_config_enabled MBEDTLS_SSL_CLI_C 11683requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11684 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11685run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - openssl" \ 11686 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11687 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ 11688 key_file=data_files/ecdsa_secp521r1.key" \ 11689 0 \ 11690 -c "got a certificate request" \ 11691 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11692 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11693 -c "Protocol is TLSv1.3" 11694 11695requires_gnutls_tls1_3 11696requires_gnutls_next_no_ticket 11697requires_config_enabled MBEDTLS_DEBUG_C 11698requires_config_enabled MBEDTLS_SSL_CLI_C 11699requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11700 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11701run_test "TLS 1.3: Client authentication, ecdsa_secp521r1_sha512 - gnutls" \ 11702 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11703 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 11704 key_file=data_files/ecdsa_secp521r1.key" \ 11705 0 \ 11706 -c "got a certificate request" \ 11707 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11708 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11709 -c "Protocol is TLSv1.3" 11710 11711requires_openssl_tls1_3_with_compatible_ephemeral 11712requires_config_enabled MBEDTLS_DEBUG_C 11713requires_config_enabled MBEDTLS_SSL_CLI_C 11714requires_config_enabled MBEDTLS_RSA_C 11715requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11716 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11717run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - openssl" \ 11718 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11719 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 11720 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 11721 0 \ 11722 -c "got a certificate request" \ 11723 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11724 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11725 -c "Protocol is TLSv1.3" 11726 11727requires_gnutls_tls1_3 11728requires_gnutls_next_no_ticket 11729requires_config_enabled MBEDTLS_DEBUG_C 11730requires_config_enabled MBEDTLS_SSL_CLI_C 11731requires_config_enabled MBEDTLS_RSA_C 11732requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11733 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11734run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha256 - gnutls" \ 11735 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11736 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 11737 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256" \ 11738 0 \ 11739 -c "got a certificate request" \ 11740 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11741 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11742 -c "Protocol is TLSv1.3" 11743 11744requires_openssl_tls1_3_with_compatible_ephemeral 11745requires_config_enabled MBEDTLS_DEBUG_C 11746requires_config_enabled MBEDTLS_SSL_CLI_C 11747requires_config_enabled MBEDTLS_RSA_C 11748requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11749 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11750run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - openssl" \ 11751 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11752 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 11753 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 11754 0 \ 11755 -c "got a certificate request" \ 11756 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11757 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11758 -c "Protocol is TLSv1.3" 11759 11760requires_gnutls_tls1_3 11761requires_gnutls_next_no_ticket 11762requires_config_enabled MBEDTLS_DEBUG_C 11763requires_config_enabled MBEDTLS_SSL_CLI_C 11764requires_config_enabled MBEDTLS_RSA_C 11765requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11766 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11767run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha384 - gnutls" \ 11768 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11769 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 11770 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384" \ 11771 0 \ 11772 -c "got a certificate request" \ 11773 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11774 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11775 -c "Protocol is TLSv1.3" 11776 11777requires_openssl_tls1_3_with_compatible_ephemeral 11778requires_config_enabled MBEDTLS_DEBUG_C 11779requires_config_enabled MBEDTLS_SSL_CLI_C 11780requires_config_enabled MBEDTLS_RSA_C 11781requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11782 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11783run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - openssl" \ 11784 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11785 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 11786 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 11787 0 \ 11788 -c "got a certificate request" \ 11789 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11790 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11791 -c "Protocol is TLSv1.3" 11792 11793requires_gnutls_tls1_3 11794requires_gnutls_next_no_ticket 11795requires_config_enabled MBEDTLS_DEBUG_C 11796requires_config_enabled MBEDTLS_SSL_CLI_C 11797requires_config_enabled MBEDTLS_RSA_C 11798requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11799 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11800run_test "TLS 1.3: Client authentication, rsa_pss_rsae_sha512 - gnutls" \ 11801 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11802 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 11803 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512" \ 11804 0 \ 11805 -c "got a certificate request" \ 11806 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11807 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11808 -c "Protocol is TLSv1.3" 11809 11810requires_openssl_tls1_3_with_compatible_ephemeral 11811requires_config_enabled MBEDTLS_DEBUG_C 11812requires_config_enabled MBEDTLS_SSL_CLI_C 11813requires_config_enabled MBEDTLS_RSA_C 11814requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11815 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11816run_test "TLS 1.3: Client authentication, client alg not in server list - openssl" \ 11817 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 11818 -sigalgs ecdsa_secp256r1_sha256" \ 11819 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 11820 key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 11821 1 \ 11822 -c "got a certificate request" \ 11823 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11824 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11825 -c "no suitable signature algorithm" 11826 11827requires_gnutls_tls1_3 11828requires_gnutls_next_no_ticket 11829requires_config_enabled MBEDTLS_DEBUG_C 11830requires_config_enabled MBEDTLS_SSL_CLI_C 11831requires_config_enabled MBEDTLS_RSA_C 11832requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11833 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11834run_test "TLS 1.3: Client authentication, client alg not in server list - gnutls" \ 11835 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ 11836 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 11837 key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512" \ 11838 1 \ 11839 -c "got a certificate request" \ 11840 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11841 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11842 -c "no suitable signature algorithm" 11843 11844# Test using an opaque private key for client authentication 11845requires_openssl_tls1_3_with_compatible_ephemeral 11846requires_config_enabled MBEDTLS_DEBUG_C 11847requires_config_enabled MBEDTLS_SSL_CLI_C 11848requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11849requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11850run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - openssl" \ 11851 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 -no_middlebox" \ 11852 "$P_CLI debug_level=4 crt_file=data_files/cli2.crt key_file=data_files/cli2.key key_opaque=1" \ 11853 0 \ 11854 -c "got a certificate request" \ 11855 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11856 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11857 -c "Protocol is TLSv1.3" 11858 11859requires_gnutls_tls1_3 11860requires_gnutls_next_no_ticket 11861requires_config_enabled MBEDTLS_DEBUG_C 11862requires_config_enabled MBEDTLS_SSL_CLI_C 11863requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11864requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11865run_test "TLS 1.3: Client authentication - opaque key, no server middlebox compat - gnutls" \ 11866 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE" \ 11867 "$P_CLI debug_level=3 crt_file=data_files/cli2.crt \ 11868 key_file=data_files/cli2.key key_opaque=1" \ 11869 0 \ 11870 -c "got a certificate request" \ 11871 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11872 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11873 -c "Protocol is TLSv1.3" 11874 11875requires_openssl_tls1_3_with_compatible_ephemeral 11876requires_config_enabled MBEDTLS_DEBUG_C 11877requires_config_enabled MBEDTLS_SSL_CLI_C 11878requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11879requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11880 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11881run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - openssl" \ 11882 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11883 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp256r1.crt \ 11884 key_file=data_files/ecdsa_secp256r1.key key_opaque=1" \ 11885 0 \ 11886 -c "got a certificate request" \ 11887 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11888 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11889 -c "Protocol is TLSv1.3" 11890 11891requires_gnutls_tls1_3 11892requires_gnutls_next_no_ticket 11893requires_config_enabled MBEDTLS_DEBUG_C 11894requires_config_enabled MBEDTLS_SSL_CLI_C 11895requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11896requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11897 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11898run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp256r1_sha256 - gnutls" \ 11899 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11900 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp256r1.crt \ 11901 key_file=data_files/ecdsa_secp256r1.key key_opaque=1" \ 11902 0 \ 11903 -c "got a certificate request" \ 11904 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11905 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11906 -c "Protocol is TLSv1.3" 11907 11908requires_openssl_tls1_3_with_compatible_ephemeral 11909requires_config_enabled MBEDTLS_DEBUG_C 11910requires_config_enabled MBEDTLS_SSL_CLI_C 11911requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11912requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11913 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11914run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - openssl" \ 11915 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11916 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp384r1.crt \ 11917 key_file=data_files/ecdsa_secp384r1.key key_opaque=1" \ 11918 0 \ 11919 -c "got a certificate request" \ 11920 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11921 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11922 -c "Protocol is TLSv1.3" 11923 11924requires_gnutls_tls1_3 11925requires_gnutls_next_no_ticket 11926requires_config_enabled MBEDTLS_DEBUG_C 11927requires_config_enabled MBEDTLS_SSL_CLI_C 11928requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11929requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11930 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11931run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp384r1_sha384 - gnutls" \ 11932 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11933 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp384r1.crt \ 11934 key_file=data_files/ecdsa_secp384r1.key key_opaque=1" \ 11935 0 \ 11936 -c "got a certificate request" \ 11937 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11938 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11939 -c "Protocol is TLSv1.3" 11940 11941requires_openssl_tls1_3_with_compatible_ephemeral 11942requires_config_enabled MBEDTLS_DEBUG_C 11943requires_config_enabled MBEDTLS_SSL_CLI_C 11944requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11945requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11946 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11947run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - openssl" \ 11948 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11949 "$P_CLI debug_level=4 crt_file=data_files/ecdsa_secp521r1.crt \ 11950 key_file=data_files/ecdsa_secp521r1.key key_opaque=1" \ 11951 0 \ 11952 -c "got a certificate request" \ 11953 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11954 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11955 -c "Protocol is TLSv1.3" 11956 11957requires_gnutls_tls1_3 11958requires_gnutls_next_no_ticket 11959requires_config_enabled MBEDTLS_DEBUG_C 11960requires_config_enabled MBEDTLS_SSL_CLI_C 11961requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11962requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11963 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11964run_test "TLS 1.3: Client authentication - opaque key, ecdsa_secp521r1_sha512 - gnutls" \ 11965 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 11966 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 11967 key_file=data_files/ecdsa_secp521r1.key key_opaque=1" \ 11968 0 \ 11969 -c "got a certificate request" \ 11970 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11971 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11972 -c "Protocol is TLSv1.3" 11973 11974requires_openssl_tls1_3_with_compatible_ephemeral 11975requires_config_enabled MBEDTLS_DEBUG_C 11976requires_config_enabled MBEDTLS_SSL_CLI_C 11977requires_config_enabled MBEDTLS_RSA_C 11978requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11979requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11980 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11981run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - openssl" \ 11982 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 11983 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 11984 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 11985 0 \ 11986 -c "got a certificate request" \ 11987 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 11988 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 11989 -c "Protocol is TLSv1.3" 11990 11991requires_gnutls_tls1_3 11992requires_gnutls_next_no_ticket 11993requires_config_enabled MBEDTLS_DEBUG_C 11994requires_config_enabled MBEDTLS_SSL_CLI_C 11995requires_config_enabled MBEDTLS_RSA_C 11996requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 11997requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 11998 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 11999run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha256 - gnutls" \ 12000 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12001 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 12002 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha256 key_opaque=1" \ 12003 0 \ 12004 -c "got a certificate request" \ 12005 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12006 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12007 -c "Protocol is TLSv1.3" 12008 12009requires_openssl_tls1_3_with_compatible_ephemeral 12010requires_config_enabled MBEDTLS_DEBUG_C 12011requires_config_enabled MBEDTLS_SSL_CLI_C 12012requires_config_enabled MBEDTLS_RSA_C 12013requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12014requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12015 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12016run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - openssl" \ 12017 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12018 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 12019 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 12020 0 \ 12021 -c "got a certificate request" \ 12022 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12023 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12024 -c "Protocol is TLSv1.3" 12025 12026requires_gnutls_tls1_3 12027requires_gnutls_next_no_ticket 12028requires_config_enabled MBEDTLS_DEBUG_C 12029requires_config_enabled MBEDTLS_SSL_CLI_C 12030requires_config_enabled MBEDTLS_RSA_C 12031requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12032requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12033 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12034run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha384 - gnutls" \ 12035 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12036 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 12037 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha384 key_opaque=1" \ 12038 0 \ 12039 -c "got a certificate request" \ 12040 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12041 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12042 -c "Protocol is TLSv1.3" 12043 12044requires_openssl_tls1_3_with_compatible_ephemeral 12045requires_config_enabled MBEDTLS_DEBUG_C 12046requires_config_enabled MBEDTLS_SSL_CLI_C 12047requires_config_enabled MBEDTLS_RSA_C 12048requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12049requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12050 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12051run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - openssl" \ 12052 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10" \ 12053 "$P_CLI debug_level=4 crt_file=data_files/cert_sha256.crt \ 12054 key_file=data_files/server1.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 12055 0 \ 12056 -c "got a certificate request" \ 12057 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12058 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12059 -c "Protocol is TLSv1.3" 12060 12061requires_gnutls_tls1_3 12062requires_gnutls_next_no_ticket 12063requires_config_enabled MBEDTLS_DEBUG_C 12064requires_config_enabled MBEDTLS_SSL_CLI_C 12065requires_config_enabled MBEDTLS_RSA_C 12066requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12067requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12068 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12069run_test "TLS 1.3: Client authentication - opaque key, rsa_pss_rsae_sha512 - gnutls" \ 12070 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS" \ 12071 "$P_CLI debug_level=3 crt_file=data_files/server2-sha256.crt \ 12072 key_file=data_files/server2.key sig_algs=ecdsa_secp256r1_sha256,rsa_pss_rsae_sha512 key_opaque=1" \ 12073 0 \ 12074 -c "got a certificate request" \ 12075 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12076 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12077 -c "Protocol is TLSv1.3" 12078 12079requires_openssl_tls1_3_with_compatible_ephemeral 12080requires_config_enabled MBEDTLS_DEBUG_C 12081requires_config_enabled MBEDTLS_SSL_CLI_C 12082requires_config_enabled MBEDTLS_RSA_C 12083requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12084requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12085 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12086run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - openssl" \ 12087 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache -Verify 10 12088 -sigalgs ecdsa_secp256r1_sha256" \ 12089 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 12090 key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 12091 1 \ 12092 -c "got a certificate request" \ 12093 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12094 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12095 -c "no suitable signature algorithm" 12096 12097requires_gnutls_tls1_3 12098requires_gnutls_next_no_ticket 12099requires_config_enabled MBEDTLS_DEBUG_C 12100requires_config_enabled MBEDTLS_SSL_CLI_C 12101requires_config_enabled MBEDTLS_RSA_C 12102requires_config_enabled MBEDTLS_USE_PSA_CRYPTO 12103requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12104 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12105run_test "TLS 1.3: Client authentication - opaque key, client alg not in server list - gnutls" \ 12106 "$G_NEXT_SRV --debug=4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:-SIGN-ALL:+SIGN-ECDSA-SECP256R1-SHA256:%NO_TICKETS" \ 12107 "$P_CLI debug_level=3 crt_file=data_files/ecdsa_secp521r1.crt \ 12108 key_file=data_files/ecdsa_secp521r1.key sig_algs=ecdsa_secp256r1_sha256,ecdsa_secp521r1_sha512 key_opaque=1" \ 12109 1 \ 12110 -c "got a certificate request" \ 12111 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE" \ 12112 -c "client state: MBEDTLS_SSL_CLIENT_CERTIFICATE_VERIFY" \ 12113 -c "no suitable signature algorithm" 12114 12115requires_openssl_tls1_3_with_compatible_ephemeral 12116requires_config_enabled MBEDTLS_DEBUG_C 12117requires_config_enabled MBEDTLS_SSL_CLI_C 12118requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12119 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12120run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - openssl" \ 12121 "$O_NEXT_SRV -ciphersuites TLS_AES_128_GCM_SHA256 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12122 "$P_CLI debug_level=4" \ 12123 0 \ 12124 -c "received HelloRetryRequest message" \ 12125 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 12126 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 12127 -c "Protocol is TLSv1.3" \ 12128 -c "HTTP/1.0 200 ok" 12129 12130requires_openssl_tls1_3_with_compatible_ephemeral 12131requires_config_enabled MBEDTLS_DEBUG_C 12132requires_config_enabled MBEDTLS_SSL_CLI_C 12133requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12134 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12135run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - openssl" \ 12136 "$O_NEXT_SRV -ciphersuites TLS_AES_256_GCM_SHA384 -sigalgs ecdsa_secp256r1_sha256 -groups P-256 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12137 "$P_CLI debug_level=4" \ 12138 0 \ 12139 -c "received HelloRetryRequest message" \ 12140 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 12141 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 12142 -c "Protocol is TLSv1.3" \ 12143 -c "HTTP/1.0 200 ok" 12144 12145requires_gnutls_tls1_3 12146requires_gnutls_next_no_ticket 12147requires_config_enabled MBEDTLS_DEBUG_C 12148requires_config_enabled MBEDTLS_SSL_CLI_C 12149requires_config_enabled PSA_WANT_ALG_ECDH 12150requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12151 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12152run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_128_GCM_SHA256 - gnutls" \ 12153 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-128-GCM:+SHA256:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 12154 "$P_CLI debug_level=4" \ 12155 0 \ 12156 -c "received HelloRetryRequest message" \ 12157 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 12158 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 12159 -c "Protocol is TLSv1.3" \ 12160 -c "HTTP/1.0 200 OK" 12161 12162requires_gnutls_tls1_3 12163requires_gnutls_next_no_ticket 12164requires_config_enabled MBEDTLS_DEBUG_C 12165requires_config_enabled MBEDTLS_SSL_CLI_C 12166requires_config_enabled PSA_WANT_ALG_ECDH 12167requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12168 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12169run_test "TLS 1.3: HRR check, ciphersuite TLS_AES_256_GCM_SHA384 - gnutls" \ 12170 "$G_NEXT_SRV -d 4 --priority=NONE:+GROUP-SECP256R1:+AES-256-GCM:+SHA384:+AEAD:+SIGN-ECDSA-SECP256R1-SHA256:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 12171 "$P_CLI debug_level=4" \ 12172 0 \ 12173 -c "received HelloRetryRequest message" \ 12174 -c "<= ssl_tls13_process_server_hello ( HelloRetryRequest )" \ 12175 -c "client state: MBEDTLS_SSL_CLIENT_HELLO" \ 12176 -c "Protocol is TLSv1.3" \ 12177 -c "HTTP/1.0 200 OK" 12178 12179requires_openssl_tls1_3_with_compatible_ephemeral 12180requires_config_enabled MBEDTLS_DEBUG_C 12181requires_config_enabled MBEDTLS_SSL_SRV_C 12182requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12183run_test "TLS 1.3: Server side check - openssl" \ 12184 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12185 "$O_NEXT_CLI -msg -debug -tls1_3 -no_middlebox" \ 12186 0 \ 12187 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12188 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12189 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12190 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12191 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12192 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 12193 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12194 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" 12195 12196requires_openssl_tls1_3_with_compatible_ephemeral 12197requires_config_enabled MBEDTLS_DEBUG_C 12198requires_config_enabled MBEDTLS_SSL_SRV_C 12199requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12200run_test "TLS 1.3: Server side check - openssl with client authentication" \ 12201 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12202 "$O_NEXT_CLI -msg -debug -cert data_files/server5.crt -key data_files/server5.key -tls1_3 -no_middlebox" \ 12203 0 \ 12204 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12205 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12206 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12207 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12208 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12209 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12210 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 12211 -s "=> write certificate request" \ 12212 -s "=> parse client hello" \ 12213 -s "<= parse client hello" 12214 12215requires_gnutls_tls1_3 12216requires_gnutls_next_no_ticket 12217requires_config_enabled MBEDTLS_DEBUG_C 12218requires_config_enabled MBEDTLS_SSL_SRV_C 12219requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12220run_test "TLS 1.3: Server side check - gnutls" \ 12221 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12222 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12223 0 \ 12224 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12225 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12226 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12227 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12228 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12229 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 12230 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12231 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12232 -c "HTTP/1.0 200 OK" 12233 12234requires_gnutls_tls1_3 12235requires_gnutls_next_no_ticket 12236requires_config_enabled MBEDTLS_DEBUG_C 12237requires_config_enabled MBEDTLS_SSL_SRV_C 12238requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12239run_test "TLS 1.3: Server side check - gnutls with client authentication" \ 12240 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12241 "$G_NEXT_CLI localhost -d 4 --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12242 0 \ 12243 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12244 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12245 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12246 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12247 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12248 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12249 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 12250 -s "=> write certificate request" \ 12251 -s "=> parse client hello" \ 12252 -s "<= parse client hello" 12253 12254requires_config_enabled MBEDTLS_DEBUG_C 12255requires_config_enabled MBEDTLS_SSL_SRV_C 12256requires_config_enabled MBEDTLS_SSL_CLI_C 12257requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12258run_test "TLS 1.3: Server side check - mbedtls" \ 12259 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12260 "$P_CLI debug_level=4" \ 12261 0 \ 12262 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12263 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12264 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12265 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12266 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12267 -s "tls13 server state: MBEDTLS_SSL_CERTIFICATE_VERIFY" \ 12268 -s "tls13 server state: MBEDTLS_SSL_SERVER_FINISHED" \ 12269 -s "tls13 server state: MBEDTLS_SSL_CLIENT_FINISHED" \ 12270 -s "tls13 server state: MBEDTLS_SSL_HANDSHAKE_WRAPUP" \ 12271 -c "HTTP/1.0 200 OK" 12272 12273requires_config_enabled MBEDTLS_DEBUG_C 12274requires_config_enabled MBEDTLS_SSL_SRV_C 12275requires_config_enabled MBEDTLS_SSL_CLI_C 12276requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12277run_test "TLS 1.3: Server side check - mbedtls with client authentication" \ 12278 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12279 "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 12280 0 \ 12281 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12282 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12283 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12284 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12285 -s "=> write certificate request" \ 12286 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12287 -s "=> parse client hello" \ 12288 -s "<= parse client hello" 12289 12290requires_config_enabled MBEDTLS_DEBUG_C 12291requires_config_enabled MBEDTLS_SSL_SRV_C 12292requires_config_enabled MBEDTLS_SSL_CLI_C 12293requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12294run_test "TLS 1.3: Server side check - mbedtls with client empty certificate" \ 12295 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12296 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 12297 1 \ 12298 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12299 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12300 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12301 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12302 -s "=> write certificate request" \ 12303 -s "SSL - No client certification received from the client, but required by the authentication mode" \ 12304 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12305 -s "=> parse client hello" \ 12306 -s "<= parse client hello" 12307 12308requires_config_enabled MBEDTLS_DEBUG_C 12309requires_config_enabled MBEDTLS_SSL_SRV_C 12310requires_config_enabled MBEDTLS_SSL_CLI_C 12311requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12312run_test "TLS 1.3: Server side check - mbedtls with optional client authentication" \ 12313 "$P_SRV debug_level=4 auth_mode=optional crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12314 "$P_CLI debug_level=4 crt_file=none key_file=none" \ 12315 0 \ 12316 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12317 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12318 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12319 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12320 -s "=> write certificate request" \ 12321 -c "client state: MBEDTLS_SSL_CERTIFICATE_REQUEST" \ 12322 -s "=> parse client hello" \ 12323 -s "<= parse client hello" 12324 12325requires_config_enabled MBEDTLS_DEBUG_C 12326requires_config_enabled MBEDTLS_SSL_CLI_C 12327requires_config_enabled MBEDTLS_SSL_SRV_C 12328requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12329requires_config_enabled PSA_WANT_ALG_ECDH 12330run_test "TLS 1.3: server: HRR check - mbedtls" \ 12331 "$P_SRV debug_level=4 groups=secp384r1" \ 12332 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12333 0 \ 12334 -s "tls13 server state: MBEDTLS_SSL_CLIENT_HELLO" \ 12335 -s "tls13 server state: MBEDTLS_SSL_SERVER_HELLO" \ 12336 -s "tls13 server state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12337 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 12338 -c "client state: MBEDTLS_SSL_ENCRYPTED_EXTENSIONS" \ 12339 -s "selected_group: secp384r1" \ 12340 -s "=> write hello retry request" \ 12341 -s "<= write hello retry request" 12342 12343requires_config_enabled MBEDTLS_DEBUG_C 12344requires_config_enabled MBEDTLS_SSL_SRV_C 12345requires_config_enabled MBEDTLS_SSL_CLI_C 12346requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12347run_test "TLS 1.3: Server side check, no server certificate available" \ 12348 "$P_SRV debug_level=4 crt_file=none key_file=none" \ 12349 "$P_CLI debug_level=4" \ 12350 1 \ 12351 -s "tls13 server state: MBEDTLS_SSL_SERVER_CERTIFICATE" \ 12352 -s "No certificate available." 12353 12354requires_openssl_tls1_3_with_compatible_ephemeral 12355requires_config_enabled MBEDTLS_DEBUG_C 12356requires_config_enabled MBEDTLS_SSL_SRV_C 12357requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12358 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12359run_test "TLS 1.3: Server side check - openssl with sni" \ 12360 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \ 12361 sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 12362 "$O_NEXT_CLI -msg -debug -servername localhost -CAfile data_files/test-ca_cat12.crt -cert data_files/server5.crt -key data_files/server5.key -tls1_3" \ 12363 0 \ 12364 -s "parse ServerName extension" \ 12365 -s "HTTP/1.0 200 OK" 12366 12367requires_gnutls_tls1_3 12368requires_config_enabled MBEDTLS_DEBUG_C 12369requires_config_enabled MBEDTLS_SSL_SRV_C 12370requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12371 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12372run_test "TLS 1.3: Server side check - gnutls with sni" \ 12373 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \ 12374 sni=localhost,data_files/server5.crt,data_files/server5.key,data_files/test-ca_cat12.crt,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 12375 "$G_NEXT_CLI localhost -d 4 --sni-hostname=localhost --x509certfile data_files/server5.crt --x509keyfile data_files/server5.key --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS -V" \ 12376 0 \ 12377 -s "parse ServerName extension" \ 12378 -s "HTTP/1.0 200 OK" 12379 12380requires_config_enabled MBEDTLS_DEBUG_C 12381requires_config_enabled MBEDTLS_SSL_SRV_C 12382requires_config_enabled MBEDTLS_SSL_CLI_C 12383requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12384 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12385run_test "TLS 1.3: Server side check - mbedtls with sni" \ 12386 "$P_SRV debug_level=4 auth_mode=required crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0 \ 12387 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 12388 "$P_CLI debug_level=4 server_name=localhost crt_file=data_files/server5.crt key_file=data_files/server5.key" \ 12389 0 \ 12390 -s "parse ServerName extension" \ 12391 -s "HTTP/1.0 200 OK" 12392 12393for i in opt-testcases/*.sh 12394do 12395 TEST_SUITE_NAME=${i##*/} 12396 TEST_SUITE_NAME=${TEST_SUITE_NAME%.*} 12397 . "$i" 12398done 12399unset TEST_SUITE_NAME 12400 12401# Test 1.3 compatibility mode 12402requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12403requires_config_enabled MBEDTLS_DEBUG_C 12404requires_config_enabled MBEDTLS_SSL_SRV_C 12405requires_config_enabled MBEDTLS_SSL_CLI_C 12406requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12407run_test "TLS 1.3 m->m both peers do not support middlebox compatibility" \ 12408 "$P_SRV debug_level=4 tickets=0" \ 12409 "$P_CLI debug_level=4" \ 12410 0 \ 12411 -s "Protocol is TLSv1.3" \ 12412 -c "Protocol is TLSv1.3" \ 12413 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12414 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12415 12416requires_config_enabled MBEDTLS_DEBUG_C 12417requires_config_enabled MBEDTLS_SSL_SRV_C 12418requires_config_enabled MBEDTLS_SSL_CLI_C 12419requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12420 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12421run_test "TLS 1.3 m->m both with middlebox compat support" \ 12422 "$P_SRV debug_level=4 tickets=0" \ 12423 "$P_CLI debug_level=4" \ 12424 0 \ 12425 -s "Protocol is TLSv1.3" \ 12426 -c "Protocol is TLSv1.3" \ 12427 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12428 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12429 12430requires_openssl_tls1_3_with_compatible_ephemeral 12431requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12432requires_config_enabled MBEDTLS_DEBUG_C 12433requires_config_enabled MBEDTLS_SSL_CLI_C 12434requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12435run_test "TLS 1.3 m->O both peers do not support middlebox compatibility" \ 12436 "$O_NEXT_SRV -msg -tls1_3 -no_middlebox -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12437 "$P_CLI debug_level=4" \ 12438 0 \ 12439 -c "Protocol is TLSv1.3" \ 12440 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 12441 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12442 12443requires_openssl_tls1_3_with_compatible_ephemeral 12444requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12445requires_config_enabled MBEDTLS_DEBUG_C 12446requires_config_enabled MBEDTLS_SSL_CLI_C 12447requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12448run_test "TLS 1.3 m->O server with middlebox compat support, not client" \ 12449 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12450 "$P_CLI debug_level=4" \ 12451 1 \ 12452 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 12453 12454requires_openssl_tls1_3_with_compatible_ephemeral 12455requires_config_enabled MBEDTLS_DEBUG_C 12456requires_config_enabled MBEDTLS_SSL_CLI_C 12457requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12458 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12459run_test "TLS 1.3 m->O both with middlebox compat support" \ 12460 "$O_NEXT_SRV -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12461 "$P_CLI debug_level=4" \ 12462 0 \ 12463 -c "Protocol is TLSv1.3" \ 12464 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12465 12466requires_gnutls_tls1_3 12467requires_gnutls_next_no_ticket 12468requires_gnutls_next_disable_tls13_compat 12469requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12470requires_config_enabled MBEDTLS_DEBUG_C 12471requires_config_enabled MBEDTLS_SSL_CLI_C 12472requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12473run_test "TLS 1.3 m->G both peers do not support middlebox compatibility" \ 12474 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ 12475 "$P_CLI debug_level=4" \ 12476 0 \ 12477 -c "Protocol is TLSv1.3" \ 12478 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 12479 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12480 12481requires_gnutls_tls1_3 12482requires_gnutls_next_no_ticket 12483requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12484requires_config_enabled MBEDTLS_DEBUG_C 12485requires_config_enabled MBEDTLS_SSL_CLI_C 12486requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12487run_test "TLS 1.3 m->G server with middlebox compat support, not client" \ 12488 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 12489 "$P_CLI debug_level=4" \ 12490 1 \ 12491 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 12492 12493requires_gnutls_tls1_3 12494requires_gnutls_next_no_ticket 12495requires_config_enabled MBEDTLS_DEBUG_C 12496requires_config_enabled MBEDTLS_SSL_CLI_C 12497requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12498 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12499run_test "TLS 1.3 m->G both with middlebox compat support" \ 12500 "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 12501 "$P_CLI debug_level=4" \ 12502 0 \ 12503 -c "Protocol is TLSv1.3" \ 12504 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12505 12506requires_openssl_tls1_3_with_compatible_ephemeral 12507requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12508requires_config_enabled MBEDTLS_DEBUG_C 12509requires_config_enabled MBEDTLS_SSL_SRV_C 12510requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12511run_test "TLS 1.3 O->m both peers do not support middlebox compatibility" \ 12512 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12513 "$O_NEXT_CLI -msg -debug -no_middlebox" \ 12514 0 \ 12515 -s "Protocol is TLSv1.3" \ 12516 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12517 -C "14 03 03 00 01" 12518 12519requires_openssl_tls1_3_with_compatible_ephemeral 12520requires_config_enabled MBEDTLS_DEBUG_C 12521requires_config_enabled MBEDTLS_SSL_SRV_C 12522requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12523 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12524run_test "TLS 1.3 O->m server with middlebox compat support, not client" \ 12525 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12526 "$O_NEXT_CLI -msg -debug -no_middlebox" \ 12527 0 \ 12528 -s "Protocol is TLSv1.3" \ 12529 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" 12530 12531requires_openssl_tls1_3_with_compatible_ephemeral 12532requires_config_enabled MBEDTLS_DEBUG_C 12533requires_config_enabled MBEDTLS_SSL_SRV_C 12534requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12535 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12536run_test "TLS 1.3 O->m both with middlebox compat support" \ 12537 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12538 "$O_NEXT_CLI -msg -debug" \ 12539 0 \ 12540 -s "Protocol is TLSv1.3" \ 12541 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12542 -c "14 03 03 00 01" 12543 12544requires_gnutls_tls1_3 12545requires_gnutls_next_no_ticket 12546requires_gnutls_next_disable_tls13_compat 12547requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12548requires_config_enabled MBEDTLS_DEBUG_C 12549requires_config_enabled MBEDTLS_SSL_SRV_C 12550requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12551run_test "TLS 1.3 G->m both peers do not support middlebox compatibility" \ 12552 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12553 "$G_NEXT_CLI localhost --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12554 0 \ 12555 -s "Protocol is TLSv1.3" \ 12556 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12557 -C "SSL 3.3 ChangeCipherSpec packet received" 12558 12559requires_gnutls_tls1_3 12560requires_gnutls_next_no_ticket 12561requires_gnutls_next_disable_tls13_compat 12562requires_config_enabled MBEDTLS_DEBUG_C 12563requires_config_enabled MBEDTLS_SSL_SRV_C 12564requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12565 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12566run_test "TLS 1.3 G->m server with middlebox compat support, not client" \ 12567 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12568 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12569 0 \ 12570 -s "Protocol is TLSv1.3" \ 12571 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12572 -c "SSL 3.3 ChangeCipherSpec packet received" \ 12573 -c "discarding change cipher spec in TLS1.3" 12574 12575requires_gnutls_tls1_3 12576requires_gnutls_next_no_ticket 12577requires_gnutls_next_disable_tls13_compat 12578requires_config_enabled MBEDTLS_DEBUG_C 12579requires_config_enabled MBEDTLS_SSL_SRV_C 12580requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12581 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12582run_test "TLS 1.3 G->m both with middlebox compat support" \ 12583 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=0" \ 12584 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12585 0 \ 12586 -s "Protocol is TLSv1.3" \ 12587 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_SERVER_HELLO" \ 12588 -c "SSL 3.3 ChangeCipherSpec packet received" 12589 12590requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12591requires_config_enabled MBEDTLS_DEBUG_C 12592requires_config_enabled MBEDTLS_SSL_SRV_C 12593requires_config_enabled MBEDTLS_SSL_CLI_C 12594requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12595run_test "TLS 1.3 m->m HRR both peers do not support middlebox compatibility" \ 12596 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ 12597 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12598 0 \ 12599 -s "Protocol is TLSv1.3" \ 12600 -c "Protocol is TLSv1.3" \ 12601 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 12602 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12603 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12604 12605requires_config_enabled MBEDTLS_DEBUG_C 12606requires_config_enabled MBEDTLS_SSL_SRV_C 12607requires_config_enabled MBEDTLS_SSL_CLI_C 12608requires_config_enabled PSA_WANT_ALG_ECDH 12609requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12610 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12611run_test "TLS 1.3 m->m HRR both with middlebox compat support" \ 12612 "$P_SRV debug_level=4 groups=secp384r1 tickets=0" \ 12613 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12614 0 \ 12615 -s "Protocol is TLSv1.3" \ 12616 -c "Protocol is TLSv1.3" \ 12617 -s "tls13 server state: MBEDTLS_SSL_HELLO_RETRY_REQUEST" \ 12618 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12619 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12620 12621requires_openssl_tls1_3_with_compatible_ephemeral 12622requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12623requires_config_enabled MBEDTLS_DEBUG_C 12624requires_config_enabled MBEDTLS_SSL_CLI_C 12625requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12626run_test "TLS 1.3 m->O HRR both peers do not support middlebox compatibility" \ 12627 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -no_middlebox -num_tickets 0 -no_cache" \ 12628 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12629 0 \ 12630 -c "Protocol is TLSv1.3" \ 12631 -c "received HelloRetryRequest message" \ 12632 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 12633 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12634 12635requires_openssl_tls1_3_with_compatible_ephemeral 12636requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12637requires_config_enabled MBEDTLS_DEBUG_C 12638requires_config_enabled MBEDTLS_SSL_CLI_C 12639requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12640run_test "TLS 1.3 m->O HRR server with middlebox compat support, not client" \ 12641 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_cache" \ 12642 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12643 1 \ 12644 -c "received HelloRetryRequest message" \ 12645 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 12646 12647requires_openssl_tls1_3_with_compatible_ephemeral 12648requires_config_enabled MBEDTLS_DEBUG_C 12649requires_config_enabled MBEDTLS_SSL_CLI_C 12650requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12651 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12652run_test "TLS 1.3 m->O HRR both with middlebox compat support" \ 12653 "$O_NEXT_SRV -msg -tls1_3 -groups P-384 -num_tickets 0 -no_resume_ephemeral -no_cache" \ 12654 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12655 0 \ 12656 -c "Protocol is TLSv1.3" \ 12657 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12658 12659requires_gnutls_tls1_3 12660requires_gnutls_next_no_ticket 12661requires_gnutls_next_disable_tls13_compat 12662requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12663requires_config_enabled MBEDTLS_DEBUG_C 12664requires_config_enabled MBEDTLS_SSL_CLI_C 12665requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12666run_test "TLS 1.3 m->G HRR both peers do not support middlebox compatibility" \ 12667 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE --disable-client-cert" \ 12668 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12669 0 \ 12670 -c "Protocol is TLSv1.3" \ 12671 -c "received HelloRetryRequest message" \ 12672 -C "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" \ 12673 -C "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12674 12675requires_gnutls_tls1_3 12676requires_gnutls_next_no_ticket 12677requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12678requires_config_enabled MBEDTLS_DEBUG_C 12679requires_config_enabled MBEDTLS_SSL_CLI_C 12680requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12681run_test "TLS 1.3 m->G HRR server with middlebox compat support, not client" \ 12682 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:%NO_TICKETS --disable-client-cert" \ 12683 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12684 1 \ 12685 -c "received HelloRetryRequest message" \ 12686 -c "ChangeCipherSpec invalid in TLS 1.3 without compatibility mode" 12687 12688requires_gnutls_tls1_3 12689requires_gnutls_next_no_ticket 12690requires_config_enabled MBEDTLS_DEBUG_C 12691requires_config_enabled MBEDTLS_SSL_CLI_C 12692requires_config_enabled PSA_WANT_ALG_ECDH 12693requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12694 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12695run_test "TLS 1.3 m->G HRR both with middlebox compat support" \ 12696 "$G_NEXT_SRV --priority=NORMAL:-GROUP-ALL:+GROUP-SECP384R1:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS --disable-client-cert" \ 12697 "$P_CLI debug_level=4 groups=secp256r1,secp384r1" \ 12698 0 \ 12699 -c "Protocol is TLSv1.3" \ 12700 -c "Ignore ChangeCipherSpec in TLS 1.3 compatibility mode" 12701 12702requires_openssl_tls1_3_with_compatible_ephemeral 12703requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12704requires_config_enabled MBEDTLS_DEBUG_C 12705requires_config_enabled MBEDTLS_SSL_SRV_C 12706requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12707run_test "TLS 1.3 O->m HRR both peers do not support middlebox compatibility" \ 12708 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12709 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 12710 0 \ 12711 -s "Protocol is TLSv1.3" \ 12712 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12713 -C "14 03 03 00 01" 12714 12715requires_openssl_tls1_3_with_compatible_ephemeral 12716requires_config_enabled MBEDTLS_DEBUG_C 12717requires_config_enabled MBEDTLS_SSL_SRV_C 12718requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12719 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12720run_test "TLS 1.3 O->m HRR server with middlebox compat support, not client" \ 12721 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12722 "$O_NEXT_CLI -msg -debug -groups P-256:P-384 -no_middlebox" \ 12723 0 \ 12724 -s "Protocol is TLSv1.3" \ 12725 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12726 12727requires_openssl_tls1_3_with_compatible_ephemeral 12728requires_config_enabled MBEDTLS_DEBUG_C 12729requires_config_enabled MBEDTLS_SSL_SRV_C 12730requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12731 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12732run_test "TLS 1.3 O->m HRR both with middlebox compat support" \ 12733 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12734 "$O_NEXT_CLI -msg -debug -groups P-256:P-384" \ 12735 0 \ 12736 -s "Protocol is TLSv1.3" \ 12737 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12738 -c "14 03 03 00 01" 12739 12740requires_gnutls_tls1_3 12741requires_gnutls_next_no_ticket 12742requires_gnutls_next_disable_tls13_compat 12743requires_config_disabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 12744requires_config_enabled MBEDTLS_DEBUG_C 12745requires_config_enabled MBEDTLS_SSL_SRV_C 12746requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12747run_test "TLS 1.3 G->m HRR both peers do not support middlebox compatibility" \ 12748 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12749 "$G_NEXT_CLI localhost --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12750 0 \ 12751 -s "Protocol is TLSv1.3" \ 12752 -S "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12753 -C "SSL 3.3 ChangeCipherSpec packet received" 12754 12755requires_gnutls_tls1_3 12756requires_gnutls_next_no_ticket 12757requires_gnutls_next_disable_tls13_compat 12758requires_config_enabled MBEDTLS_DEBUG_C 12759requires_config_enabled MBEDTLS_SSL_SRV_C 12760requires_config_enabled PSA_WANT_ALG_ECDH 12761requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12762 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12763run_test "TLS 1.3 G->m HRR server with middlebox compat support, not client" \ 12764 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12765 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12766 0 \ 12767 -s "Protocol is TLSv1.3" \ 12768 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12769 -c "SSL 3.3 ChangeCipherSpec packet received" \ 12770 -c "discarding change cipher spec in TLS1.3" 12771 12772requires_gnutls_tls1_3 12773requires_gnutls_next_no_ticket 12774requires_gnutls_next_disable_tls13_compat 12775requires_config_enabled MBEDTLS_DEBUG_C 12776requires_config_enabled MBEDTLS_SSL_SRV_C 12777requires_config_enabled PSA_WANT_ALG_ECDH 12778requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12779 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12780run_test "TLS 1.3 G->m HRR both with middlebox compat support" \ 12781 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key groups=secp384r1 tickets=0" \ 12782 "$G_NEXT_CLI localhost --debug=10 --priority=NORMAL:-GROUP-ALL:+GROUP-SECP256R1:+GROUP-SECP384R1:%NO_TICKETS:%DISABLE_TLS13_COMPAT_MODE -V" \ 12783 0 \ 12784 -s "Protocol is TLSv1.3" \ 12785 -s "tls13 server state: MBEDTLS_SSL_SERVER_CCS_AFTER_HELLO_RETRY_REQUEST" \ 12786 -c "SSL 3.3 ChangeCipherSpec packet received" 12787 12788requires_openssl_tls1_3_with_compatible_ephemeral 12789requires_config_enabled MBEDTLS_DEBUG_C 12790requires_config_enabled MBEDTLS_SSL_CLI_C 12791requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12792 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12793run_test "TLS 1.3: Check signature algorithm order, m->O" \ 12794 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key 12795 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache 12796 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 12797 "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ 12798 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 12799 0 \ 12800 -c "Protocol is TLSv1.3" \ 12801 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12802 -c "HTTP/1.0 200 [Oo][Kk]" 12803 12804requires_gnutls_tls1_3 12805requires_config_enabled MBEDTLS_DEBUG_C 12806requires_config_enabled MBEDTLS_SSL_CLI_C 12807requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12808 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12809run_test "TLS 1.3: Check signature algorithm order, m->G" \ 12810 "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key 12811 -d 4 12812 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ 12813 "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ 12814 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 12815 0 \ 12816 -c "Protocol is TLSv1.3" \ 12817 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12818 -c "HTTP/1.0 200 [Oo][Kk]" 12819 12820requires_config_enabled MBEDTLS_DEBUG_C 12821requires_config_enabled MBEDTLS_SSL_SRV_C 12822requires_config_enabled MBEDTLS_SSL_CLI_C 12823requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12824 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12825run_test "TLS 1.3: Check signature algorithm order, m->m" \ 12826 "$P_SRV debug_level=4 auth_mode=required 12827 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12828 crt_file=data_files/server5.crt key_file=data_files/server5.key 12829 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12830 "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ 12831 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 12832 0 \ 12833 -c "Protocol is TLSv1.3" \ 12834 -c "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12835 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12836 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" \ 12837 -c "HTTP/1.0 200 [Oo][Kk]" 12838 12839requires_openssl_tls1_3_with_compatible_ephemeral 12840requires_config_enabled MBEDTLS_DEBUG_C 12841requires_config_enabled MBEDTLS_SSL_SRV_C 12842requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12843 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12844run_test "TLS 1.3: Check signature algorithm order, O->m" \ 12845 "$P_SRV debug_level=4 auth_mode=required 12846 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12847 crt_file=data_files/server5.crt key_file=data_files/server5.key 12848 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12849 "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ 12850 -cert data_files/server2-sha256.crt -key data_files/server2.key \ 12851 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp256r1_sha256" \ 12852 0 \ 12853 -c "TLSv1.3" \ 12854 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12855 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" 12856 12857requires_gnutls_tls1_3 12858requires_config_enabled MBEDTLS_DEBUG_C 12859requires_config_enabled MBEDTLS_SSL_SRV_C 12860requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12861 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12862run_test "TLS 1.3: Check signature algorithm order, G->m" \ 12863 "$P_SRV debug_level=4 auth_mode=required 12864 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12865 crt_file=data_files/server5.crt key_file=data_files/server5.key 12866 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12867 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ 12868 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ 12869 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384" \ 12870 0 \ 12871 -c "Negotiated version: 3.4" \ 12872 -c "HTTP/1.0 200 [Oo][Kk]" \ 12873 -s "CertificateVerify signature with rsa_pss_rsae_sha512" \ 12874 -s "ssl_tls13_pick_key_cert:selected signature algorithm rsa_pss_rsae_sha512" 12875 12876requires_gnutls_tls1_3 12877requires_config_enabled MBEDTLS_DEBUG_C 12878requires_config_enabled MBEDTLS_SSL_SRV_C 12879requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12880 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12881run_test "TLS 1.3: Check server no suitable signature algorithm, G->m" \ 12882 "$P_SRV debug_level=4 auth_mode=required 12883 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12884 crt_file=data_files/server5.crt key_file=data_files/server5.key 12885 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ 12886 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ 12887 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key \ 12888 --priority=NORMAL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-ECDSA-SECP521R1-SHA512" \ 12889 1 \ 12890 -S "ssl_tls13_pick_key_cert:check signature algorithm" 12891 12892requires_openssl_tls1_3_with_compatible_ephemeral 12893requires_config_enabled MBEDTLS_DEBUG_C 12894requires_config_enabled MBEDTLS_SSL_SRV_C 12895requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12896 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12897run_test "TLS 1.3: Check server no suitable signature algorithm, O->m" \ 12898 "$P_SRV debug_level=4 auth_mode=required 12899 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12900 crt_file=data_files/server5.crt key_file=data_files/server5.key 12901 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256" \ 12902 "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ 12903 -cert data_files/server2-sha256.crt -key data_files/server2.key \ 12904 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:ecdsa_secp521r1_sha512" \ 12905 1 \ 12906 -S "ssl_tls13_pick_key_cert:check signature algorithm" 12907 12908requires_config_enabled MBEDTLS_DEBUG_C 12909requires_config_enabled MBEDTLS_SSL_SRV_C 12910requires_config_enabled MBEDTLS_SSL_CLI_C 12911requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12912 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12913run_test "TLS 1.3: Check server no suitable signature algorithm, m->m" \ 12914 "$P_SRV debug_level=4 auth_mode=required 12915 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 12916 crt_file=data_files/server5.crt key_file=data_files/server5.key 12917 sig_algs=rsa_pkcs1_sha512,ecdsa_secp256r1_sha256 " \ 12918 "$P_CLI allow_sha1=0 debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key \ 12919 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,ecdsa_secp521r1_sha512" \ 12920 1 \ 12921 -S "ssl_tls13_pick_key_cert:check signature algorithm" 12922 12923requires_gnutls_tls1_3 12924requires_config_enabled MBEDTLS_DEBUG_C 12925requires_config_enabled MBEDTLS_SSL_SRV_C 12926requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12927 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12928run_test "TLS 1.3: Check server no suitable certificate, G->m" \ 12929 "$P_SRV debug_level=4 12930 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key 12931 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12932 "$G_NEXT_CLI_NO_CERT localhost -d 4 --x509cafile data_files/test-ca_cat12.crt \ 12933 --priority=NORMAL:-SIGN-ALL:+SIGN-ECDSA-SECP521R1-SHA512:+SIGN-ECDSA-SECP256R1-SHA256" \ 12934 1 \ 12935 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 12936 12937requires_openssl_tls1_3_with_compatible_ephemeral 12938requires_config_enabled MBEDTLS_DEBUG_C 12939requires_config_enabled MBEDTLS_SSL_SRV_C 12940requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12941 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12942run_test "TLS 1.3: Check server no suitable certificate, O->m" \ 12943 "$P_SRV debug_level=4 12944 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key 12945 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12946 "$O_NEXT_CLI_NO_CERT -msg -CAfile data_files/test-ca_cat12.crt \ 12947 -sigalgs ecdsa_secp521r1_sha512:ecdsa_secp256r1_sha256" \ 12948 1 \ 12949 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 12950 12951requires_config_enabled MBEDTLS_DEBUG_C 12952requires_config_enabled MBEDTLS_SSL_SRV_C 12953requires_config_enabled MBEDTLS_SSL_CLI_C 12954requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12955 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12956run_test "TLS 1.3: Check server no suitable certificate, m->m" \ 12957 "$P_SRV debug_level=4 12958 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key 12959 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256 " \ 12960 "$P_CLI allow_sha1=0 debug_level=4 \ 12961 sig_algs=ecdsa_secp521r1_sha512,ecdsa_secp256r1_sha256" \ 12962 1 \ 12963 -s "ssl_tls13_pick_key_cert:no suitable certificate found" 12964 12965requires_openssl_tls1_3_with_compatible_ephemeral 12966requires_config_enabled MBEDTLS_DEBUG_C 12967requires_config_enabled MBEDTLS_SSL_CLI_C 12968requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12969 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12970run_test "TLS 1.3: Check client no signature algorithm, m->O" \ 12971 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key 12972 -msg -tls1_3 -num_tickets 0 -no_resume_ephemeral -no_cache 12973 -Verify 10 -sigalgs rsa_pkcs1_sha512:rsa_pss_rsae_sha512:rsa_pss_rsae_sha384:ecdsa_secp521r1_sha512" \ 12974 "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 12975 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 12976 1 \ 12977 -c "no suitable signature algorithm" 12978 12979requires_gnutls_tls1_3 12980requires_config_enabled MBEDTLS_DEBUG_C 12981requires_config_enabled MBEDTLS_SSL_CLI_C 12982requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12983 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12984run_test "TLS 1.3: Check client no signature algorithm, m->G" \ 12985 "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key 12986 -d 4 12987 --priority=NORMAL:-VERS-ALL:-SIGN-ALL:+SIGN-RSA-SHA512:+SIGN-RSA-PSS-RSAE-SHA512:+SIGN-RSA-PSS-RSAE-SHA384:+VERS-TLS1.3:+CIPHER-ALL:%NO_TICKETS " \ 12988 "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 12989 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 12990 1 \ 12991 -c "no suitable signature algorithm" 12992 12993requires_config_enabled MBEDTLS_DEBUG_C 12994requires_config_enabled MBEDTLS_SSL_SRV_C 12995requires_config_enabled MBEDTLS_SSL_CLI_C 12996requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 12997 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 12998run_test "TLS 1.3: Check client no signature algorithm, m->m" \ 12999 "$P_SRV debug_level=4 auth_mode=required 13000 crt_file2=data_files/server2-sha256.crt key_file2=data_files/server2.key 13001 crt_file=data_files/server5.crt key_file=data_files/server5.key 13002 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp521r1_sha512" \ 13003 "$P_CLI debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key \ 13004 sig_algs=rsa_pkcs1_sha512,rsa_pss_rsae_sha512,rsa_pss_rsae_sha384,ecdsa_secp256r1_sha256" \ 13005 1 \ 13006 -c "no suitable signature algorithm" 13007 13008requires_openssl_tls1_3_with_compatible_ephemeral 13009requires_config_enabled MBEDTLS_DEBUG_C 13010requires_config_enabled MBEDTLS_SSL_CLI_C 13011requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13012 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13013 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13014run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \ 13015 "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache --num_tickets 4" \ 13016 "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ 13017 0 \ 13018 -c "Protocol is TLSv1.3" \ 13019 -c "got new session ticket." \ 13020 -c "Saving session for reuse... ok" \ 13021 -c "Reconnecting with saved session" \ 13022 -c "HTTP/1.0 200 ok" 13023 13024requires_gnutls_tls1_3 13025requires_config_enabled MBEDTLS_DEBUG_C 13026requires_config_enabled MBEDTLS_SSL_CLI_C 13027requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13028 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13029 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13030run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \ 13031 "$G_NEXT_SRV -d 10 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 --disable-client-cert" \ 13032 "$P_CLI debug_level=1 reco_mode=1 reconnect=1" \ 13033 0 \ 13034 -c "Protocol is TLSv1.3" \ 13035 -c "got new session ticket." \ 13036 -c "Saving session for reuse... ok" \ 13037 -c "Reconnecting with saved session" \ 13038 -c "HTTP/1.0 200 OK" \ 13039 -s "This is a resumed session" 13040 13041requires_openssl_tls1_3_with_compatible_ephemeral 13042requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13043requires_config_enabled MBEDTLS_SSL_SRV_C 13044requires_config_enabled MBEDTLS_DEBUG_C 13045requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13046 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13047 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13048# https://github.com/openssl/openssl/issues/10714 13049# Until now, OpenSSL client does not support reconnect. 13050skip_next_test 13051run_test "TLS 1.3: NewSessionTicket: Basic check, O->m" \ 13052 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \ 13053 "$O_NEXT_CLI -msg -debug -tls1_3 -reconnect" \ 13054 0 \ 13055 -s "=> write NewSessionTicket msg" \ 13056 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13057 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" 13058 13059requires_gnutls_tls1_3 13060requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13061requires_config_enabled MBEDTLS_SSL_SRV_C 13062requires_config_enabled MBEDTLS_DEBUG_C 13063requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13064 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13065 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13066run_test "TLS 1.3: NewSessionTicket: Basic check, G->m" \ 13067 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \ 13068 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3 -V -r" \ 13069 0 \ 13070 -c "Connecting again- trying to resume previous session" \ 13071 -c "NEW SESSION TICKET (4) was received" \ 13072 -s "=> write NewSessionTicket msg" \ 13073 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13074 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ 13075 -s "key exchange mode: ephemeral" \ 13076 -s "key exchange mode: psk_ephemeral" \ 13077 -s "found pre_shared_key extension" 13078 13079requires_gnutls_tls1_3 13080requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13081requires_config_enabled MBEDTLS_SSL_SRV_C 13082requires_config_enabled MBEDTLS_DEBUG_C 13083requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13084 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13085 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13086# Test the session resumption when the cipher suite for the original session is 13087# TLS1-3-AES-256-GCM-SHA384. In that case, the PSK is 384 bits long and not 13088# 256 bits long as with all the other TLS 1.3 cipher suites. 13089requires_ciphersuite_enabled TLS1-3-AES-256-GCM-SHA384 13090run_test "TLS 1.3: NewSessionTicket: Basic check with AES-256-GCM only, G->m" \ 13091 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key force_version=tls13 tickets=4" \ 13092 "$G_NEXT_CLI localhost -d 4 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:-CIPHER-ALL:+AES-256-GCM -V -r" \ 13093 0 \ 13094 -c "Connecting again- trying to resume previous session" \ 13095 -c "NEW SESSION TICKET (4) was received" \ 13096 -s "Ciphersuite is TLS1-3-AES-256-GCM-SHA384" \ 13097 -s "=> write NewSessionTicket msg" \ 13098 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13099 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ 13100 -s "key exchange mode: ephemeral" \ 13101 -s "key exchange mode: psk_ephemeral" \ 13102 -s "found pre_shared_key extension" 13103 13104requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13105requires_config_enabled MBEDTLS_SSL_SRV_C 13106requires_config_enabled MBEDTLS_SSL_CLI_C 13107requires_config_enabled MBEDTLS_DEBUG_C 13108requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13109 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13110 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13111run_test "TLS 1.3: NewSessionTicket: Basic check, m->m" \ 13112 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4" \ 13113 "$P_CLI debug_level=4 reco_mode=1 reconnect=1" \ 13114 0 \ 13115 -c "Protocol is TLSv1.3" \ 13116 -c "got new session ticket ( 3 )" \ 13117 -c "Saving session for reuse... ok" \ 13118 -c "Reconnecting with saved session" \ 13119 -c "HTTP/1.0 200 OK" \ 13120 -s "=> write NewSessionTicket msg" \ 13121 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13122 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ 13123 -s "key exchange mode: ephemeral" \ 13124 -s "key exchange mode: psk_ephemeral" \ 13125 -s "found pre_shared_key extension" 13126 13127requires_openssl_tls1_3_with_compatible_ephemeral 13128requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 13129requires_config_enabled MBEDTLS_DEBUG_C 13130requires_config_enabled MBEDTLS_SSL_CLI_C 13131run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->O" \ 13132 "$O_NEXT_SRV_NO_CERT -cert data_files/server2-sha256.crt -key data_files/server2.key 13133 -msg -tls1_2 13134 -Verify 10 " \ 13135 "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key 13136 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 13137 min_version=tls12 max_version=tls13 " \ 13138 0 \ 13139 -c "Protocol is TLSv1.2" \ 13140 -c "HTTP/1.0 200 [Oo][Kk]" 13141 13142 13143requires_gnutls_tls1_3 13144requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 13145requires_config_enabled MBEDTLS_DEBUG_C 13146requires_config_enabled MBEDTLS_SSL_CLI_C 13147run_test "TLS 1.2: Check rsa_pss_rsae compatibility issue, m->G" \ 13148 "$G_NEXT_SRV_NO_CERT --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key 13149 -d 4 13150 --priority=NORMAL:-VERS-ALL:+VERS-TLS1.2" \ 13151 "$P_CLI debug_level=4 crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key 13152 sig_algs=rsa_pss_rsae_sha512,rsa_pkcs1_sha512 13153 min_version=tls12 max_version=tls13 " \ 13154 0 \ 13155 -c "Protocol is TLSv1.2" \ 13156 -c "HTTP/1.0 200 [Oo][Kk]" 13157 13158requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13159requires_config_enabled MBEDTLS_SSL_SRV_C 13160requires_config_enabled MBEDTLS_SSL_CLI_C 13161requires_config_enabled MBEDTLS_DEBUG_C 13162requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13163 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13164 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13165run_test "TLS 1.3: NewSessionTicket: servername check, m->m" \ 13166 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ 13167 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 13168 "$P_CLI debug_level=4 server_name=localhost reco_mode=1 reconnect=1" \ 13169 0 \ 13170 -c "Protocol is TLSv1.3" \ 13171 -c "got new session ticket." \ 13172 -c "Saving session for reuse... ok" \ 13173 -c "Reconnecting with saved session" \ 13174 -c "HTTP/1.0 200 OK" \ 13175 -s "=> write NewSessionTicket msg" \ 13176 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13177 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" \ 13178 -s "key exchange mode: ephemeral" \ 13179 -s "key exchange mode: psk_ephemeral" \ 13180 -s "found pre_shared_key extension" 13181 13182requires_config_enabled MBEDTLS_SSL_SESSION_TICKETS 13183requires_config_enabled MBEDTLS_SSL_SRV_C 13184requires_config_enabled MBEDTLS_SSL_CLI_C 13185requires_config_enabled MBEDTLS_DEBUG_C 13186requires_all_configs_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE \ 13187 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \ 13188 MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED 13189run_test "TLS 1.3: NewSessionTicket: servername negative check, m->m" \ 13190 "$P_SRV debug_level=4 crt_file=data_files/server5.crt key_file=data_files/server5.key tickets=4 \ 13191 sni=localhost,data_files/server2.crt,data_files/server2.key,-,-,-,polarssl.example,data_files/server1-nospace.crt,data_files/server1.key,-,-,-" \ 13192 "$P_CLI debug_level=4 server_name=localhost reco_server_name=remote reco_mode=1 reconnect=1" \ 13193 1 \ 13194 -c "Protocol is TLSv1.3" \ 13195 -c "got new session ticket." \ 13196 -c "Saving session for reuse... ok" \ 13197 -c "Reconnecting with saved session" \ 13198 -c "Hostname mismatch the session ticket, disable session resumption." \ 13199 -s "=> write NewSessionTicket msg" \ 13200 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET" \ 13201 -s "server state: MBEDTLS_SSL_TLS1_3_NEW_SESSION_TICKET_FLUSH" 13202 13203requires_config_enabled MBEDTLS_SSL_SRV_C 13204requires_config_enabled MBEDTLS_DEBUG_C 13205requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13206requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13207requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13208requires_config_enabled PSA_WANT_ALG_FFDH 13209requires_gnutls_tls1_3 13210requires_gnutls_next_no_ticket 13211requires_gnutls_next_disable_tls13_compat 13212run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ 13213 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13214 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ 13215 0 \ 13216 -s "Protocol is TLSv1.3" \ 13217 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 13218 -s "received signature algorithm: 0x804" \ 13219 -s "got named group: ffdhe3072(0101)" \ 13220 -s "Certificate verification was skipped" \ 13221 -C "received HelloRetryRequest message" 13222 13223 13224requires_gnutls_tls1_3 13225requires_gnutls_next_no_ticket 13226requires_gnutls_next_disable_tls13_compat 13227requires_config_enabled MBEDTLS_SSL_CLI_C 13228requires_config_enabled MBEDTLS_DEBUG_C 13229requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13230requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13231requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13232requires_config_enabled PSA_WANT_ALG_FFDH 13233run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe3072,rsa_pss_rsae_sha256" \ 13234 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE3072:+VERS-TLS1.3:%NO_TICKETS" \ 13235 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe3072" \ 13236 0 \ 13237 -c "HTTP/1.0 200 OK" \ 13238 -c "Protocol is TLSv1.3" \ 13239 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 13240 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 13241 -c "NamedGroup: ffdhe3072 ( 101 )" \ 13242 -c "Verifying peer X.509 certificate... ok" \ 13243 -C "received HelloRetryRequest message" 13244 13245requires_config_enabled MBEDTLS_SSL_SRV_C 13246requires_config_enabled MBEDTLS_DEBUG_C 13247requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13248requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13249requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13250requires_config_enabled PSA_WANT_ALG_FFDH 13251requires_gnutls_tls1_3 13252requires_gnutls_next_no_ticket 13253requires_gnutls_next_disable_tls13_compat 13254run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ 13255 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13256 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ 13257 0 \ 13258 -s "Protocol is TLSv1.3" \ 13259 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 13260 -s "received signature algorithm: 0x804" \ 13261 -s "got named group: ffdhe4096(0102)" \ 13262 -s "Certificate verification was skipped" \ 13263 -C "received HelloRetryRequest message" 13264 13265 13266requires_gnutls_tls1_3 13267requires_gnutls_next_no_ticket 13268requires_gnutls_next_disable_tls13_compat 13269requires_config_enabled MBEDTLS_SSL_CLI_C 13270requires_config_enabled MBEDTLS_DEBUG_C 13271requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13272requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13273requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13274requires_config_enabled PSA_WANT_ALG_FFDH 13275run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe4096,rsa_pss_rsae_sha256" \ 13276 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE4096:+VERS-TLS1.3:%NO_TICKETS" \ 13277 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe4096" \ 13278 0 \ 13279 -c "HTTP/1.0 200 OK" \ 13280 -c "Protocol is TLSv1.3" \ 13281 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 13282 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 13283 -c "NamedGroup: ffdhe4096 ( 102 )" \ 13284 -c "Verifying peer X.509 certificate... ok" \ 13285 -C "received HelloRetryRequest message" 13286 13287requires_config_enabled MBEDTLS_SSL_SRV_C 13288requires_config_enabled MBEDTLS_DEBUG_C 13289requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13290requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13291requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13292requires_config_enabled PSA_WANT_ALG_FFDH 13293requires_gnutls_tls1_3 13294requires_gnutls_next_no_ticket 13295requires_gnutls_next_disable_tls13_compat 13296run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ 13297 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13298 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ 13299 0 \ 13300 -s "Protocol is TLSv1.3" \ 13301 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 13302 -s "received signature algorithm: 0x804" \ 13303 -s "got named group: ffdhe6144(0103)" \ 13304 -s "Certificate verification was skipped" \ 13305 -C "received HelloRetryRequest message" 13306 13307requires_gnutls_tls1_3 13308requires_gnutls_next_no_ticket 13309requires_gnutls_next_disable_tls13_compat 13310requires_config_enabled MBEDTLS_SSL_CLI_C 13311requires_config_enabled MBEDTLS_DEBUG_C 13312requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13313requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13314requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13315requires_config_enabled PSA_WANT_ALG_FFDH 13316run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe6144,rsa_pss_rsae_sha256" \ 13317 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE6144:+VERS-TLS1.3:%NO_TICKETS" \ 13318 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe6144" \ 13319 0 \ 13320 -c "HTTP/1.0 200 OK" \ 13321 -c "Protocol is TLSv1.3" \ 13322 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 13323 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 13324 -c "NamedGroup: ffdhe6144 ( 103 )" \ 13325 -c "Verifying peer X.509 certificate... ok" \ 13326 -C "received HelloRetryRequest message" 13327 13328requires_config_enabled MBEDTLS_SSL_SRV_C 13329requires_config_enabled MBEDTLS_DEBUG_C 13330requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13331requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13332requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13333requires_config_enabled PSA_WANT_ALG_FFDH 13334requires_gnutls_tls1_3 13335requires_gnutls_next_no_ticket 13336requires_gnutls_next_disable_tls13_compat 13337client_needs_more_time 4 13338run_test "TLS 1.3 G->m: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ 13339 "$P_SRV crt_file=data_files/server2-sha256.crt key_file=data_files/server2.key debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192 tls13_kex_modes=ephemeral cookies=0 tickets=0" \ 13340 "$G_NEXT_CLI_NO_CERT --debug=4 --single-key-share --x509cafile data_files/test-ca_cat12.crt --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ 13341 0 \ 13342 -s "Protocol is TLSv1.3" \ 13343 -s "server hello, chosen ciphersuite: TLS1-3-AES-128-GCM-SHA256 ( id=4865 )" \ 13344 -s "received signature algorithm: 0x804" \ 13345 -s "got named group: ffdhe8192(0104)" \ 13346 -s "Certificate verification was skipped" \ 13347 -C "received HelloRetryRequest message" 13348 13349requires_gnutls_tls1_3 13350requires_gnutls_next_no_ticket 13351requires_gnutls_next_disable_tls13_compat 13352requires_config_enabled MBEDTLS_SSL_CLI_C 13353requires_config_enabled MBEDTLS_DEBUG_C 13354requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13355requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE 13356requires_config_enabled MBEDTLS_X509_RSASSA_PSS_SUPPORT 13357requires_config_enabled PSA_WANT_ALG_FFDH 13358client_needs_more_time 4 13359run_test "TLS 1.3 m->G: AES_128_GCM_SHA256,ffdhe8192,rsa_pss_rsae_sha256" \ 13360 "$G_NEXT_SRV_NO_CERT --http --disable-client-cert --debug=4 --x509certfile data_files/server2-sha256.crt --x509keyfile data_files/server2.key --priority=NONE:+AES-128-GCM:+SHA256:+AEAD:+SIGN-RSA-PSS-RSAE-SHA256:+GROUP-FFDHE8192:+VERS-TLS1.3:%NO_TICKETS" \ 13361 "$P_CLI ca_file=data_files/test-ca_cat12.crt debug_level=4 force_ciphersuite=TLS1-3-AES-128-GCM-SHA256 sig_algs=rsa_pss_rsae_sha256 groups=ffdhe8192" \ 13362 0 \ 13363 -c "HTTP/1.0 200 OK" \ 13364 -c "Protocol is TLSv1.3" \ 13365 -c "server hello, chosen ciphersuite: ( 1301 ) - TLS1-3-AES-128-GCM-SHA256" \ 13366 -c "Certificate Verify: Signature algorithm ( 0804 )" \ 13367 -c "NamedGroup: ffdhe8192 ( 104 )" \ 13368 -c "Verifying peer X.509 certificate... ok" \ 13369 -C "received HelloRetryRequest message" 13370 13371requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3 13372requires_config_enabled MBEDTLS_SSL_SRV_C 13373requires_config_enabled MBEDTLS_SSL_CLI_C 13374requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED 13375requires_config_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 13376run_test "TLS 1.3: no HRR in case of PSK key exchange mode" \ 13377 "$P_SRV nbio=2 psk=010203 psk_identity=0a0b0c tls13_kex_modes=psk groups=none" \ 13378 "$P_CLI nbio=2 debug_level=3 psk=010203 psk_identity=0a0b0c tls13_kex_modes=all" \ 13379 0 \ 13380 -C "received HelloRetryRequest message" \ 13381 -c "Selected key exchange mode: psk$" \ 13382 -c "HTTP/1.0 200 OK" 13383 13384# Test heap memory usage after handshake 13385requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 13386requires_config_enabled MBEDTLS_MEMORY_DEBUG 13387requires_config_enabled MBEDTLS_MEMORY_BUFFER_ALLOC_C 13388requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 13389requires_max_content_len 16384 13390run_tests_memory_after_hanshake 13391 13392# Final report 13393 13394echo "------------------------------------------------------------------------" 13395 13396if [ $FAILS = 0 ]; then 13397 printf "PASSED" 13398else 13399 printf "FAILED" 13400fi 13401PASSES=$(( $TESTS - $FAILS )) 13402echo " ($PASSES / $TESTS tests ($SKIPS skipped))" 13403 13404if [ $FAILS -gt 255 ]; then 13405 # Clamp at 255 as caller gets exit code & 0xFF 13406 # (so 256 would be 0, or success, etc) 13407 FAILS=255 13408fi 13409exit $FAILS 13410
